~ubuntu-branches/ubuntu/lucid/wpasupplicant/lucid-updates

« back to all changes in this revision

Viewing changes to tls_openssl.c

  • Committer: Bazaar Package Importer
  • Author(s): Kel Modderman
  • Date: 2006-10-05 08:04:01 UTC
  • mfrom: (1.1.5 upstream) (3 etch)
  • mto: This revision was merged to the branch mainline in revision 4.
  • Revision ID: james.westby@ubuntu.com-20061005080401-r8lqlix4390yos7b
Tags: 0.5.5-2
* Update madwifi headers to latest SVN. (Closes: #388316)
* Remove failed attempt at action locking. [debian/functions.sh,
  debian/wpa_action.sh]
* Add hysteresis checking functions, to avoid "event loops" while
  using wpa-roam. [debian/functions.sh, debian/wpa_action.sh]
* Change of co-maintainer email address.
* Add ishex() function to functions.sh to determine wpa-psk value type in
  plaintext or hex. This effectively eliminates the need for the bogus and
  somewhat confusing wpa-passphrase contruct specific to our scripts and
  allows wpa-psk to work with either a 8 to 63 character long plaintext
  string or 64 character long hex string.
* Adjust README.modes to not refer to the redundant wpa-passphrase stuff.
* Add big fat NOTE about acceptable wpa-psk's to top of example gallery.
* Strip surrounding quotes from wpa-ssid if present, instead of just whining
  about them.
* Update email address in copyright blurb of functions.sh, ifupdown.sh and
  wpa_action.sh.  

Show diffs side-by-side

added added

removed removed

Lines of Context:
451
451
        PCCERT_CONTEXT ctx = NULL;
452
452
        X509 *cert;
453
453
        char buf[128];
 
454
        const char *store;
 
455
#ifdef UNICODE
 
456
        WCHAR *wstore;
 
457
#endif /* UNICODE */
454
458
 
455
459
        if (mingw_load_crypto_func())
456
460
                return -1;
458
462
        if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
459
463
                return -1;
460
464
 
461
 
        cs = CertOpenSystemStore(0, name + 13);
 
465
        store = name + 13;
 
466
#ifdef UNICODE
 
467
        wstore = malloc((strlen(store) + 1) * sizeof(WCHAR));
 
468
        if (wstore == NULL)
 
469
                return -1;
 
470
        wsprintf(wstore, L"%S", store);
 
471
        cs = CertOpenSystemStore(0, wstore);
 
472
        free(wstore);
 
473
#else /* UNICODE */
 
474
        cs = CertOpenSystemStore(0, store);
 
475
#endif /* UNICODE */
462
476
        if (cs == NULL) {
463
477
                wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
464
 
                           "'%s': error=%d", __func__, name + 13,
 
478
                           "'%s': error=%d", __func__, store,
465
479
                           (int) GetLastError());
466
480
                return -1;
467
481
        }
970
984
                if (tmp == NULL)
971
985
                        continue;
972
986
                snprintf(tmp, len, "%s:%s", field, gen->d.ia5->data);
 
987
                tmp[len - 1] = '\0';
973
988
                if (strstr(tmp, match))
974
989
                        found++;
975
990
                free(tmp);
1387
1402
        FILE *f;
1388
1403
        PKCS12 *p12;
1389
1404
 
1390
 
        f = fopen(private_key, "r");
 
1405
        f = fopen(private_key, "rb");
1391
1406
        if (f == NULL)
1392
1407
                return -1;
1393
1408
 
1751
1766
 
1752
1767
u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
1753
1768
                              const u8 *in_data, size_t in_len,
1754
 
                              size_t *out_len)
 
1769
                              size_t *out_len, u8 **appl_data,
 
1770
                              size_t *appl_data_len)
1755
1771
{
1756
1772
        int res;
1757
1773
        u8 *out_data;
1758
1774
 
 
1775
        if (appl_data)
 
1776
                *appl_data = NULL;
 
1777
 
1759
1778
        /*
1760
1779
         * Give TLS handshake data from the server (if available) to OpenSSL
1761
1780
         * for processing.
1809
1828
                return NULL;
1810
1829
        }
1811
1830
        *out_len = res;
 
1831
 
 
1832
        if (SSL_is_init_finished(conn->ssl) && appl_data) {
 
1833
                *appl_data = malloc(in_len);
 
1834
                if (*appl_data) {
 
1835
                        res = SSL_read(conn->ssl, *appl_data, in_len);
 
1836
                        if (res < 0) {
 
1837
                                tls_show_errors(MSG_INFO, __func__,
 
1838
                                                "Failed to read possible "
 
1839
                                                "Application Data");
 
1840
                                free(*appl_data);
 
1841
                                *appl_data = NULL;
 
1842
                        } else {
 
1843
                                *appl_data_len = res;
 
1844
                                wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application"
 
1845
                                                " Data in Finish message",
 
1846
                                                *appl_data, *appl_data_len);
 
1847
                        }
 
1848
                }
 
1849
        }
 
1850
 
1812
1851
        return out_data;
1813
1852
}
1814
1853
 
1984
2023
#endif /* EAP_FAST || EAP_FAST_DYNAMIC */
1985
2024
 
1986
2025
 
1987
 
int tls_connection_set_anon_dh(void *ssl_ctx, struct tls_connection *conn)
 
2026
int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 
2027
                                   u8 *ciphers)
1988
2028
{
1989
 
        if (conn == NULL || conn->ssl == NULL)
 
2029
        char buf[100], *pos, *end;
 
2030
        u8 *c;
 
2031
        int ret;
 
2032
 
 
2033
        if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
1990
2034
                return -1;
1991
2035
 
1992
 
        if (SSL_set_cipher_list(conn->ssl, "ADH-AES128-SHA") != 1) {
 
2036
        buf[0] = '\0';
 
2037
        pos = buf;
 
2038
        end = pos + sizeof(buf);
 
2039
 
 
2040
        c = ciphers;
 
2041
        while (*c != TLS_CIPHER_NONE) {
 
2042
                const char *suite;
 
2043
 
 
2044
                switch (*c) {
 
2045
                case TLS_CIPHER_RC4_SHA:
 
2046
                        suite = "RC4-SHA";
 
2047
                        break;
 
2048
                case TLS_CIPHER_AES128_SHA:
 
2049
                        suite = "AES128-SHA";
 
2050
                        break;
 
2051
                case TLS_CIPHER_RSA_DHE_AES128_SHA:
 
2052
                        suite = "DHE-RSA-AES128-SHA";
 
2053
                        break;
 
2054
                case TLS_CIPHER_ANON_DH_AES128_SHA:
 
2055
                        suite = "ADH-AES128-SHA";
 
2056
                        break;
 
2057
                default:
 
2058
                        wpa_printf(MSG_DEBUG, "TLS: Unsupported "
 
2059
                                   "cipher selection: %d", *c);
 
2060
                        return -1;
 
2061
                }
 
2062
                ret = snprintf(pos, end - pos, ":%s", suite);
 
2063
                if (ret < 0 || ret >= end - pos)
 
2064
                        break;
 
2065
                pos += ret;
 
2066
 
 
2067
                c++;
 
2068
        }
 
2069
 
 
2070
        wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
 
2071
 
 
2072
        if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
1993
2073
                tls_show_errors(MSG_INFO, __func__,
1994
 
                                "Anon DH configuration failed");
 
2074
                                "Cipher suite configuration failed");
1995
2075
                return -1;
1996
2076
        }
1997
2077
 
2011
2091
                return -1;
2012
2092
 
2013
2093
        snprintf(buf, buflen, "%s", name);
 
2094
        buf[buflen - 1] = '\0';
2014
2095
        return 0;
2015
2096
}
2016
2097