fix location of setting suiteb192

wolfSSL · Apr 25, 2023 · 7d3a50f · 7d3a50f
1 parent 439adaa
commit 7d3a50f
Showing 1 changed file with 37 additions and 59 deletions.
diff --git a/hostap-patches/Support-for-SUITEB192.patch b/hostap-patches/Support-for-SUITEB192.patch
@@ -1,34 +1,8 @@
 diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
-index b4f1bbe..454f288 100644
+index b4f1bbe..33bf815 100644
 --- a/src/crypto/tls_wolfssl.c
 +++ b/src/crypto/tls_wolfssl.c
-@@ -1292,6 +1292,25 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
- {
- 	wpa_printf(MSG_DEBUG, "SSL: set params");
-
-+#ifdef CONFIG_SUITEB192
-+    {
-+        int setErr = 0;
-+	    setErr = wolfSSL_set_cipher_list(conn->ssl,
-+            "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-=GCM-SHA384:"
-+            "DHE-RSA-AES256-GCM-SHA384:TLS13-AES256-GCM-SHA384");
-+        if (setErr == WOLFSSL_SUCCESS)
-+            setErr = wolfSSL_SetMinEccKey_Sz(conn->ssl, 384);
-+        if (setErr == WOLFSSL_SUCCESS)
-+            setErr = wolfSSL_SetMinRsaKey_Sz(conn->ssl, 3072);
-+        if (setErr == WOLFSSL_SUCCESS)
-+            setErr = wolfSSL_SetMinDhKey_Sz(conn->ssl, 3072);
-+
-+        if (setErr != WOLFSSL_SUCCESS) {
-+		    return -1;
-+        }
-+    }
-+#endif
-+
- 	if (tls_connection_set_subject_match(conn, params->subject_match,
- 					     params->altsubject_match,
- 					     params->suffix_match,
-@@ -1323,12 +1342,24 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
+@@ -1323,12 +1323,39 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
  		return -1;
  	}
 
@@ -39,13 +13,28 @@ index b4f1bbe..454f288 100644
 -			   params->openssl_ciphers);
 -		return -1;
 +	if (params->openssl_ciphers) {
-+    #ifndef CONFIG_SUITEB192
 +		if (os_strcmp(params->openssl_ciphers, "SUITEB192") == 0) {
++    #ifndef CONFIG_SUITEB192
 +			wpa_printf(MSG_ERROR,
 +					"wolfSSL: CONFIG_SUITEB192 not set");
 +			return -1;
-+		}
++    #else
++            int setErr = 0;
++    	    setErr = wolfSSL_set_cipher_list(conn->ssl,
++                "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-=GCM-SHA384:"
++                "DHE-RSA-AES256-GCM-SHA384:TLS13-AES256-GCM-SHA384");
++            if (setErr == WOLFSSL_SUCCESS)
++                setErr = wolfSSL_SetMinEccKey_Sz(conn->ssl, 384);
++            if (setErr == WOLFSSL_SUCCESS)
++                setErr = wolfSSL_SetMinRsaKey_Sz(conn->ssl, 3072);
++            if (setErr == WOLFSSL_SUCCESS)
++                setErr = wolfSSL_SetMinDhKey_Sz(conn->ssl, 3072);
++
++            if (setErr != WOLFSSL_SUCCESS) {
++    		    return -1;
++            }
 +	#endif
++		}
 +
 +		if (os_strcmp(params->openssl_ciphers, "SUITEB192") != 0) {
 +			if (wolfSSL_set_cipher_list(conn->ssl,
@@ -59,33 +48,7 @@ index b4f1bbe..454f288 100644
  	}
 
  	tls_set_conn_flags(conn->ssl, params->flags);
-@@ -1523,6 +1554,25 @@ int tls_global_set_params(void *tls_ctx,
- {
- 	wpa_printf(MSG_DEBUG, "SSL: global set params");
-
-+#ifdef CONFIG_SUITEB192
-+    {
-+        int setErr;
-+	    setErr = wolfSSL_CTX_set_cipher_list(tls_ctx,
-+            "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-=GCM-SHA384:"
-+            "DHE-RSA-AES256-GCM-SHA384:TLS13-AES256-GCM-SHA384");
-+        if (setErr == WOLFSSL_SUCCESS)
-+            setErr = wolfSSL_CTX_SetMinEccKey_Sz(tls_ctx, 384);
-+        if (setErr == WOLFSSL_SUCCESS)
-+            setErr = wolfSSL_CTX_SetMinRsaKey_Sz(tls_ctx, 3072);
-+        if (setErr == WOLFSSL_SUCCESS)
-+            setErr = wolfSSL_CTX_SetMinDhKey_Sz(tls_ctx, 3072);
-+
-+        if (setErr != WOLFSSL_SUCCESS) {
-+		    return -1;
-+        }
-+    }
-+#endif
-+
- 	if (params->check_cert_subject)
- 		return -1; /* not yet supported */
-
-@@ -1553,13 +1603,24 @@ int tls_global_set_params(void *tls_ctx,
+@@ -1553,13 +1580,39 @@ int tls_global_set_params(void *tls_ctx,
  		return -1;
  	}
 
@@ -97,13 +60,28 @@ index b4f1bbe..454f288 100644
 -			   params->openssl_ciphers);
 -		return -1;
 +	if (params->openssl_ciphers) {
-+    #ifndef CONFIG_SUITEB192
 +        if (os_strcmp(params->openssl_ciphers, "SUITEB192") == 0) {
++    #ifndef CONFIG_SUITEB192
 +		    wpa_printf(MSG_ERROR,
 +			        "wolfSSL: CONFIG_SUITEB192 not set");
 +            return -1;
-+        }
++    #else
++            int setErr;
++    	    setErr = wolfSSL_CTX_set_cipher_list(tls_ctx,
++                "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-=GCM-SHA384:"
++                "DHE-RSA-AES256-GCM-SHA384:TLS13-AES256-GCM-SHA384");
++            if (setErr == WOLFSSL_SUCCESS)
++                setErr = wolfSSL_CTX_SetMinEccKey_Sz(tls_ctx, 384);
++            if (setErr == WOLFSSL_SUCCESS)
++                setErr = wolfSSL_CTX_SetMinRsaKey_Sz(tls_ctx, 3072);
++            if (setErr == WOLFSSL_SUCCESS)
++                setErr = wolfSSL_CTX_SetMinDhKey_Sz(tls_ctx, 3072);
++
++            if (setErr != WOLFSSL_SUCCESS) {
++    		    return -1;
++            }
 +    #endif
++        }
 +
 +        if (os_strcmp(params->openssl_ciphers, "SUITEB192") != 0) {
 +	        if (wolfSSL_CTX_set_cipher_list(tls_ctx,