Merge "Fix wpa_supplicant build with newer BoringSSL" am: 96e84352e6 am: 12405a05cf Original change: https://android-review.googlesource.com/c/platform/external/wpa_supplicant_8/+/1835013 Change-Id: I9aa801edb195a464c337b869045dcc16402b81c7

commit: b551791ccf9fe2dbe0467cc0489beae17fcc5d57 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Sep 30 18:41:04 2021 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Sep 30 18:41:04 2021 +0000
tree: d968edbb057d20e475067e8eb01fa61a11ed5f55
parent: 8b8619f8c2b3c327f06be3fc5d326206c3903dc2 [diff]
parent: 12405a05cf6e16c11db301d4a7a71131737d3643 [diff]
diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c
index 8b37b34..97bf605 100644
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c

@@ -502,7 +502,7 @@
 	enum ocsp_result result = OCSP_INVALID;
 	X509_STORE *store;
 	STACK_OF(X509) *untrusted = NULL, *certs = NULL, *chain = NULL;
-	X509_STORE_CTX ctx;
+	X509_STORE_CTX *ctx = NULL;
 	X509 *signer, *tmp_cert;
 	int signer_trusted = 0;
 	EVP_PKEY *skey;
@@ -546,7 +546,7 @@
 		return OCSP_INVALID;
 	}
 
-	basic_data = ASN1_STRING_data(bytes->response);
+	basic_data = ASN1_STRING_get0_data(bytes->response);
 	basic_len = ASN1_STRING_length(bytes->response);
 	wpa_hexdump(MSG_DEBUG, "OpenSSL: BasicOCSPResponse",
 		    basic_data, basic_len);
@@ -643,12 +643,14 @@
 		   "OpenSSL: Found OCSP signer certificate %s and verified BasicOCSPResponse signature",
 		   buf);
 
-	if (!X509_STORE_CTX_init(&ctx, store, signer, untrusted))
+	ctx = X509_STORE_CTX_new();
+	if (!ctx ||
+	    !X509_STORE_CTX_init(ctx, store, signer, untrusted) ||
+	    !X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER)) {
 		goto fail;
-	X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-	ret = X509_verify_cert(&ctx);
-	chain = X509_STORE_CTX_get1_chain(&ctx);
-	X509_STORE_CTX_cleanup(&ctx);
+	}
+	ret = X509_verify_cert(ctx);
+	chain = X509_STORE_CTX_get1_chain(ctx);
 	if (ret <= 0) {
 		wpa_printf(MSG_DEBUG,
 			   "OpenSSL: Could not validate OCSP signer certificate");
@@ -661,9 +663,8 @@
 	}
 
 	if (!signer_trusted) {
-		X509_check_purpose(signer, -1, 0);
-		if ((signer->ex_flags & EXFLAG_XKUSAGE) &&
-		    (signer->ex_xkusage & XKU_OCSP_SIGN)) {
+		if ((X509_get_extension_flags(signer) & EXFLAG_XKUSAGE) &&
+		    (X509_get_extended_key_usage(signer) & XKU_OCSP_SIGN)) {
 			wpa_printf(MSG_DEBUG,
 				   "OpenSSL: OCSP signer certificate delegation OK");
 		} else {
@@ -839,6 +840,7 @@
 	sk_X509_pop_free(certs, X509_free);
 	BasicOCSPResponse_free(basic);
 	OCSPResponse_free(resp);
+	X509_STORE_CTX_free(ctx);
 
 	return result;
 }
commit	b551791ccf9fe2dbe0467cc0489beae17fcc5d57	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Sep 30 18:41:04 2021 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Sep 30 18:41:04 2021 +0000
tree	d968edbb057d20e475067e8eb01fa61a11ed5f55
parent	8b8619f8c2b3c327f06be3fc5d326206c3903dc2 [diff]
parent	12405a05cf6e16c11db301d4a7a71131737d3643 [diff]