Cumulative patch from commit bf3214b59321f67375df1ee85722b2beb74e1f7a

bf3214b P2P: Fix re-invoked client interface completion on data connection
63502c6 P2P: Fix P2P_CANCEL for p2p_in_invitation case
e007d53 EST: Comment out X509_REQ_print calls on Android with BoringSSL
e6f4832 EST: Add CSR generation support with BoringSSL
ed2566a EST: Implement pkcs7_to_cert() with BoringSSL
8d27efa HTTP (curl): OCSP with BoringSSL
213e158 BoringSSL: Move OCSP implementation into a separate file
f846211 BoringSSL: Support new SHA_CTX definition for EAP-SIM PRF
b34c623 OpenSSL: Fix build with current OpenSSL master branch snapshot
759a8a3 nl80211: Cancel all pending TX frame cookies
9ea91cd EAP-EKE peer: Fix memory leak on error path
328f49a P2P: Complete group formation on client data connection
0e559dc WPS: Support parallel UPnP WPS protocol runs
bea48f7 Allow sched_scan_plans to be updated at runtime
32c0226 Add support for configuring scheduled scan plans
09ea430 nl80211: Add support for multiple scan plans for scheduled scan
dd895e9 P2P: Make p2p_go_configured() more robust against unexpected calls
8811988 TLS client: Fix session_resumed status after TLS session ticket use
7fff91a Fix tls_connection_prf() regression with CONFIG_TLS=internal
1adf262 TLS: Add support for extKeyUsage X.509v3 extension
0755577 Add TEST_FAIL() support for internal hash functions
4104267 Fix memory leak on NFC DH generation error path
c5864dc TLS client: Add certificate chain validation failure callbacks
896a97d TLS client: Add support for disabling TLS versions
0cbc22b TLS client: Use TLS_CONN_* flags
20804fe TLS: Add support for tls_get_version()
f2a6ad0 TLS client: Add support for server certificate probing
b115eeb TLS: Add TLS v1.2 signature algorithm support for SHA384 and SHA512
c0acec3 crypto: Add CRYPTO_HASH_ALG_SHA384 and CRYPTO_HASH_ALG_SHA512
0aed915 TLS client: Add signature_algorithms extension into ClientHello
9e8809a TLS client: Validate certificates with SHA384 and SHA512 hashes
6bb6a9c Add SHA384 and SHA512 implementations from LibTomCrypt library
fdc1614 TLS client: Add support for validating server certificate hash
3665776 TLS client: Do not verify CA certificates when ca_cert is not specified
11c9ddb Add TEST_FAIL() condition to aes_128_cbc_encrypt/decrypt()
ea52a46 EAP-SIM peer: Fix memory leak on reauth error path
1a33c94 EAP-SAKE: Fix a typo in attribute parser debug print
53401e9 Abort ongoing scans on FLUSH command
e929eb3 wlantest: Add -N command line argument to remove write buffering
3c41749 hostapd: Add Transmit Power Envelope IE when VHT is enabled
2ea2166 Add control interface command for aborting an ongoing scan
4ead7cf Abort an ongoing scan before connect
4f30add nl80211: Add support for aborting an ongoing scan
5ef0b84 Sync with mac80211-next.git include/uapi/linux/nl80211.h
0530eb1 mesh: Clear wpa_s cipher selection on starting mesh
1d6955e nl80211: Fix SIGNAL_POLL in IBSS and mesh
0f29bc6 IBSS/mesh: Add support for VHT80P80 configuration
c27f4c9 P2P: Add support for VHT 80+80 MHz and 160 MHz
bee5d8e nl80211: Add VHT 160 MHz channel flags
5e1da9c P2P: Define operating classes for VHT 80+80 and 160
ea70811 FST: Improve parsing of Multiband IEs
b47d05a FST: Make FST peer connection check more permissive in hostapd
39c3c9b Remove wpa_supplicant/tests
9b635d0 Remove link_test and test_wpa
9e68742 Fix CONFIG_NO_WPA=y build
eb926f1 Comment out wpas_reenabled_network_time with CONFIG_NO_SCAN_PROCESSING
f231b3d FST: Fix STA MB IEs creation
ed7820b P2P: Add a testing option to force P2P GO CSA
6cbbae2 P2P: Set p2p_go_wait_client in invitation_result() cb
83702b6 Android: Give user the option for selecting browser for HS 2.0 OSU
cadffac wpa_cli: Add an option to set created interface type
0f039e3 Add an option to create interface of a certain type with INTERFACE_ADD
d8a3b66 driver: Make setting up AP optional when creating AP interface
36e8206 Check for LIBRESSL_VERSION_NUMBER in tls_openssl.c
2c51c0b P2P: Clear send action work without waiting on find/stop/listen
6bdc43c AP: Avoid 20/40 MHz co-ex scan if PRI/SEC switch is not allowed
757785d nl80211: Clear ignore_next_local_deauth flag
cb2a926 nl80211: Clear ignore_next_local_deauth and ignore_deauth_event
f32227e Add QCA vendor attribute and event to indicate subnet change status
d38c7be Skip SELECT_NETWORK steps only if already connected or connecting
25eb7fc Fix EAPOL reauth after FT protocol or offloaded PMKSA cache use
f68d491 FT auth: Fix EAPOL reauthentication after FT protocol run
a65efbf Add VHT support for Mesh
a73c984 Set WMM flag to Mesh STA by default
9a8d9f7 Assign QCA vendor command and attribute for Tx power reduction in dB
747ba10 nl80211: Do not return incomplete hw capability info
5e238cc WPS: Reconnect for a failed data connection when STA_AUTOCONNECT is 0
442cc8c dbus: Fix memory leak in sending InvitationReceived signal
0603bcb hostapd: Process MAC ACLs on a station association event (SME in driver)
89a11ad RSN: Remove check for proactive_key_caching while setting PMK offload
d381963 Extend QCA roam event with subnet change indication

Change-Id: I122220f59ef56e25ed2749a37370a40afafa177a
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

3 files changed, 54 insertions, 20 deletions

diff --git a/hs20/client/Android.mk b/hs20/client/Android.mk
index a71e86d0..e4db3220 100644
--- a/hs20/client/Android.mk
+++ b/hs20/client/Android.mk
@@ -54,6 +54,7 @@ OBJS += ../../src/crypto/crypto_internal.c
 OBJS += ../../src/crypto/md5-internal.c
 OBJS += ../../src/crypto/sha1-internal.c
 OBJS += ../../src/crypto/sha256-internal.c
+OBJS += ../../src/crypto/tls_openssl_ocsp.c
 
 L_CFLAGS += -DEAP_TLS_OPENSSL
 
diff --git a/hs20/client/Makefile b/hs20/client/Makefile
index 94cd5f14..fc9b6194 100644
--- a/hs20/client/Makefile
+++ b/hs20/client/Makefile
@@ -76,6 +76,7 @@ LIBS += -lcurl
 endif
 
 CFLAGS += -DEAP_TLS_OPENSSL
+OBJS += ../../src/crypto/tls_openssl_ocsp.o
 LIBS += -lssl -lcrypto
 
 hs20-osu-client: $(OBJS)
diff --git a/hs20/client/est.c b/hs20/client/est.c
index c22d9ca2..9f1519bf 100644
--- a/hs20/client/est.c
+++ b/hs20/client/est.c
@@ -16,6 +16,9 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#ifdef OPENSSL_IS_BORINGSSL
+#include <openssl/buf.h>
+#endif /* OPENSSL_IS_BORINGSSL */
 
 #include "common.h"
 #include "utils/base64.h"
@@ -28,16 +31,27 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
 			 size_t len, char *pem_file, char *der_file)
 {
 #ifdef OPENSSL_IS_BORINGSSL
-	wpa_printf(MSG_ERROR,
-		"EST: pkcs7_to_cert not yet supported with BoringSSL");
-	return -1;
+	CBS pkcs7_cbs;
 #else /* OPENSSL_IS_BORINGSSL */
 	PKCS7 *p7 = NULL;
 	const unsigned char *p = pkcs7;
+#endif /* OPENSSL_IS_BORINGSSL */
 	STACK_OF(X509) *certs;
 	int i, num, ret = -1;
 	BIO *out = NULL;
 
+#ifdef OPENSSL_IS_BORINGSSL
+	certs = sk_X509_new_null();
+	if (!certs)
+		goto fail;
+	CBS_init(&pkcs7_cbs, pkcs7, len);
+	if (!PKCS7_get_certificates(certs, &pkcs7_cbs)) {
+		wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
+			   ERR_error_string(ERR_get_error(), NULL));
+		write_result(ctx, "Could not parse PKCS#7 object from EST");
+		goto fail;
+	}
+#else /* OPENSSL_IS_BORINGSSL */
 	p7 = d2i_PKCS7(NULL, &p, len);
 	if (p7 == NULL) {
 		wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
@@ -57,6 +71,7 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
 		certs = NULL;
 		break;
 	}
+#endif /* OPENSSL_IS_BORINGSSL */
 
 	if (!certs || ((num = sk_X509_num(certs)) == 0)) {
 		wpa_printf(MSG_INFO, "No certificates found in PKCS#7 object");
@@ -89,12 +104,16 @@ static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
 	ret = 0;
 
 fail:
+#ifdef OPENSSL_IS_BORINGSSL
+	if (certs)
+		sk_X509_pop_free(certs, X509_free);
+#else /* OPENSSL_IS_BORINGSSL */
 	PKCS7_free(p7);
+#endif /* OPENSSL_IS_BORINGSSL */
 	if (out)
 		BIO_free_all(out);
 
 	return ret;
-#endif /* OPENSSL_IS_BORINGSSL */
 }
 
 
@@ -222,8 +241,6 @@ ASN1_CHOICE(CsrAttrs) = {
 IMPLEMENT_ASN1_FUNCTIONS(CsrAttrs);
 
 
-#ifndef OPENSSL_IS_BORINGSSL
-
 static void add_csrattrs_oid(struct hs20_osu_client *ctx, ASN1_OBJECT *oid,
 			     STACK_OF(X509_EXTENSION) *exts)
 {
@@ -318,6 +335,23 @@ static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs,
 	if (!csrattrs || ! csrattrs->attrs)
 		return;
 
+#ifdef OPENSSL_IS_BORINGSSL
+	num = sk_num(CHECKED_CAST(_STACK *, STACK_OF(AttrOrOID) *,
+				  csrattrs->attrs));
+	for (i = 0; i < num; i++) {
+		AttrOrOID *ao = sk_value(
+			CHECKED_CAST(_STACK *, const STACK_OF(AttrOrOID) *,
+				     csrattrs->attrs), i);
+		switch (ao->type) {
+		case 0:
+			add_csrattrs_oid(ctx, ao->d.oid, exts);
+			break;
+		case 1:
+			add_csrattrs_attr(ctx, ao->d.attribute, exts);
+			break;
+		}
+	}
+#else /* OPENSSL_IS_BORINGSSL */
 	num = SKM_sk_num(AttrOrOID, csrattrs->attrs);
 	for (i = 0; i < num; i++) {
 		AttrOrOID *ao = SKM_sk_value(AttrOrOID, csrattrs->attrs, i);
@@ -330,20 +364,14 @@ static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs,
 			break;
 		}
 	}
-}
-
 #endif /* OPENSSL_IS_BORINGSSL */
+}
 
 
 static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
 			char *csr_pem, char *est_req, char *old_cert,
 			CsrAttrs *csrattrs)
 {
-#ifdef OPENSSL_IS_BORINGSSL
-	wpa_printf(MSG_ERROR,
-		"EST: CSR generation not yet supported with BoringSSL");
-	return -1;
-#else /* OPENSSL_IS_BORINGSSL */
 	EVP_PKEY_CTX *pctx = NULL;
 	EVP_PKEY *pkey = NULL;
 	RSA *rsa;
@@ -355,6 +383,7 @@ static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
 	STACK_OF(X509_EXTENSION) *exts = NULL;
 	X509_EXTENSION *ex;
 	BIO *out;
+	CONF *ctmp = NULL;
 
 	wpa_printf(MSG_INFO, "Generate RSA private key");
 	write_summary(ctx, "Generate RSA private key");
@@ -436,20 +465,20 @@ static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
 	if (!exts)
 		goto fail;
 
-	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
-				 "CA:FALSE");
+	ex = X509V3_EXT_nconf_nid(ctmp, NULL, NID_basic_constraints,
+				  "CA:FALSE");
 	if (ex == NULL ||
 	    !sk_X509_EXTENSION_push(exts, ex))
 		goto fail;
 
-	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage,
-				 "nonRepudiation,digitalSignature,keyEncipherment");
+	ex = X509V3_EXT_nconf_nid(ctmp, NULL, NID_key_usage,
+				  "nonRepudiation,digitalSignature,keyEncipherment");
 	if (ex == NULL ||
 	    !sk_X509_EXTENSION_push(exts, ex))
 		goto fail;
 
-	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_ext_key_usage,
-				 "1.3.6.1.4.1.40808.1.1.2");
+	ex = X509V3_EXT_nconf_nid(ctmp, NULL, NID_ext_key_usage,
+				  "1.3.6.1.4.1.40808.1.1.2");
 	if (ex == NULL ||
 	    !sk_X509_EXTENSION_push(exts, ex))
 		goto fail;
@@ -469,7 +498,9 @@ static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
 		char *txt;
 		size_t rlen;
 
+#if !defined(ANDROID) || !defined(OPENSSL_IS_BORINGSSL)
 		X509_REQ_print(out, req);
+#endif
 		rlen = BIO_ctrl_pending(out);
 		txt = os_malloc(rlen + 1);
 		if (txt) {
@@ -488,7 +519,9 @@ static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
 		FILE *f = fopen(csr_pem, "w");
 		if (f == NULL)
 			goto fail;
+#if !defined(ANDROID) || !defined(OPENSSL_IS_BORINGSSL)
 		X509_REQ_print_fp(f, req);
+#endif
 		if (!PEM_write_X509_REQ(f, req)) {
 			fclose(f);
 			goto fail;
@@ -550,7 +583,6 @@ fail:
 	if (pctx)
 		EVP_PKEY_CTX_free(pctx);
 	return ret;
-#endif /* OPENSSL_IS_BORINGSSL */
 }