Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

TLS client: Use TLS_CONN_* flags

This makes it simpler to add support for new TLS_CONN_* flags without
having to add a new configuration function for each flag.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 9 years ago
parent
20804fe844
commit
0cbc22b2eb
5 changed files with 14 additions and 9 deletions
Split View Show Diff Stats
  1. 1 2
      src/crypto/tls_internal.c
  2. 7 2
      src/tls/tlsv1_client.c
  3. 1 1
      src/tls/tlsv1_client.h
  4. 2 1
      src/tls/tlsv1_client_i.h
  5. 3 3
      src/tls/tlsv1_client_read.c

+ 1 - 2
src/crypto/tls_internal.c
View File 

@@ -273,8 +273,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 
 		return -1;
 
 	}
 
 
-	tlsv1_client_set_time_checks(
 
-		conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));
 
+	tlsv1_client_set_flags(conn->client, params->flags);
 
 
 	return 0;
 
 #else /* CONFIG_TLS_INTERNAL_CLIENT */

+ 7 - 2
src/tls/tlsv1_client.c
View File 

@@ -811,9 +811,14 @@ int tlsv1_client_set_cred(struct tlsv1_client *conn,
 
 }
 
 
 
-void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled)
 
+/**
 
+ * tlsv1_client_set_flags - Set connection flags
 
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
 
+ * @flags: TLS_CONN_* bitfield
 
+ */
 
+void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags)
 
 {
 
-	conn->disable_time_checks = !enabled;
 
+	conn->flags = flags;
 
 }

+ 1 - 1
src/tls/tlsv1_client.h
View File 

@@ -41,7 +41,7 @@ int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn);
 
 int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers);
 
 int tlsv1_client_set_cred(struct tlsv1_client *conn,
 
 			  struct tlsv1_credentials *cred);
 
-void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled);
 
+void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags);
 
 
 typedef int (*tlsv1_client_session_ticket_cb)
 
 (void *ctx, const u8 *ticket, size_t len, const u8 *client_random,

+ 2 - 1
src/tls/tlsv1_client_i.h
View File 

@@ -29,11 +29,12 @@ struct tlsv1_client {
 
 	u8 alert_level;
 
 	u8 alert_description;
 
 
+	unsigned int flags; /* TLS_CONN_* bitfield */
 
+
 
 	unsigned int certificate_requested:1;
 
 	unsigned int session_resumed:1;
 
 	unsigned int session_ticket_included:1;
 
 	unsigned int use_session_ticket:1;
 
-	unsigned int disable_time_checks:1;
 
 	unsigned int cert_in_cb:1;
 
 
 	struct crypto_public_key *server_rsa_key;

+ 3 - 3
src/tls/tlsv1_client_read.c
View File 

@@ -463,9 +463,9 @@ static int tls_process_certificate(struct tlsv1_client *conn, u8 ct,
 
 		x509_certificate_chain_free(chain);
 
 		return -1;
 
 	} else if (conn->cred && conn->cred->ca_cert_verify &&
 
-		   x509_certificate_chain_validate(conn->cred->trusted_certs,
 
-						   chain, &reason,
 
-						   conn->disable_time_checks)
 
+		   x509_certificate_chain_validate(
 
+			   conn->cred->trusted_certs, chain, &reason,
 
+			   !!(conn->flags & TLS_CONN_DISABLE_TIME_CHECKS))
 
 		   < 0) {
 
 		int tls_reason;
 
 		wpa_printf(MSG_DEBUG, "TLSv1: Server certificate chain "