Rename EAP TLS variables to make server and peer code consistent

src/eap_peer/eap_fast.c

@@ -1445,9 +1445,9 @@ static int eap_fast_process_start(struct eap_sm *sm,
 
 	/* EAP-FAST Version negotiation (section 3.1) */
 	wpa_printf(MSG_DEBUG, "EAP-FAST: Start (server ver=%d, own ver=%d)",
-		   flags & EAP_PEAP_VERSION_MASK, data->fast_version);
-	if ((flags & EAP_PEAP_VERSION_MASK) < data->fast_version)
-		data->fast_version = flags & EAP_PEAP_VERSION_MASK;
+		   flags & EAP_TLS_VERSION_MASK, data->fast_version);
+	if ((flags & EAP_TLS_VERSION_MASK) < data->fast_version)
+		data->fast_version = flags & EAP_TLS_VERSION_MASK;
 	wpa_printf(MSG_DEBUG, "EAP-FAST: Using FAST version %d",
 		   data->fast_version);
 

src/eap_peer/eap_peap.c

@@ -1048,10 +1048,10 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv,
 
 	if (flags & EAP_TLS_FLAGS_START) {
 		wpa_printf(MSG_DEBUG, "EAP-PEAP: Start (server ver=%d, own "
-			   "ver=%d)", flags & EAP_PEAP_VERSION_MASK,
+			   "ver=%d)", flags & EAP_TLS_VERSION_MASK,
 			data->peap_version);
-		if ((flags & EAP_PEAP_VERSION_MASK) < data->peap_version)
-			data->peap_version = flags & EAP_PEAP_VERSION_MASK;
+		if ((flags & EAP_TLS_VERSION_MASK) < data->peap_version)
+			data->peap_version = flags & EAP_TLS_VERSION_MASK;
 		if (data->force_peap_version >= 0 &&
 		    data->force_peap_version != data->peap_version) {
 			wpa_printf(MSG_WARNING, "EAP-PEAP: Failed to select "

src/eap_peer/eap_tls_common.h

@@ -71,7 +71,7 @@ struct eap_ssl_data {
 	int tls_ia;
 
 	/**
-	 * eap - Pointer to EAP state machine allocated with eap_peer_sm_init()
+	 * eap - EAP state machine allocated with eap_peer_sm_init()
 	 */
 	struct eap_sm *eap;
 };
@@ -81,7 +81,7 @@ struct eap_ssl_data {
 #define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
 #define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
 #define EAP_TLS_FLAGS_START 0x20
-#define EAP_PEAP_VERSION_MASK 0x07
+#define EAP_TLS_VERSION_MASK 0x07
 
  /* could be up to 128 bytes, but only the first 64 bytes are used */
 #define EAP_TLS_KEY_LEN 64

src/eap_peer/eap_ttls.c

@@ -1669,10 +1669,10 @@ static int eap_ttls_process_start(struct eap_sm *sm,
 	struct eap_peer_config *config = eap_get_config(sm);
 
 	wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own ver=%d)",
-		   flags & EAP_PEAP_VERSION_MASK, data->ttls_version);
+		   flags & EAP_TLS_VERSION_MASK, data->ttls_version);
 #if EAP_TTLS_VERSION > 0
-	if ((flags & EAP_PEAP_VERSION_MASK) < data->ttls_version)
-		data->ttls_version = flags & EAP_PEAP_VERSION_MASK;
+	if ((flags & EAP_TLS_VERSION_MASK) < data->ttls_version)
+		data->ttls_version = flags & EAP_TLS_VERSION_MASK;
 	if (data->force_ttls_version >= 0 &&
 	    data->force_ttls_version != data->ttls_version) {
 		wpa_printf(MSG_WARNING, "EAP-TTLS: Failed to select "

src/eap_server/eap_fast.c

@@ -819,25 +819,25 @@ static int eap_fast_encrypt_phase2(struct eap_sm *sm,
 	encr = eap_server_tls_encrypt(sm, &data->ssl, plain);
 	wpabuf_free(plain);
 
-	if (data->ssl.out_buf && piggyback) {
+	if (data->ssl.tls_out && piggyback) {
 		wpa_printf(MSG_DEBUG, "EAP-FAST: Piggyback Phase 2 data "
 			   "(len=%d) with last Phase 1 Message (len=%d "
 			   "used=%d)",
 			   (int) wpabuf_len(encr),
-			   (int) wpabuf_len(data->ssl.out_buf),
-			   (int) data->ssl.out_used);
-		if (wpabuf_resize(&data->ssl.out_buf, wpabuf_len(encr)) < 0) {
+			   (int) wpabuf_len(data->ssl.tls_out),
+			   (int) data->ssl.tls_out_pos);
+		if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(encr)) < 0) {
 			wpa_printf(MSG_WARNING, "EAP-FAST: Failed to resize "
 				   "output buffer");
 			wpabuf_free(encr);
 			return -1;
 		}
-		wpabuf_put_buf(data->ssl.out_buf, encr);
+		wpabuf_put_buf(data->ssl.tls_out, encr);
 		wpabuf_free(encr);
 	} else {
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = encr;
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = encr;
 	}
 
 	return 0;
@@ -1448,7 +1448,7 @@ static int eap_fast_process_phase1(struct eap_sm *sm,
 	}
 
 	if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
-	    wpabuf_len(data->ssl.out_buf) > 0)
+	    wpabuf_len(data->ssl.tls_out) > 0)
 		return 1;
 
 	/*
@@ -1514,7 +1514,7 @@ static void eap_fast_process_msg(struct eap_sm *sm, void *priv,
 	case PHASE2_METHOD:
 	case CRYPTO_BINDING:
 	case REQUEST_PAC:
-		eap_fast_process_phase2(sm, data, data->ssl.in_buf);
+		eap_fast_process_phase2(sm, data, data->ssl.tls_in);
 		break;
 	default:
 		wpa_printf(MSG_DEBUG, "EAP-FAST: Unexpected state %d in %s",

src/eap_server/eap_peap.c

@@ -515,32 +515,32 @@ static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
 		break;
 	case PHASE2_ID:
 	case PHASE2_METHOD:
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = eap_peap_build_phase2_req(sm, data, id);
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = eap_peap_build_phase2_req(sm, data, id);
 		break;
 #ifdef EAP_SERVER_TNC
 	case PHASE2_SOH:
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = eap_peap_build_phase2_soh(sm, data, id);
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = eap_peap_build_phase2_soh(sm, data, id);
 		break;
 #endif /* EAP_SERVER_TNC */
 	case PHASE2_TLV:
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = eap_peap_build_phase2_tlv(sm, data, id);
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = eap_peap_build_phase2_tlv(sm, data, id);
 		break;
 	case SUCCESS_REQ:
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = eap_peap_build_phase2_term(sm, data, id,
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
 							       1);
 		break;
 	case FAILURE_REQ:
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = eap_peap_build_phase2_term(sm, data, id,
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = eap_peap_build_phase2_term(sm, data, id,
 							       0);
 		break;
 	default:
@@ -1207,11 +1207,11 @@ static int eap_peapv2_start_phase2(struct eap_sm *sm,
 			buf);
 
 	/* Append TLS data into the pending buffer after the Server Finished */
-	if (wpabuf_resize(&data->ssl.out_buf, wpabuf_len(buf)) < 0) {
+	if (wpabuf_resize(&data->ssl.tls_out, wpabuf_len(buf)) < 0) {
 		wpabuf_free(buf);
 		return -1;
 	}
-	wpabuf_put_buf(data->ssl.out_buf, buf);
+	wpabuf_put_buf(data->ssl.tls_out, buf);
 	wpabuf_free(buf);
 
 	return 0;
@@ -1270,7 +1270,7 @@ static void eap_peap_process_msg(struct eap_sm *sm, void *priv,
 	case PHASE2_METHOD:
 	case PHASE2_SOH:
 	case PHASE2_TLV:
-		eap_peap_process_phase2(sm, data, respData, data->ssl.in_buf);
+		eap_peap_process_phase2(sm, data, respData, data->ssl.tls_in);
 		break;
 	case SUCCESS_REQ:
 		eap_peap_state(data, SUCCESS);

src/eap_server/eap_tls.c

@@ -169,7 +169,7 @@ static void eap_tls_process_msg(struct eap_sm *sm, void *priv,
 				const struct wpabuf *respData)
 {
 	struct eap_tls_data *data = priv;
-	if (data->state == SUCCESS && wpabuf_len(data->ssl.in_buf) == 0) {
+	if (data->state == SUCCESS && wpabuf_len(data->ssl.tls_in) == 0) {
 		wpa_printf(MSG_DEBUG, "EAP-TLS: Client acknowledged final TLS "
 			   "handshake message");
 		return;

src/eap_server/eap_tls_common.c

@@ -58,8 +58,8 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data)
 {
 	tls_connection_deinit(sm->ssl_ctx, data->conn);
-	os_free(data->in_buf);
-	os_free(data->out_buf);
+	os_free(data->tls_in);
+	os_free(data->tls_out);
 }
 
 
@@ -114,17 +114,17 @@ struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
 	size_t send_len, plen;
 
 	wpa_printf(MSG_DEBUG, "SSL: Generating Request");
-	if (data->out_buf == NULL) {
-		wpa_printf(MSG_ERROR, "SSL: out_buf NULL in %s", __func__);
+	if (data->tls_out == NULL) {
+		wpa_printf(MSG_ERROR, "SSL: tls_out NULL in %s", __func__);
 		return NULL;
 	}
 
 	flags = version;
-	send_len = wpabuf_len(data->out_buf) - data->out_used;
+	send_len = wpabuf_len(data->tls_out) - data->tls_out_pos;
 	if (1 + send_len > data->tls_out_limit) {
 		send_len = data->tls_out_limit - 1;
 		flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS;
-		if (data->out_used == 0) {
+		if (data->tls_out_pos == 0) {
 			flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED;
 			send_len -= 4;
 		}
@@ -141,25 +141,25 @@ struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
 
 	wpabuf_put_u8(req, flags); /* Flags */
 	if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)
-		wpabuf_put_be32(req, wpabuf_len(data->out_buf));
+		wpabuf_put_be32(req, wpabuf_len(data->tls_out));
 
-	wpabuf_put_data(req, wpabuf_head_u8(data->out_buf) + data->out_used,
+	wpabuf_put_data(req, wpabuf_head_u8(data->tls_out) + data->tls_out_pos,
 			send_len);
-	data->out_used += send_len;
+	data->tls_out_pos += send_len;
 
-	if (data->out_used == wpabuf_len(data->out_buf)) {
+	if (data->tls_out_pos == wpabuf_len(data->tls_out)) {
 		wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes "
 			   "(message sent completely)",
 			   (unsigned long) send_len);
-		wpabuf_free(data->out_buf);
-		data->out_buf = NULL;
-		data->out_used = 0;
+		wpabuf_free(data->tls_out);
+		data->tls_out = NULL;
+		data->tls_out_pos = 0;
 		data->state = MSG;
 	} else {
 		wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes "
 			   "(%lu more to send)", (unsigned long) send_len,
-			   (unsigned long) wpabuf_len(data->out_buf) -
-			   data->out_used);
+			   (unsigned long) wpabuf_len(data->tls_out) -
+			   data->tls_out_pos);
 		data->state = WAIT_FRAG_ACK;
 	}
 
@@ -185,15 +185,15 @@ static int eap_server_tls_process_cont(struct eap_ssl_data *data,
 				       const u8 *buf, size_t len)
 {
 	/* Process continuation of a pending message */
-	if (len > wpabuf_tailroom(data->in_buf)) {
+	if (len > wpabuf_tailroom(data->tls_in)) {
 		wpa_printf(MSG_DEBUG, "SSL: Fragment overflow");
 		return -1;
 	}
 
-	wpabuf_put_data(data->in_buf, buf, len);
+	wpabuf_put_data(data->tls_in, buf, len);
 	wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes, waiting for %lu "
 		   "bytes more", (unsigned long) len,
-		   (unsigned long) wpabuf_tailroom(data->in_buf));
+		   (unsigned long) wpabuf_tailroom(data->tls_in));
 
 	return 0;
 }
@@ -204,13 +204,13 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
 					   const u8 *buf, size_t len)
 {
 	/* Process a fragment that is not the last one of the message */
-	if (data->in_buf == NULL && !(flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)) {
+	if (data->tls_in == NULL && !(flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)) {
 		wpa_printf(MSG_DEBUG, "SSL: No Message Length field in a "
 			   "fragmented packet");
 		return -1;
 	}
 
-	if (data->in_buf == NULL) {
+	if (data->tls_in == NULL) {
 		/* First fragment of the message */
 
 		/* Limit length to avoid rogue peers from causing large
@@ -221,16 +221,16 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
 			return -1;
 		}
 
-		data->in_buf = wpabuf_alloc(message_length);
-		if (data->in_buf == NULL) {
+		data->tls_in = wpabuf_alloc(message_length);
+		if (data->tls_in == NULL) {
 			wpa_printf(MSG_DEBUG, "SSL: No memory for message");
 			return -1;
 		}
-		wpabuf_put_data(data->in_buf, buf, len);
+		wpabuf_put_data(data->tls_in, buf, len);
 		wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes in first "
 			   "fragment, waiting for %lu bytes more",
 			   (unsigned long) len,
-			   (unsigned long) wpabuf_tailroom(data->in_buf));
+			   (unsigned long) wpabuf_tailroom(data->tls_in));
 	}
 
 	return 0;
@@ -239,24 +239,24 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
 
 int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
 {
-	if (data->out_buf) {
+	if (data->tls_out) {
 		/* This should not happen.. */
 		wpa_printf(MSG_INFO, "SSL: pending tls_out data when "
 			   "processing new message");
-		wpabuf_free(data->out_buf);
-		WPA_ASSERT(data->out_buf == NULL);
+		wpabuf_free(data->tls_out);
+		WPA_ASSERT(data->tls_out == NULL);
 	}
 
-	data->out_buf = tls_connection_server_handshake(sm->ssl_ctx,
+	data->tls_out = tls_connection_server_handshake(sm->ssl_ctx,
 							data->conn,
-							data->in_buf, NULL);
-	if (data->out_buf == NULL) {
+							data->tls_in, NULL);
+	if (data->tls_out == NULL) {
 		wpa_printf(MSG_INFO, "SSL: TLS processing failed");
 		return -1;
 	}
 	if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
 		/* TLS processing has failed - return error */
-		wpa_printf(MSG_DEBUG, "SSL: Failed - out_buf available to "
+		wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
 			   "report error");
 		return -1;
 	}
@@ -297,7 +297,7 @@ static int eap_server_tls_reassemble(struct eap_ssl_data *data, u8 flags,
 		return 1;
 	}
 
-	if (data->in_buf &&
+	if (data->tls_in &&
 	    eap_server_tls_process_cont(data, *pos, end - *pos) < 0)
 		return -1;
 		
@@ -315,10 +315,10 @@ static int eap_server_tls_reassemble(struct eap_ssl_data *data, u8 flags,
 		data->state = MSG;
 	}
 
-	if (data->in_buf == NULL) {
+	if (data->tls_in == NULL) {
 		/* Wrap unfragmented messages as wpabuf without extra copy */
 		wpabuf_set(&data->tmpbuf, *pos, end - *pos);
-		data->in_buf = &data->tmpbuf;
+		data->tls_in = &data->tmpbuf;
 	}
 
 	return 0;
@@ -327,9 +327,9 @@ static int eap_server_tls_reassemble(struct eap_ssl_data *data, u8 flags,
 
 static void eap_server_tls_free_in_buf(struct eap_ssl_data *data)
 {
-	if (data->in_buf != &data->tmpbuf)
-		wpabuf_free(data->in_buf);
-	data->in_buf = NULL;
+	if (data->tls_in != &data->tmpbuf)
+		wpabuf_free(data->tls_in);
+	data->tls_in = NULL;
 }
 
 

src/eap_server/eap_tls_common.h

@@ -15,19 +15,46 @@
 #ifndef EAP_TLS_COMMON_H
 #define EAP_TLS_COMMON_H
 
+/**
+ * struct eap_ssl_data - TLS data for EAP methods
+ */
 struct eap_ssl_data {
+	/**
+	 * conn - TLS connection context data from tls_connection_init()
+	 */
 	struct tls_connection *conn;
 
+	/**
+	 * tls_out - TLS message to be sent out in fragments
+	 */
+	struct wpabuf *tls_out;
+
+	/**
+	 * tls_out_pos - The current position in the outgoing TLS message
+	 */
+	size_t tls_out_pos;
+
+	/**
+	 * tls_out_limit - Maximum fragment size for outgoing TLS messages
+	 */
 	size_t tls_out_limit;
 
+	/**
+	 * tls_in - Received TLS message buffer for re-assembly
+	 */
+	struct wpabuf *tls_in;
+
+	/**
+	 * phase2 - Whether this TLS connection is used in EAP phase 2 (tunnel)
+	 */
 	int phase2;
 
+	/**
+	 * eap - EAP state machine allocated with eap_server_sm_init()
+	 */
 	struct eap_sm *eap;
 
 	enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state;
-	struct wpabuf *in_buf;
-	struct wpabuf *out_buf;
-	size_t out_used;
 	struct wpabuf tmpbuf;
 };
 

src/eap_server/eap_ttls.c

@@ -549,20 +549,20 @@ static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
 		}
 		break;
 	case PHASE2_METHOD:
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = eap_ttls_build_phase2_eap_req(sm, data,
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = eap_ttls_build_phase2_eap_req(sm, data,
 								  id);
 		break;
 	case PHASE2_MSCHAPV2_RESP:
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = eap_ttls_build_phase2_mschapv2(sm, data);
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = eap_ttls_build_phase2_mschapv2(sm, data);
 		break;
 	case PHASE_FINISHED:
-		wpabuf_free(data->ssl.out_buf);
-		data->ssl.out_used = 0;
-		data->ssl.out_buf = eap_ttls_build_phase_finished(sm, data, 1);
+		wpabuf_free(data->ssl.tls_out);
+		data->ssl.tls_out_pos = 0;
+		data->ssl.tls_out = eap_ttls_build_phase_finished(sm, data, 1);
 		break;
 	default:
 		wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
@@ -1271,11 +1271,11 @@ static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
 	case PHASE2_START:
 	case PHASE2_METHOD:
 	case PHASE_FINISHED:
-		eap_ttls_process_phase2(sm, data, data->ssl.in_buf);
+		eap_ttls_process_phase2(sm, data, data->ssl.tls_in);
 		eap_ttls_start_tnc(sm, data);
 		break;
 	case PHASE2_MSCHAPV2_RESP:
-		if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.in_buf) ==
+		if (data->mschapv2_resp_ok && wpabuf_len(data->ssl.tls_in) ==
 		    0) {
 			wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer "
 				   "acknowledged response");
@@ -1290,7 +1290,7 @@ static void eap_ttls_process_msg(struct eap_sm *sm, void *priv,
 				   "frame from peer (payload len %lu, "
 				   "expected empty frame)",
 				   (unsigned long)
-				   wpabuf_len(data->ssl.in_buf));
+				   wpabuf_len(data->ssl.tls_in));
 			eap_ttls_state(data, FAILURE);
 		}
 		eap_ttls_start_tnc(sm, data);