int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, EapType eap_type, int peap_version, u8 id, const u8 *in_data, size_t in_len, u8 **out_data, size_t *out_len) { int ret = 0; WPA_ASSERT(data->tls_out_len == 0 || in_len == 0); *out_len = 0; *out_data = NULL; if (data->tls_out_len == 0) { /* No more data to send out - expect to receive more data from * the AS. */ int res = eap_tls_process_input(sm, data, in_data, in_len, out_data, out_len); if (res) return res; } if (data->tls_out == NULL) { data->tls_out_len = 0; return -1; } if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) { wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to " "report error"); ret = -1; /* TODO: clean pin if engine used? */ } if (data->tls_out_len == 0) { /* TLS negotiation should now be complete since all other cases * needing more data should have been caught above based on * the TLS Message Length field. */ wpa_printf(MSG_DEBUG, "SSL: No data to be sent out"); os_free(data->tls_out); data->tls_out = NULL; return 1; } return eap_tls_process_output(data, eap_type, peap_version, id, ret, out_data, out_len); }
/** * eap_peer_tls_process_helper - Process TLS handshake message * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() * @data: Data for TLS processing * @eap_type: EAP type (EAP_TYPE_TLS, EAP_TYPE_PEAP, ...) * @peap_version: Version number for EAP-PEAP/TTLS * @id: EAP identifier for the response * @in_data: Message received from the server * @in_len: Length of in_data * @out_data: Buffer for returning a pointer to the response message * Returns: 0 on success, 1 if more input data is needed, 2 if application data * is available, or -1 on failure * * This function can be used to process TLS handshake messages. It reassembles * the received fragments and uses a TLS library to process the messages. The * response data from the TLS library is fragmented to suitable output messages * that the caller can send out. * * out_data is used to return the response message if the return value of this * function is 0, 2, or -1. In case of failure, the message is likely a TLS * alarm message. The caller is responsible for freeing the allocated buffer if * *out_data is not %NULL. * * This function is called for each received TLS message during the TLS * handshake after eap_peer_tls_process_init() call and possible processing of * TLS Flags field. Once the handshake has been completed, i.e., when * tls_connection_established() returns 1, EAP method specific decrypting of * the tunneled data is used. */ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, EapType eap_type, int peap_version, u8 id, const u8 *in_data, size_t in_len, struct wpabuf **out_data) { int ret = 0; *out_data = NULL; if (data->tls_out && wpabuf_len(data->tls_out) > 0 && in_len > 0) { wpa_printf(MSG_DEBUG, "SSL: Received non-ACK when output " "fragments are waiting to be sent out"); return -1; } if (data->tls_out == NULL || wpabuf_len(data->tls_out) == 0) { /* * No more data to send out - expect to receive more data from * the AS. */ int res = eap_tls_process_input(sm, data, in_data, in_len, out_data); if (res) { /* * Input processing failed (res = -1) or more data is * needed (res = 1). */ return res; } /* * The incoming message has been reassembled and processed. The * response was allocated into data->tls_out buffer. */ } if (data->tls_out == NULL) { /* * No outgoing fragments remaining from the previous message * and no new message generated. This indicates an error in TLS * processing. */ eap_peer_tls_reset_output(data); return -1; } if (tls_connection_get_failed(data->ssl_ctx, data->conn)) { /* TLS processing has failed - return error */ wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to " "report error"); ret = -1; /* TODO: clean pin if engine used? */ } if (data->tls_out == NULL || wpabuf_len(data->tls_out) == 0) { /* * TLS negotiation should now be complete since all other cases * needing more data should have been caught above based on * the TLS Message Length field. */ wpa_printf(MSG_DEBUG, "SSL: No data to be sent out"); wpabuf_free(data->tls_out); data->tls_out = NULL; return 1; } /* Send the pending message (in fragments, if needed). */ return eap_tls_process_output(data, eap_type, peap_version, id, ret, out_data); }