From af9da3180dc20f57df1fc1e1811f3df9fa9e6ab5 Mon Sep 17 00:00:00 2001 From: Dmitry Shmidt Date: Fri, 3 Apr 2015 10:03:11 -0700 Subject: Cumulative patch from commit 681278246232029c334117bd6dc7e74c6b179f96 6812782 hlr_auc_gw: Allow Milenage RES length to be reduced 4839f7c wpa_cli: Fix a typo in usage text a20a361 wpa_supplicant: Clear blacklist on connect 0144ecb Android: wpa_ctrl missing include for sys/stat.h 0bb20ef HS 2.0R2: Allow user to specify spp.xsd file location 97c9991 HS 2.0R2: Add more debugging messages to hs20-osu-client 93c2e60 HS 2.0R2 CA: Improve setup.sh and .conf for more flexibility 02e122a Reschedule scan from wpas_stop_pno if it was postponed 80fd9c3 EAP-PEAP server: Add support for negotiating vendor for Phase 2 a867082 EAP peer: Use 32-bit EAP method type for Phase 2 processing 56dfc49 Fix a typo in configuration parameter documentation c4b45c6 TLS: Fix memory leaks on tls_connection_set_params() error paths af85191 Make tls_connection_get_keyblock_size() internal to tls_*.c 94f1fe6 Remove master key extraction from tls_connection_get_keys() fa0e715 Use tls_connection_prf() for all EAP TLS-based key derivation df8191d Rename HT 20/40 coex variable to be more descriptive 1d0f42a EAP server: Add debug prints to help asleap testing 2c1cf90 Add wpa_snprintf_hex_sep() 5955cfa ms_funcs: Make challenge_hash() non-static Change-Id: I0f3e5e5170a61e458949a675641946d95598dc5d Signed-off-by: Dmitry Shmidt --- src/eap_peer/eap.c | 2 +- src/eap_peer/eap_tls_common.c | 48 +++++++------------------------------------ 2 files changed, 8 insertions(+), 42 deletions(-) (limited to 'src/eap_peer') diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 35433f3b..fc4af953 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -2400,7 +2400,7 @@ static int eap_allowed_phase2_type(int vendor, int type) u32 eap_get_phase2_type(const char *name, int *vendor) { int v; - u8 type = eap_peer_get_type(name, &v); + u32 type = eap_peer_get_type(name, &v); if (eap_allowed_phase2_type(v, type)) { *vendor = v; return type; diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c index 87107816..15c1bac5 100644 --- a/src/eap_peer/eap_tls_common.c +++ b/src/eap_peer/eap_tls_common.c @@ -313,53 +313,19 @@ void eap_peer_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data) u8 * eap_peer_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, const char *label, size_t len) { -#ifndef CONFIG_FIPS - struct tls_keys keys; -#endif /* CONFIG_FIPS */ - u8 *rnd = NULL, *out; + u8 *out; out = os_malloc(len); if (out == NULL) return NULL; - /* First, try to use TLS library function for PRF, if available. */ - if (tls_connection_prf(data->ssl_ctx, data->conn, label, 0, out, len) - == 0) - return out; - -#ifndef CONFIG_FIPS - /* - * TLS library did not support key generation, so get the needed TLS - * session parameters and use an internal implementation of TLS PRF to - * derive the key. - */ - if (tls_connection_get_keys(data->ssl_ctx, data->conn, &keys)) - goto fail; - - if (keys.client_random == NULL || keys.server_random == NULL || - keys.master_key == NULL) - goto fail; - - rnd = os_malloc(keys.client_random_len + keys.server_random_len); - if (rnd == NULL) - goto fail; - os_memcpy(rnd, keys.client_random, keys.client_random_len); - os_memcpy(rnd + keys.client_random_len, keys.server_random, - keys.server_random_len); - - if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len, - label, rnd, keys.client_random_len + - keys.server_random_len, out, len)) - goto fail; + if (tls_connection_prf(data->ssl_ctx, data->conn, label, 0, 0, + out, len)) { + os_free(out); + return NULL; + } - os_free(rnd); return out; - -fail: -#endif /* CONFIG_FIPS */ - os_free(out); - os_free(rnd); - return NULL; } @@ -1032,7 +998,7 @@ int eap_peer_select_phase2_methods(struct eap_peer_config *config, { char *start, *pos, *buf; struct eap_method_type *methods = NULL, *_methods; - u8 method; + u32 method; size_t num_methods = 0, prefix_len; if (config == NULL || config->phase2 == NULL) -- cgit v1.2.3