OpenSSL: Clean up function to fetch client/server random
SSL_get_client_random() and SSL_get_server_random() will be added in OpenSSL 1.1.0. Provide compatibility wrappers for older versions to simplify the tls_connection_get_random() implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
9a42d859a2
commit
dea20519aa
1 changed files with 27 additions and 13 deletions
|
|
@ -51,6 +51,33 @@ typedef int stack_index_t;
|
||||||
#endif /* OPENSSL_NO_TLSEXT */
|
#endif /* OPENSSL_NO_TLSEXT */
|
||||||
#endif /* SSL_set_tlsext_status_type */
|
#endif /* SSL_set_tlsext_status_type */
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
/*
|
||||||
|
* SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
|
||||||
|
* 1.1.0. Provide compatibility wrappers for older versions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
|
||||||
|
size_t outlen)
|
||||||
|
{
|
||||||
|
if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
|
||||||
|
return 0;
|
||||||
|
os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
|
||||||
|
return SSL3_RANDOM_SIZE;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
|
||||||
|
size_t outlen)
|
||||||
|
{
|
||||||
|
if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
|
||||||
|
return 0;
|
||||||
|
os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
|
||||||
|
return SSL3_RANDOM_SIZE;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef ANDROID
|
#ifdef ANDROID
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <keystore/keystore_get.h>
|
#include <keystore/keystore_get.h>
|
||||||
|
|
@ -119,10 +146,8 @@ struct tls_connection {
|
||||||
X509 *peer_issuer;
|
X509 *peer_issuer;
|
||||||
X509 *peer_issuer_issuer;
|
X509 *peer_issuer_issuer;
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
||||||
unsigned char client_random[SSL3_RANDOM_SIZE];
|
unsigned char client_random[SSL3_RANDOM_SIZE];
|
||||||
unsigned char server_random[SSL3_RANDOM_SIZE];
|
unsigned char server_random[SSL3_RANDOM_SIZE];
|
||||||
#endif
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -2924,16 +2949,6 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
|
||||||
if (conn == NULL || keys == NULL)
|
if (conn == NULL || keys == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
ssl = conn->ssl;
|
ssl = conn->ssl;
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
||||||
if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
os_memset(keys, 0, sizeof(*keys));
|
|
||||||
keys->client_random = ssl->s3->client_random;
|
|
||||||
keys->client_random_len = SSL3_RANDOM_SIZE;
|
|
||||||
keys->server_random = ssl->s3->server_random;
|
|
||||||
keys->server_random_len = SSL3_RANDOM_SIZE;
|
|
||||||
#else
|
|
||||||
if (ssl == NULL)
|
if (ssl == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
|
@ -2944,7 +2959,6 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
|
||||||
keys->server_random = conn->server_random;
|
keys->server_random = conn->server_random;
|
||||||
keys->server_random_len = SSL_get_server_random(
|
keys->server_random_len = SSL_get_server_random(
|
||||||
ssl, conn->server_random, sizeof(conn->server_random));
|
ssl, conn->server_random, sizeof(conn->server_random));
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue