EAP-TLS peer: Determine whether TLS v1.3 or newer is used
This is needed to be able to handle different key derivation and message handshakes in EAP implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
fe7b06c5e1
commit
bac1bdba3e
2 changed files with 13 additions and 0 deletions
|
@ -669,6 +669,8 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||||
* the AS.
|
* the AS.
|
||||||
*/
|
*/
|
||||||
int res = eap_tls_process_input(sm, data, in_data, out_data);
|
int res = eap_tls_process_input(sm, data, in_data, out_data);
|
||||||
|
char buf[20];
|
||||||
|
|
||||||
if (res) {
|
if (res) {
|
||||||
/*
|
/*
|
||||||
* Input processing failed (res = -1) or more data is
|
* Input processing failed (res = -1) or more data is
|
||||||
|
@ -681,6 +683,12 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||||
* The incoming message has been reassembled and processed. The
|
* The incoming message has been reassembled and processed. The
|
||||||
* response was allocated into data->tls_out buffer.
|
* response was allocated into data->tls_out buffer.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (tls_get_version(data->ssl_ctx, data->conn,
|
||||||
|
buf, sizeof(buf)) == 0) {
|
||||||
|
wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf);
|
||||||
|
data->tls_v13 = os_strcmp(buf, "TLSv1.3") == 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data->tls_out == NULL) {
|
if (data->tls_out == NULL) {
|
||||||
|
|
|
@ -73,6 +73,11 @@ struct eap_ssl_data {
|
||||||
* eap_type - EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST)
|
* eap_type - EAP method used in Phase 1 (EAP_TYPE_TLS/PEAP/TTLS/FAST)
|
||||||
*/
|
*/
|
||||||
u8 eap_type;
|
u8 eap_type;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* tls_v13 - Whether TLS v1.3 or newer is used
|
||||||
|
*/
|
||||||
|
int tls_v13;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue