| From e6e243d97795306aeb604948e7101f9f14e8b8ca Mon Sep 17 00:00:00 2001 |
| From: Jouni Malinen <j@w1.fi> |
| Date: Fri, 17 Aug 2012 23:55:14 +0300 |
| Subject: [PATCH] Fix EAP-FAST with OpenSSL 1.0.1 |
| |
| The mechanism to figure out key block size based on ssl->read_hash |
| does not seem to work with OpenSSL 1.0.1, so add an alternative |
| mechanism to figure out the NAC key size that seems to work at |
| least with the current OpenSSL 1.0.1 releases. |
| |
| Signed-hostap: Jouni Malinen <j@w1.fi> |
| intended-for: hostap-1 |
| (cherry picked from commit 7f996409e7e5aa0bb066257906e87ab3294d4fd0) |
| --- |
| src/crypto/tls_openssl.c | 14 +++++++++++++- |
| 1 files changed, 13 insertions(+), 1 deletions(-) |
| |
| diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c |
| index 6380ce0..c4a76be 100644 |
| --- a/src/crypto/tls_openssl.c |
| +++ b/src/crypto/tls_openssl.c |
| @@ -2785,6 +2785,7 @@ int tls_connection_get_keyblock_size(void *tls_ctx, |
| { |
| const EVP_CIPHER *c; |
| const EVP_MD *h; |
| + int md_size; |
| |
| if (conn == NULL || conn->ssl == NULL || |
| conn->ssl->enc_read_ctx == NULL || |
| @@ -2798,9 +2799,20 @@ int tls_connection_get_keyblock_size(void *tls_ctx, |
| #else |
| h = conn->ssl->read_hash; |
| #endif |
| + if (h) |
| + md_size = EVP_MD_size(h); |
| +#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
| + else if (conn->ssl->s3) |
| + md_size = conn->ssl->s3->tmp.new_mac_secret_size; |
| +#endif |
| + else |
| + return -1; |
| |
| + wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d " |
| + "IV_len=%d", EVP_CIPHER_key_length(c), md_size, |
| + EVP_CIPHER_iv_length(c)); |
| return 2 * (EVP_CIPHER_key_length(c) + |
| - EVP_MD_size(h) + |
| + md_size + |
| EVP_CIPHER_iv_length(c)); |
| } |
| |
| -- |
| 1.7.4-rc1 |
| |