aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorAlexander Clouter <alex@digriz.org.uk>2020-10-16 08:49:36 (GMT)
committerJouni Malinen <j@w1.fi>2021-02-20 15:02:35 (GMT)
commit872609c15110d32ee2d306aeeeffdd4e42ef6fc6 (patch)
tree9f781144371b147e3939115e216aec1126827e39 /src/crypto
parent9acf8da223657e3948351cc1bbab355b3d2469ae (diff)
downloadhostap-872609c15110d32ee2d306aeeeffdd4e42ef6fc6.zip
hostap-872609c15110d32ee2d306aeeeffdd4e42ef6fc6.tar.gz
hostap-872609c15110d32ee2d306aeeeffdd4e42ef6fc6.tar.bz2
EAP-TTLS/PEAP peer: Fix failure when using session tickets under TLS 1.3
EAP peer does not expect data present when beginning the Phase 2 in EAP-{TTLS,PEAP} but in TLS 1.3 session tickets are sent after the handshake completes. There are several strategies that can be used to handle this, but this patch picks up from the discussion[1] and implements the proposed use of SSL_MODE_AUTO_RETRY. SSL_MODE_AUTO_RETRY has already been enabled by default in OpenSSL 1.1.1, but it needs to be enabled for older versions. The main OpenSSL wrapper change in tls_connection_decrypt() takes care of the new possible case with SSL_MODE_AUTO_RETRY for SSL_ERROR_WANT_READ to indicate that a non-application_data was processed. That is not really an error case with TLS 1.3, so allow it to complete and return an empty decrypted application data buffer. EAP-PEAP/TTLS processing can then use this to move ahead with starting Phase 2. [1] https://www.spinics.net/lists/hostap/msg05376.html Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/tls_openssl.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index ef872c5..345a35e 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1045,6 +1045,8 @@ void * tls_init(const struct tls_config *conf)
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
+ SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
#ifdef SSL_MODE_NO_AUTO_CHAIN
/* Number of deployed use cases assume the default OpenSSL behavior of
* auto chaining the local certificate is in use. BoringSSL removed this
@@ -4543,10 +4545,18 @@ struct wpabuf * tls_connection_decrypt(void *tls_ctx,
return NULL;
res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
if (res < 0) {
- tls_show_errors(MSG_INFO, __func__,
- "Decryption failed - SSL_read");
- wpabuf_free(buf);
- return NULL;
+ int err = SSL_get_error(conn->ssl, res);
+
+ if (err == SSL_ERROR_WANT_READ) {
+ wpa_printf(MSG_DEBUG,
+ "SSL: SSL_connect - want more data");
+ res = 0;
+ } else {
+ tls_show_errors(MSG_INFO, __func__,
+ "Decryption failed - SSL_read");
+ wpabuf_free(buf);
+ return NULL;
+ }
}
wpabuf_put(buf, res);