The <openssl/buf.h> include is relevant in both OpenSSL and BoringSSL
because the file uses BUF_MEM (include what you use). OpenSSL just
happened to include it via another file. OpenSSL also spells it
<openssl/buffer.h>, not matching the type, so use the compatible
spelling.
Additionally all the CHECKED_CAST and manual STACK_OF(T) definitions
call into BoringSSL internals. The correct, public APIs are simply to
just use the same code as OpenSSL and call the DEFINE_STACK_OF macros.
Signed-off-by: David Benjamin <davidben@google.com>
Get rid of the gcc warnings on potentially truncating the output buffer
by explicitly checking that there was enough room to write the full
string.
Signed-off-by: Jouni Malinen <j@w1.fi>
hs20-osu-client compilation fails on Android O onwards because of
undefined reference for __android_log_print/__android_log_vprint.
Modify hs20-osu-client's Android.mk to include liblog library and
use tag 'hs20-osu-client' in logcat logs. Additionally, compile
hs20-osu-client to /vendor/bin in non-production builds.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This reverts commit 1192d5721b. That
commit disabled hostapd and wpa_supplicant build in user build variants.
Furthermore, it used duplicated TARGET_BUILD_VARIANT checks between the
Android.mk files.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The previous change to allow EST server to use a different host name
ended up overriding the OSU server certificate information and the
incorrect server certificate was used when comparing the SP FQDN from
the PPS MO if the OSU and EST servers where different. Fix this by
keeping the dNSName from the SPP interaction and not storing the values
from the EST interaction.
Fixes: 0ce8d55a2e ("hs20-osu-client: Allow EST server to use different host name")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The EST server does not have to be sharing the same host name with the
OSU server. Use the host name from the EST URL instead of the SPP server
URL when validating the EST server certificate.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Make the error reason clearer in the event log for the case where the
requested realm has not been configured.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
hs20-osu-client compilation fails on Android O onwards because of
undefined reference for __android_log_print/__android_log_vprint.
Modify hs20-osu-client's Android.mk to include liblog library and use
tag 'hs20-osu-client' in logcat logs. Additionally, compile
hs20-osu-client to /vendor/bin in non-production builds.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.
This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.
For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clean up in a more common fashion as well, initially for ../src/.
Also add $(Q) to the clean target in src/
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This avoids a theoretical integer overflow with 16-bit unsigned int
should a certificate be encoded with more that 65535 friendly names or
icons.
Signed-off-by: Jouni Malinen <j@w1.fi>
By default, 'openssl ocsp' exits upon receiving a malformed request.
That's not really ideal for a server, so configure openssl to not do
that and instead, continue running to process other requests.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not use VERSION_STR directly as the format string to printf() since
it is possible for that string to contain '%'.
Signed-off-by: Didier Raboud <odyx@debian.org>
This changes "hs20-osu-client browser <URL>" behavior to validate the
HTTPS server certificate against the system trust roots. The new command
line argument -T can be used to disable this validation.
This does not change behavior for SPP/OMA-DM triggered OSU operation,
i.e., they continue to not mandate server certificate validation for now
to avoid breaking existing test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
hs20_web_browser() was previously hardcoded to not perform strict TLS
server validation. Add an argument to this function to allow that
behavior to be configured. The hs20-osu-client users are still using the
old behavior, i.e., not validating server certificates, to be usable for
testing purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow any pointer to be used as source for encoding and use char * as
the return value from encoding and input value for decoding to reduce
number of type casts needed in the callers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This updates SP/<FQDN> directory with following permissions on Android
to allow moving certificate at runtime from Cert/ to SP/<FQDN> folder:
- user:read/write/exec
- group:read/write/exec
(i.e., add group write permission)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When filtering is successfully disabled at the end of the terms and
conditions acceptance sequence, add the "X-WFA-Hotspot20-Filtering:
remove" header line to the HTTP response.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new subrem field in the users database can now be used to issue an
alternative subscription remediation updateNode for clients using
certificate credentials. The data file for this case is similar to the
policy update files, but it starts with the managementTreeURI value in
the first line.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no point in trying to update the Credential node with the
existing contents in case of subscription remediation using a client
certificate instead of a username/password credential, so use the
noMOUpdate in that case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make it easier to find the new username (and the new serial number from
it) when a user entry is renamed at the conclusion of client certificate
re-enrollment sequence.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no need to allow symlink dereferencing in these cases where a
file (including directories and sockets) are created by the same
process, so use the safer lchown() variant to avoid leaving potential
windows for something external to replace the file before the chown()
call. The particular locations used here should not have write
permissions enabled for processes with less privileges, so this may not
be needed, but anyway, it is better to make these more restrictive
should there be cases where directory permissions are not as expected
for a good deployment.
Signed-off-by: Jouni Malinen <j@w1.fi>
SKM_sk_value() is not available anymore, so use DEFINE_STACK_OF() to get
the appropriate accessor functions.
Signed-off-by: Ben Greear <greearb@candelatech.com>
A new osu_config field "sim_policy" can now be used to specify the
policy template for SIM provisioning.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Support SIM provisioning exchange with SPP. This uses the
hotspot2dot0-mobile-identifier-hash value from the AAA server to allow
subscription registration through subscription remediation exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds support for hostapd-as-RADIUS-authentication-server to request
subscription remediation for SIM-based credentials. The new hostapd.conf
parameter hs20_sim_provisioning_url is used to set the URL prefix for
the remediation server for SIM provisioning. The random
hotspot2dot0-mobile-identifier-hash value will be added to the end of
this URL prefix and the same value is stored in a new SQLite database
table sim_provisioning for the subscription server implementation to
use.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds support for the SPP server to request certificate reenrollment
and for the EST server to support the simplereenroll version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previous implementation updated user database only for username/password
credentials. While client certificates do not need the updated password
to be written, they do need the remediation requirement to be cleared,
so fix that.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These are not really using Phase 2, so use more appropriate
configuration when going through online signup for client certificates.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
EAP-TLS users are not really using phase2, so do not require the
database to be set in a way that claim that inaccurately.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
hs20-osu-client refused to do anything if it could not find devinfo.xml
from the current working directory. This is a bit excessive since that
file was used in init_ctx() only to fill in ctx->devid which is used
when constructing OMA DM messages.
Move the check for ctx->devid into OMA DM specific code so that other
hs20-osu-client functionality can be used without the devinfo.xml file.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it a bit easier to use existing hardcoded PPS MO files for
testing purposes when the subscription remediation and policy update
operations target the same path.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This node was modified long time ago to include "SPP-" prefix. Fix the
OSU server implementation to use the correct value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend test=<value> special incorrect behavior testing capabilities in
the OSU server to include the fingerprint of the policy update trust
root: test=corrupt_polupd_hash.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a mechanism to allow special incorrect behavior to be requested from
OSU server by adding an optional parameter test=<value> to the initial
signup URL. This is for protocol testing purposes for the OSU client.
This commit adds two special behavior cases: corrupt_aaa_hash and
corrupt_subrem_hash. These can be used to generate PPS MO with invalid
CertSHA256Fingerprint values for AAAServerTrustRoot and
SubscriptionUpdate nodes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, this was done only for the subscription remediation/update
trust root. The other downloaded files were also verified, but the OSU
server was not notified if the files were found to be invalid.
Modify hs20-osu-client behavior to explicitly notify the OSU server if
any of the three trust root types cannot be successfully downloaded.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for user remediation to request a new password from the user
for username/password credentials that have been configured not use use
machine managed password.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>