main/hostapd: rebuild against libressl-2.7

3 files changed, 74 insertions, 25 deletions

diff --git a/main/hostapd/APKBUILD b/main/hostapd/APKBUILD
index 341df5d277..ce9bb10416 100644
--- a/main/hostapd/APKBUILD
+++ b/main/hostapd/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=hostapd
 pkgver=2.6
-pkgrel=3
+pkgrel=4
 pkgdesc="daemon for wireless software access points"
 url="http://hostap.epitest.fi/hostapd/"
 arch="all"
@@ -9,7 +9,7 @@ license="custom"
 makedepends="libressl-dev libnl3-dev linux-headers"
 subpackages="$pkgname-doc"
 patches="CVE-2012-4445.patch
-	libressl-compat.patch
+	libressl.patch
 	0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 	0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 	0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
@@ -98,7 +98,7 @@ package() {
 }
 sha512sums="e60baaa092786250b8de9935f5417c7626f5d749210cce9f83d776b65c19fc92a8141f41923389f05c16295d482a15ae8d8b744f4667425040c99e3c2f5b1bda  hostapd-2.6.tar.gz
 619acce84516dead1e03e5da71657ea4c4b6f3ca8271574409773aeb316cbddc88095b50320804f457f001f4f3fe83053e660c008d8409f59bb4d3bfe058b601  CVE-2012-4445.patch
-e6428a7fde025550e8d8252a04dd3a9009f95b6cab064c1f76bf4e5c321bc6acba9a21511e25f996fe98f6c9f1c057bc5af7aa9e6dd19e0bbc537b2be67d494f  libressl-compat.patch
+e9fe8cf40150e6c92c56401dbc5dbbcd287dd9f4b02e65e6a476d5cce0996af34e562f568beda29d808213cd89c2d0a2f5931c1f93853d0dcbbbc502d992c21f  libressl.patch
 f855fa792425f175ccc800eb49df42067b1c1f4b52ba2d24160af4dfbb74dcf8e81661b7e6c8d92fa408938b8a559fc74557d1677913e4a751bfd43706c14bb6  0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 b4e413aa815572ea0002d33d24b69cd499aebb5efebed8fcaade8b29324bb5853a5db64e8b1dfdf24478e02c66196238b81a6ec777a7a28610435dce4d2c344e  0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 a6382d8e84b4829be33c46bf2f4c6f3232c9d924a4547a21dfe023bf5be8ee1c635920295f52be285359efaae95bcc1f12b512659cfd1653b871dd0bea7e5ace  0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
diff --git a/main/hostapd/libressl-compat.patch b/main/hostapd/libressl-compat.patch
deleted file mode 100644
index d7c12bcf6a..0000000000
--- a/main/hostapd/libressl-compat.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
-index 19e0e2b..b3d1b07 100644
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -611,7 +611,7 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
- 
- void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	DH *dh;
- 	struct wpabuf *pubkey = NULL, *privkey = NULL;
- 	size_t publen, privlen;
-@@ -712,7 +712,7 @@ err:
- 
- void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	DH *dh;
- 
- 	dh = DH_new();
diff --git a/main/hostapd/libressl.patch b/main/hostapd/libressl.patch
new file mode 100644
index 0000000000..46bc052c5f
--- /dev/null
+++ b/main/hostapd/libressl.patch
@@ -0,0 +1,71 @@
+diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
+index 19e0e2b..35f5ddf 100644
+--- a/src/crypto/crypto_openssl.c
++++ b/src/crypto/crypto_openssl.c
+@@ -33,7 +33,7 @@
+ #include "aes_wrap.h"
+ #include "crypto.h"
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ /* Compatibility wrappers for older versions. */
+ 
+ static HMAC_CTX * HMAC_CTX_new(void)
+@@ -611,7 +611,7 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
+ 
+ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	DH *dh;
+ 	struct wpabuf *pubkey = NULL, *privkey = NULL;
+ 	size_t publen, privlen;
+@@ -712,7 +712,7 @@ err:
+ 
+ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	DH *dh;
+ 
+ 	dh = DH_new();
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 23ac64b..ec42b1a 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -59,7 +59,7 @@ typedef int stack_index_t;
+ #endif /* SSL_set_tlsext_status_type */
+ 
+ #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
+-     defined(LIBRESSL_VERSION_NUMBER)) &&    \
++     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <  0x20700000L)) &&    \
+     !defined(BORINGSSL_API_VERSION)
+ /*
+  * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
+@@ -919,7 +919,7 @@ void * tls_init(const struct tls_config *conf)
+ 		}
+ #endif /* OPENSSL_FIPS */
+ #endif /* CONFIG_FIPS */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 		SSL_load_error_strings();
+ 		SSL_library_init();
+ #ifndef OPENSSL_NO_SHA256
+@@ -1043,7 +1043,7 @@ void tls_deinit(void *ssl_ctx)
+ 
+ 	tls_openssl_ref_count--;
+ 	if (tls_openssl_ref_count == 0) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_ENGINE
+ 		ENGINE_cleanup();
+ #endif /* OPENSSL_NO_ENGINE */
+@@ -2334,7 +2334,7 @@ static int tls_connection_client_cert(struct tls_connection *conn,
+ 		return 0;
+ 
+ #ifdef PKCS12_FUNCS
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	/*
+ 	 * Clear previously set extra chain certificates, if any, from PKCS#12
+ 	 * processing in tls_parse_pkcs12() to allow OpenSSL to build a new