hs20-osu-client: Disable EST with BoringSSL to fix build

BoringSSL has dropped OpenSSL functionality that was used in the EST
implementation. For now, disable EST with BoringSSL to allow
hs20-osu-client to be built.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-10-10 00:07:32 +03:00 committed by Jouni Malinen
parent cc2994024d
commit 63d9bf81ab

View file

@ -27,6 +27,11 @@
static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7, static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
size_t len, char *pem_file, char *der_file) size_t len, char *pem_file, char *der_file)
{ {
#ifdef OPENSSL_IS_BORINGSSL
wpa_printf(MSG_ERROR,
"EST: pkcs7_to_cert not yet supported with BoringSSL");
return -1;
#else /* OPENSSL_IS_BORINGSSL */
PKCS7 *p7 = NULL; PKCS7 *p7 = NULL;
const unsigned char *p = pkcs7; const unsigned char *p = pkcs7;
STACK_OF(X509) *certs; STACK_OF(X509) *certs;
@ -89,6 +94,7 @@ fail:
BIO_free_all(out); BIO_free_all(out);
return ret; return ret;
#endif /* OPENSSL_IS_BORINGSSL */
} }
@ -216,6 +222,8 @@ ASN1_CHOICE(CsrAttrs) = {
IMPLEMENT_ASN1_FUNCTIONS(CsrAttrs); IMPLEMENT_ASN1_FUNCTIONS(CsrAttrs);
#ifndef OPENSSL_IS_BORINGSSL
static void add_csrattrs_oid(struct hs20_osu_client *ctx, ASN1_OBJECT *oid, static void add_csrattrs_oid(struct hs20_osu_client *ctx, ASN1_OBJECT *oid,
STACK_OF(X509_EXTENSION) *exts) STACK_OF(X509_EXTENSION) *exts)
{ {
@ -324,11 +332,18 @@ static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs,
} }
} }
#endif /* OPENSSL_IS_BORINGSSL */
static int generate_csr(struct hs20_osu_client *ctx, char *key_pem, static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
char *csr_pem, char *est_req, char *old_cert, char *csr_pem, char *est_req, char *old_cert,
CsrAttrs *csrattrs) CsrAttrs *csrattrs)
{ {
#ifdef OPENSSL_IS_BORINGSSL
wpa_printf(MSG_ERROR,
"EST: CSR generation not yet supported with BoringSSL");
return -1;
#else /* OPENSSL_IS_BORINGSSL */
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
RSA *rsa; RSA *rsa;
@ -535,6 +550,7 @@ fail:
if (pctx) if (pctx)
EVP_PKEY_CTX_free(pctx); EVP_PKEY_CTX_free(pctx);
return ret; return ret;
#endif /* OPENSSL_IS_BORINGSSL */
} }