Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

OpenSSL: Clean up function to fetch client/server random

SSL_get_client_random() and SSL_get_server_random() will be added in
OpenSSL 1.1.0. Provide compatibility wrappers for older versions to
simplify the tls_connection_get_random() implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 9 years ago
parent
9a42d859a2
commit
dea20519aa
1 changed files with 27 additions and 13 deletions
Split View Show Diff Stats
  1. 27 13
      src/crypto/tls_openssl.c

+ 27 - 13
src/crypto/tls_openssl.c
View File 

@@ -51,6 +51,33 @@ typedef int stack_index_t;
 
 #endif /* OPENSSL_NO_TLSEXT */
 
 #endif /* SSL_set_tlsext_status_type */
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
+/*
 
+ * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
 
+ * 1.1.0. Provide compatibility wrappers for older versions.
 
+ */
 
+
 
+static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
 
+				    size_t outlen)
 
+{
 
+	if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
 
+		return 0;
 
+	os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
 
+	return SSL3_RANDOM_SIZE;
 
+}
 
+
 
+
 
+static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
 
+				    size_t outlen)
 
+{
 
+	if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
 
+		return 0;
 
+	os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
 
+	return SSL3_RANDOM_SIZE;
 
+}
 
+
 
+#endif
 
+
 
 #ifdef ANDROID
 
 #include <openssl/pem.h>
 
 #include <keystore/keystore_get.h>
 
@@ -119,10 +146,8 @@ struct tls_connection {
 
 	X509 *peer_issuer;
 
 	X509 *peer_issuer_issuer;
 
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 
 	unsigned char client_random[SSL3_RANDOM_SIZE];
 
 	unsigned char server_random[SSL3_RANDOM_SIZE];
 
-#endif
 
 };
 
 
 
@@ -2924,16 +2949,6 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
 
 	if (conn == NULL || keys == NULL)
 
 		return -1;
 
 	ssl = conn->ssl;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
-	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
 
-		return -1;
 
-
 
-	os_memset(keys, 0, sizeof(*keys));
 
-	keys->client_random = ssl->s3->client_random;
 
-	keys->client_random_len = SSL3_RANDOM_SIZE;
 
-	keys->server_random = ssl->s3->server_random;
 
-	keys->server_random_len = SSL3_RANDOM_SIZE;
 
-#else
 
 	if (ssl == NULL)
 
 		return -1;
 
 
@@ -2944,7 +2959,6 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
 
 	keys->server_random = conn->server_random;
 
 	keys->server_random_len = SSL_get_server_random(
 
 		ssl, conn->server_random, sizeof(conn->server_random));
 
-#endif
 
 
 	return 0;
 
 }