Updated to hostap_2_6

[mech_eap.git] / libeap / src / tls / tlsv1_client.c

diff --git a/libeap/src/tls/tlsv1_client.c b/libeap/src/tls/tlsv1_client.c
index a6f0587..9bc0d21 100644 (file)
--- a/libeap/src/tls/tlsv1_client.c
+++ b/libeap/src/tls/tlsv1_client.c
@@ -1,6 +1,6 @@
 /*
  * TLS v1.0/v1.1/v1.2 client (RFC 2246, RFC 4346, RFC 5246)
- * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -11,6 +11,7 @@
 #include "common.h"
 #include "crypto/sha1.h"
 #include "crypto/tls.h"
+#include "x509v3.h"
 #include "tlsv1_common.h"
 #include "tlsv1_record.h"
 #include "tlsv1_client.h"
@@ -110,7 +111,6 @@ int tls_derive_keys(struct tlsv1_client *conn,
                pos += conn->rl.iv_size;
                /* server_write_IV */
                os_memcpy(conn->rl.read_iv, pos, conn->rl.iv_size);
-               pos += conn->rl.iv_size;
        } else {
                /*
                 * Use IV field to set the mask value for TLS v1.1. A fixed
@@ -494,6 +494,7 @@ void tlsv1_client_deinit(struct tlsv1_client *conn)
        tlsv1_client_free_dh(conn);
        tlsv1_cred_free(conn->cred);
        wpabuf_free(conn->partial_input);
+       x509_certificate_chain_free(conn->server_cert);
        os_free(conn);
 }
 
@@ -691,18 +692,16 @@ int tlsv1_client_hello_ext(struct tlsv1_client *conn, int ext_type,
        if (data == NULL || data_len == 0)
                return 0;
 
-       pos = conn->client_hello_ext = os_malloc(6 + data_len);
+       pos = conn->client_hello_ext = os_malloc(4 + data_len);
        if (pos == NULL)
                return -1;
 
-       WPA_PUT_BE16(pos, 4 + data_len);
-       pos += 2;
        WPA_PUT_BE16(pos, ext_type);
        pos += 2;
        WPA_PUT_BE16(pos, data_len);
        pos += 2;
        os_memcpy(pos, data, data_len);
-       conn->client_hello_ext_len = 6 + data_len;
+       conn->client_hello_ext_len = 4 + data_len;
 
        if (ext_type == TLS_EXT_PAC_OPAQUE) {
                conn->session_ticket_included = 1;
@@ -813,9 +812,14 @@ int tlsv1_client_set_cred(struct tlsv1_client *conn,
 }
 
 
-void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled)
+/**
+ * tlsv1_client_set_flags - Set connection flags
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @flags: TLS_CONN_* bitfield
+ */
+void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags)
 {
-       conn->disable_time_checks = !enabled;
+       conn->flags = flags;
 }
 
 
@@ -828,3 +832,38 @@ void tlsv1_client_set_session_ticket_cb(struct tlsv1_client *conn,
        conn->session_ticket_cb = cb;
        conn->session_ticket_cb_ctx = ctx;
 }
+
+
+void tlsv1_client_set_cb(struct tlsv1_client *conn,
+                        void (*event_cb)(void *ctx, enum tls_event ev,
+                                         union tls_event_data *data),
+                        void *cb_ctx,
+                        int cert_in_cb)
+{
+       conn->event_cb = event_cb;
+       conn->cb_ctx = cb_ctx;
+       conn->cert_in_cb = !!cert_in_cb;
+}
+
+
+int tlsv1_client_get_version(struct tlsv1_client *conn, char *buf,
+                            size_t buflen)
+{
+       if (!conn)
+               return -1;
+       switch (conn->rl.tls_version) {
+       case TLS_VERSION_1:
+               os_strlcpy(buf, "TLSv1", buflen);
+               break;
+       case TLS_VERSION_1_1:
+               os_strlcpy(buf, "TLSv1.1", buflen);
+               break;
+       case TLS_VERSION_1_2:
+               os_strlcpy(buf, "TLSv1.2", buflen);
+               break;
+       default:
+               return -1;
+       }
+
+       return 0;
+}