From: <che...@us...> - 2008-11-21 18:17:15
|
Revision: 437 http://open1x.svn.sourceforge.net/open1x/?rev=437&view=rev Author: chessing Date: 2008-11-21 18:17:09 +0000 (Fri, 21 Nov 2008) Log Message: ----------- More work on EAP-TLS, fixed a path issue in the test tool building. Modified Paths: -------------- trunk/xsupplicant/lib/libxsupconfcheck/xsupconfcheck_profile.c trunk/xsupplicant/src/eap_types/tls/eaptls.c trunk/xsupplicant/src/eap_types/tls/ossl_tls_funcs.c trunk/xsupplicant/src/eap_types/tls/tls_funcs.h trunk/xsupplicant/src/platform/windows/win_cert_handler.c trunk/xsupplicant-engine-test-suite/vs2005/xsupplicant-test/xsupplicant-test.vcproj Modified: trunk/xsupplicant/lib/libxsupconfcheck/xsupconfcheck_profile.c =================================================================== --- trunk/xsupplicant/lib/libxsupconfcheck/xsupconfcheck_profile.c 2008-11-21 00:06:01 UTC (rev 436) +++ trunk/xsupplicant/lib/libxsupconfcheck/xsupconfcheck_profile.c 2008-11-21 18:17:09 UTC (rev 437) @@ -70,9 +70,9 @@ retval = -1; } - if (tls->user_key == NULL) + if (tls->store_type == NULL) { - if (log == TRUE) error_prequeue_add("A user key file must be specified to use EAP-TLS."); + if (log == TRUE) error_prequeue_add("A store type for your certificate must be specified to use EAP-TLS."); retval = -1; } @@ -82,11 +82,19 @@ retval = -1; } +#ifndef WINDOWS + if (tls->user_key == NULL) + { + if (log == TRUE) error_prequeue_add("A user key file must be specified to use EAP-TLS."); + retval = -1; + } + if ((tls->user_key_pass == NULL) && (prof->temp_password == NULL)) { if (log == TRUE) error_prequeue_add("A user key password must be specified to use EAP-TLS."); retval = PROFILE_NEED_UPW; } +#endif return retval; } Modified: trunk/xsupplicant/src/eap_types/tls/eaptls.c =================================================================== --- trunk/xsupplicant/src/eap_types/tls/eaptls.c 2008-11-21 00:06:01 UTC (rev 436) +++ trunk/xsupplicant/src/eap_types/tls/eaptls.c 2008-11-21 18:17:09 UTC (rev 437) @@ -88,10 +88,10 @@ mytls_vars->resume = userdata->session_resume; mytls_vars->verify_cert = TRUE; - mytls_vars->sessionkeyconst = (uint8_t *)Malloc(TLS_SESSION_KEY_CONST_SIZE); + mytls_vars->sessionkeyconst = (uint8_t *)Malloc(TLS_SESSION_KEY_CONST_SIZE+1); if (mytls_vars->sessionkeyconst == NULL) return XEMALLOC; - if (Strncpy((char *)mytls_vars->sessionkeyconst, TLS_SESSION_KEY_CONST_SIZE, + if (Strncpy((char *)mytls_vars->sessionkeyconst, TLS_SESSION_KEY_CONST_SIZE+1, TLS_SESSION_KEY_CONST, TLS_SESSION_KEY_CONST_SIZE) != 0) { debug_printf(DEBUG_NORMAL, "Attempt to overflow destination string in %s() at %d!\n", @@ -127,6 +127,7 @@ return XEGENERROR; } +#ifndef WINDOWS // Windows doesn't need a password? if (ctx->prof->temp_password == NULL) { if (userdata->user_key_pass == NULL) @@ -142,7 +143,11 @@ { password = _strdup(ctx->prof->temp_password); } +#endif + mytls_vars->certs_loaded &= ~ROOT_CERTS_LOADED; + mytls_vars->handshake_done = FALSE; + if (certificates_load_user(mytls_vars, userdata->store_type, userdata->user_cert, userdata->user_key, password) != XENONE) { debug_printf(DEBUG_NORMAL, "Error loading user certificate!\n"); @@ -236,19 +241,20 @@ tlsconf = (struct config_eap_tls *)eapdata->eap_conf_data; +#ifndef WINDOWS if (tlsconf->user_key_pass == NULL) { debug_printf(DEBUG_NORMAL, "No password available for TLS certificate!\n"); eap_type_common_fail(eapdata); return; } +#endif } -/************************************************************************** +/** + * \brief Process a TLS request. * - * Process a TLS request. - * - **************************************************************************/ + **/ void eaptls_process(eap_type_data *eapdata) { struct tls_vars *mytls_vars = NULL; @@ -448,9 +454,7 @@ if (!xsup_assert((eapdata != NULL), "eapdata != NULL", FALSE)) return FALSE; - if (!xsup_assert((eapdata->eap_data != NULL), "eapdata->eap_data != NULL", - FALSE)) - return FALSE; + if (eapdata->eap_data == NULL) return FALSE; mytls_vars = (struct tls_vars *)eapdata->eap_data; Modified: trunk/xsupplicant/src/eap_types/tls/ossl_tls_funcs.c =================================================================== --- trunk/xsupplicant/src/eap_types/tls/ossl_tls_funcs.c 2008-11-21 00:06:01 UTC (rev 436) +++ trunk/xsupplicant/src/eap_types/tls/ossl_tls_funcs.c 2008-11-21 18:17:09 UTC (rev 437) @@ -2100,9 +2100,6 @@ queue_destroy(&mytls_vars->tlsinqueue); queue_destroy(&mytls_vars->tlsoutqueue); -#ifdef WINDOWS -#endif - // BIOs are freed by the SSL_free call below. Do not try to free them any other // way, or you will segfault! if (mytls_vars->ssl != NULL) Modified: trunk/xsupplicant/src/eap_types/tls/tls_funcs.h =================================================================== --- trunk/xsupplicant/src/eap_types/tls/tls_funcs.h 2008-11-21 00:06:01 UTC (rev 436) +++ trunk/xsupplicant/src/eap_types/tls/tls_funcs.h 2008-11-21 18:17:09 UTC (rev 437) @@ -34,7 +34,7 @@ #endif #ifdef WINDOWS - void *hcProv; + unsigned long *hcProv; uint32_t pdwKeyspec; uint32_t pfCallerFreeProv; #endif // WINDOWS Modified: trunk/xsupplicant/src/platform/windows/win_cert_handler.c =================================================================== --- trunk/xsupplicant/src/platform/windows/win_cert_handler.c 2008-11-21 00:06:01 UTC (rev 436) +++ trunk/xsupplicant/src/platform/windows/win_cert_handler.c 2008-11-21 18:17:09 UTC (rev 437) @@ -1008,7 +1008,7 @@ ERR_clear_error(); // Then, load the private key. - if (CryptAcquireCertificatePrivateKey(mycert, CRYPT_ACQUIRE_COMPARE_KEY_FLAG, NULL, mytls_vars->hcProv, + if (CryptAcquireCertificatePrivateKey(mycert, CRYPT_ACQUIRE_COMPARE_KEY_FLAG, NULL, &mytls_vars->hcProv, &mytls_vars->pdwKeyspec, &mytls_vars->pfCallerFreeProv) == FALSE) { debug_printf(DEBUG_NORMAL, "Unable to load the user private key data!\n"); @@ -1042,8 +1042,16 @@ return -1; } - if (!SSL_use_certificate(mytls_vars->ssl, wincert)) + if (mytls_vars->ctx == NULL) { + debug_printf(DEBUG_NORMAL, "No SSL context established!\n"); + X509_free(wincert); + RSA_free(rsa); + return -1; + } + + if (!SSL_CTX_use_certificate(mytls_vars->ctx, wincert)) + { debug_printf(DEBUG_NORMAL, "Unable to use selected user certificate!\n"); X509_free(wincert); RSA_free(rsa); @@ -1063,7 +1071,7 @@ return -1; } - if (!SSL_use_RSAPrivateKey(mytls_vars->ssl, rsa)) + if (!SSL_CTX_use_RSAPrivateKey(mytls_vars->ctx, rsa)) { RSA_free(rsa); debug_printf(DEBUG_NORMAL, "Couldn't set the OpenSSL RSA Private Key method!\n"); Modified: trunk/xsupplicant-engine-test-suite/vs2005/xsupplicant-test/xsupplicant-test.vcproj =================================================================== --- trunk/xsupplicant-engine-test-suite/vs2005/xsupplicant-test/xsupplicant-test.vcproj 2008-11-21 00:06:01 UTC (rev 436) +++ trunk/xsupplicant-engine-test-suite/vs2005/xsupplicant-test/xsupplicant-test.vcproj 2008-11-21 18:17:09 UTC (rev 437) @@ -60,7 +60,7 @@ <Tool Name="VCLinkerTool" AdditionalDependencies="libxsupgui.lib libxsupconfig.lib" - AdditionalLibraryDirectories=""E:\SEAAnt-multi-config\xsupplicant\vs2005\build-debug"" + AdditionalLibraryDirectories="..\..\..\xsupplicant\vs2005\build-debug" IgnoreDefaultLibraryNames="msvcrt" GenerateDebugInformation="true" TargetMachine="1" @@ -134,7 +134,7 @@ <Tool Name="VCLinkerTool" AdditionalDependencies="libxsupgui.lib" - AdditionalLibraryDirectories=""E:\SEAAnt-multi-config\xsupplicant\vs2005\build-release"" + AdditionalLibraryDirectories="..\..\..\xsupplicant\vs2005\build-debug" GenerateDebugInformation="true" OptimizeReferences="2" EnableCOMDATFolding="2" This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |