EAP-FAST: Enable AES256-based TLS cipher suites with OpenSSL
This extends the list of TLS cipher suites enabled for EAP-FAST to include AES256-based suites. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
1ebb24bbfb
commit
750f5d9964
4 changed files with 16 additions and 4 deletions
|
|
@ -461,7 +461,9 @@ enum {
|
|||
TLS_CIPHER_RC4_SHA /* 0x0005 */,
|
||||
TLS_CIPHER_AES128_SHA /* 0x002f */,
|
||||
TLS_CIPHER_RSA_DHE_AES128_SHA /* 0x0031 */,
|
||||
TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */
|
||||
TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */,
|
||||
TLS_CIPHER_RSA_DHE_AES256_SHA /* 0x0039 */,
|
||||
TLS_CIPHER_AES256_SHA /* 0x0035 */,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -3407,7 +3407,7 @@ int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
|
|||
int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
|
||||
u8 *ciphers)
|
||||
{
|
||||
char buf[100], *pos, *end;
|
||||
char buf[500], *pos, *end;
|
||||
u8 *c;
|
||||
int ret;
|
||||
|
||||
|
|
@ -3435,6 +3435,12 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
|
|||
case TLS_CIPHER_ANON_DH_AES128_SHA:
|
||||
suite = "ADH-AES128-SHA";
|
||||
break;
|
||||
case TLS_CIPHER_RSA_DHE_AES256_SHA:
|
||||
suite = "DHE-RSA-AES256-SHA";
|
||||
break;
|
||||
case TLS_CIPHER_AES256_SHA:
|
||||
suite = "AES256-SHA";
|
||||
break;
|
||||
default:
|
||||
wpa_printf(MSG_DEBUG, "TLS: Unsupported "
|
||||
"cipher selection: %d", *c);
|
||||
|
|
|
|||
|
|
@ -1446,7 +1446,7 @@ static int eap_fast_clear_pac_opaque_ext(struct eap_sm *sm,
|
|||
static int eap_fast_set_provisioning_ciphers(struct eap_sm *sm,
|
||||
struct eap_fast_data *data)
|
||||
{
|
||||
u8 ciphers[5];
|
||||
u8 ciphers[7];
|
||||
int count = 0;
|
||||
|
||||
if (data->provisioning_allowed & EAP_FAST_PROV_UNAUTH) {
|
||||
|
|
@ -1458,7 +1458,9 @@ static int eap_fast_set_provisioning_ciphers(struct eap_sm *sm,
|
|||
if (data->provisioning_allowed & EAP_FAST_PROV_AUTH) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Enabling authenticated "
|
||||
"provisioning TLS cipher suites");
|
||||
ciphers[count++] = TLS_CIPHER_RSA_DHE_AES256_SHA;
|
||||
ciphers[count++] = TLS_CIPHER_RSA_DHE_AES128_SHA;
|
||||
ciphers[count++] = TLS_CIPHER_AES256_SHA;
|
||||
ciphers[count++] = TLS_CIPHER_AES128_SHA;
|
||||
ciphers[count++] = TLS_CIPHER_RC4_SHA;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -412,11 +412,13 @@ static int eap_fast_update_icmk(struct eap_sm *sm, struct eap_fast_data *data)
|
|||
static void * eap_fast_init(struct eap_sm *sm)
|
||||
{
|
||||
struct eap_fast_data *data;
|
||||
u8 ciphers[5] = {
|
||||
u8 ciphers[7] = {
|
||||
TLS_CIPHER_ANON_DH_AES128_SHA,
|
||||
TLS_CIPHER_AES128_SHA,
|
||||
TLS_CIPHER_RSA_DHE_AES128_SHA,
|
||||
TLS_CIPHER_RC4_SHA,
|
||||
TLS_CIPHER_RSA_DHE_AES256_SHA,
|
||||
TLS_CIPHER_AES256_SHA,
|
||||
TLS_CIPHER_NONE
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue