Include functionality to support EAP-FAST unconditionally
Clean up the internal TLS implementation by removing conditional build blocks for (mostly) EAP-FAST specific functionality. This will increase the size a big for non-EAP-FAST builds, but is quite helpful in making src/tls/libtls.a with single build options. If the potential size reduction is considered significant in the future, this can be reconsider with a more library compatible way (e.g., external file with registration function, etc.).
This commit is contained in:
parent
1a70777868
commit
e77e0a8320
5 changed files with 0 additions and 23 deletions
|
@ -605,7 +605,6 @@ int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn)
|
||||||
*/
|
*/
|
||||||
int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
|
int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
|
||||||
{
|
{
|
||||||
#ifdef EAP_FAST
|
|
||||||
size_t count;
|
size_t count;
|
||||||
u16 *suites;
|
u16 *suites;
|
||||||
|
|
||||||
|
@ -635,9 +634,6 @@ int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#else /* EAP_FAST */
|
|
||||||
return -1;
|
|
||||||
#endif /* EAP_FAST */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -209,7 +209,6 @@ static int tls_write_client_certificate(struct tlsv1_client *conn,
|
||||||
|
|
||||||
static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
|
static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
|
||||||
{
|
{
|
||||||
#ifdef EAP_FAST
|
|
||||||
/* ClientDiffieHellmanPublic */
|
/* ClientDiffieHellmanPublic */
|
||||||
u8 *csecret, *csecret_start, *dh_yc, *shared;
|
u8 *csecret, *csecret_start, *dh_yc, *shared;
|
||||||
size_t csecret_len, dh_yc_len, shared_len;
|
size_t csecret_len, dh_yc_len, shared_len;
|
||||||
|
@ -321,10 +320,6 @@ static int tlsv1_key_x_anon_dh(struct tlsv1_client *conn, u8 **pos, u8 *end)
|
||||||
os_free(shared);
|
os_free(shared);
|
||||||
tlsv1_client_free_dh(conn);
|
tlsv1_client_free_dh(conn);
|
||||||
return 0;
|
return 0;
|
||||||
#else /* EAP_FAST */
|
|
||||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_INTERNAL_ERROR);
|
|
||||||
return -1;
|
|
||||||
#endif /* EAP_FAST */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -546,7 +546,6 @@ int tlsv1_server_get_keyblock_size(struct tlsv1_server *conn)
|
||||||
*/
|
*/
|
||||||
int tlsv1_server_set_cipher_list(struct tlsv1_server *conn, u8 *ciphers)
|
int tlsv1_server_set_cipher_list(struct tlsv1_server *conn, u8 *ciphers)
|
||||||
{
|
{
|
||||||
#ifdef EAP_SERVER_FAST
|
|
||||||
size_t count;
|
size_t count;
|
||||||
u16 *suites;
|
u16 *suites;
|
||||||
|
|
||||||
|
@ -572,9 +571,6 @@ int tlsv1_server_set_cipher_list(struct tlsv1_server *conn, u8 *ciphers)
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#else /* EAP_SERVER_FAST */
|
|
||||||
return -1;
|
|
||||||
#endif /* EAP_SERVER_FAST */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -567,7 +567,6 @@ static int tls_process_client_key_exchange_rsa(
|
||||||
static int tls_process_client_key_exchange_dh_anon(
|
static int tls_process_client_key_exchange_dh_anon(
|
||||||
struct tlsv1_server *conn, const u8 *pos, const u8 *end)
|
struct tlsv1_server *conn, const u8 *pos, const u8 *end)
|
||||||
{
|
{
|
||||||
#ifdef EAP_SERVER_FAST
|
|
||||||
const u8 *dh_yc;
|
const u8 *dh_yc;
|
||||||
u16 dh_yc_len;
|
u16 dh_yc_len;
|
||||||
u8 *shared;
|
u8 *shared;
|
||||||
|
@ -665,9 +664,6 @@ static int tls_process_client_key_exchange_dh_anon(
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#else /* EAP_SERVER_FAST */
|
|
||||||
return -1;
|
|
||||||
#endif /* EAP_SERVER_FAST */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -247,12 +247,10 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
|
||||||
{
|
{
|
||||||
tls_key_exchange keyx;
|
tls_key_exchange keyx;
|
||||||
const struct tls_cipher_suite *suite;
|
const struct tls_cipher_suite *suite;
|
||||||
#ifdef EAP_SERVER_FAST
|
|
||||||
u8 *pos, *rhdr, *hs_start, *hs_length;
|
u8 *pos, *rhdr, *hs_start, *hs_length;
|
||||||
size_t rlen;
|
size_t rlen;
|
||||||
u8 *dh_ys;
|
u8 *dh_ys;
|
||||||
size_t dh_ys_len;
|
size_t dh_ys_len;
|
||||||
#endif /* EAP_SERVER_FAST */
|
|
||||||
|
|
||||||
suite = tls_get_cipher_suite(conn->rl.cipher_suite);
|
suite = tls_get_cipher_suite(conn->rl.cipher_suite);
|
||||||
if (suite == NULL)
|
if (suite == NULL)
|
||||||
|
@ -272,7 +270,6 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef EAP_SERVER_FAST
|
|
||||||
if (conn->cred == NULL || conn->cred->dh_p == NULL ||
|
if (conn->cred == NULL || conn->cred->dh_p == NULL ||
|
||||||
conn->cred->dh_g == NULL) {
|
conn->cred->dh_g == NULL) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: No DH parameters available for "
|
wpa_printf(MSG_DEBUG, "TLSv1: No DH parameters available for "
|
||||||
|
@ -433,9 +430,6 @@ static int tls_write_server_key_exchange(struct tlsv1_server *conn,
|
||||||
*msgpos = pos;
|
*msgpos = pos;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#else /* EAP_SERVER_FAST */
|
|
||||||
return -1;
|
|
||||||
#endif /* EAP_SERVER_FAST */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue