The routines used for using raw RSA keys directly have been deprecated
in OpenSSL 3.0. There should be no particular need to use the "RSA
PRIVATE KEY" format, so replace this with the more common "PRIVATE KEY"
format that can be written without use of the deprecated functions.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
DEFINE_STACK_OF() was only introduced in OpenSSL 1.1.0 and newer, but
the ifdef directive that wrapped it was wrongly removed when cleaning
some BoringSSL definitions. Use ifdef confistently for defining and
using AttrOrOID.
Fixes: faf9c04cb5 ("Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs")
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The <openssl/buf.h> include is relevant in both OpenSSL and BoringSSL
because the file uses BUF_MEM (include what you use). OpenSSL just
happened to include it via another file. OpenSSL also spells it
<openssl/buffer.h>, not matching the type, so use the compatible
spelling.
Additionally all the CHECKED_CAST and manual STACK_OF(T) definitions
call into BoringSSL internals. The correct, public APIs are simply to
just use the same code as OpenSSL and call the DEFINE_STACK_OF macros.
Signed-off-by: David Benjamin <davidben@google.com>
Allow any pointer to be used as source for encoding and use char * as
the return value from encoding and input value for decoding to reduce
number of type casts needed in the callers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
SKM_sk_value() is not available anymore, so use DEFINE_STACK_OF() to get
the appropriate accessor functions.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This was used during initial EST development time testing, but the same
information is available in the debug log and since this separate file
is deleted automatically, just remove its generation completely to
simplify implementation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These were restored into BoringSSL in June 2015, but not all Android
branches include those changes. To fix the build, comment these call out
on Android for now if hs20-osu-client is built against BoringSSL. These
are used only for debugging purposes, so this is fine for Hotspot 2.0
functionality.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds one more step in completing hs20-osu-client support when using
BoringSSL instead of OpenSSL. EST client can now parse the cacerts file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
BoringSSL has dropped OpenSSL functionality that was used in the EST
implementation. For now, disable EST with BoringSSL to allow
hs20-osu-client to be built.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
OCSP validation is required only for the OSU operations and since the
EST server may use a different server certificate, it may not
necessarily support OCSP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no requirement for the EST server to use an OSU server
certificate, so do not require friendly name and icon hash matches for
EST cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a reference implementation of Hotspot 2.0 Release 2 OSU
client. While this implements all of the required functionality, it is
likely that a significant extensions would be used to integrate this
with user interfaces and operating system configuration components.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
