diff --git a/src/crypto/tls.h b/src/crypto/tls.h index 8bdb91ff2..b7a677fd8 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -48,6 +48,17 @@ enum tls_fail_reason { #define TLS_MAX_ALT_SUBJECT 10 +struct tls_cert_data { + int depth; + const char *subject; + const struct wpabuf *cert; + const u8 *hash; + size_t hash_len; + const char *altsubject[TLS_MAX_ALT_SUBJECT]; + int num_altsubject; + const char *serial_num; +}; + union tls_event_data { struct { int depth; @@ -57,16 +68,7 @@ union tls_event_data { const struct wpabuf *cert; } cert_fail; - struct { - int depth; - const char *subject; - const struct wpabuf *cert; - const u8 *hash; - size_t hash_len; - const char *altsubject[TLS_MAX_ALT_SUBJECT]; - int num_altsubject; - const char *serial_num; - } peer_cert; + struct tls_cert_data peer_cert; struct { int is_local; diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 974c475ff..b35040a00 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -2097,12 +2097,8 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev, } } - sm->eapol_cb->notify_cert(sm->eapol_ctx, - data->peer_cert.depth, - data->peer_cert.subject, - data->peer_cert.altsubject, - data->peer_cert.num_altsubject, - hash_hex, data->peer_cert.cert); + sm->eapol_cb->notify_cert(sm->eapol_ctx, &data->peer_cert, + hash_hex); break; case TLS_ALERT: if (data->alert.is_local) diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h index d0837e37a..acd70d05d 100644 --- a/src/eap_peer/eap.h +++ b/src/eap_peer/eap.h @@ -16,6 +16,7 @@ struct eap_sm; struct wpa_config_blob; struct wpabuf; +struct tls_cert_data; struct eap_method_type { int vendor; @@ -226,16 +227,11 @@ struct eapol_callbacks { /** * notify_cert - Notification of a peer certificate * @ctx: eapol_ctx from eap_peer_sm_init() call - * @depth: Depth in certificate chain (0 = server) - * @subject: Subject of the peer certificate - * @altsubject: Select fields from AltSubject of the peer certificate - * @num_altsubject: Number of altsubject values + * @cert: Certificate information * @cert_hash: SHA-256 hash of the certificate - * @cert: Peer certificate */ - void (*notify_cert)(void *ctx, int depth, const char *subject, - const char *altsubject[], int num_altsubject, - const char *cert_hash, const struct wpabuf *cert); + void (*notify_cert)(void *ctx, struct tls_cert_data *cert, + const char *cert_hash); /** * notify_status - Notification of the current EAP state diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c index a0f27fd2b..f1ca0a859 100644 --- a/src/eapol_supp/eapol_supp_sm.c +++ b/src/eapol_supp/eapol_supp_sm.c @@ -1998,15 +1998,12 @@ static void eapol_sm_eap_param_needed(void *ctx, enum wpa_ctrl_req_type field, #define eapol_sm_eap_param_needed NULL #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ -static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject, - const char *altsubject[], - int num_altsubject, const char *cert_hash, - const struct wpabuf *cert) +static void eapol_sm_notify_cert(void *ctx, struct tls_cert_data *cert, + const char *cert_hash) { struct eapol_sm *sm = ctx; if (sm->ctx->cert_cb) - sm->ctx->cert_cb(sm->ctx->ctx, depth, subject, altsubject, - num_altsubject, cert_hash, cert); + sm->ctx->cert_cb(sm->ctx->ctx, cert, cert_hash); } diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h index 74f40bb1c..c9d7522d5 100644 --- a/src/eapol_supp/eapol_supp_sm.h +++ b/src/eapol_supp/eapol_supp_sm.h @@ -11,6 +11,8 @@ #include "common/defs.h" +struct tls_cert_data; + typedef enum { Unauthorized, Authorized } PortStatus; typedef enum { Auto, ForceUnauthorized, ForceAuthorized } PortControl; @@ -246,16 +248,11 @@ struct eapol_ctx { /** * cert_cb - Notification of a peer certificate * @ctx: Callback context (ctx) - * @depth: Depth in certificate chain (0 = server) - * @subject: Subject of the peer certificate - * @altsubject: Select fields from AltSubject of the peer certificate - * @num_altsubject: Number of altsubject values + * @cert: Certificate information * @cert_hash: SHA-256 hash of the certificate - * @cert: Peer certificate */ - void (*cert_cb)(void *ctx, int depth, const char *subject, - const char *altsubject[], int num_altsubject, - const char *cert_hash, const struct wpabuf *cert); + void (*cert_cb)(void *ctx, struct tls_cert_data *cert, + const char *cert_hash); /** * cert_in_cb - Include server certificates in callback diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c index 3fd4ce61a..e9412d415 100644 --- a/wpa_supplicant/eapol_test.c +++ b/wpa_supplicant/eapol_test.c @@ -15,6 +15,7 @@ #include "common.h" #include "utils/ext_password.h" #include "common/version.h" +#include "crypto/tls.h" #include "config.h" #include "eapol_supp/eapol_supp_sm.h" #include "eap_peer/eap.h" @@ -497,44 +498,43 @@ static void eapol_test_eap_param_needed(void *ctx, enum wpa_ctrl_req_type field, #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ -static void eapol_test_cert_cb(void *ctx, int depth, const char *subject, - const char *altsubject[], int num_altsubject, - const char *cert_hash, - const struct wpabuf *cert) +static void eapol_test_cert_cb(void *ctx, struct tls_cert_data *cert, + const char *cert_hash) { struct eapol_test_data *e = ctx; wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT "depth=%d subject='%s'%s%s", - depth, subject, + cert->depth, cert->subject, cert_hash ? " hash=" : "", cert_hash ? cert_hash : ""); - if (cert) { + if (cert->cert) { char *cert_hex; - size_t len = wpabuf_len(cert) * 2 + 1; + size_t len = wpabuf_len(cert->cert) * 2 + 1; cert_hex = os_malloc(len); if (cert_hex) { - wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert), - wpabuf_len(cert)); + wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert), + wpabuf_len(cert->cert)); wpa_msg_ctrl(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT "depth=%d subject='%s' cert=%s", - depth, subject, cert_hex); + cert->depth, cert->subject, cert_hex); os_free(cert_hex); } if (e->server_cert_file) eapol_test_write_cert(e->server_cert_file, - subject, cert); + cert->subject, cert->cert); } - if (altsubject) { + if (cert->altsubject) { int i; - for (i = 0; i < num_altsubject; i++) + for (i = 0; i < cert->num_altsubject; i++) wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT - "depth=%d %s", depth, altsubject[i]); + "depth=%d %s", cert->depth, + cert->altsubject[i]); } } diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c index b0865096b..f5925666d 100644 --- a/wpa_supplicant/notify.c +++ b/wpa_supplicant/notify.c @@ -18,6 +18,7 @@ #include "dbus/dbus_new.h" #include "rsn_supp/wpa.h" #include "fst/fst.h" +#include "crypto/tls.h" #include "driver_i.h" #include "scan.h" #include "p2p_supplicant.h" @@ -786,42 +787,43 @@ void wpas_notify_sta_authorized(struct wpa_supplicant *wpa_s, } -void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth, - const char *subject, const char *altsubject[], - int num_altsubject, const char *cert_hash, - const struct wpabuf *cert) +void wpas_notify_certification(struct wpa_supplicant *wpa_s, + struct tls_cert_data *cert, + const char *cert_hash) { wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT "depth=%d subject='%s'%s%s", - depth, subject, cert_hash ? " hash=" : "", + cert->depth, cert->subject, cert_hash ? " hash=" : "", cert_hash ? cert_hash : ""); - if (cert) { + if (cert->cert) { char *cert_hex; - size_t len = wpabuf_len(cert) * 2 + 1; + size_t len = wpabuf_len(cert->cert) * 2 + 1; cert_hex = os_malloc(len); if (cert_hex) { - wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert), - wpabuf_len(cert)); + wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert), + wpabuf_len(cert->cert)); wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT "depth=%d subject='%s' cert=%s", - depth, subject, cert_hex); + cert->depth, cert->subject, cert_hex); os_free(cert_hex); } } - if (altsubject) { + if (cert->altsubject) { int i; - for (i = 0; i < num_altsubject; i++) + for (i = 0; i < cert->num_altsubject; i++) wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT - "depth=%d %s", depth, altsubject[i]); + "depth=%d %s", cert->depth, + cert->altsubject[i]); } /* notify the new DBus API */ - wpas_dbus_signal_certification(wpa_s, depth, subject, altsubject, - num_altsubject, cert_hash, cert); + wpas_dbus_signal_certification(wpa_s, cert->depth, cert->subject, + cert->altsubject, cert->num_altsubject, + cert_hash, cert->cert); } diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h index d3e73f0b2..e843aa124 100644 --- a/wpa_supplicant/notify.h +++ b/wpa_supplicant/notify.h @@ -14,6 +14,7 @@ struct wps_credential; struct wps_event_m2d; struct wps_event_fail; +struct tls_cert_data; int wpas_notify_supplicant_initialized(struct wpa_global *global); void wpas_notify_supplicant_deinitialized(struct wpa_global *global); @@ -130,10 +131,9 @@ void wpas_notify_persistent_group_removed(struct wpa_supplicant *wpa_s, void wpas_notify_p2p_wps_failed(struct wpa_supplicant *wpa_s, struct wps_event_fail *fail); -void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth, - const char *subject, const char *altsubject[], - int num_altsubject, const char *cert_hash, - const struct wpabuf *cert); +void wpas_notify_certification(struct wpa_supplicant *wpa_s, + struct tls_cert_data *cert, + const char *cert_hash); void wpas_notify_preq(struct wpa_supplicant *wpa_s, const u8 *addr, const u8 *dst, const u8 *bssid, const u8 *ie, size_t ie_len, u32 ssi_signal); diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index e98bf1147..62af7f6b1 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -1017,15 +1017,12 @@ static void wpa_supplicant_port_cb(void *ctx, int authorized) } -static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject, - const char *altsubject[], int num_altsubject, - const char *cert_hash, - const struct wpabuf *cert) +static void wpa_supplicant_cert_cb(void *ctx, struct tls_cert_data *cert, + const char *cert_hash) { struct wpa_supplicant *wpa_s = ctx; - wpas_notify_certification(wpa_s, depth, subject, altsubject, - num_altsubject, cert_hash, cert); + wpas_notify_certification(wpa_s, cert, cert_hash); }