Add "GET tls_library" to provide information on TLS library and version

This new wpa_supplicant and hostapd control interface command can be
used to determine which TLS library is used in the build and what is the
version of that library.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index a7235a4b359b98e872a8c5d371541495b84b7a2b..bef16b157bacac1c30d4d9bf90e50c80299ddbca 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -23,6 +23,7 @@
 #include "utils/eloop.h"
 #include "common/version.h"
 #include "common/ieee802_11_defs.h"
+#include "crypto/tls.h"
 #include "drivers/driver.h"
 #include "radius/radius_client.h"
 #include "radius/radius_server.h"
@@ -1326,6 +1327,11 @@ static int hostapd_ctrl_iface_get(struct hostapd_data *hapd, char *cmd,
                if (os_snprintf_error(buflen, res))
                        return -1;
                return res;
+       } else if (os_strcmp(cmd, "tls_library") == 0) {
+               res = tls_get_library_version(buf, buflen);
+               if (os_snprintf_error(buflen, res))
+                       return -1;
+               return res;
        }
 
        return -1;

diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 345ebc7c23f0f980f0d66507acf2b46b9f0edb4c..a4f954c7a88569f4d8d4d2401c49f6434258b74a 100644 (file)
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -556,4 +556,6 @@ void tls_connection_set_log_cb(struct tls_connection *conn,
 
 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags);
 
+int tls_get_library_version(char *buf, size_t buf_len);
+
 #endif /* TLS_H */

diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index 8c3e9bb1011b4bf6c0fe9a21e48acc01c0836657..756d45353e5bd4d2172f55c19f3a80b8a906aef8 100644 (file)
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -1151,3 +1151,10 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
 {
        return -1;
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+       return os_snprintf(buf, buf_len, "GnuTLS build=%s run=%s",
+                          GNUTLS_VERSION, gnutls_check_version(NULL));
+}

diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index 6963309b7be0e71bc0b5f9ce75a795f2635cb2f7..86375d1118e6c4e9ab89e368246a54ac92d24f92 100644 (file)
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -672,3 +672,9 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
 #endif /* CONFIG_TLS_INTERNAL_SERVER */
        return -1;
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+       return os_snprintf(buf, buf_len, "internal");
+}

diff --git a/src/crypto/tls_none.c b/src/crypto/tls_none.c
index 1a1092a184b51adbe78b1a60cf580845170842e9..a6d210afcf0f3bea47c47f336589a2f992e80a4e 100644 (file)
--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@@ -192,3 +192,9 @@ unsigned int tls_capabilities(void *tls_ctx)
 {
        return 0;
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+       return os_snprintf(buf, buf_len, "none");
+}

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index c72134afedf0af087b42cb6aad287230880cddc0..5433ebb2d97c4de4957c8ca06ce9f62a8b2f52ee 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3554,3 +3554,11 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
        return -1;
 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+       return os_snprintf(buf, buf_len, "OpenSSL build=%s run=%s",
+                          OPENSSL_VERSION_TEXT,
+                          SSLeay_version(SSLEAY_VERSION));
+}

diff --git a/src/crypto/tls_schannel.c b/src/crypto/tls_schannel.c
index 28cf71951b013bf685c646dede06245cf6eae3a1..a43b487449c786158ecc0b2d596ec5aed60f3f5f 100644 (file)
--- a/src/crypto/tls_schannel.c
+++ b/src/crypto/tls_schannel.c
@@ -750,3 +750,9 @@ unsigned int tls_capabilities(void *tls_ctx)
 {
        return 0;
 }
+
+
+int tls_get_library_version(char *buf, size_t buf_len)
+{
+       return os_snprintf(buf, buf_len, "schannel");
+}

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 440008155ed7531d6a94fd6bda25028f0678ca3e..4b4a7c548ef6ac5d6b071dd4008d53ef83d19f24 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -19,6 +19,7 @@
 #include "common/ieee802_11_defs.h"
 #include "common/ieee802_11_common.h"
 #include "common/wpa_ctrl.h"
+#include "crypto/tls.h"
 #include "ap/hostapd.h"
 #include "eap_peer/eap.h"
 #include "eapol_supp/eapol_supp_sm.h"
@@ -493,6 +494,8 @@ static int wpa_supplicant_ctrl_iface_get(struct wpa_supplicant *wpa_s,
                                       wpa_s->last_gtk_len);
                return res;
 #endif /* CONFIG_TESTING_GET_GTK */
+       } else if (os_strcmp(cmd, "tls_library") == 0) {
+               res = tls_get_library_version(buf, buflen);
        }
 
        if (os_snprintf_error(buflen, res))