aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-05-01 14:44:22 (GMT)
committerJouni Malinen <j@w1.fi>2018-05-01 14:44:22 (GMT)
commitfe7b06c5e115da7865f0b8f20efb8bf6cef5a703 (patch)
tree71d0009a2eed99d4b1bd1c286a865bb49eddc293
parentc26ac189581c9c3d410ac927a43c598a9932beae (diff)
downloadhostap-fe7b06c5e115da7865f0b8f20efb8bf6cef5a703.zip
hostap-fe7b06c5e115da7865f0b8f20efb8bf6cef5a703.tar.gz
hostap-fe7b06c5e115da7865f0b8f20efb8bf6cef5a703.tar.bz2
EAP-TLS server: Determine whether TLS v1.3 or newer is used
This is needed to be able to handle different key derivation and message handshakes in EAP implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/eap_server/eap_server_tls_common.c7
-rw-r--r--src/eap_server/eap_tls_common.h5
2 files changed, 12 insertions, 0 deletions
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 0dd15a9..c2e0cf0 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -305,6 +305,8 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
{
+ char buf[20];
+
if (data->tls_out) {
/* This should not happen.. */
wpa_printf(MSG_INFO, "SSL: pending tls_out data when "
@@ -327,6 +329,11 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
return -1;
}
+ if (tls_get_version(sm->ssl_ctx, data->conn, buf, sizeof(buf)) == 0) {
+ wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf);
+ data->tls_v13 = os_strcmp(buf, "TLSv1.3") == 0;
+ }
+
return 0;
}
diff --git a/src/eap_server/eap_tls_common.h b/src/eap_server/eap_tls_common.h
index e68cb2d..31f6e72 100644
--- a/src/eap_server/eap_tls_common.h
+++ b/src/eap_server/eap_tls_common.h
@@ -50,6 +50,11 @@ struct eap_ssl_data {
enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state;
struct wpabuf tmpbuf;
+
+ /**
+ * tls_v13 - Whether TLS v1.3 or newer is used
+ */
+ int tls_v13;
};