Commit Graph

14 Commits

Author SHA1 Message Date
Jouni Malinen
496c5d981e Use wpabuf with tls_connection_ia_send_phase_finished() 2009-12-20 21:33:32 +02:00
Jouni Malinen
81c85c069a Convert TLS wrapper to use struct wpabuf
This converts tls_connection_handshake(),
tls_connection_server_handshake(), tls_connection_encrypt(), and
tls_connection_decrypt() to use struct wpa_buf to allow higher layer
code to be cleaned up with consistent struct wpabuf use.
2009-12-20 18:17:55 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
1e5839e06f Rename EAP server defines from EAP_* to EAP_SERVER_*
This allows separate set of EAP server and peer methods to be built into
a single binary.
2009-03-25 12:06:19 +02:00
Jouni Malinen
51853c899b Fix TNC with EAP-TTLS
This was broken by 510c02d4a3 which added
validation of eap_ttls_phase2_eap_init() return value. The main problem
in the code trying to initialize a new phase 2 EAP method
unconditionally; this should only happen if there is a new method in the
inner method sequence.
2009-03-13 18:20:59 +02:00
Jouni Malinen
99bff8430f Fix segmentation fault on EAP-TTLS phase 2 EAP method init failure
This is based on a patch and report by Masashi Honma
<honma@ictec.co.jp>. The issue is more generic than just TNC, though,
since failure to initialize any phase 2 EAP method can result in NULL
dereference.
2009-03-13 17:53:13 +02:00
Jouni Malinen
510c02d4a3 Fixed EAP-TTLS server to verify eap_ttls_phase2_eap_init() return code
It is possible that the initialization of the Phase 2 EAP method fails and
if that happens, we need to stop EAP-TTLS server from trying to continue
using the uninitialized EAP method. Otherwise, the server could trigger
a segmentation fault when dereferencing a NULL pointer.
2008-10-01 13:55:04 +03:00
Jouni Malinen
a9141cffb0 Updated EAP-TTLSv0 references to use RFC 5281 2008-08-16 10:17:22 +03:00
Jouni Malinen
cda97d11bb Share EAP-TLS/PEAP/TTLS/FAST core process() functionality
Move the basic processing of received frames into eap_tls_common.c and use
callback functions to handle EAP type specific processing of the version
field and payload.
2008-05-28 17:15:17 +03:00
Jouni Malinen
3c724cc564 Do not refer to Flags::Version field as 'PEAP version'
This field is also used for EAP-TTLS and EAP-FAST, so it is clearer to use
a more generic term for it.
2008-05-28 09:59:55 +03:00
Jouni Malinen
34f564dbd5 Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassembly
Fragmentation is now done as a separate step to clean up the design and to
allow the same code to be used in both Phase 1 and Phase 2. This adds
support for fragmenting EAP-PEAP/TTLS/FAST Phase 2 (tunneled) data.
2008-05-28 09:57:17 +03:00
Jouni Malinen
ef626b4d50 Added a workaround for handling TLS compression
Even though we try to disable TLS compression, it is possible that this
cannot be done with all TLS libraries. For example, OpenSSL 0.9.8 does not
seem to have a configuration item for disabling all compression (0.9.9 has
such an option). If compression is used, Phase 2 decryption may end up
producing more data than the input buffer due to compressed data. This
shows up especially with EAP-TNC that uses very compressible data format.

As a workaround, increase the decryption buffer length to (orig_len+500)*3.
This is a hack, but at least it handles most cases. TLS compression should
really be disabled for EAP use of TLS, but since this can show up with
common setups, it is better to handle this case.
2008-05-26 12:33:04 +03:00
Jouni Malinen
c80a74d70c TNC: Integrated TNC support into EAP-TTLS server
If TNC is enabled, EAP-TTLS will run a second EAP (TNC) inside the tunnel
after a successful authentication.
2008-03-09 12:05:06 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00