From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 4 Dec 2015 09:26:29 +0000 (+0200)
Subject: BoringSSL: Support new SHA_CTX definition for EAP-SIM PRF
X-Git-Tag: hostap_2_6~1244
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f846211e3ec43dc1638ce1e4cae80e79c07129c7;p=thirdparty%2Fhostap.git

BoringSSL: Support new SHA_CTX definition for EAP-SIM PRF

BoringSSL modified the struct sha_state_st (SHA_CTX) definition by
converting h0..h4 with h[5] array. This broke wpa_supplicant/hostapd
build with EAP-SIM enabled. BoringSSL restored the old version for
ANDROID builds, but only the new version is currently defined for
non-Android cases. For now, fix this by having matching selection in
fips_prf_openssl.c based on OPENSSL_IS_BORINGSSL and ANDROID defines.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/crypto/fips_prf_openssl.c b/src/crypto/fips_prf_openssl.c
index fb03efcd4..9d094b822 100644
--- a/src/crypto/fips_prf_openssl.c
+++ b/src/crypto/fips_prf_openssl.c
@@ -17,6 +17,19 @@ static void sha1_transform(u32 *state, const u8 data[64])
 {
 	SHA_CTX context;
 	os_memset(&context, 0, sizeof(context));
+#if defined(OPENSSL_IS_BORINGSSL) && !defined(ANDROID)
+	context.h[0] = state[0];
+	context.h[1] = state[1];
+	context.h[2] = state[2];
+	context.h[3] = state[3];
+	context.h[4] = state[4];
+	SHA1_Transform(&context, data);
+	state[0] = context.h[0];
+	state[1] = context.h[1];
+	state[2] = context.h[2];
+	state[3] = context.h[3];
+	state[4] = context.h[4];
+#else
 	context.h0 = state[0];
 	context.h1 = state[1];
 	context.h2 = state[2];
@@ -28,6 +41,7 @@ static void sha1_transform(u32 *state, const u8 data[64])
 	state[2] = context.h2;
 	state[3] = context.h3;
 	state[4] = context.h4;
+#endif
 }