jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix EAP-FAST with OpenSSL 1.0.1

Browse source 
The mechanism to figure out key block size based on ssl->read_hash
does not seem to work with OpenSSL 1.0.1, so add an alternative
mechanism to figure out the NAC key size that seems to work at
least with the current OpenSSL 1.0.1 releases.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
This commit is contained in:
Jouni Malinen 2012-08-17 23:55:14 +03:00
parent 9af7361b3f
commit 7f996409e7
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/crypto/tls_openssl.c
View file

@ -2832,6 +2832,7 @@ int tls_connection_get_keyblock_size(void *tls_ctx,
{
const EVP_CIPHER *c;
const EVP_MD *h;
int md_size;
if (conn == NULL || conn->ssl == NULL ||
conn->ssl->enc_read_ctx == NULL ||
@ -2845,9 +2846,20 @@ int tls_connection_get_keyblock_size(void *tls_ctx,
#else
h = conn->ssl->read_hash;
#endif
if (h)
md_size = EVP_MD_size(h);
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
else if (conn->ssl->s3)
md_size = conn->ssl->s3->tmp.new_mac_secret_size;
#endif
else
return -1;
wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
"IV_len=%d", EVP_CIPHER_key_length(c), md_size,
EVP_CIPHER_iv_length(c));
return 2 * (EVP_CIPHER_key_length(c) +
EVP_MD_size(h) +
md_size +
EVP_CIPHER_iv_length(c));
}