Use wpabuf with tls_connection_ia_send_phase_finished()
This commit is contained in:
Jouni Malinen
parent
a206a29a54
commit
496c5d981e
9 changed files with 44 additions and 81 deletions
|
|
@ -484,16 +484,13 @@ unsigned int tls_capabilities(void *tls_ctx);
|
|||
* @tls_ctx: TLS context data from tls_init()
|
||||
* @conn: Connection context data from tls_connection_init()
|
||||
* @final: 1 = FinalPhaseFinished, 0 = IntermediatePhaseFinished
|
||||
* @out_data: Pointer to output buffer (encrypted TLS/IA data)
|
||||
* @out_len: Maximum out_data length
|
||||
* Returns: Number of bytes written to out_data on success, -1 on failure
|
||||
* Returns: Encrypted TLS/IA data, %NULL on failure
|
||||
*
|
||||
* This function is used to send the TLS/IA end phase message, e.g., when the
|
||||
* EAP server completes EAP-TTLSv1.
|
||||
*/
|
||||
int __must_check tls_connection_ia_send_phase_finished(
|
||||
void *tls_ctx, struct tls_connection *conn, int final,
|
||||
u8 *out_data, size_t out_len);
|
||||
struct wpabuf * tls_connection_ia_send_phase_finished(
|
||||
void *tls_ctx, struct tls_connection *conn, int final);
|
||||
|
||||
/**
|
||||
* tls_connection_ia_final_phase_finished - Has final phase been completed
|
||||
|
|
|
|||
|
|
@ -1336,16 +1336,15 @@ int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
|
|||
}
|
||||
|
||||
|
||||
int tls_connection_ia_send_phase_finished(void *tls_ctx,
|
||||
struct tls_connection *conn,
|
||||
int final,
|
||||
u8 *out_data, size_t out_len)
|
||||
struct wpabuf * tls_connection_ia_send_phase_finished(
|
||||
void *tls_ctx, struct tls_connection *conn, int final)
|
||||
{
|
||||
#ifdef GNUTLS_IA
|
||||
int ret;
|
||||
struct wpabuf *buf;
|
||||
|
||||
if (conn == NULL || conn->session == NULL || !conn->tls_ia)
|
||||
return -1;
|
||||
return NULL;
|
||||
|
||||
ret = gnutls_ia_permute_inner_secret(conn->session,
|
||||
conn->session_keys_len,
|
||||
|
|
@ -1359,26 +1358,21 @@ int tls_connection_ia_send_phase_finished(void *tls_ctx,
|
|||
if (ret) {
|
||||
wpa_printf(MSG_DEBUG, "%s: Failed to permute inner secret: %s",
|
||||
__func__, gnutls_strerror(ret));
|
||||
return -1;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = gnutls_ia_endphase_send(conn->session, final);
|
||||
if (ret) {
|
||||
wpa_printf(MSG_DEBUG, "%s: Failed to send endphase: %s",
|
||||
__func__, gnutls_strerror(ret));
|
||||
return -1;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (conn->push_buf == NULL)
|
||||
return -1;
|
||||
if (wpabuf_len(conn->push_buf) < out_len)
|
||||
out_len = wpabuf_len(conn->push_buf);
|
||||
os_memcpy(out_data, wpabuf_head(conn->push_buf), out_len);
|
||||
wpabuf_free(conn->push_buf);
|
||||
buf = conn->push_buf;
|
||||
conn->push_buf = NULL;
|
||||
return out_len;
|
||||
return buf;
|
||||
#else /* GNUTLS_IA */
|
||||
return -1;
|
||||
return NULL;
|
||||
#endif /* GNUTLS_IA */
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -608,12 +608,10 @@ unsigned int tls_capabilities(void *tls_ctx)
|
|||
}
|
||||
|
||||
|
||||
int tls_connection_ia_send_phase_finished(void *tls_ctx,
|
||||
struct tls_connection *conn,
|
||||
int final,
|
||||
u8 *out_data, size_t out_len)
|
||||
struct wpabuf * tls_connection_ia_send_phase_finished(
|
||||
void *tls_ctx, struct tls_connection *conn, int final)
|
||||
{
|
||||
return -1;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -207,12 +207,10 @@ unsigned int tls_capabilities(void *tls_ctx)
|
|||
}
|
||||
|
||||
|
||||
int tls_connection_ia_send_phase_finished(void *tls_ctx,
|
||||
struct tls_connection *conn,
|
||||
int final,
|
||||
u8 *out_data, size_t out_len)
|
||||
struct wpabuf * tls_connection_ia_send_phase_finished(
|
||||
void *tls_ctx, struct tls_connection *conn, int final)
|
||||
{
|
||||
return -1;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -649,12 +649,10 @@ unsigned int tls_capabilities(void *tls_ctx)
|
|||
}
|
||||
|
||||
|
||||
int tls_connection_ia_send_phase_finished(void *tls_ctx,
|
||||
struct tls_connection *conn,
|
||||
int final,
|
||||
u8 *out_data, size_t out_len)
|
||||
struct wpabuf * tls_connection_ia_send_phase_finished(
|
||||
void *tls_ctx, struct tls_connection *conn, int final)
|
||||
{
|
||||
return -1;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -2493,12 +2493,10 @@ int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
|
|||
}
|
||||
|
||||
|
||||
int tls_connection_ia_send_phase_finished(void *tls_ctx,
|
||||
struct tls_connection *conn,
|
||||
int final,
|
||||
u8 *out_data, size_t out_len)
|
||||
struct wpabuf * tls_connection_ia_send_phase_finished(
|
||||
void *tls_ctx, struct tls_connection *conn, int final)
|
||||
{
|
||||
return -1;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -745,12 +745,10 @@ int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
|
|||
}
|
||||
|
||||
|
||||
int tls_connection_ia_send_phase_finished(void *tls_ctx,
|
||||
struct tls_connection *conn,
|
||||
int final,
|
||||
u8 *out_data, size_t out_len)
|
||||
struct wpabuf * tls_connection_ia_send_phase_finished(
|
||||
void *tls_ctx, struct tls_connection *conn, int final);
|
||||
{
|
||||
return -1;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
#include "common.h"
|
||||
#include "crypto/ms_funcs.h"
|
||||
#include "crypto/sha1.h"
|
||||
#include "crypto/tls.h"
|
||||
#include "eap_common/chap.h"
|
||||
#include "eap_common/eap_ttls.h"
|
||||
|
|
@ -1030,27 +1031,25 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
|
|||
static struct wpabuf * eap_ttls_build_phase_finished(
|
||||
struct eap_sm *sm, struct eap_ttls_data *data, int id, int final)
|
||||
{
|
||||
int len;
|
||||
struct wpabuf *req;
|
||||
u8 *pos;
|
||||
const int max_len = 300;
|
||||
struct wpabuf *req, *buf;
|
||||
|
||||
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1 + max_len,
|
||||
EAP_CODE_RESPONSE, id);
|
||||
if (req == NULL)
|
||||
buf = tls_connection_ia_send_phase_finished(sm->ssl_ctx,
|
||||
data->ssl.conn,
|
||||
final);
|
||||
if (buf == NULL)
|
||||
return NULL;
|
||||
|
||||
wpabuf_put_u8(req, data->ttls_version);
|
||||
|
||||
pos = wpabuf_put(req, 0);
|
||||
len = tls_connection_ia_send_phase_finished(sm->ssl_ctx,
|
||||
data->ssl.conn,
|
||||
final, pos, max_len);
|
||||
if (len < 0) {
|
||||
wpabuf_free(req);
|
||||
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS,
|
||||
1 + wpabuf_len(buf),
|
||||
EAP_CODE_RESPONSE, id);
|
||||
if (req == NULL) {
|
||||
wpabuf_free(buf);
|
||||
return NULL;
|
||||
}
|
||||
wpabuf_put(req, len);
|
||||
|
||||
wpabuf_put_u8(req, data->ttls_version);
|
||||
wpabuf_put_buf(req, buf);
|
||||
wpabuf_free(buf);
|
||||
eap_update_len(req);
|
||||
|
||||
return req;
|
||||
|
|
|
|||
|
|
@ -519,25 +519,8 @@ static struct wpabuf * eap_ttls_build_phase2_mschapv2(
|
|||
static struct wpabuf * eap_ttls_build_phase_finished(
|
||||
struct eap_sm *sm, struct eap_ttls_data *data, int final)
|
||||
{
|
||||
int len;
|
||||
struct wpabuf *req;
|
||||
const int max_len = 300;
|
||||
|
||||
req = wpabuf_alloc(max_len);
|
||||
if (req == NULL)
|
||||
return NULL;
|
||||
|
||||
len = tls_connection_ia_send_phase_finished(sm->ssl_ctx,
|
||||
data->ssl.conn, final,
|
||||
wpabuf_mhead(req),
|
||||
max_len);
|
||||
if (len < 0) {
|
||||
wpabuf_free(req);
|
||||
return NULL;
|
||||
}
|
||||
wpabuf_put(req, len);
|
||||
|
||||
return req;
|
||||
return tls_connection_ia_send_phase_finished(sm->ssl_ctx,
|
||||
data->ssl.conn, final);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue