From patchwork Thu Apr  4 18:16:28 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juliusz Sosinowicz <juliusz@wolfssl.com>
X-Patchwork-Id: 1919911
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=YpdCier5;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=wolfssl-com.20230601.gappssmtp.com
 header.i=@wolfssl-com.20230601.gappssmtp.com header.a=rsa-sha256
 header.s=20230601 header.b=wl0wCHrw;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9VHR1SbRz1yYf
	for <incoming@patchwork.ozlabs.org>; Fri,  5 Apr 2024 05:18:43 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=9EUUAqAmtT/WA4GEc0vIcQGVwmyyOuSVJgC2yfRHW6k=; b=YpdCier5YiSMMZ
	gbYo0UDuXAH5W4n4TxendSFh+MAzoQY0vBh0ABKiq08d2pXddgP1GbaDcufcd1yAzNauTkYicJjJk
	QAcgqbSmqR5Jgd/fFRZxBnPMatBxAtVPixgpTnT22cpJNMRuZjrJnnm7iihmc0EMWXnQc2JLY7wqE
	COn01IoQVfy1vHKe58wQEIHZ/a1RQCwS4zpXFXnsQNK534JWfReUKtv6TQcPaFmDDEkHDf7vmmrkA
	2xozIC1WgQfnnrSHFETJZZeUdBNf3+37H7e8CYO10H/53RE3+UTuv0JyLaImA28Bf9lkSdv0yMyHA
	qddIa2GpPTjESB9PaIpw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rsRfM-00000003ngY-1zcK;
	Thu, 04 Apr 2024 18:18:24 +0000
Received: from mail-ed1-x52e.google.com ([2a00:1450:4864:20::52e])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rsReJ-00000003mqF-3joI
	for hostap@lists.infradead.org;
	Thu, 04 Apr 2024 18:17:24 +0000
Received: by mail-ed1-x52e.google.com with SMTP id
 4fb4d7f45d1cf-56b0af675deso1508875a12.1
        for <hostap@lists.infradead.org>;
 Thu, 04 Apr 2024 11:17:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=wolfssl-com.20230601.gappssmtp.com; s=20230601; t=1712254638;
 x=1712859438; darn=lists.infradead.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=wwzNgIEH0QGOJGkDHXrTeIXsLazuBWrPNSGZvv77zGg=;
        b=wl0wCHrwePcaNBbH3MqV784VS09WwANd6b2Z3cW83HlMU/dzK5hNZXB4VnqQq6bc5i
         22x9sQ/NWUdqEnc6Zi2C49BuMvUUKvOaMh55ksI28eCohDjCEEQ9GZUoyeiXzkBGUmr3
         sW+8cpx8BKWm1hvQPgDJR4Wkh3ijlbSmWZFOnVFs7fuS0dJzxiDD1tmZULqACOMuQ8CZ
         /DC7ZFVcF+lMKyhU18lVS0MzU+sunNPAjoFR4qRTAd1skYsyvNIJ+7lEBc+UWtmZ5u2n
         B8OeLn0n7UTVs9YEH3QR8Cq0nsVVqB4lVElMBwt5vKjNoQuBcD9jXZwAwuS0VnCl9cWz
         0lWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1712254638; x=1712859438;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wwzNgIEH0QGOJGkDHXrTeIXsLazuBWrPNSGZvv77zGg=;
        b=ADc6m+YKf5AHRA3n4wwYpHudm041eJUTmljccn9M89qDdPdEqiR+5Y7ucaVY+T4VH8
         SltHpZ0U9UaGUtcSqhiqcDndMlPzx0EY/cTBPrWib343rj5nnIAr7QPSH4bpC/QgRwQy
         UOylPF/tl4Ifygj34jJiTriar+d6k2U7FWhjZayvHMhD8w5rU74vJyi9t+wXCnF6b0RS
         Oou3hD2yANvGRk3r5Sq4VA9TrH/OcdnyO065XfADIhnyqCjfTad87Q1s5NkkvrXi2fg3
         4iQJABWi1wfBCfxaPc2qcmD4XFzIubj5n7ammE2xZHYKdHceIcS+ul1Mkc+VtcAIdXF7
         l7KQ==
X-Gm-Message-State: AOJu0YyuSbUK4fTlBEdpjPVqCHlv3naAxRDgm065feUiJcEbkpOQyyaW
	4rY8HeslsVmEMkTJUok6uiznWiLRTxEQjjI9P6uFzK7t/HSlpIebEX7a6IAGR8tGNiSIuucdC2P
	Yrc8=
X-Google-Smtp-Source: 
 AGHT+IGGh3o126FzOaTs6G2v3P+zLzKybjbbYx0aABMwYBoyS1OvkX7VfJjPQXNnI5iQ+RxD8VHbRg==
X-Received: by 2002:a50:f61a:0:b0:56b:9029:dd48 with SMTP id
 c26-20020a50f61a000000b0056b9029dd48mr422215edn.5.1712254638249;
        Thu, 04 Apr 2024 11:17:18 -0700 (PDT)
Received: from localhost.localdomain ([82.118.30.15])
        by smtp.gmail.com with ESMTPSA id
 dh26-20020a0564021d3a00b0056e0b358e86sm1976349edb.97.2024.04.04.11.17.17
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 04 Apr 2024 11:17:17 -0700 (PDT)
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
To: hostap@lists.infradead.org
Cc: Juliusz Sosinowicz <juliusz@wolfssl.com>
Subject: [PATCH 22/24] wolfSSL: simplify option setting in tls_set_conn_flags
Date: Thu,  4 Apr 2024 20:16:28 +0200
Message-Id: <20240404181630.2431991-22-juliusz@wolfssl.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240404181630.2431991-1-juliusz@wolfssl.com>
References: <20240404181630.2431991-1-juliusz@wolfssl.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240404_111720_402712_84509F31 
X-CRM114-Status: GOOD (  12.85  )
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Use one call to wolfSSL_set_options with all the relevant
   options already set. Signed-off-by: Juliusz Sosinowicz
 <juliusz@wolfssl.com>
    --- src/crypto/tls_wolfssl.c | 15 +++++++++++---- 1 file changed,
 11 insertions(+),
    4 deletions(-)
 Content analysis details:   (0.0 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/, no
                             trust
                             [2a00:1450:4864:20:0:0:0:52e listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Use one call to wolfSSL_set_options with all the relevant options already set.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
---
 src/crypto/tls_wolfssl.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 22f8d6eb78..8940de98d4 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -1565,19 +1565,23 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn,
 
 static void tls_set_conn_flags(WOLFSSL *ssl, unsigned int flags)
 {
+	long op = 0;
 #ifdef HAVE_SESSION_TICKET
 	if (!(flags & TLS_CONN_DISABLE_SESSION_TICKET))
 		wolfSSL_UseSessionTicket(ssl);
 #endif /* HAVE_SESSION_TICKET */
 
+	wpa_printf(MSG_DEBUG, "SSL: conn_flags: %d", flags);
+
 	if (flags & TLS_CONN_DISABLE_TLSv1_0)
-		wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1);
+		op |= WOLFSSL_OP_NO_TLSv1;
 	if (flags & TLS_CONN_DISABLE_TLSv1_1)
-		wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
+		op |= WOLFSSL_OP_NO_TLSv1_1;
 	if (flags & TLS_CONN_DISABLE_TLSv1_2)
-		wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_2);
+		op |= WOLFSSL_OP_NO_TLSv1_2;
 	if (flags & TLS_CONN_DISABLE_TLSv1_3)
-		wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_3);
+		op |= WOLFSSL_OP_NO_TLSv1_3;
+	wolfSSL_set_options(ssl, op);
 }
 
 
@@ -1947,6 +1951,7 @@ int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
 		return -1;
 
 	wpa_printf(MSG_DEBUG, "SSL: set verify: %d", verify_peer);
+	wpa_printf(MSG_DEBUG, "SSL: flags: %d", flags);
 
 	if (verify_peer) {
 		conn->ca_cert_verify = 1;
@@ -1976,6 +1981,8 @@ int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
 					       session_ctx_len);
 	}
 
+	tls_set_conn_flags(conn->ssl, flags);
+
 	return 0;
 }