OpenSSL: Move server vs. client information into connection data
This makes this more easily available throughout the handshake
processing, if needed, compared to having to pass through the function
argument through the full path from
tls_connection{,_server}_handshake().
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
0de820b333
commit
53b34578f3
1 changed files with 11 additions and 10 deletions
|
|
@ -233,6 +233,7 @@ struct tls_connection {
|
||||||
unsigned int invalid_hb_used:1;
|
unsigned int invalid_hb_used:1;
|
||||||
unsigned int success_data:1;
|
unsigned int success_data:1;
|
||||||
unsigned int client_hello_generated:1;
|
unsigned int client_hello_generated:1;
|
||||||
|
unsigned int server:1;
|
||||||
|
|
||||||
u8 srv_cert_hash[32];
|
u8 srv_cert_hash[32];
|
||||||
|
|
||||||
|
|
@ -3564,8 +3565,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
|
||||||
|
|
||||||
|
|
||||||
static struct wpabuf *
|
static struct wpabuf *
|
||||||
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
|
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
|
||||||
int server)
|
|
||||||
{
|
{
|
||||||
int res;
|
int res;
|
||||||
struct wpabuf *out_data;
|
struct wpabuf *out_data;
|
||||||
|
|
@ -3583,7 +3583,7 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Initiate TLS handshake or continue the existing handshake */
|
/* Initiate TLS handshake or continue the existing handshake */
|
||||||
if (server)
|
if (conn->server)
|
||||||
res = SSL_accept(conn->ssl);
|
res = SSL_accept(conn->ssl);
|
||||||
else
|
else
|
||||||
res = SSL_connect(conn->ssl);
|
res = SSL_connect(conn->ssl);
|
||||||
|
|
@ -3598,7 +3598,7 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
|
||||||
else {
|
else {
|
||||||
tls_show_errors(MSG_INFO, __func__, "SSL_connect");
|
tls_show_errors(MSG_INFO, __func__, "SSL_connect");
|
||||||
conn->failed++;
|
conn->failed++;
|
||||||
if (!server && !conn->client_hello_generated) {
|
if (!conn->server && !conn->client_hello_generated) {
|
||||||
/* The server would not understand TLS Alert
|
/* The server would not understand TLS Alert
|
||||||
* before ClientHello, so simply terminate
|
* before ClientHello, so simply terminate
|
||||||
* handshake on this type of error case caused
|
* handshake on this type of error case caused
|
||||||
|
|
@ -3612,11 +3612,11 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!server && !conn->failed)
|
if (!conn->server && !conn->failed)
|
||||||
conn->client_hello_generated = 1;
|
conn->client_hello_generated = 1;
|
||||||
|
|
||||||
#ifdef CONFIG_SUITEB
|
#ifdef CONFIG_SUITEB
|
||||||
if ((conn->flags & TLS_CONN_SUITEB) && !server &&
|
if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
|
||||||
os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
|
os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
|
||||||
conn->server_dh_prime_len < 3072) {
|
conn->server_dh_prime_len < 3072) {
|
||||||
struct tls_context *context = conn->context;
|
struct tls_context *context = conn->context;
|
||||||
|
|
@ -3719,14 +3719,14 @@ openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
|
||||||
static struct wpabuf *
|
static struct wpabuf *
|
||||||
openssl_connection_handshake(struct tls_connection *conn,
|
openssl_connection_handshake(struct tls_connection *conn,
|
||||||
const struct wpabuf *in_data,
|
const struct wpabuf *in_data,
|
||||||
struct wpabuf **appl_data, int server)
|
struct wpabuf **appl_data)
|
||||||
{
|
{
|
||||||
struct wpabuf *out_data;
|
struct wpabuf *out_data;
|
||||||
|
|
||||||
if (appl_data)
|
if (appl_data)
|
||||||
*appl_data = NULL;
|
*appl_data = NULL;
|
||||||
|
|
||||||
out_data = openssl_handshake(conn, in_data, server);
|
out_data = openssl_handshake(conn, in_data);
|
||||||
if (out_data == NULL)
|
if (out_data == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
if (conn->invalid_hb_used) {
|
if (conn->invalid_hb_used) {
|
||||||
|
|
@ -3763,7 +3763,7 @@ tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
|
||||||
const struct wpabuf *in_data,
|
const struct wpabuf *in_data,
|
||||||
struct wpabuf **appl_data)
|
struct wpabuf **appl_data)
|
||||||
{
|
{
|
||||||
return openssl_connection_handshake(conn, in_data, appl_data, 0);
|
return openssl_connection_handshake(conn, in_data, appl_data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -3772,7 +3772,8 @@ struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
|
||||||
const struct wpabuf *in_data,
|
const struct wpabuf *in_data,
|
||||||
struct wpabuf **appl_data)
|
struct wpabuf **appl_data)
|
||||||
{
|
{
|
||||||
return openssl_connection_handshake(conn, in_data, appl_data, 1);
|
conn->server = 1;
|
||||||
|
return openssl_connection_handshake(conn, in_data, appl_data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue