jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Move server vs. client information into connection data

Browse source 
This makes this more easily available throughout the handshake
processing, if needed, compared to having to pass through the function
argument through the full path from
tls_connection{,_server}_handshake().

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-05-01 21:45:29 +03:00
parent 0de820b333
commit 53b34578f3
1 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/crypto/tls_openssl.c
View file

@ -233,6 +233,7 @@ struct tls_connection {
unsigned int invalid_hb_used:1;
unsigned int success_data:1;
unsigned int client_hello_generated:1;
unsigned int server:1;
u8 srv_cert_hash[32];
@ -3564,8 +3565,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
static struct wpabuf *
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
int server)
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
{
int res;
struct wpabuf *out_data;
@ -3583,7 +3583,7 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
}
/* Initiate TLS handshake or continue the existing handshake */
if (server)
if (conn->server)
res = SSL_accept(conn->ssl);
else
res = SSL_connect(conn->ssl);
@ -3598,7 +3598,7 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
else {
tls_show_errors(MSG_INFO, __func__, "SSL_connect");
conn->failed++;
if (!server && !conn->client_hello_generated) {
if (!conn->server && !conn->client_hello_generated) {
/* The server would not understand TLS Alert
* before ClientHello, so simply terminate
* handshake on this type of error case caused
@ -3612,11 +3612,11 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
}
}
if (!server && !conn->failed)
if (!conn->server && !conn->failed)
conn->client_hello_generated = 1;
#ifdef CONFIG_SUITEB
if ((conn->flags & TLS_CONN_SUITEB) && !server &&
if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
conn->server_dh_prime_len < 3072) {
struct tls_context *context = conn->context;
@ -3719,14 +3719,14 @@ openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
static struct wpabuf *
openssl_connection_handshake(struct tls_connection *conn,
const struct wpabuf *in_data,
struct wpabuf **appl_data, int server)
struct wpabuf **appl_data)
{
struct wpabuf *out_data;
if (appl_data)
*appl_data = NULL;
out_data = openssl_handshake(conn, in_data, server);
out_data = openssl_handshake(conn, in_data);
if (out_data == NULL)
return NULL;
if (conn->invalid_hb_used) {
@ -3763,7 +3763,7 @@ tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
const struct wpabuf *in_data,
struct wpabuf **appl_data)
{
return openssl_connection_handshake(conn, in_data, appl_data, 0);
return openssl_connection_handshake(conn, in_data, appl_data);
}
@ -3772,7 +3772,8 @@ struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
const struct wpabuf *in_data,
struct wpabuf **appl_data)
{
return openssl_connection_handshake(conn, in_data, appl_data, 1);
conn->server = 1;
return openssl_connection_handshake(conn, in_data, appl_data);
}