[HostAPD] Are we ready for OpenSSL 1.1.x?

PGNet Dev pgnet.dev at gmail.com
Sat Feb 10 08:16:13 PST 2018

On 2/9/18 9:06 AM, Sergio NNX wrote:
> I'm building hostap 2.6 from source with OpenSSL 1.1.1 installed and I get the following compilation issues:
> tls_openssl.c:342:36: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
>     (struct cryptoapi_rsa_data *) rsa->meth->app_data;
>                                      ^~
> In file included from tls_openssl.c:20:0:
> tls_openssl.c:349:10: error: 'RSA_F_RSA_EAY_PRIVATE_ENCRYPT' undeclared (first use in this function)
>            ^
> tls_openssl.c:349:10: note: each undeclared identifier is reported only once for each function it appears in
> tls_openssl.c: In function 'tls_cryptoapi_cert':
> tls_openssl.c:505:30: error: dereferencing pointer to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
>    rsa_meth = os_zalloc(sizeof(*rsa_meth));
>                                ^~~~~~~~~
> tls_openssl.c:565:16: error: dereferencing pointer to incomplete type 'X509 {aka struct x509_st}'
>    pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
>                  ^~
> Is there any patch available?

Have you correctly exported


to point to your OpenSSL 11x install?

Here, building hostapd/git, unpatched,

	git log | head
		commit cd483be25278308ca16dcbe4bc41ac920ba13ee8
		Author: Ashok Ponnaiah <aponnaia at codeaurora.org>
		Date:   Tue Jan 30 16:54:39 2018 +0530

		    OWE: Use PMKSA caching if available with driver AP MLME

		    If a matching PMKSA cache entry is present for an OWE client, use it and
		    do not go through DH while processing Association Rquest frame.
		    Association Response frame will identify the PMKID in such a case and DH
		    parameters won't be present.

, linked against openssl11 API/libs, results in

	ldd `which hostapd` | egrep "ssl|crypto"
	        libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fee73285000)

What's `ldd` for you show?

More information about the Hostap mailing list