aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/crypto/tls.h22
-rw-r--r--src/eap_peer/eap.c8
-rw-r--r--src/eap_peer/eap.h12
-rw-r--r--src/eapol_supp/eapol_supp_sm.c9
-rw-r--r--src/eapol_supp/eapol_supp_sm.h13
-rw-r--r--wpa_supplicant/eapol_test.c28
-rw-r--r--wpa_supplicant/notify.c32
-rw-r--r--wpa_supplicant/notify.h8
-rw-r--r--wpa_supplicant/wpas_glue.c9
9 files changed, 64 insertions, 77 deletions
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 8bdb91f..b7a677f 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -48,6 +48,17 @@ enum tls_fail_reason {
#define TLS_MAX_ALT_SUBJECT 10
+struct tls_cert_data {
+ int depth;
+ const char *subject;
+ const struct wpabuf *cert;
+ const u8 *hash;
+ size_t hash_len;
+ const char *altsubject[TLS_MAX_ALT_SUBJECT];
+ int num_altsubject;
+ const char *serial_num;
+};
+
union tls_event_data {
struct {
int depth;
@@ -57,16 +68,7 @@ union tls_event_data {
const struct wpabuf *cert;
} cert_fail;
- struct {
- int depth;
- const char *subject;
- const struct wpabuf *cert;
- const u8 *hash;
- size_t hash_len;
- const char *altsubject[TLS_MAX_ALT_SUBJECT];
- int num_altsubject;
- const char *serial_num;
- } peer_cert;
+ struct tls_cert_data peer_cert;
struct {
int is_local;
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 974c475..b35040a 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2097,12 +2097,8 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
}
}
- sm->eapol_cb->notify_cert(sm->eapol_ctx,
- data->peer_cert.depth,
- data->peer_cert.subject,
- data->peer_cert.altsubject,
- data->peer_cert.num_altsubject,
- hash_hex, data->peer_cert.cert);
+ sm->eapol_cb->notify_cert(sm->eapol_ctx, &data->peer_cert,
+ hash_hex);
break;
case TLS_ALERT:
if (data->alert.is_local)
diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
index d0837e3..acd70d0 100644
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@@ -16,6 +16,7 @@
struct eap_sm;
struct wpa_config_blob;
struct wpabuf;
+struct tls_cert_data;
struct eap_method_type {
int vendor;
@@ -226,16 +227,11 @@ struct eapol_callbacks {
/**
* notify_cert - Notification of a peer certificate
* @ctx: eapol_ctx from eap_peer_sm_init() call
- * @depth: Depth in certificate chain (0 = server)
- * @subject: Subject of the peer certificate
- * @altsubject: Select fields from AltSubject of the peer certificate
- * @num_altsubject: Number of altsubject values
+ * @cert: Certificate information
* @cert_hash: SHA-256 hash of the certificate
- * @cert: Peer certificate
*/
- void (*notify_cert)(void *ctx, int depth, const char *subject,
- const char *altsubject[], int num_altsubject,
- const char *cert_hash, const struct wpabuf *cert);
+ void (*notify_cert)(void *ctx, struct tls_cert_data *cert,
+ const char *cert_hash);
/**
* notify_status - Notification of the current EAP state
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index a0f27fd..f1ca0a8 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1998,15 +1998,12 @@ static void eapol_sm_eap_param_needed(void *ctx, enum wpa_ctrl_req_type field,
#define eapol_sm_eap_param_needed NULL
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
-static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject,
- const char *altsubject[],
- int num_altsubject, const char *cert_hash,
- const struct wpabuf *cert)
+static void eapol_sm_notify_cert(void *ctx, struct tls_cert_data *cert,
+ const char *cert_hash)
{
struct eapol_sm *sm = ctx;
if (sm->ctx->cert_cb)
- sm->ctx->cert_cb(sm->ctx->ctx, depth, subject, altsubject,
- num_altsubject, cert_hash, cert);
+ sm->ctx->cert_cb(sm->ctx->ctx, cert, cert_hash);
}
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index 74f40bb..c9d7522 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -11,6 +11,8 @@
#include "common/defs.h"
+struct tls_cert_data;
+
typedef enum { Unauthorized, Authorized } PortStatus;
typedef enum { Auto, ForceUnauthorized, ForceAuthorized } PortControl;
@@ -246,16 +248,11 @@ struct eapol_ctx {
/**
* cert_cb - Notification of a peer certificate
* @ctx: Callback context (ctx)
- * @depth: Depth in certificate chain (0 = server)
- * @subject: Subject of the peer certificate
- * @altsubject: Select fields from AltSubject of the peer certificate
- * @num_altsubject: Number of altsubject values
+ * @cert: Certificate information
* @cert_hash: SHA-256 hash of the certificate
- * @cert: Peer certificate
*/
- void (*cert_cb)(void *ctx, int depth, const char *subject,
- const char *altsubject[], int num_altsubject,
- const char *cert_hash, const struct wpabuf *cert);
+ void (*cert_cb)(void *ctx, struct tls_cert_data *cert,
+ const char *cert_hash);
/**
* cert_in_cb - Include server certificates in callback
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index 3fd4ce6..e9412d4 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -15,6 +15,7 @@
#include "common.h"
#include "utils/ext_password.h"
#include "common/version.h"
+#include "crypto/tls.h"
#include "config.h"
#include "eapol_supp/eapol_supp_sm.h"
#include "eap_peer/eap.h"
@@ -497,44 +498,43 @@ static void eapol_test_eap_param_needed(void *ctx, enum wpa_ctrl_req_type field,
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
-static void eapol_test_cert_cb(void *ctx, int depth, const char *subject,
- const char *altsubject[], int num_altsubject,
- const char *cert_hash,
- const struct wpabuf *cert)
+static void eapol_test_cert_cb(void *ctx, struct tls_cert_data *cert,
+ const char *cert_hash)
{
struct eapol_test_data *e = ctx;
wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s'%s%s",
- depth, subject,
+ cert->depth, cert->subject,
cert_hash ? " hash=" : "",
cert_hash ? cert_hash : "");
- if (cert) {
+ if (cert->cert) {
char *cert_hex;
- size_t len = wpabuf_len(cert) * 2 + 1;
+ size_t len = wpabuf_len(cert->cert) * 2 + 1;
cert_hex = os_malloc(len);
if (cert_hex) {
- wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert),
- wpabuf_len(cert));
+ wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert),
+ wpabuf_len(cert->cert));
wpa_msg_ctrl(e->wpa_s, MSG_INFO,
WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s' cert=%s",
- depth, subject, cert_hex);
+ cert->depth, cert->subject, cert_hex);
os_free(cert_hex);
}
if (e->server_cert_file)
eapol_test_write_cert(e->server_cert_file,
- subject, cert);
+ cert->subject, cert->cert);
}
- if (altsubject) {
+ if (cert->altsubject) {
int i;
- for (i = 0; i < num_altsubject; i++)
+ for (i = 0; i < cert->num_altsubject; i++)
wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
- "depth=%d %s", depth, altsubject[i]);
+ "depth=%d %s", cert->depth,
+ cert->altsubject[i]);
}
}
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index b086509..f592566 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -18,6 +18,7 @@
#include "dbus/dbus_new.h"
#include "rsn_supp/wpa.h"
#include "fst/fst.h"
+#include "crypto/tls.h"
#include "driver_i.h"
#include "scan.h"
#include "p2p_supplicant.h"
@@ -786,42 +787,43 @@ void wpas_notify_sta_authorized(struct wpa_supplicant *wpa_s,
}
-void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
- const char *subject, const char *altsubject[],
- int num_altsubject, const char *cert_hash,
- const struct wpabuf *cert)
+void wpas_notify_certification(struct wpa_supplicant *wpa_s,
+ struct tls_cert_data *cert,
+ const char *cert_hash)
{
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s'%s%s",
- depth, subject, cert_hash ? " hash=" : "",
+ cert->depth, cert->subject, cert_hash ? " hash=" : "",
cert_hash ? cert_hash : "");
- if (cert) {
+ if (cert->cert) {
char *cert_hex;
- size_t len = wpabuf_len(cert) * 2 + 1;
+ size_t len = wpabuf_len(cert->cert) * 2 + 1;
cert_hex = os_malloc(len);
if (cert_hex) {
- wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert),
- wpabuf_len(cert));
+ wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert),
+ wpabuf_len(cert->cert));
wpa_msg_ctrl(wpa_s, MSG_INFO,
WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s' cert=%s",
- depth, subject, cert_hex);
+ cert->depth, cert->subject, cert_hex);
os_free(cert_hex);
}
}
- if (altsubject) {
+ if (cert->altsubject) {
int i;
- for (i = 0; i < num_altsubject; i++)
+ for (i = 0; i < cert->num_altsubject; i++)
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT
- "depth=%d %s", depth, altsubject[i]);
+ "depth=%d %s", cert->depth,
+ cert->altsubject[i]);
}
/* notify the new DBus API */
- wpas_dbus_signal_certification(wpa_s, depth, subject, altsubject,
- num_altsubject, cert_hash, cert);
+ wpas_dbus_signal_certification(wpa_s, cert->depth, cert->subject,
+ cert->altsubject, cert->num_altsubject,
+ cert_hash, cert->cert);
}
diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
index d3e73f0..e843aa1 100644
--- a/wpa_supplicant/notify.h
+++ b/wpa_supplicant/notify.h
@@ -14,6 +14,7 @@
struct wps_credential;
struct wps_event_m2d;
struct wps_event_fail;
+struct tls_cert_data;
int wpas_notify_supplicant_initialized(struct wpa_global *global);
void wpas_notify_supplicant_deinitialized(struct wpa_global *global);
@@ -130,10 +131,9 @@ void wpas_notify_persistent_group_removed(struct wpa_supplicant *wpa_s,
void wpas_notify_p2p_wps_failed(struct wpa_supplicant *wpa_s,
struct wps_event_fail *fail);
-void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
- const char *subject, const char *altsubject[],
- int num_altsubject, const char *cert_hash,
- const struct wpabuf *cert);
+void wpas_notify_certification(struct wpa_supplicant *wpa_s,
+ struct tls_cert_data *cert,
+ const char *cert_hash);
void wpas_notify_preq(struct wpa_supplicant *wpa_s,
const u8 *addr, const u8 *dst, const u8 *bssid,
const u8 *ie, size_t ie_len, u32 ssi_signal);
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index e98bf11..62af7f6 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1017,15 +1017,12 @@ static void wpa_supplicant_port_cb(void *ctx, int authorized)
}
-static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
- const char *altsubject[], int num_altsubject,
- const char *cert_hash,
- const struct wpabuf *cert)
+static void wpa_supplicant_cert_cb(void *ctx, struct tls_cert_data *cert,
+ const char *cert_hash)
{
struct wpa_supplicant *wpa_s = ctx;
- wpas_notify_certification(wpa_s, depth, subject, altsubject,
- num_altsubject, cert_hash, cert);
+ wpas_notify_certification(wpa_s, cert, cert_hash);
}