}
-static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
-{
-#ifdef OPENSSL_NO_DH
- if (dh_file == NULL)
- return 0;
- wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
- "dh_file specified");
- return -1;
-#else /* OPENSSL_NO_DH */
- DH *dh;
- BIO *bio;
-
- /* TODO: add support for dh_blob */
- if (dh_file == NULL)
- return 0;
- if (conn == NULL)
- return -1;
-
- bio = BIO_new_file(dh_file, "r");
- if (bio == NULL) {
- wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
- dh_file, ERR_error_string(ERR_get_error(), NULL));
- return -1;
- }
- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
- BIO_free(bio);
-#ifndef OPENSSL_NO_DSA
- while (dh == NULL) {
- DSA *dsa;
- wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
- " trying to parse as DSA params", dh_file,
- ERR_error_string(ERR_get_error(), NULL));
- bio = BIO_new_file(dh_file, "r");
- if (bio == NULL)
- break;
- dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
- BIO_free(bio);
- if (!dsa) {
- wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
- "'%s': %s", dh_file,
- ERR_error_string(ERR_get_error(), NULL));
- break;
- }
-
- wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
- dh = DSA_dup_DH(dsa);
- DSA_free(dsa);
- if (dh == NULL) {
- wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
- "params into DH params");
- break;
- }
- break;
- }
-#endif /* !OPENSSL_NO_DSA */
- if (dh == NULL) {
- wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
- "'%s'", dh_file);
- return -1;
- }
-
- if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
- wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
- "%s", dh_file,
- ERR_error_string(ERR_get_error(), NULL));
- DH_free(dh);
- return -1;
- }
- DH_free(dh);
- return 0;
-#endif /* OPENSSL_NO_DH */
-}
-
-
static int tls_global_dh(struct tls_data *data, const char *dh_file)
{
#ifdef OPENSSL_NO_DH
return -1;
}
- if (tls_connection_dh(conn, params->dh_file)) {
- wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
- params->dh_file);
- return -1;
- }
-
ciphers = params->openssl_ciphers;
#ifdef CONFIG_SUITEB
#ifdef OPENSSL_IS_BORINGSSL
}
-static int tls_connection_dh(struct tls_connection *conn, const char *dh_file,
- const u8 *dh_blob, size_t blob_len)
-{
- if (!dh_file && !dh_blob)
- return 0;
-
- wolfSSL_set_accept_state(conn->ssl);
-
- if (dh_blob) {
- if (wolfSSL_SetTmpDH_buffer(conn->ssl, dh_blob, blob_len,
- SSL_FILETYPE_ASN1) < 0) {
- wpa_printf(MSG_INFO, "SSL: use DH DER blob failed");
- return -1;
- }
- wpa_printf(MSG_DEBUG, "SSL: use DH blob OK");
- return 0;
- }
-
- if (dh_file) {
- wpa_printf(MSG_INFO, "SSL: use DH PEM file: %s", dh_file);
- if (wolfSSL_SetTmpDH_file(conn->ssl, dh_file,
- SSL_FILETYPE_PEM) < 0) {
- wpa_printf(MSG_INFO, "SSL: use DH PEM file failed");
- if (wolfSSL_SetTmpDH_file(conn->ssl, dh_file,
- SSL_FILETYPE_ASN1) < 0) {
- wpa_printf(MSG_INFO,
- "SSL: use DH DER file failed");
- return -1;
- }
- }
- wpa_printf(MSG_DEBUG, "SSL: use DH file OK");
- return 0;
- }
-
- return 0;
-}
-
-
static int tls_connection_client_cert(struct tls_connection *conn,
const char *client_cert,
const u8 *client_cert_blob,
return -1;
}
- if (tls_connection_dh(conn, params->dh_file, params->dh_blob,
- params->dh_blob_len) < 0) {
- wpa_printf(MSG_INFO, "Error setting DH");
- return -1;
- }
-
if (params->openssl_ciphers &&
wolfSSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
wpa_printf(MSG_INFO,
projects / thirdparty / hostap.git / commitdiff
