diff options
Diffstat (limited to 'contrib/wpa_supplicant/openssl-tls-extensions.patch')
| -rw-r--r-- | contrib/wpa_supplicant/openssl-tls-extensions.patch | 166 |
1 files changed, 0 insertions, 166 deletions
diff --git a/contrib/wpa_supplicant/openssl-tls-extensions.patch b/contrib/wpa_supplicant/openssl-tls-extensions.patch deleted file mode 100644 index 77e9a4132ef0..000000000000 --- a/contrib/wpa_supplicant/openssl-tls-extensions.patch +++ /dev/null @@ -1,166 +0,0 @@ -This is a quick hack for testing EAP-FAST with openssl. - -Addition of TLS extensions to ClientHello/ServerHello is more or less -ok, though not very clean in the way that the caller needs to take -care of constructing set of all extensions. In addition there is not -mechanism for reading the TLS extensions, i.e., this would not be -enough for EAP-FAST authenticator. - -Rest of the changes are obviously ugly and/or incorrect for most -parts, but it demonstrates the minimum set of changes to skip some of -the error cases that prevented completion of TLS handshake without -certificates. In other words, this is just a proof-of-concept type of -example to make it possible to experiment with EAP-FAST. Cleaner patch -for the needed functionality would be welcome.. - - -diff -upr openssl-0.9.7e.orig/include/openssl/ssl.h openssl-0.9.7e/include/openssl/ssl.h ---- openssl-0.9.7e.orig/include/openssl/ssl.h 2004-07-27 11:28:49.000000000 -0700 -+++ openssl-0.9.7e/include/openssl/ssl.h 2004-12-24 20:29:01.000000000 -0800 -@@ -929,6 +929,11 @@ struct ssl_st - int first_packet; - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ -+ -+ /* Optional ClientHello/ServerHello extension to be added to the end -+ * of the SSLv3/TLS hello message. */ -+ char *hello_extension; -+ int hello_extension_len; - }; - - #ifdef __cplusplus -diff -upr openssl-0.9.7e.orig/ssl/s3_both.c openssl-0.9.7e/ssl/s3_both.c ---- openssl-0.9.7e.orig/ssl/s3_both.c 2003-02-12 09:05:17.000000000 -0800 -+++ openssl-0.9.7e/ssl/s3_both.c 2004-12-31 21:18:15.556846272 -0800 -@@ -199,6 +199,12 @@ int ssl3_get_finished(SSL *s, int a, int - 64, /* should actually be 36+4 :-) */ - &ok); - -+ if (!ok && s->hello_extension) -+ { -+ /* Quick hack to test EAP-FAST. */ -+ return(1); -+ } -+ - if (!ok) return((int)n); - - /* If this occurs, we have missed a message */ -diff -upr openssl-0.9.7e.orig/ssl/s3_clnt.c openssl-0.9.7e/ssl/s3_clnt.c ---- openssl-0.9.7e.orig/ssl/s3_clnt.c 2004-05-15 09:39:22.000000000 -0700 -+++ openssl-0.9.7e/ssl/s3_clnt.c 2004-12-31 21:16:38.617583280 -0800 -@@ -588,6 +588,12 @@ static int ssl3_client_hello(SSL *s) - *(p++)=comp->id; - } - *(p++)=0; /* Add the NULL method */ -+ -+ if (s->hello_extension) -+ { -+ memcpy(p,s->hello_extension,s->hello_extension_len); -+ p+=s->hello_extension_len; -+ } - - l=(p-d); - d=buf; -@@ -779,6 +785,11 @@ static int ssl3_get_server_certificate(S - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) - { -+ if (s->hello_extension) -+ { -+ /* Quick hack to test EAP-FAST. */ -+ return(1); -+ } - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); - goto f_err; -@@ -951,6 +962,12 @@ static int ssl3_get_key_exchange(SSL *s) - DH *dh=NULL; - #endif - -+ if (s->hello_extension) -+ { -+ /* Quick hack to test EAP-FAST. */ -+ return(1); -+ } -+ - /* use same message size as in ssl3_get_certificate_request() - * as ServerKeyExchange message may be skipped */ - n=ssl3_get_message(s, -@@ -1264,6 +1281,12 @@ static int ssl3_get_certificate_request( - unsigned char *p,*d,*q; - STACK_OF(X509_NAME) *ca_sk=NULL; - -+ if (s->hello_extension) -+ { -+ /* Quick hack to test EAP-FAST. */ -+ return(1); -+ } -+ - n=ssl3_get_message(s, - SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, -@@ -1407,6 +1430,12 @@ static int ssl3_get_server_done(SSL *s) - int ok,ret=0; - long n; - -+ if (s->hello_extension) -+ { -+ /* Quick hack to test EAP-FAST. */ -+ return(1); -+ } -+ - n=ssl3_get_message(s, - SSL3_ST_CR_SRVR_DONE_A, - SSL3_ST_CR_SRVR_DONE_B, -@@ -1439,6 +1468,12 @@ static int ssl3_send_client_key_exchange - KSSL_ERR kssl_err; - #endif /* OPENSSL_NO_KRB5 */ - -+ if (s->hello_extension) -+ { -+ /* Quick hack to test EAP-FAST. */ -+ return(1); -+ } -+ - if (s->state == SSL3_ST_CW_KEY_EXCH_A) - { - d=(unsigned char *)s->init_buf->data; -@@ -1880,6 +1915,12 @@ static int ssl3_check_cert_and_algorithm - DH *dh; - #endif - -+ if (s->hello_extension) -+ { -+ /* Quick hack to test EAP-FAST. */ -+ return(1); -+ } -+ - sc=s->session->sess_cert; - - if (sc == NULL) -diff -upr openssl-0.9.7e.orig/ssl/ssl.h openssl-0.9.7e/ssl/ssl.h ---- openssl-0.9.7e.orig/ssl/ssl.h 2004-07-27 11:28:49.000000000 -0700 -+++ openssl-0.9.7e/ssl/ssl.h 2004-12-24 20:29:01.000000000 -0800 -@@ -929,6 +929,11 @@ struct ssl_st - int first_packet; - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ -+ -+ /* Optional ClientHello/ServerHello extension to be added to the end -+ * of the SSLv3/TLS hello message. */ -+ char *hello_extension; -+ int hello_extension_len; - }; - - #ifdef __cplusplus -diff -upr openssl-0.9.7e.orig/ssl/ssl_lib.c openssl-0.9.7e/ssl/ssl_lib.c ---- openssl-0.9.7e.orig/ssl/ssl_lib.c 2004-05-11 05:46:12.000000000 -0700 -+++ openssl-0.9.7e/ssl/ssl_lib.c 2004-12-24 20:35:22.000000000 -0800 -@@ -478,6 +478,7 @@ void SSL_free(SSL *s) - kssl_ctx_free(s->kssl_ctx); - #endif /* OPENSSL_NO_KRB5 */ - -+ OPENSSL_free(s->hello_extension); - OPENSSL_free(s); - } - |