diff options
| -rw-r--r-- | src/crypto/tls.h | 10 | ||||
| -rw-r--r-- | src/crypto/tls_openssl.c | 22 | ||||
| -rw-r--r-- | src/drivers/driver_nl80211.c | 15 | ||||
| -rw-r--r-- | src/eap_peer/eap.c | 9 | ||||
| -rw-r--r-- | src/utils/xml_libxml2.c | 2 |
5 files changed, 39 insertions, 19 deletions
diff --git a/src/crypto/tls.h b/src/crypto/tls.h index c201dcd6..82276c5f 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -693,4 +693,14 @@ typedef ssize_t (*tls_get_certificate_cb) void tls_register_cert_callback(tls_get_certificate_cb cb); +/** + * tls_register_openssl_failure_callback - Register a callback to indicate + * that an OpenSSL failure has occurred + * @cb: Callback object to register + */ +typedef void (*tls_openssl_failure_cb) +(void* ctx, const char* msg); + +void tls_register_openssl_failure_callback(tls_openssl_failure_cb cb); + #endif /* TLS_H */ diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 23bbe687..b378356d 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -201,6 +201,7 @@ struct tls_connection { static struct tls_context *tls_global = NULL; static tls_get_certificate_cb certificate_callback_global = NULL; +static tls_openssl_failure_cb openssl_failure_callback_global = NULL; #ifdef ANDROID #include <openssl/pem.h> @@ -2634,9 +2635,19 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) if (chain) sk_X509_pop_free(chain, X509_free); - wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," - " error %d (%s) depth %d for '%s'", err, err_str, - depth, buf); + char *format_str = "TLS: Certificate verification failed," + " error %d (%s) depth %d for '%s'"; + int msg_len = snprintf(NULL, 0, format_str, err, err_str, depth, buf) + 1; + char *msg = os_malloc(msg_len); + snprintf(msg, msg_len, format_str, err, err_str, depth, buf); + + wpa_printf(MSG_WARNING, "%s", msg); + if (conn != NULL && conn->context != NULL + && openssl_failure_callback_global != NULL) { + (*openssl_failure_callback_global)(conn->context->cb_ctx, msg); + } + os_free(msg); + openssl_tls_fail_event(conn, err_cert, err, depth, buf, err_str, TLS_FAIL_UNSPECIFIED); return preverify_ok; @@ -6048,3 +6059,8 @@ void tls_register_cert_callback(tls_get_certificate_cb cb) { certificate_callback_global = cb; } + +void tls_register_openssl_failure_callback(tls_openssl_failure_cb cb) +{ + openssl_failure_callback_global = cb; +} diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 5f39e804..1acc43bb 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -6982,13 +6982,8 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, nl80211_put_fils_connect_params(drv, params, msg) != 0) return -1; -#if defined(CONFIG_DRIVER_NL80211_BRCM) || defined(CONFIG_DRIVER_NL80211_SYNA) - if (((params->key_mgmt_suite & WPA_KEY_MGMT_SAE) || - (params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)) && -#else if ((wpa_key_mgmt_sae(params->key_mgmt_suite) || wpa_key_mgmt_sae(params->allowed_key_mgmts)) && -#endif /* CONFIG_DRIVER_NL80211_BRCM || CONFIG_DRIVER_NL80211_SYNA */ (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) && nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT)) return -1; @@ -7041,13 +7036,8 @@ static int wpa_driver_nl80211_try_connect( goto fail; #ifdef CONFIG_SAE -#if defined(CONFIG_DRIVER_NL80211_BRCM) || defined(CONFIG_DRIVER_NL80211_SYNA) - if (((params->key_mgmt_suite & WPA_KEY_MGMT_SAE) || - (params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)) && -#else if ((wpa_key_mgmt_sae(params->key_mgmt_suite) || wpa_key_mgmt_sae(params->allowed_key_mgmts)) && -#endif /* CONFIG_DRIVER_NL80211_BRCM || CONFIG_DRIVER_NL80211_SYNA */ nl80211_put_sae_pwe(msg, params->sae_pwe) < 0) goto fail; #endif /* CONFIG_SAE */ @@ -7155,13 +7145,8 @@ static int wpa_driver_nl80211_associate( if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) return -1; -#if defined(CONFIG_DRIVER_NL80211_BRCM) || defined(CONFIG_DRIVER_NL80211_SYNA) - if ((params->key_mgmt_suite & WPA_KEY_MGMT_SAE) || - (params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)) -#else if (wpa_key_mgmt_sae(params->key_mgmt_suite) || wpa_key_mgmt_sae(params->allowed_key_mgmts)) -#endif /* CONFIG_DRIVER_NL80211_BRCM || CONFIG_DRIVER_NL80211_SYNA */ bss->use_nl_connect = 1; else bss->use_nl_connect = 0; diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 8338c47b..ff7dc1e2 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -2207,6 +2207,14 @@ ssize_t tls_certificate_callback(void* ctx, const char* alias, uint8_t** value) return -1; } +void tls_openssl_failure_callback(void* ctx, const char* msg) { + if (ctx == NULL || msg == NULL) return; + struct eap_sm *sm = (struct eap_sm*) ctx; + if (sm->eapol_cb && sm->eapol_cb->notify_open_ssl_failure) { + sm->eapol_cb->notify_open_ssl_failure(sm->eapol_ctx, msg); + } +} + /** * eap_peer_sm_init - Allocate and initialize EAP peer state machine * @eapol_ctx: Context data to be used with eapol_cb calls @@ -2251,6 +2259,7 @@ struct eap_sm * eap_peer_sm_init(void *eapol_ctx, tlsconf.cb_ctx = sm; tlsconf.cert_in_cb = conf->cert_in_cb; tls_register_cert_callback(&tls_certificate_callback); + tls_register_openssl_failure_callback(&tls_openssl_failure_callback); sm->ssl_ctx = tls_init(&tlsconf); if (sm->ssl_ctx == NULL) { wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " diff --git a/src/utils/xml_libxml2.c b/src/utils/xml_libxml2.c index e47e5649..7b7aeb7f 100644 --- a/src/utils/xml_libxml2.c +++ b/src/utils/xml_libxml2.c @@ -8,7 +8,7 @@ #include "includes.h" #define LIBXML_VALID_ENABLED -#include <libxml/tree.h> +#include <libxml/parser.h> #include <libxml/xmlschemastypes.h> #include "common.h" |