Executive Summary
I'm trying to compile wpa_supplicant 2.10 using Visual Studio on Windows 10 with the OpenSSL v3.0.5, but the compilation fails on suspicious-looking pre-OpenSSL v1.1.0 code in wpa_supplicant source code.
Build Environment and Configuration
I am trying to build the latest wpa_supplicant 2.10 sources (taken from w1.fi/releases) with the following tools/libraries:
- Windows 10
- Visual Studio Pro 2019
- OpenSSL 3.0.5 (Win64 OpenSSL v3.0.5 install from slproweb.com)
- Using the
wpa_supplicant\vs2005\wpa_supplicant.slnsolution file to build the tool
Technical Details
The solution file was automatically upgraded to a more modern version of Visual Studio - no problem here. In addition, I needed to make minor modifications to the solution and some source files to fix most compile errors, and almost succeeded in compiling wpa_supplicant.
My problem is that tls_openssl.c fails to build because of RSA method-related code that fails to compile. Here's an example of such failing code in tls_openssl.c (line 399):
static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
struct cryptoapi_rsa_data *priv =
(struct cryptoapi_rsa_data*)rsa->meth->app_data;
...
}
The error message for this line is:
src\crypto\tls_openssl.c(403,36): error C2037: left of 'meth' specifies undefined struct/union 'rsa_st'
The code seems to be accessing the RSA method data as a pre-OpenSSL-1.1.0 object. Although the opaque RSA_new() is called in tls_openssl.c, the RSA method code seems to be pre-1.1.0 (i.e., it does not use RSA_meth_new() etc.). It is therefore not surprising that the code does not compile.
Has wpa_supplicant ever been built under Windows with OpenSSL v3.0.5? Am I the first one to ever try this?!
Artifacts
Following are the build_config.h and the build log files:
build_config.h -->
/*
* wpa_supplicant/hostapd - Build time configuration defines
* Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*
* This header file can be used to define configuration defines that were
* originally defined in Makefile. This is mainly meant for IDE use or for
* systems that do not have suitable 'make' tool. In these cases, it may be
* easier to have a single place for defining all the needed C pre-processor
* defines.
*/
#ifndef BUILD_CONFIG_H
#define BUILD_CONFIG_H
/* Insert configuration defines, e.g., #define EAP_MD5, here, if needed. */
#ifdef CONFIG_WIN32_DEFAULTS
#define CONFIG_NATIVE_WINDOWS
#define CONFIG_ANSI_C_EXTRA
#define CONFIG_WINPCAP
#define IEEE8021X_EAPOL
#define PKCS12_FUNCS
#define PCSC_FUNCS
#define CONFIG_CTRL_IFACE
#define CONFIG_CTRL_IFACE_NAMED_PIPE
#define CONFIG_DRIVER_NDIS
#define CONFIG_NDIS_EVENTS_INTEGRATED
#define CONFIG_DEBUG_FILE
#define EAP_MD5
#define EAP_TLS
#define EAP_MSCHAPv2
#define EAP_PEAP
#define EAP_TTLS
#define EAP_GTC
#define EAP_OTP
#define EAP_LEAP
#define EAP_TNC
#define _CRT_SECURE_NO_DEPRECATE
/*MOSHE*/ #define OPENSSL_NO_TLSEXT
#ifdef USE_INTERNAL_CRYPTO
#define CONFIG_TLS_INTERNAL_CLIENT
#define CONFIG_INTERNAL_LIBTOMMATH
#define CONFIG_CRYPTO_INTERNAL
#endif /* USE_INTERNAL_CRYPTO */
#endif /* CONFIG_WIN32_DEFAULTS */
#endif /* BUILD_CONFIG_H */
Build log -->
Build started...
1>------ Build started: Project: wpa_supplicant, Configuration: Debug x64 ------
1>C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\MSBuild\Microsoft\VC\v160\Microsoft.CppBuild.targets(1097,5): warning MSB8027: Two or more files with the name of config.c will produce outputs to the same location. This can lead to an incorrect build result. The files involved are ..\..\..\src\utils\config.c, ..\..\config.c.
1>wpa_common.c
1>tls_openssl.c
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(403,36): error C2037: left of 'meth' specifies undefined struct/union 'rsa_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(454,8): warning C4996: 'RSA_size': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(500,57): error C2037: left of 'meth' specifies undefined struct/union 'rsa_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(500,21): error C2198: 'cryptoapi_free_data': too few arguments for call
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(501,2): error C2037: left of 'meth' specifies undefined struct/union 'rsa_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(501,2): error C2198: 'free': too few arguments for call
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(502,7): error C2037: left of 'meth' specifies undefined struct/union 'rsa_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(566,40): error C2027: use of undefined type 'rsa_meth_st'
1>C:\Program Files\OpenSSL-Win64-3.0.5\include\openssl\types.h(144): message : see declaration of 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(605,12): error C2037: left of 'name' specifies undefined struct/union 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(606,12): error C2037: left of 'rsa_pub_enc' specifies undefined struct/union 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(607,12): error C2037: left of 'rsa_pub_dec' specifies undefined struct/union 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(608,12): error C2037: left of 'rsa_priv_enc' specifies undefined struct/union 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(609,12): error C2037: left of 'rsa_priv_dec' specifies undefined struct/union 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(610,12): error C2037: left of 'finish' specifies undefined struct/union 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(611,12): error C2037: left of 'flags' specifies undefined struct/union 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(612,12): error C2037: left of 'app_data' specifies undefined struct/union 'rsa_meth_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(626,18): error C2037: left of 'cert_info' specifies undefined struct/union 'x509_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(630,7): error C2037: left of 'n' specifies undefined struct/union 'rsa_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(630,27): error C2037: left of 'n' specifies undefined struct/union 'rsa_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(630,17): error C2198: 'BN_dup': too few arguments for call
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(631,7): error C2037: left of 'e' specifies undefined struct/union 'rsa_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(631,27): error C2037: left of 'e' specifies undefined struct/union 'rsa_st'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(631,17): error C2198: 'BN_dup': too few arguments for call
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(614,8): warning C4996: 'RSA_new': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(622,3): warning C4996: 'RSA_free': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(632,7): warning C4996: 'RSA_set_method': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(635,7): warning C4996: 'SSL_use_RSAPrivateKey': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(637,2): warning C4996: 'RSA_free': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(645,3): warning C4996: 'RSA_free': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1105,32): error C2065: 'TLS_DEFAULT_CIPHERS': undeclared identifier
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1105,32): warning C4047: '=': 'const char *' differs in levels of indirection from 'int'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1842,17): error C2065: 'name': undeclared identifier
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1842,17): error C2296: '*': illegal, left operand has type 'LPCSTR'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1845,7): error C2065: 'name': undeclared identifier
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1845,45): warning C4047: '=': 'int' differs in levels of indirection from 'X509_NAME *'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1854,51): error C2065: 'name': undeclared identifier
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1854,51): warning C4047: 'function': 'const X509_NAME *' differs in levels of indirection from 'int'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1854,47): warning C4024: 'X509_NAME_get_index_by_NID': different types for formal and actual parameter 1
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1858,31): error C2065: 'name': undeclared identifier
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1858,31): warning C4047: 'function': 'const X509_NAME *' differs in levels of indirection from 'int'
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(1858,27): warning C4024: 'X509_NAME_get_entry': different types for formal and actual parameter 1
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(3826,7): warning C4996: 'SSL_use_RSAPrivateKey_ASN1': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(3965,7): warning C4996: 'PEM_read_bio_DHparams': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(3976,9): warning C4996: 'PEM_read_bio_DSAparams': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(3986,8): warning C4996: 'DSA_dup_DH': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(3987,3): warning C4996: 'DSA_free': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(4006,3): warning C4996: 'DH_free': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(4009,2): warning C4996: 'DH_free': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(4040,7): warning C4996: 'PEM_read_bio_DHparams': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(4051,9): warning C4996: 'PEM_read_bio_DSAparams': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(4061,8): warning C4996: 'DSA_dup_DH': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(4062,3): warning C4996: 'DSA_free': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(4081,3): warning C4996: 'DH_free': Since OpenSSL 3.0
1>C:\dev\wpa_supplicant-2.10\src\crypto\tls_openssl.c(4084,2): warning C4996: 'DH_free': Since OpenSSL 3.0
1>drivers.c
1>driver_ndis_.c
1>ndis_events.c
1>l2_packet_winpcap.c
1>pmksa_cache.c
1>events.c
1>wpa_supplicant.c
1>Generating Code...
1>Done building project "wpa_supplicant.vcxproj" -- FAILED.
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
Miscellaneous Points
As described in a Stack Overflow post, OpenSSL 1.1.0 changed the visibility of a lot of struct members. You can no longer access the members directly. Instead, you have to use getter and setter functions (e.g., RSA_new, RSA_new_method, RSA_get0_d, RSA_set_method). Therefore, compiling wpa_supplicant with OpenSSL >= 1.1.0 should access object through 'opaque' getter/setter functions, not directly.
The wpa_supplicant code is full of #if preprocessor statements checking the OPENSSL_VERSION_NUMBER symbol, so it seems to know how to handle all OpenSSL versions, including 1.1.x and 3.x. So there shouldn't be a problem using OpenSSL 3.0.5.
Jouni Malinen, the wpa_supplicant maintainer, once answered someone in the hostap mailing list about OpenSSL versions supported, saying that wpa_supplicant should handle all versions:
On Thu, Oct 15, 2020 at 09:46:50AM +0200, Micka wrote:
> I would like to know how to build the last version of wpa_supplicant with openssl 1.1.1.
wpa_supplicant build will use whatever version of OpenSSL that is available in the build
system. If you need to point to a custom location for this, you can add -I<dir> and -L<dir> options to CFLAGS/LIBS in .config.
> Are they compatible?
Works for me.
Summary
Can someone advise me on how to compile wpa_supplicant on Windows 10 with OpenSSL v3.x?
