TLS: Add helper functions for version number handling
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
8307489840
commit
ebe4e8f814
4 changed files with 33 additions and 7 deletions
|
@ -81,9 +81,7 @@ static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
|
||||||
if (end - pos < 2)
|
if (end - pos < 2)
|
||||||
goto decode_error;
|
goto decode_error;
|
||||||
tls_version = WPA_GET_BE16(pos);
|
tls_version = WPA_GET_BE16(pos);
|
||||||
if (tls_version != TLS_VERSION_1 &&
|
if (!tls_version_ok(tls_version)) {
|
||||||
(tls_version != TLS_VERSION_1_1 ||
|
|
||||||
TLS_VERSION == TLS_VERSION_1)) {
|
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in "
|
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in "
|
||||||
"ServerHello %u.%u", pos[0], pos[1]);
|
"ServerHello %u.%u", pos[0], pos[1]);
|
||||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||||
|
@ -93,7 +91,7 @@ static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
|
||||||
pos += 2;
|
pos += 2;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
|
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
|
||||||
tls_version == TLS_VERSION_1_1 ? "1.1" : "1.0");
|
tls_version_str(tls_version));
|
||||||
conn->rl.tls_version = tls_version;
|
conn->rl.tls_version = tls_version;
|
||||||
|
|
||||||
/* Random random */
|
/* Random random */
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* TLSv1 common routines
|
* TLSv1 common routines
|
||||||
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License version 2 as
|
* it under the terms of the GNU General Public License version 2 as
|
||||||
|
@ -239,3 +239,29 @@ void tls_verify_hash_free(struct tls_verify_hash *verify)
|
||||||
verify->sha1_server = NULL;
|
verify->sha1_server = NULL;
|
||||||
verify->sha1_cert = NULL;
|
verify->sha1_cert = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int tls_version_ok(u16 ver)
|
||||||
|
{
|
||||||
|
if (ver == TLS_VERSION_1)
|
||||||
|
return 1;
|
||||||
|
#ifdef CONFIG_TLSV11
|
||||||
|
if (ver == TLS_VERSION_1_1)
|
||||||
|
return 1;
|
||||||
|
#endif /* CONFIG_TLSV11 */
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
const char * tls_version_str(u16 ver)
|
||||||
|
{
|
||||||
|
switch (ver) {
|
||||||
|
case TLS_VERSION_1:
|
||||||
|
return "1.0";
|
||||||
|
case TLS_VERSION_1_1:
|
||||||
|
return "1.1";
|
||||||
|
}
|
||||||
|
|
||||||
|
return "?";
|
||||||
|
}
|
||||||
|
|
|
@ -218,5 +218,7 @@ int tls_verify_hash_init(struct tls_verify_hash *verify);
|
||||||
void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
|
void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
|
||||||
size_t len);
|
size_t len);
|
||||||
void tls_verify_hash_free(struct tls_verify_hash *verify);
|
void tls_verify_hash_free(struct tls_verify_hash *verify);
|
||||||
|
int tls_version_ok(u16 ver);
|
||||||
|
const char * tls_version_str(u16 ver);
|
||||||
|
|
||||||
#endif /* TLSV1_COMMON_H */
|
#endif /* TLSV1_COMMON_H */
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* TLSv1 server - read handshake message
|
* TLSv1 server - read handshake message
|
||||||
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License version 2 as
|
* it under the terms of the GNU General Public License version 2 as
|
||||||
|
@ -103,7 +103,7 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
|
||||||
else
|
else
|
||||||
conn->rl.tls_version = conn->client_version;
|
conn->rl.tls_version = conn->client_version;
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
|
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
|
||||||
conn->rl.tls_version == TLS_VERSION_1_1 ? "1.1" : "1.0");
|
tls_version_str(conn->rl.tls_version));
|
||||||
|
|
||||||
/* Random random */
|
/* Random random */
|
||||||
if (end - pos < TLS_RANDOM_LEN)
|
if (end - pos < TLS_RANDOM_LEN)
|
||||||
|
|
Loading…
Reference in a new issue