Fix EAP-FAST with OpenSSL 1.0.1
The mechanism to figure out key block size based on ssl->read_hash does not seem to work with OpenSSL 1.0.1, so add an alternative mechanism to figure out the NAC key size that seems to work at least with the current OpenSSL 1.0.1 releases. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
This commit is contained in:
Jouni Malinen
parent
9af7361b3f
commit
7f996409e7
1 changed files with 13 additions and 1 deletions
|
|
@ -2832,6 +2832,7 @@ int tls_connection_get_keyblock_size(void *tls_ctx,
|
|||
{
|
||||
const EVP_CIPHER *c;
|
||||
const EVP_MD *h;
|
||||
int md_size;
|
||||
|
||||
if (conn == NULL || conn->ssl == NULL ||
|
||||
conn->ssl->enc_read_ctx == NULL ||
|
||||
|
|
@ -2845,9 +2846,20 @@ int tls_connection_get_keyblock_size(void *tls_ctx,
|
|||
#else
|
||||
h = conn->ssl->read_hash;
|
||||
#endif
|
||||
if (h)
|
||||
md_size = EVP_MD_size(h);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
else if (conn->ssl->s3)
|
||||
md_size = conn->ssl->s3->tmp.new_mac_secret_size;
|
||||
#endif
|
||||
else
|
||||
return -1;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
|
||||
"IV_len=%d", EVP_CIPHER_key_length(c), md_size,
|
||||
EVP_CIPHER_iv_length(c));
|
||||
return 2 * (EVP_CIPHER_key_length(c) +
|
||||
EVP_MD_size(h) +
|
||||
md_size +
|
||||
EVP_CIPHER_iv_length(c));
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue