TLS: Add helper functions for version number handling
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
8307489840
commit
ebe4e8f814
4 changed files with 33 additions and 7 deletions
|
|
@ -81,9 +81,7 @@ static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
|
|||
if (end - pos < 2)
|
||||
goto decode_error;
|
||||
tls_version = WPA_GET_BE16(pos);
|
||||
if (tls_version != TLS_VERSION_1 &&
|
||||
(tls_version != TLS_VERSION_1_1 ||
|
||||
TLS_VERSION == TLS_VERSION_1)) {
|
||||
if (!tls_version_ok(tls_version)) {
|
||||
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected protocol version in "
|
||||
"ServerHello %u.%u", pos[0], pos[1]);
|
||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||
|
|
@ -93,7 +91,7 @@ static int tls_process_server_hello(struct tlsv1_client *conn, u8 ct,
|
|||
pos += 2;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
|
||||
tls_version == TLS_VERSION_1_1 ? "1.1" : "1.0");
|
||||
tls_version_str(tls_version));
|
||||
conn->rl.tls_version = tls_version;
|
||||
|
||||
/* Random random */
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* TLSv1 common routines
|
||||
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
@ -239,3 +239,29 @@ void tls_verify_hash_free(struct tls_verify_hash *verify)
|
|||
verify->sha1_server = NULL;
|
||||
verify->sha1_cert = NULL;
|
||||
}
|
||||
|
||||
|
||||
int tls_version_ok(u16 ver)
|
||||
{
|
||||
if (ver == TLS_VERSION_1)
|
||||
return 1;
|
||||
#ifdef CONFIG_TLSV11
|
||||
if (ver == TLS_VERSION_1_1)
|
||||
return 1;
|
||||
#endif /* CONFIG_TLSV11 */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
const char * tls_version_str(u16 ver)
|
||||
{
|
||||
switch (ver) {
|
||||
case TLS_VERSION_1:
|
||||
return "1.0";
|
||||
case TLS_VERSION_1_1:
|
||||
return "1.1";
|
||||
}
|
||||
|
||||
return "?";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -218,5 +218,7 @@ int tls_verify_hash_init(struct tls_verify_hash *verify);
|
|||
void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
|
||||
size_t len);
|
||||
void tls_verify_hash_free(struct tls_verify_hash *verify);
|
||||
int tls_version_ok(u16 ver);
|
||||
const char * tls_version_str(u16 ver);
|
||||
|
||||
#endif /* TLSV1_COMMON_H */
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* TLSv1 server - read handshake message
|
||||
* Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
@ -103,7 +103,7 @@ static int tls_process_client_hello(struct tlsv1_server *conn, u8 ct,
|
|||
else
|
||||
conn->rl.tls_version = conn->client_version;
|
||||
wpa_printf(MSG_DEBUG, "TLSv1: Using TLS v%s",
|
||||
conn->rl.tls_version == TLS_VERSION_1_1 ? "1.1" : "1.0");
|
||||
tls_version_str(conn->rl.tls_version));
|
||||
|
||||
/* Random random */
|
||||
if (end - pos < TLS_RANDOM_LEN)
|
||||
|
|
|
|||
Loading…
Reference in a new issue