int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
EapType eap_type, int peap_version,
u8 id, const u8 *in_data, size_t in_len,
u8 **out_data, size_t *out_len)
{
int ret = 0;
WPA_ASSERT(data->tls_out_len == 0 || in_len == 0);
*out_len = 0;
*out_data = NULL;
if (data->tls_out_len == 0) {
/* No more data to send out - expect to receive more data from
* the AS. */
int res = eap_tls_process_input(sm, data, in_data, in_len,
out_data, out_len);
if (res)
return res;
}
if (data->tls_out == NULL) {
data->tls_out_len = 0;
return -1;
}
if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
"report error");
ret = -1;
/* TODO: clean pin if engine used? */
}
if (data->tls_out_len == 0) {
/* TLS negotiation should now be complete since all other cases
* needing more data should have been caught above based on
* the TLS Message Length field. */
wpa_printf(MSG_DEBUG, "SSL: No data to be sent out");
os_free(data->tls_out);
data->tls_out = NULL;
return 1;
}
return eap_tls_process_output(data, eap_type, peap_version, id, ret,
out_data, out_len);
}
/**
* eap_peer_tls_process_helper - Process TLS handshake message
* @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
* @data: Data for TLS processing
* @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...)
* @peap_version: Version number for EAP-PEAP/TTLS
* @id: EAP identifier for the response
* @in_data: Message received from the server
* @in_len: Length of in_data
* @out_data: Buffer for returning a pointer to the response message
* Returns: 0 on success, 1 if more input data is needed, 2 if application data
* is available, or -1 on failure
*
* This function can be used to process TLS handshake messages. It reassembles
* the received fragments and uses a TLS library to process the messages. The
* response data from the TLS library is fragmented to suitable output messages
* that the caller can send out.
*
* out_data is used to return the response message if the return value of this
* function is 0, 2, or -1. In case of failure, the message is likely a TLS
* alarm message. The caller is responsible for freeing the allocated buffer if
* *out_data is not %NULL.
*
* This function is called for each received TLS message during the TLS
* handshake after eap_peer_tls_process_init() call and possible processing of
* TLS Flags field. Once the handshake has been completed, i.e., when
* tls_connection_established() returns 1, EAP method specific decrypting of
* the tunneled data is used.
*/
int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
EapType eap_type, int peap_version,
u8 id, const u8 *in_data, size_t in_len,
struct wpabuf **out_data)
{
int ret = 0;
*out_data = NULL;
if (data->tls_out && wpabuf_len(data->tls_out) > 0 && in_len > 0) {
wpa_printf(MSG_DEBUG, "SSL: Received non-ACK when output "
"fragments are waiting to be sent out");
return -1;
}
if (data->tls_out == NULL || wpabuf_len(data->tls_out) == 0) {
/*
* No more data to send out - expect to receive more data from
* the AS.
*/
int res = eap_tls_process_input(sm, data, in_data, in_len,
out_data);
if (res) {
/*
* Input processing failed (res = -1) or more data is
* needed (res = 1).
*/
return res;
}
/*
* The incoming message has been reassembled and processed. The
* response was allocated into data->tls_out buffer.
*/
}
if (data->tls_out == NULL) {
/*
* No outgoing fragments remaining from the previous message
* and no new message generated. This indicates an error in TLS
* processing.
*/
eap_peer_tls_reset_output(data);
return -1;
}
if (tls_connection_get_failed(data->ssl_ctx, data->conn)) {
/* TLS processing has failed - return error */
wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
"report error");
ret = -1;
/* TODO: clean pin if engine used? */
}
if (data->tls_out == NULL || wpabuf_len(data->tls_out) == 0) {
/*
* TLS negotiation should now be complete since all other cases
* needing more data should have been caught above based on
* the TLS Message Length field.
*/
wpa_printf(MSG_DEBUG, "SSL: No data to be sent out");
wpabuf_free(data->tls_out);
data->tls_out = NULL;
return 1;
}
/* Send the pending message (in fragments, if needed). */
return eap_tls_process_output(data, eap_type, peap_version, id, ret,
out_data);
}
