Add "GET tls_library" to provide information on TLS library and version

This new wpa_supplicant and hostapd control interface command can be used to determine which TLS library is used in the build and what is the version of that library. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 15:37:38 +02:00 · 2015-01-11 15:37:38 +02:00 · a16514516b
parent c3bb84b415
commit a16514516b
8 changed files with 44 additions and 0 deletions
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@ -23,6 +23,7 @@
 #include "utils/eloop.h"
 #include "common/version.h"
 #include "common/ieee802_11_defs.h"
+#include "crypto/tls.h"
 #include "drivers/driver.h"
 #include "radius/radius_client.h"
 #include "radius/radius_server.h"
@ -1326,6 +1327,11 @@ static int hostapd_ctrl_iface_get(struct hostapd_data *hapd, char *cmd,
 		if (os_snprintf_error(buflen, res))
 			return -1;
 		return res;
+	} else if (os_strcmp(cmd, "tls_library") == 0) {
+		res = tls_get_library_version(buf, buflen);
+		if (os_snprintf_error(buflen, res))
+			return -1;
+		return res;
 	}

 	return -1;
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@ -556,4 +556,6 @@ void tls_connection_set_log_cb(struct tls_connection *conn,

 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags);

+int tls_get_library_version(char *buf, size_t buf_len);
+
 #endif /* TLS_H */
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@ -1151,3 +1151,10 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
 {
 	return -1;
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+	return os_snprintf(buf, buf_len, "GnuTLS build=%s run=%s",
+			   GNUTLS_VERSION, gnutls_check_version(NULL));
+}
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@ -672,3 +672,9 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 	return -1;
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+	return os_snprintf(buf, buf_len, "internal");
+}
--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@ -192,3 +192,9 @@ unsigned int tls_capabilities(void *tls_ctx)
 {
 	return 0;
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+	return os_snprintf(buf, buf_len, "none");
+}
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -3554,3 +3554,11 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
 	return -1;
 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+	return os_snprintf(buf, buf_len, "OpenSSL build=%s run=%s",
+			   OPENSSL_VERSION_TEXT,
+			   SSLeay_version(SSLEAY_VERSION));
+}
--- a/src/crypto/tls_schannel.c
+++ b/src/crypto/tls_schannel.c
@ -750,3 +750,9 @@ unsigned int tls_capabilities(void *tls_ctx)
 {
 	return 0;
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+	return os_snprintf(buf, buf_len, "schannel");
+}
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@ -19,6 +19,7 @@
 #include "common/ieee802_11_defs.h"
 #include "common/ieee802_11_common.h"
 #include "common/wpa_ctrl.h"
+#include "crypto/tls.h"
 #include "ap/hostapd.h"
 #include "eap_peer/eap.h"
 #include "eapol_supp/eapol_supp_sm.h"
@ -493,6 +494,8 @@ static int wpa_supplicant_ctrl_iface_get(struct wpa_supplicant *wpa_s,
 				       wpa_s->last_gtk_len);
 		return res;
 #endif /* CONFIG_TESTING_GET_GTK */
+	} else if (os_strcmp(cmd, "tls_library") == 0) {
+		res = tls_get_library_version(buf, buflen);
 	}

 	if (os_snprintf_error(buflen, res))