aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_tls_common.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-12-20 18:17:55 +0200
committerJouni Malinen <j@w1.fi>2009-12-20 18:17:55 +0200
commit81c85c069ac0f2980db4745e1f85f521affb8619 (patch)
tree0fb77479c9a7a95e1cb6df761148955811baf563 /src/eap_server/eap_tls_common.c
parent94c3e91fc52e4c70098c8eb51f2d97109d65a560 (diff)
downloadexternal_wpa_supplicant_8_ti-81c85c069ac0f2980db4745e1f85f521affb8619.zip
external_wpa_supplicant_8_ti-81c85c069ac0f2980db4745e1f85f521affb8619.tar.gz
external_wpa_supplicant_8_ti-81c85c069ac0f2980db4745e1f85f521affb8619.tar.bz2
Convert TLS wrapper to use struct wpabuf
This converts tls_connection_handshake(), tls_connection_server_handshake(), tls_connection_encrypt(), and tls_connection_decrypt() to use struct wpa_buf to allow higher layer code to be cleaned up with consistent struct wpabuf use.
Diffstat (limited to 'src/eap_server/eap_tls_common.c')
-rw-r--r--src/eap_server/eap_tls_common.c45
1 files changed, 13 insertions, 32 deletions
diff --git a/src/eap_server/eap_tls_common.c b/src/eap_server/eap_tls_common.c
index d70aff6..c4c7806 100644
--- a/src/eap_server/eap_tls_common.c
+++ b/src/eap_server/eap_tls_common.c
@@ -1,6 +1,6 @@
/*
- * hostapd / EAP-TLS/PEAP/TTLS/FAST common functions
- * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ * EAP-TLS/PEAP/TTLS/FAST server common functions
+ * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -239,30 +239,22 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
{
- u8 *next;
- size_t next_len;
-
- next = tls_connection_server_handshake(
- sm->ssl_ctx, data->conn,
- wpabuf_mhead(data->in_buf),
- wpabuf_len(data->in_buf),
- &next_len);
- if (next == NULL) {
- wpa_printf(MSG_INFO, "SSL: TLS processing failed");
- return -1;
- }
if (data->out_buf) {
/* This should not happen.. */
wpa_printf(MSG_INFO, "SSL: pending tls_out data when "
"processing new message");
- os_free(data->out_buf);
+ wpabuf_free(data->out_buf);
WPA_ASSERT(data->out_buf == NULL);
}
- data->out_buf = wpabuf_alloc_ext_data(next, next_len);
+
+ data->out_buf = tls_connection_server_handshake(sm->ssl_ctx,
+ data->conn,
+ data->in_buf, NULL);
if (data->out_buf == NULL) {
- os_free(next);
+ wpa_printf(MSG_INFO, "SSL: TLS processing failed");
return -1;
}
+
return 0;
}
@@ -337,28 +329,17 @@ static void eap_server_tls_free_in_buf(struct eap_ssl_data *data)
struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
struct eap_ssl_data *data,
- const u8 *plain, size_t plain_len)
+ const struct wpabuf *plain)
{
- int res;
struct wpabuf *buf;
- size_t buf_len;
- /* reserve some extra room for encryption overhead */
- buf_len = plain_len + 300;
- buf = wpabuf_alloc(buf_len);
- if (buf == NULL)
- return NULL;
- res = tls_connection_encrypt(sm->ssl_ctx, data->conn,
- plain, plain_len, wpabuf_put(buf, 0),
- buf_len);
- if (res < 0) {
+ buf = tls_connection_encrypt(sm->ssl_ctx, data->conn,
+ plain);
+ if (buf == NULL) {
wpa_printf(MSG_INFO, "SSL: Failed to encrypt Phase 2 data");
- wpabuf_free(buf);
return NULL;
}
- wpabuf_put(buf, res);
-
return buf;
}