[PATCH 1/3] TLS: remove tls_config.openssl_ciphers

Hristo Venev hristo at venev.name
Thu Apr 20 06:32:42 PDT 2017


It is already present in tls_connection_params.

Signed-off-by: Hristo Venev <hristo at venev.name>
---
 src/crypto/tls.h               |  1 -
 src/crypto/tls_openssl.c       | 13 -------------
 src/eap_peer/eap.c             |  1 -
 src/eap_peer/eap.h             |  8 --------
 src/eapol_supp/eapol_supp_sm.c |  1 -
 src/eapol_supp/eapol_supp_sm.h |  9 ---------
 wpa_supplicant/config.c        |  8 ++++++++
 wpa_supplicant/config_file.c   | 29 ++++-------------------------
 wpa_supplicant/config_winreg.c | 23 +++++------------------
 wpa_supplicant/wpas_glue.c     |  1 -
 10 files changed, 17 insertions(+), 77 deletions(-)

diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 11d504a97..5859a6287 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -78,7 +78,6 @@ struct tls_config {
 	const char *pkcs11_module_path;
 	int fips_mode;
 	int cert_in_cb;
-	const char *openssl_ciphers;
 	unsigned int tls_session_lifetime;
 
 	void (*event_cb)(void *ctx, enum tls_event ev,
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index fc169e71e..eddca859b 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -885,7 +885,6 @@ void * tls_init(const struct tls_config *conf)
 	struct tls_data *data;
 	SSL_CTX *ssl;
 	struct tls_context *context;
-	const char *ciphers;
 
 	if (tls_openssl_ref_count == 0) {
 		tls_global = context = tls_context_new(conf);
@@ -1022,18 +1021,6 @@ void * tls_init(const struct tls_config *conf)
 	}
 #endif /* OPENSSL_NO_ENGINE */
 
-	if (conf && conf->openssl_ciphers)
-		ciphers = conf->openssl_ciphers;
-	else
-		ciphers = "DEFAULT:!EXP:!LOW";
-	if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "OpenSSL: Failed to set cipher string '%s'",
-			   ciphers);
-		tls_deinit(data);
-		return NULL;
-	}
-
 	return data;
 }
 
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index d0f305f1a..fb1b3f0f2 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2038,7 +2038,6 @@ struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
 	tlsconf.opensc_engine_path = conf->opensc_engine_path;
 	tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path;
 	tlsconf.pkcs11_module_path = conf->pkcs11_module_path;
-	tlsconf.openssl_ciphers = conf->openssl_ciphers;
 #ifdef CONFIG_FIPS
 	tlsconf.fips_mode = 1;
 #endif /* CONFIG_FIPS */
diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
index 883ba2423..fb080b048 100644
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@@ -294,14 +294,6 @@ struct eap_config {
 	 */
 	const char *pkcs11_module_path;
 	/**
-	 * openssl_ciphers - OpenSSL cipher string
-	 *
-	 * This is an OpenSSL specific configuration option for configuring the
-	 * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the
-	 * default.
-	 */
-	const char *openssl_ciphers;
-	/**
 	 * wps - WPS context data
 	 *
 	 * This is only used by EAP-WSC and can be left %NULL if not available.
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 81761b189..8ae6d04b3 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -2086,7 +2086,6 @@ struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
 	conf.opensc_engine_path = ctx->opensc_engine_path;
 	conf.pkcs11_engine_path = ctx->pkcs11_engine_path;
 	conf.pkcs11_module_path = ctx->pkcs11_module_path;
-	conf.openssl_ciphers = ctx->openssl_ciphers;
 	conf.wps = ctx->wps;
 	conf.cert_in_cb = ctx->cert_in_cb;
 
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index aa91b8cd5..871c63e13 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -212,15 +212,6 @@ struct eapol_ctx {
 	const char *pkcs11_module_path;
 
 	/**
-	 * openssl_ciphers - OpenSSL cipher string
-	 *
-	 * This is an OpenSSL specific configuration option for configuring the
-	 * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the
-	 * default.
-	 */
-	const char *openssl_ciphers;
-
-	/**
 	 * wps - WPS context data
 	 *
 	 * This is only used by EAP-WSC and can be left %NULL if not available.
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 9e54f6cad..f3e5cdde1 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2573,6 +2573,14 @@ struct wpa_ssid * wpa_config_add_network(struct wpa_config *config)
 		return NULL;
 	ssid->id = id;
 	dl_list_init(&ssid->psk_list);
+
+	if (config->openssl_ciphers != NULL) {
+		ssid->eap.openssl_ciphers = os_strdup(config->openssl_ciphers);
+		if (ssid->eap.openssl_ciphers == NULL)
+			os_free(ssid);
+			return NULL;
+	}
+
 	if (last)
 		last->next = ssid;
 	else
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index e8f11493e..1ee5e92e1 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -163,7 +163,7 @@ static int wpa_config_validate_network(struct wpa_ssid *ssid, int line)
 }
 
 
-static struct wpa_ssid * wpa_config_read_network(FILE *f, int *line, int id)
+static struct wpa_ssid * wpa_config_read_network(struct wpa_config *config, FILE *f, int *line)
 {
 	struct wpa_ssid *ssid;
 	int errors = 0, end = 0;
@@ -171,11 +171,9 @@ static struct wpa_ssid * wpa_config_read_network(FILE *f, int *line, int id)
 
 	wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new network block",
 		   *line);
-	ssid = os_zalloc(sizeof(*ssid));
+	ssid = wpa_config_add_network(config);
 	if (ssid == NULL)
 		return NULL;
-	dl_list_init(&ssid->psk_list);
-	ssid->id = id;
 
 	wpa_config_set_network_defaults(ssid);
 
@@ -368,10 +366,9 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
 	FILE *f;
 	char buf[512], *pos;
 	int errors = 0, line = 0;
-	struct wpa_ssid *ssid, *tail, *head;
+	struct wpa_ssid *ssid;
 	struct wpa_cred *cred, *cred_tail, *cred_head;
 	struct wpa_config *config;
-	int id = 0;
 	int cred_id = 0;
 
 	if (name == NULL)
@@ -385,9 +382,6 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
 			   "structure");
 		return NULL;
 	}
-	tail = head = config->ssid;
-	while (tail && tail->next)
-		tail = tail->next;
 	cred_tail = cred_head = config->cred;
 	while (cred_tail && cred_tail->next)
 		cred_tail = cred_tail->next;
@@ -403,26 +397,13 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
 
 	while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
 		if (os_strcmp(pos, "network={") == 0) {
-			ssid = wpa_config_read_network(f, &line, id++);
+			ssid = wpa_config_read_network(config, f, &line);
 			if (ssid == NULL) {
 				wpa_printf(MSG_ERROR, "Line %d: failed to "
 					   "parse network block.", line);
 				errors++;
 				continue;
 			}
-			if (head == NULL) {
-				head = tail = ssid;
-			} else {
-				tail->next = ssid;
-				tail = ssid;
-			}
-			if (wpa_config_add_prio_network(config, ssid)) {
-				wpa_printf(MSG_ERROR, "Line %d: failed to add "
-					   "network block to priority list.",
-					   line);
-				errors++;
-				continue;
-			}
 		} else if (os_strcmp(pos, "cred={") == 0) {
 			cred = wpa_config_read_cred(f, &line, cred_id++);
 			if (cred == NULL) {
@@ -457,7 +438,6 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
 
 	fclose(f);
 
-	config->ssid = head;
 	wpa_config_debug_dump_networks(config);
 	config->cred = cred_head;
 
@@ -465,7 +445,6 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
 	if (errors) {
 		wpa_config_free(config);
 		config = NULL;
-		head = NULL;
 	}
 #endif /* WPA_IGNORE_CONFIG_ERRORS */
 
diff --git a/wpa_supplicant/config_winreg.c b/wpa_supplicant/config_winreg.c
index 6bea59760..9092c8ae9 100644
--- a/wpa_supplicant/config_winreg.c
+++ b/wpa_supplicant/config_winreg.c
@@ -279,8 +279,7 @@ static int wpa_config_read_global(struct wpa_config *config, HKEY hk)
 }
 
 
-static struct wpa_ssid * wpa_config_read_network(HKEY hk, const TCHAR *netw,
-						 int id)
+static struct wpa_ssid * wpa_config_read_network(struct wpa_config *config, HKEY hk, const TCHAR *netw)
 {
 	HKEY nhk;
 	LONG ret;
@@ -296,13 +295,9 @@ static struct wpa_ssid * wpa_config_read_network(HKEY hk, const TCHAR *netw,
 	}
 
 	wpa_printf(MSG_MSGDUMP, "Start of a new network '" TSTR "'", netw);
-	ssid = os_zalloc(sizeof(*ssid));
-	if (ssid == NULL) {
-		RegCloseKey(nhk);
+	ssid = wpa_config_add_network(config);
+	if (ssid == NULL)
 		return NULL;
-	}
-	dl_list_init(&ssid->psk_list);
-	ssid->id = id;
 
 	wpa_config_set_network_defaults(ssid);
 
@@ -371,7 +366,7 @@ static struct wpa_ssid * wpa_config_read_network(HKEY hk, const TCHAR *netw,
 static int wpa_config_read_networks(struct wpa_config *config, HKEY hk)
 {
 	HKEY nhk;
-	struct wpa_ssid *ssid, *tail = NULL, *head = NULL;
+	struct wpa_ssid *ssid;
 	int errors = 0;
 	LONG ret;
 	DWORD i;
@@ -405,19 +400,13 @@ static int wpa_config_read_networks(struct wpa_config *config, HKEY hk)
 			namelen = 255 - 1;
 		name[namelen] = '\0';
 
-		ssid = wpa_config_read_network(nhk, name, i);
+		ssid = wpa_config_read_network(config, nhk, name);
 		if (ssid == NULL) {
 			wpa_printf(MSG_ERROR, "Failed to parse network "
 				   "profile '%s'.", name);
 			errors++;
 			continue;
 		}
-		if (head == NULL) {
-			head = tail = ssid;
-		} else {
-			tail->next = ssid;
-			tail = ssid;
-		}
 		if (wpa_config_add_prio_network(config, ssid)) {
 			wpa_printf(MSG_ERROR, "Failed to add network profile "
 				   "'%s' to priority list.", name);
@@ -428,8 +417,6 @@ static int wpa_config_read_networks(struct wpa_config *config, HKEY hk)
 
 	RegCloseKey(nhk);
 
-	config->ssid = head;
-
 	return errors ? -1 : 0;
 }
 
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index fb383962a..c7c033137 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1091,7 +1091,6 @@ int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
 	ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
 	ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
 	ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
-	ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers;
 	ctx->wps = wpa_s->wps;
 	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
 #ifdef CONFIG_EAP_PROXY
-- 
2.12.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20170420/2627148e/attachment.sig>


More information about the Hostap mailing list