aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-12-31 16:15:09 (GMT)
committerJouni Malinen <j@w1.fi>2015-12-31 16:15:09 (GMT)
commitdea20519aaebc079d4b654880c8fd09a08e39471 (patch)
tree83359515692478a97995582ac8874e5224d6e7b0
parent9a42d859a27c10b9f5d589ebdc149143b93ca02d (diff)
downloadhostap-dea20519aaebc079d4b654880c8fd09a08e39471.zip
hostap-dea20519aaebc079d4b654880c8fd09a08e39471.tar.gz
hostap-dea20519aaebc079d4b654880c8fd09a08e39471.tar.bz2
OpenSSL: Clean up function to fetch client/server random
SSL_get_client_random() and SSL_get_server_random() will be added in OpenSSL 1.1.0. Provide compatibility wrappers for older versions to simplify the tls_connection_get_random() implementation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--src/crypto/tls_openssl.c40
1 files changed, 27 insertions, 13 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 309c15d..df2021d 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -51,6 +51,33 @@ typedef int stack_index_t;
#endif /* OPENSSL_NO_TLSEXT */
#endif /* SSL_set_tlsext_status_type */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+/*
+ * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
+ * 1.1.0. Provide compatibility wrappers for older versions.
+ */
+
+static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+ size_t outlen)
+{
+ if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
+ return 0;
+ os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
+ return SSL3_RANDOM_SIZE;
+}
+
+
+static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+ size_t outlen)
+{
+ if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
+ return 0;
+ os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
+ return SSL3_RANDOM_SIZE;
+}
+
+#endif
+
#ifdef ANDROID
#include <openssl/pem.h>
#include <keystore/keystore_get.h>
@@ -119,10 +146,8 @@ struct tls_connection {
X509 *peer_issuer;
X509 *peer_issuer_issuer;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
unsigned char client_random[SSL3_RANDOM_SIZE];
unsigned char server_random[SSL3_RANDOM_SIZE];
-#endif
};
@@ -2924,16 +2949,6 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
if (conn == NULL || keys == NULL)
return -1;
ssl = conn->ssl;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
- return -1;
-
- os_memset(keys, 0, sizeof(*keys));
- keys->client_random = ssl->s3->client_random;
- keys->client_random_len = SSL3_RANDOM_SIZE;
- keys->server_random = ssl->s3->server_random;
- keys->server_random_len = SSL3_RANDOM_SIZE;
-#else
if (ssl == NULL)
return -1;
@@ -2944,7 +2959,6 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
keys->server_random = conn->server_random;
keys->server_random_len = SSL_get_server_random(
ssl, conn->server_random, sizeof(conn->server_random));
-#endif
return 0;
}