Include functionality to support EAP-FAST unconditionally

Clean up the internal TLS implementation by removing conditional
build blocks for (mostly) EAP-FAST specific functionality. This
will increase the size a big for non-EAP-FAST builds, but is quite
helpful in making src/tls/libtls.a with single build options. If
the potential size reduction is considered significant in the future,
this can be reconsider with a more library compatible way (e.g.,
external file with registration function, etc.).

diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c
index 21977853dce95a8f2e3c94d4929739fda17c96dd..afb603175a11a80a53d0cb3577ad430af7d04bcc 100644 (file)
--- a/src/tls/tlsv1_client.c
+++ b/src/tls/tlsv1_client.c
@@ -605,7 +605,6 @@ int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn)
  */
 int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
 {
-#ifdef EAP_FAST
        size_t count;
        u16 *suites;
 
@@ -635,9 +634,6 @@ int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
        }
 
        return 0;
-#else /* EAP_FAST */
-       return -1;
-#endif /* EAP_FAST */
 }
 
 

diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index 2220dec966fb1a8c634a8e43e30486def6c64129..b47425f232b7d6a279f8bd1f0ee6278bdae75b55 100644 (file)
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -209,7 +209,6 @@ static int tls_write_client_certificate(struct tlsv1_client *conn,
 
 static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
 {
-#ifdef EAP_FAST
        /* ClientDiffieHellmanPublic */
        u8 *csecret, *csecret_start, *dh_yc, *shared;
        size_t csecret_len, dh_yc_len, shared_len;
@@ -321,10 +320,6 @@ static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
        os_free(shared);
        tlsv1_client_free_dh(conn);
        return 0;
-#else /* EAP_FAST */
-       tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR);
-       return -1;
-#endif /* EAP_FAST */
 }
 
 

diff --git a/src/tls/tlsv1_server.c b/src/tls/tlsv1_server.c
index fdb9a74efdcc66d3cb987c41fcaa63d716566077..6a6123564553cf8de4699e99e55bb35ce4d1b2cf 100644 (file)
--- a/src/tls/tlsv1_server.c
+++ b/src/tls/tlsv1_server.c
@@ -546,7 +546,6 @@ int tlsv1_server_get_keyblock_size(struct tlsv1_server *conn)
  */
 int tlsv1_server_set_cipher_list(struct tlsv1_server *conn, u8 *ciphers)
 {
-#ifdef EAP_SERVER_FAST
        size_t count;
        u16 *suites;
 
@@ -572,9 +571,6 @@ int tlsv1_server_set_cipher_list(struct tlsv1_server *conn, u8 *ciphers)
        }
 
        return 0;
-#else /* EAP_SERVER_FAST */
-       return -1;
-#endif /* EAP_SERVER_FAST */
 }
 
 

diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c
index e7a195aa650b289e847b03b3d97e5e95e7adcb86..49e811ffcff514252ac11d04054c6aeeb1b5755a 100644 (file)
--- a/src/tls/tlsv1_server_read.c
+++ b/src/tls/tlsv1_server_read.c
@@ -567,7 +567,6 @@ static int tls_process_client_key_exchange_rsa(
 static int tls_process_client_key_exchange_dh_anon(
        struct tlsv1_server *conn, const u8 *pos, const u8 *end)
 {
-#ifdef EAP_SERVER_FAST
        const u8 *dh_yc;
        u16 dh_yc_len;
        u8 *shared;
@@ -665,9 +664,6 @@ static int tls_process_client_key_exchange_dh_anon(
        }
 
        return 0;
-#else /* EAP_SERVER_FAST */
-       return -1;
-#endif /* EAP_SERVER_FAST */
 }
 
 

diff --git a/src/tls/tlsv1_server_write.c b/src/tls/tlsv1_server_write.c
index 16a8a29aef7eac4c43a3571c59c4671c17433372..6d1df7ff34f4d136e3fa15d030741b16e152d542 100644 (file)
--- a/src/tls/tlsv1_server_write.c
+++ b/src/tls/tlsv1_server_write.c
@@ -247,12 +247,10 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
 {
        tls_key_exchange keyx;
        const struct tls_cipher_suite *suite;
-#ifdef EAP_SERVER_FAST
        u8 *pos, *rhdr, *hs_start, *hs_length;
        size_t rlen;
        u8 *dh_ys;
        size_t dh_ys_len;
-#endif /* EAP_SERVER_FAST */
 
        suite = tls_get_cipher_suite(conn->rl.cipher_suite);
        if (suite == NULL)
@@ -272,7 +270,6 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
                return -1;
        }
 
-#ifdef EAP_SERVER_FAST
        if (conn->cred == NULL || conn->cred->dh_p == NULL ||
            conn->cred->dh_g == NULL) {
                wpa_printf(MSG_DEBUG, "TLSv1: No DH parameters available for "
@@ -433,9 +430,6 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
        *msgpos = pos;
 
        return 0;
-#else /* EAP_SERVER_FAST */
-       return -1;
-#endif /* EAP_SERVER_FAST */
 }