eap-tls, ttls, peap: Update for l_tls API changes

2025-02-16 15:20:42 +01:00 · 2018-11-17 15:01:32 +01:00 · 2018-11-17 15:01:32 +01:00 · d7dc6606de
commit d7dc6606de
parent 6bf79dbb8b
3 changed files with 22 additions and 19 deletions
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@ -512,7 +512,7 @@ static void eap_peap_tunnel_ready(const char *peer_identity, void *user_data)
 	eap_start_complete_timeout(eap);
 	/* MSK, EMSK and challenge derivation */
-	l_tls_prf_get_bytes(peap->tunnel, L_CHECKSUM_SHA256, 32, true,
+	l_tls_prf_get_bytes(peap->tunnel, true,
 				"client EAP encryption", msk_emsk, 128);
 	eap_set_key_material(eap, msk_emsk + 0, 64, NULL, 0, NULL, 0);
@ -554,14 +554,13 @@ static bool eap_peap_tunnel_init(struct eap_state *eap)
 		l_tls_set_debug(peap->tunnel, eap_peap_debug_cb, NULL, NULL);
 	if (!l_tls_set_auth_data(peap->tunnel, peap->client_cert,
-					peap->client_key, NULL)) {
+				peap->client_key, NULL) ||
 			(peap->ca_cert &&
 			 !l_tls_set_cacert(peap->tunnel, peap->ca_cert))) {
 		l_error("PEAP: Failed to set authentication data.");
 		return false;
 	}
 	if (peap->ca_cert)
 		l_tls_set_cacert(peap->tunnel, peap->ca_cert);
 	return true;
 }
--- a/src/eap-tls.c
+++ b/src/eap-tls.c
@ -146,9 +146,9 @@ static void eap_tls_ready_cb(const char *peer_identity, void *user_data)
 	eap_start_complete_timeout(eap);
 	/* MSK, EMSK and IV derivation */
-	l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, true,
+	l_tls_prf_get_bytes(tls->tls, true,
 				"client EAP encryption", msk_emsk, 128);
-	l_tls_prf_get_bytes(tls->tls, L_CHECKSUM_SHA256, 32, false,
+	l_tls_prf_get_bytes(tls->tls, false,
 				"client EAP encryption", iv, 64);
 	eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64, iv, 64);
@ -317,11 +317,13 @@ static void eap_tls_handle_request(struct eap_state *eap,
 		if (getenv("IWD_TLS_DEBUG"))
 			l_tls_set_debug(tls->tls, eap_tls_debug_cb, NULL, NULL);
-		l_tls_set_auth_data(tls->tls, tls->client_cert, tls->client_key,
+		if (!l_tls_set_auth_data(tls->tls, tls->client_cert,
-					tls->passphrase);
+					tls->client_key, tls->passphrase) ||
-
+				(tls->ca_cert &&
-		if (tls->ca_cert)
+				 !l_tls_set_cacert(tls->tls, tls->ca_cert))) {
-			l_tls_set_cacert(tls->tls, tls->ca_cert);
+			l_error("Error loading EAP-TLS keys or certificates");
 			goto err;
 		}
 	}
 	/*
--- a/src/eap-ttls.c
+++ b/src/eap-ttls.c
@ -509,7 +509,7 @@ static void eap_ttls_phase2_chap_generate_challenge(struct l_tls *tunnel,
 							uint8_t *challenge,
 							size_t challenge_len)
 {
-	l_tls_prf_get_bytes(tunnel, L_CHECKSUM_SHA256, 32, true,
+	l_tls_prf_get_bytes(tunnel, true,
 				"ttls challenge", challenge, challenge_len);
 }
@ -792,7 +792,7 @@ static void eap_ttls_ready_cb(const char *peer_identity, void *user_data)
 	eap_method_success(eap);
 	/* MSK, EMSK and challenge derivation */
-	l_tls_prf_get_bytes(ttls->tls, L_CHECKSUM_SHA256, 32, true,
+	l_tls_prf_get_bytes(ttls->tls, true,
 				"ttls keying material", msk_emsk, 128);
 	eap_set_key_material(eap, msk_emsk + 0, 64, msk_emsk + 64, 64,
@ -1012,11 +1012,13 @@ add_to_pkt_buf:
 		if (getenv("IWD_TLS_DEBUG"))
 			l_tls_set_debug(ttls->tls, eap_ttls_debug_cb, NULL, NULL);
-		l_tls_set_auth_data(ttls->tls, ttls->client_cert,
+		if (!l_tls_set_auth_data(ttls->tls, ttls->client_cert,
-					ttls->client_key, ttls->passphrase);
+					ttls->client_key, ttls->passphrase) ||
-
+				(ttls->ca_cert &&
-		if (ttls->ca_cert)
+				 !l_tls_set_cacert(ttls->tls, ttls->ca_cert))) {
-			l_tls_set_cacert(ttls->tls, ttls->ca_cert);
+			l_error("Error loading EAP-TTLS keys or certificates");
 			goto err;
 		}
 		/*
 		 * RFC5281 section 9.1: "For all packets other than a