TLS: Add helper functions for version number handling

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2011-11-27 21:20:18 +02:00
parent 8307489840
commit ebe4e8f814
4 changed files with 33 additions and 7 deletions

View file

@ -81,9 +81,7 @@ static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
if (end - pos < 2) if (end - pos < 2)
goto decode_error; goto decode_error;
tls_version = WPA_GET_BE16(pos); tls_version = WPA_GET_BE16(pos);
if (tls_version != TLS_VERSION_1 && if (!tls_version_ok(tls_version)) {
(tls_version != TLS_VERSION_1_1 ||
TLS_VERSION == TLS_VERSION_1)) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in " wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in "
"ServerHello %u.%u", pos[0], pos[1]); "ServerHello %u.%u", pos[0], pos[1]);
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
@ -93,7 +91,7 @@ static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
pos += 2; pos += 2;
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s", wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
tls_version == TLS_VERSION_1_1 ? "1.1" : "1.0"); tls_version_str(tls_version));
conn->rl.tls_version = tls_version; conn->rl.tls_version = tls_version;
/* Random random */ /* Random random */

View file

@ -1,6 +1,6 @@
/* /*
* TLSv1 common routines * TLSv1 common routines
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi> * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -239,3 +239,29 @@ void tls_verify_hash_free(struct tls_verify_hash *verify)
verify->sha1_server = NULL; verify->sha1_server = NULL;
verify->sha1_cert = NULL; verify->sha1_cert = NULL;
} }
int tls_version_ok(u16 ver)
{
if (ver == TLS_VERSION_1)
return 1;
#ifdef CONFIG_TLSV11
if (ver == TLS_VERSION_1_1)
return 1;
#endif /* CONFIG_TLSV11 */
return 0;
}
const char * tls_version_str(u16 ver)
{
switch (ver) {
case TLS_VERSION_1:
return "1.0";
case TLS_VERSION_1_1:
return "1.1";
}
return "?";
}

View file

@ -218,5 +218,7 @@ int tls_verify_hash_init(struct tls_verify_hash *verify);
void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf, void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
size_t len); size_t len);
void tls_verify_hash_free(struct tls_verify_hash *verify); void tls_verify_hash_free(struct tls_verify_hash *verify);
int tls_version_ok(u16 ver);
const char * tls_version_str(u16 ver);
#endif /* TLSV1_COMMON_H */ #endif /* TLSV1_COMMON_H */

View file

@ -1,6 +1,6 @@
/* /*
* TLSv1 server - read handshake message * TLSv1 server - read handshake message
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi> * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
@ -103,7 +103,7 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
else else
conn->rl.tls_version = conn->client_version; conn->rl.tls_version = conn->client_version;
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s", wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
conn->rl.tls_version == TLS_VERSION_1_1 ? "1.1" : "1.0"); tls_version_str(conn->rl.tls_version));
/* Random random */ /* Random random */
if (end - pos < TLS_RANDOM_LEN) if (end - pos < TLS_RANDOM_LEN)