~ubuntu-branches/ubuntu/feisty/wpasupplicant/feisty

Viewing changes to tls_gnutls.c

Committer: Bazaar Package Importer
Author(s): Reinhard Tartler
Date: 2007-04-01 10:53:37 UTC
Revision ID: james.westby@ubuntu.com-20070401105337-3dd89n3g8ecdhjsl

Tags: 0.5.7-0ubuntu2

Apply patch from upstream after private email discussion:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=33673d3f43da6f5ec0f0aa5a8245a1617b6eb2fd#patch1
Fixes LP: #98895, #98925

files added:
debian/patches/25_wpas_dbus_unregister_iface_fix.dpatch

files modified:
ChangeLog

Makefile

README

aes.c

aes_wrap.c

asn1.c

asn1.h

asn1_test.c

base64.c

build_config.h

common.c

common.h

config.c

config.h

config_file.c

config_none.c

config_ssid.h

config_winreg.c

crypto.c

crypto.h

crypto_cryptoapi.c

crypto_libtomcrypt.c

ctrl_iface.c

ctrl_iface.h

ctrl_iface_dbus.c

ctrl_iface_dbus.h

ctrl_iface_dbus_handlers.c

ctrl_iface_dbus_handlers.h

ctrl_iface_named_pipe.c

ctrl_iface_udp.c

ctrl_iface_unix.c

dbus_dict_helpers.c

debian/changelog

debian/control

debian/patches/00list

debian/patches/11_erroneous_manpage_ref.dpatch

defconfig

defs.h

doc/docbook/wpa_background.8

doc/docbook/wpa_cli.8

doc/docbook/wpa_passphrase.8

doc/docbook/wpa_supplicant.8

doc/docbook/wpa_supplicant.conf.5

doc/docbook/wpa_supplicant.sgml

driver.h

driver_atmel.c

driver_broadcom.c

driver_bsd.c

driver_hostap.c

driver_ipw.c

driver_madwifi.c

driver_ndis.c

driver_ndis.h

driver_ndiswrapper.c

driver_prism54.c

driver_test.c

driver_wext.c

driver_wext.h

driver_wired.c

drivers.c

eap.c

eap.h

eap_aka.c

eap_defs.h

eap_fast.c

eap_gpsk.c

eap_gpsk_common.c

eap_gpsk_common.h

eap_gtc.c

eap_i.h

eap_leap.c

eap_md5.c

eap_methods.c

eap_mschapv2.c

eap_otp.c

eap_pax.c

eap_pax_common.c

eap_pax_common.h

eap_peap.c

eap_psk.c

eap_psk_common.c

eap_psk_common.h

eap_sake.c

eap_sake_common.c

eap_sake_common.h

eap_sim.c

eap_sim_common.c

eap_sim_common.h

eap_testing.txt

eap_tls.c

eap_tls_common.c

eap_tls_common.h

eap_tlv.c

eap_ttls.c

eap_ttls.h

eap_vendor_test.c

eapol_sm.c

eapol_sm.h

eapol_test.c

eloop.c

eloop_win.c

events.c

hostapd.h

includes.h

l2_packet_freebsd.c

l2_packet_linux.c

l2_packet_ndis.c

l2_packet_none.c

l2_packet_pcap.c

l2_packet_winpcap.c

main.c

main_winmain.c

main_winsvc.c

md4.c

md5.c

md5.h

mlme.c

ms_funcs.c

ndis_events.c

os.h

os_none.c

os_unix.c

os_win32.c

pcsc_funcs.c

pcsc_funcs.h

pmksa_cache.c

preauth.c

preauth_test.c

radius.c

radius_client.c

radius_client.h

sha1.c

sha1.h

tls.h

tls_gnutls.c

tls_internal.c

tls_none.c

tls_openssl.c

tls_schannel.c

tlsv1_client.c

tlsv1_client.h

tlsv1_common.c

todo.txt

version.h

vs2005/wpa_supplicant.sln

wpa.c

wpa.h

wpa_cli.c

wpa_common.h

wpa_ctrl.c

wpa_gui-qt4/eventhistory.h

wpa_gui-qt4/networkconfig.cpp

wpa_gui-qt4/networkconfig.h

wpa_gui-qt4/scanresults.h

wpa_gui-qt4/userdatarequest.h

wpa_gui-qt4/wpagui.h

wpa_gui/networkconfig.ui.h

wpa_i.h

wpa_passphrase.c

wpa_supplicant.c

wpa_supplicant.conf

wpa_supplicant.h

wpa_supplicant_i.h

x509v3.c

x509v3.h

Show diffs side-by-side

added added

removed removed

tls_gnutls.c

139

return;

140

}

141

142

s = os_strdup(msg);

142

s = strdup(msg);

143

if (s == NULL)

144

return;

145

153

}

154

wpa_printf(level > 3 ? MSG_MSGDUMP : MSG_DEBUG,

155

"gnutls<%d> %s", level, s);

156

os_free(s);

156

free(s);

157

}

158

159

175

int i;

176

#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */

177

178

global = os_zalloc(sizeof(*global));

178

global = wpa_zalloc(sizeof(*global));

179

if (global == NULL)

180

return NULL;

181

182

if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) {

183

os_free(global);

183

free(global);

184

return NULL;

185

}

186

tls_gnutls_ref_count++;

217

if (global) {

218

if (global->params_set)

219

gnutls_certificate_free_credentials(global->xcred);

220

os_free(global->session_data);

221

os_free(global);

220

free(global->session_data);

221

free(global);

222

}

223

224

tls_gnutls_ref_count--;

246

end = conn->pull_buf + conn->pull_buf_len;

247

if ((size_t) (end - conn->pull_buf_offset) < len)

248

len = end - conn->pull_buf_offset;

249

os_memcpy(buf, conn->pull_buf_offset, len);

249

memcpy(buf, conn->pull_buf_offset, len);

250

conn->pull_buf_offset += len;

251

if (conn->pull_buf_offset == end) {

252

wpa_printf(MSG_DEBUG, "%s - pull_buf consumed", __func__);

253

os_free(conn->pull_buf);

253

free(conn->pull_buf);

254

conn->pull_buf = conn->pull_buf_offset = NULL;

255

conn->pull_buf_len = 0;

256

} else {

267

struct tls_connection *conn = (struct tls_connection *) ptr;

268

u8 *nbuf;

269

270

nbuf = os_realloc(conn->push_buf, conn->push_buf_len + len);

270

nbuf = realloc(conn->push_buf, conn->push_buf_len + len);

271

if (nbuf == NULL) {

272

errno = ENOMEM;

273

return -1;

274

}

275

os_memcpy(nbuf + conn->push_buf_len, buf, len);

275

memcpy(nbuf + conn->push_buf_len, buf, len);

276

conn->push_buf = nbuf;

277

conn->push_buf_len += len;

278

327

struct tls_connection *conn;

328

int ret;

329

330

conn = os_zalloc(sizeof(*conn));

330

conn = wpa_zalloc(sizeof(*conn));

331

if (conn == NULL)

332

return NULL;

333

334

if (tls_gnutls_init_session(global, conn)) {

335

os_free(conn);

335

free(conn);

336

return NULL;

337

}

338

343

if (ret < 0) {

344

wpa_printf(MSG_INFO, "Failed to configure "

345

"credentials: %s", gnutls_strerror(ret));

346

os_free(conn);

346

free(conn);

347

return NULL;

348

}

349

}

350

351

if (gnutls_certificate_allocate_credentials(&conn->xcred)) {

352

os_free(conn);

352

free(conn);

353

return NULL;

354

}

355

368

if (conn->iacred_cli)

369

gnutls_ia_free_client_credentials(conn->iacred_cli);

370

if (conn->session_keys) {

371

os_memset(conn->session_keys, 0, conn->session_keys_len);

372

os_free(conn->session_keys);

371

memset(conn->session_keys, 0, conn->session_keys_len);

372

free(conn->session_keys);

373

}

374

#endif /* GNUTLS_IA */

375

376

gnutls_certificate_free_credentials(conn->xcred);

377

gnutls_deinit(conn->session);

378

os_free(conn->pre_shared_secret);

379

os_free(conn->subject_match);

380

os_free(conn->altsubject_match);

381

os_free(conn->push_buf);

382

os_free(conn->pull_buf);

383

os_free(conn);

378

free(conn->pre_shared_secret);

379

free(conn->subject_match);

380

free(conn->altsubject_match);

381

free(conn->push_buf);

382

free(conn->pull_buf);

383

free(conn);

384

}

385

386

402

* because the connection was already terminated in practice

403

* and "close notify" shutdown alert would confuse AS. */

404

gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);

405

os_free(conn->push_buf);

405

free(conn->push_buf);

406

conn->push_buf = NULL;

407

conn->push_buf_len = 0;

408

conn->established = 0;

409

conn->final_phase_finished = 0;

410

#ifdef GNUTLS_IA

411

if (conn->session_keys) {

412

os_memset(conn->session_keys, 0, conn->session_keys_len);

413

os_free(conn->session_keys);

412

memset(conn->session_keys, 0, conn->session_keys_len);

413

free(conn->session_keys);

414

}

415

conn->session_keys_len = 0;

416

#endif /* GNUTLS_IA */

481

482

wpa_printf(MSG_DEBUG, "TLS: altSubjectName: %s:%s",

483

field, gen->d.ia5->data);

484

len = os_strlen(field) + 1 +

485

strlen((char *) gen->d.ia5->data) + 1;

486

tmp = os_malloc(len);

484

len = strlen(field) + 1 + strlen((char *) gen->d.ia5->data) +

485

486

tmp = malloc(len);

487

if (tmp == NULL)

488

continue;

489

snprintf(tmp, len, "%s:%s", field, gen->d.ia5->data);

490

if (strstr(tmp, match))

491

found++;

492

os_free(tmp);

492

free(tmp);

493

}

494

495

return found;

552

if (conn == NULL || params == NULL)

553

return -1;

554

555

os_free(conn->subject_match);

555

free(conn->subject_match);

556

conn->subject_match = NULL;

557

if (params->subject_match) {

558

conn->subject_match = os_strdup(params->subject_match);

558

conn->subject_match = strdup(params->subject_match);

559

if (conn->subject_match == NULL)

560

return -1;

561

}

562

563

os_free(conn->altsubject_match);

563

free(conn->altsubject_match);

564

conn->altsubject_match = NULL;

565

if (params->altsubject_match) {

566

conn->altsubject_match = os_strdup(params->altsubject_match);

566

conn->altsubject_match = strdup(params->altsubject_match);

567

if (conn->altsubject_match == NULL)

568

return -1;

569

}

796

if (conn == NULL || conn->session == NULL || keys == NULL)

797

return -1;

798

799

os_memset(keys, 0, sizeof(*keys));

799

memset(keys, 0, sizeof(*keys));

800

801

#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK

802

sec = &conn->session->security_parameters;

831

if (conn == NULL || conn->session == NULL)

832

return -1;

833

834

return gnutls_prf(conn->session, os_strlen(label), label,

834

return gnutls_prf(conn->session, strlen(label), label,

835

server_random_first, 0, NULL, out_len, out);

836

#else /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */

837

return -1;

896

897

gnutls_x509_crt_get_dn(cert, NULL, &len);

898

len++;

899

buf = os_malloc(len + 1);

899

buf = malloc(len + 1);

900

if (buf) {

901

buf[0] = buf[len] = '\0';

902

gnutls_x509_crt_get_dn(cert, buf, &len);

908

/* TODO: validate subject_match and altsubject_match */

909

}

910

911

os_free(buf);

911

free(buf);

912

913

if (gnutls_x509_crt_get_expiration_time(cert) < now.sec ||

914

gnutls_x509_crt_get_activation_time(cert) > now.sec) {

942

if (conn->pull_buf) {

943

wpa_printf(MSG_DEBUG, "%s - %d bytes remaining in "

944

"pull_buf", __func__, conn->pull_buf_len);

945

os_free(conn->pull_buf);

945

free(conn->pull_buf);

946

}

947

conn->pull_buf = os_malloc(in_len);

947

conn->pull_buf = malloc(in_len);

948

if (conn->pull_buf == NULL)

949

return NULL;

950

os_memcpy(conn->pull_buf, in_data, in_len);

950

memcpy(conn->pull_buf, in_data, in_len);

951

conn->pull_buf_offset = conn->pull_buf;

952

conn->pull_buf_len = in_len;

953

}

960

conn->push_buf == NULL) {

961

/* Need to return something to trigger

962

* completion of EAP-TLS. */

963

conn->push_buf = os_malloc(1);

963

conn->push_buf = malloc(1);

964

}

965

break;

966

case GNUTLS_E_FATAL_ALERT_RECEIVED:

999

conn->established = 1;

1000

if (conn->push_buf == NULL) {

1001

/* Need to return something to get final TLS ACK. */

1002

conn->push_buf = os_malloc(1);

1002

conn->push_buf = malloc(1);

1003

}

1004

1005

gnutls_session_get_data(conn->session, NULL, &size);

1006

if (global->session_data == NULL ||

1007

global->session_data_size < size) {

1008

os_free(global->session_data);

1009

global->session_data = os_malloc(size);

1008

free(global->session_data);

1009

global->session_data = malloc(size);

1010

}

1011

if (global->session_data) {

1012

global->session_data_size = size;

1055

return -1;

1056

if (conn->push_buf_len < out_len)

1057

out_len = conn->push_buf_len;

1058

os_memcpy(out_data, conn->push_buf, out_len);

1059

os_free(conn->push_buf);

1058

memcpy(out_data, conn->push_buf, out_len);

1059

free(conn->push_buf);

1060

conn->push_buf = NULL;

1061

conn->push_buf_len = 0;

1062

return out_len;

1072

if (conn->pull_buf) {

1073

wpa_printf(MSG_DEBUG, "%s - %d bytes remaining in "

1074

"pull_buf", __func__, conn->pull_buf_len);

1075

os_free(conn->pull_buf);

1075

free(conn->pull_buf);

1076

}

1077

conn->pull_buf = os_malloc(in_len);

1077

conn->pull_buf = malloc(in_len);

1078

if (conn->pull_buf == NULL)

1079

return -1;

1080

os_memcpy(conn->pull_buf, in_data, in_len);

1080

memcpy(conn->pull_buf, in_data, in_len);

1081

conn->pull_buf_offset = conn->pull_buf;

1082

conn->pull_buf_len = in_len;

1083

1095

conn->session, conn->session_keys_len,

1096

conn->session_keys);

1097

if (conn->session_keys) {

1098

os_memset(conn->session_keys, 0,

1099

conn->session_keys_len);

1100

os_free(conn->session_keys);

1098

memset(conn->session_keys, 0,

1099

conn->session_keys_len);

1100

free(conn->session_keys);

1101

}

1102

conn->session_keys = NULL;

1103

conn->session_keys_len = 0;

1291

conn->session_keys_len,

1292

conn->session_keys);

1293

if (conn->session_keys) {

1294

os_memset(conn->session_keys, 0, conn->session_keys_len);

1295

os_free(conn->session_keys);

1294

memset(conn->session_keys, 0, conn->session_keys_len);

1295

free(conn->session_keys);

1296

}

1297

conn->session_keys = NULL;

1298

conn->session_keys_len = 0;

1313

return -1;

1314

if (conn->push_buf_len < out_len)

1315

out_len = conn->push_buf_len;

1316

os_memcpy(out_data, conn->push_buf, out_len);

1317

os_free(conn->push_buf);

1316

memcpy(out_data, conn->push_buf, out_len);

1317

free(conn->push_buf);

1318

conn->push_buf = NULL;

1319

conn->push_buf_len = 0;

1320

return out_len;

1343

return -1;

1344

1345

if (conn->session_keys) {

1346

os_memset(conn->session_keys, 0, conn->session_keys_len);

1347

os_free(conn->session_keys);

1346

memset(conn->session_keys, 0, conn->session_keys_len);

1347

free(conn->session_keys);

1348

}

1349

conn->session_keys_len = 0;

1350

1351

if (key) {

1352

conn->session_keys = os_malloc(key_len);

1352

conn->session_keys = malloc(key_len);

1353

if (conn->session_keys == NULL)

1354

return -1;

1355

os_memcpy(conn->session_keys, key, key_len);

1355

memcpy(conn->session_keys, key, key_len);

1356

conn->session_keys_len = key_len;

1357

} else {

1358

conn->session_keys = NULL;

Older »