Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

BoringSSL: Fix session resumption

BoringSSL commit 533ef7304d9b48aad38805f1997031a0a034d7fe ('Remove
SSL_clear calls in handshake functions.') triggered a regression for
EAP-TLS/TTLS/PEAP session resumption in wpa_supplicant due to the
removed SSL_clear() call in ssl3_connect() going away and wpa_supplicant
not calling SSL_clear() after SSL_shutdown(). Fix this by adding the
SSL_clear() call into wpa_supplicant after SSL_shutdown() when preparing
the ssl instance for another connection.

While OpenSSL is still call SSL_clear() in ssl3_connect(), it looks to
be safe to add this call to wpa_supplicant unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 9 years ago
parent
0f56057c64
commit
a7803b0caf
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/crypto/tls_openssl.c

+ 1 - 1
src/crypto/tls_openssl.c
View File 

@@ -1142,7 +1142,7 @@ int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
 
 	 * and "close notify" shutdown alert would confuse AS. */
 
 	SSL_set_quiet_shutdown(conn->ssl, 1);
 
 	SSL_shutdown(conn->ssl);
 
-	return 0;
 
+	return SSL_clear(conn->ssl) == 1 ? 0 : -1;
 
 }