DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Add tls_get_tls_unique() to fetch "tls-unique" for channel binding

Browse source 
This implements "tls-unique" derivation per RFC 5929, Section 3. This
will be needed for channel binding, e.g., with EAP-TEAP.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-08-10 21:21:40 +03:00
parent 88b6c6e244
commit 3af37ece19
2 changed files with 31 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/crypto/tls_openssl.c
View file

@ -5332,3 +5332,21 @@ void tls_connection_remove_session(struct tls_connection *conn)
wpa_printf(MSG_DEBUG,
"OpenSSL: Removed cached session to disable session resumption");
}
int tls_get_tls_unique(struct tls_connection *conn, u8 *buf, size_t max_len)
{
size_t len;
int reused;
reused = SSL_session_reused(conn->ssl);
if ((conn->server && !reused) || (!conn->server && reused))
len = SSL_get_peer_finished(conn->ssl, buf, max_len);
else
len = SSL_get_finished(conn->ssl, buf, max_len);
if (len == 0 || len > max_len)
return -1;
return len;
}