Use wpabuf with tls_connection_ia_send_phase_finished()

src/crypto/tls.h

@@ -484,16 +484,13 @@ unsigned int tls_capabilities(void *tls_ctx);
  * @tls_ctx: TLS context data from tls_init()
  * @conn: Connection context data from tls_connection_init()
  * @final: 1 = FinalPhaseFinished, 0 = IntermediatePhaseFinished
- * @out_data: Pointer to output buffer (encrypted TLS/IA data)
- * @out_len: Maximum out_data length 
- * Returns: Number of bytes written to out_data on success, -1 on failure
+ * Returns: Encrypted TLS/IA data, %NULL on failure
  *
  * This function is used to send the TLS/IA end phase message, e.g., when the
  * EAP server completes EAP-TTLSv1.
  */
-int __must_check tls_connection_ia_send_phase_finished(
-	void *tls_ctx, struct tls_connection *conn, int final,
-	u8 *out_data, size_t out_len);
+struct wpabuf * tls_connection_ia_send_phase_finished(
+	void *tls_ctx, struct tls_connection *conn, int final);
 
 /**
  * tls_connection_ia_final_phase_finished - Has final phase been completed

src/crypto/tls_gnutls.c

@@ -1336,16 +1336,15 @@ int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
 }
 
 
-int tls_connection_ia_send_phase_finished(void *tls_ctx,
-					  struct tls_connection *conn,
-					  int final,
-					  u8 *out_data, size_t out_len)
+struct wpabuf * tls_connection_ia_send_phase_finished(
+	void *tls_ctx, struct tls_connection *conn, int final)
 {
 #ifdef GNUTLS_IA
 	int ret;
+	struct wpabuf *buf;
 
 	if (conn == NULL || conn->session == NULL || !conn->tls_ia)
-		return -1;
+		return NULL;
 
 	ret = gnutls_ia_permute_inner_secret(conn->session,
 					     conn->session_keys_len,
@@ -1359,26 +1358,21 @@ int tls_connection_ia_send_phase_finished(void *tls_ctx,
 	if (ret) {
 		wpa_printf(MSG_DEBUG, "%s: Failed to permute inner secret: %s",
 			   __func__, gnutls_strerror(ret));
-		return -1;
+		return NULL;
 	}
 
 	ret = gnutls_ia_endphase_send(conn->session, final);
 	if (ret) {
 		wpa_printf(MSG_DEBUG, "%s: Failed to send endphase: %s",
 			   __func__, gnutls_strerror(ret));
-		return -1;
+		return NULL;
 	}
 
-	if (conn->push_buf == NULL)
-		return -1;
-	if (wpabuf_len(conn->push_buf) < out_len)
-		out_len = wpabuf_len(conn->push_buf);
-	os_memcpy(out_data, wpabuf_head(conn->push_buf), out_len);
-	wpabuf_free(conn->push_buf);
+	buf = conn->push_buf;
 	conn->push_buf = NULL;
-	return out_len;
+	return buf;
 #else /* GNUTLS_IA */
-	return -1;
+	return NULL;
 #endif /* GNUTLS_IA */
 }
 

src/crypto/tls_internal.c

@@ -608,12 +608,10 @@ unsigned int tls_capabilities(void *tls_ctx)
 }
 
 
-int tls_connection_ia_send_phase_finished(void *tls_ctx,
-					  struct tls_connection *conn,
-					  int final,
-					  u8 *out_data, size_t out_len)
+struct wpabuf * tls_connection_ia_send_phase_finished(
+	void *tls_ctx, struct tls_connection *conn, int final)
 {
-	return -1;
+	return NULL;
 }
 
 

src/crypto/tls_none.c

@@ -207,12 +207,10 @@ unsigned int tls_capabilities(void *tls_ctx)
 }
 
 
-int tls_connection_ia_send_phase_finished(void *tls_ctx,
-					  struct tls_connection *conn,
-					  int final,
-					  u8 *out_data, size_t out_len)
+struct wpabuf * tls_connection_ia_send_phase_finished(
+	void *tls_ctx, struct tls_connection *conn, int final)
 {
-	return -1;
+	return NULL;
 }
 
 

src/crypto/tls_nss.c

@@ -649,12 +649,10 @@ unsigned int tls_capabilities(void *tls_ctx)
 }
 
 
-int tls_connection_ia_send_phase_finished(void *tls_ctx,
-					  struct tls_connection *conn,
-					  int final,
-					  u8 *out_data, size_t out_len)
+struct wpabuf * tls_connection_ia_send_phase_finished(
+	void *tls_ctx, struct tls_connection *conn, int final)
 {
-	return -1;
+	return NULL;
 }
 
 

src/crypto/tls_openssl.c

@@ -2493,12 +2493,10 @@ int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
 }
 
 
-int tls_connection_ia_send_phase_finished(void *tls_ctx,
-					  struct tls_connection *conn,
-					  int final,
-					  u8 *out_data, size_t out_len)
+struct wpabuf * tls_connection_ia_send_phase_finished(
+	void *tls_ctx, struct tls_connection *conn, int final)
 {
-	return -1;
+	return NULL;
 }
 
 

src/crypto/tls_schannel.c

@@ -745,12 +745,10 @@ int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
 }
 
 
-int tls_connection_ia_send_phase_finished(void *tls_ctx,
-					  struct tls_connection *conn,
-					  int final,
-					  u8 *out_data, size_t out_len)
+struct wpabuf * tls_connection_ia_send_phase_finished(
+	void *tls_ctx, struct tls_connection *conn, int final);
 {
-	return -1;
+	return NULL;
 }
 
 

src/eap_peer/eap_ttls.c

@@ -16,6 +16,7 @@
 
 #include "common.h"
 #include "crypto/ms_funcs.h"
+#include "crypto/sha1.h"
 #include "crypto/tls.h"
 #include "eap_common/chap.h"
 #include "eap_common/eap_ttls.h"
@@ -1030,27 +1031,25 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
 static struct wpabuf * eap_ttls_build_phase_finished(
 	struct eap_sm *sm, struct eap_ttls_data *data, int id, int final)
 {
-	int len;
-	struct wpabuf *req;
-	u8 *pos;
-	const int max_len = 300;
+	struct wpabuf *req, *buf;
 
-	req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS, 1 + max_len,
-			    EAP_CODE_RESPONSE, id);
-	if (req == NULL)
+	buf = tls_connection_ia_send_phase_finished(sm->ssl_ctx,
+						    data->ssl.conn,
+						    final);
+	if (buf == NULL)
 		return NULL;
 
-	wpabuf_put_u8(req, data->ttls_version);
-
-	pos = wpabuf_put(req, 0);
-	len = tls_connection_ia_send_phase_finished(sm->ssl_ctx,
-						    data->ssl.conn,
-						    final, pos, max_len);
-	if (len < 0) {
-		wpabuf_free(req);
+	req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TTLS,
+			    1 + wpabuf_len(buf),
+			    EAP_CODE_RESPONSE, id);
+	if (req == NULL) {
+		wpabuf_free(buf);
 		return NULL;
 	}
-	wpabuf_put(req, len);
+
+	wpabuf_put_u8(req, data->ttls_version);
+	wpabuf_put_buf(req, buf);
+	wpabuf_free(buf);
 	eap_update_len(req);
 
 	return req;

src/eap_server/eap_ttls.c

@@ -519,25 +519,8 @@ static struct wpabuf * eap_ttls_build_phase2_mschapv2(
 static struct wpabuf * eap_ttls_build_phase_finished(
 	struct eap_sm *sm, struct eap_ttls_data *data, int final)
 {
-	int len;
-	struct wpabuf *req;
-	const int max_len = 300;
-
-	req = wpabuf_alloc(max_len);
-	if (req == NULL)
-		return NULL;
-
-	len = tls_connection_ia_send_phase_finished(sm->ssl_ctx,
-						    data->ssl.conn, final,
-						    wpabuf_mhead(req),
-						    max_len);
-	if (len < 0) {
-		wpabuf_free(req);
-		return NULL;
-	}
-	wpabuf_put(req, len);
-
-	return req;
+	return tls_connection_ia_send_phase_finished(sm->ssl_ctx,
+						     data->ssl.conn, final);
 }