--- a/eapol/eapol_framework/eapol_common/type/tls_peap/tls/src/tls_record.cpp Fri May 14 15:54:13 2010 +0300
+++ b/eapol/eapol_framework/eapol_common/type/tls_peap/tls/src/tls_record.cpp Fri Jun 11 13:40:22 2010 +0300
@@ -16,7 +16,7 @@
*/
/*
-* %version: 177.1.9 %
+* %version: 195 %
*/
// This is enumeration of EAPOL source code.
@@ -1932,8 +1932,8 @@
}
case tls_completion_action_complete_create_handshake_type_client_key_exchange:
{
- if (cipher_suite_is_TLS_RSA() == true
- && m_own_encrypted_premaster_secret.get_is_valid_data() == true
+ if ((cipher_suite_is_TLS_RSA() == true
+ && m_own_encrypted_premaster_secret.get_is_valid_data() == true)
|| ((cipher_suite_is_TLS_DHE_DSS() == true
|| cipher_suite_is_TLS_DHE_RSA() == true
#if defined(USE_FAST_EAP_TYPE)
@@ -3418,10 +3418,12 @@
EAP_TRACE_ALWAYS(
m_am_tools,
TRACE_FLAGS_DEFAULT,
- (EAPL("this = 0x%08x, %s: starts: tls_record_c::state_notification(): EAP-type 0x%08x: m_tls_session_type=%d=%s, tls_state=%d=%s, notification state=%s\n"),
+ (EAPL("this = 0x%08x, %s: starts: tls_record_c::state_notification(): EAP-type 0xfe%06x%08x=%s: m_tls_session_type=%d=%s, tls_state=%d=%s, notification state=%s\n"),
this,
(m_is_client == true ? "client": "server"),
- convert_eap_type_to_u32_t(m_eap_type),
+ m_eap_type.get_vendor_id(),
+ m_eap_type.get_vendor_type(),
+ eap_header_string_c::get_eap_type_string(m_eap_type),
m_tls_session_type,
eap_tls_trace_string_c::get_tls_session_type_string(m_tls_session_type),
m_tls_peap_state,
@@ -3566,9 +3568,11 @@
m_am_tools,
TRACE_FLAGS_DEFAULT,
(EAPL("%s: tls_record_c::state_notification(): ")
- EAPL("waits TTLS/plain MsChapv2 empty Ack: EAP-type 0x%08x\n"),
+ EAPL("waits TTLS/plain MsChapv2 empty Ack: EAP-type 0xfe%06x%08x=%s\n"),
(m_is_client == true ? "client": "server"),
- convert_eap_type_to_u32_t(m_eap_type)));
+ m_eap_type.get_vendor_id(),
+ m_eap_type.get_vendor_type(),
+ eap_header_string_c::get_eap_type_string(m_eap_type)));
}
#endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK)
@@ -3627,23 +3631,6 @@
//--------------------------------------------------
// This is commented in abs_tls_base_application_c.
-EAP_FUNC_EXPORT eap_status_e tls_record_c::cancel_all_timers()
-{
- EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT);
-
- if (get_type_partner() == 0)
- {
- EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT);
- return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error);
- }
-
- EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT);
- return get_type_partner()->cancel_all_timers();
-}
-
-//--------------------------------------------------
-
-// This is commented in abs_tls_base_application_c.
EAP_FUNC_EXPORT eap_status_e tls_record_c::load_module(
const eap_type_value_e type,
const eap_type_value_e tunneling_type,
@@ -8864,6 +8851,22 @@
EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT);
return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload);
}
+
+ {
+ for (u32_t ind = 0ul; ind < m_peer_certificate_types.get_object_count(); ++ind)
+ {
+ const u8_t * const certificate_type = m_peer_certificate_types.get_object(ind);
+ if (certificate_type != 0)
+ {
+ EAP_TRACE_DEBUG(
+ m_am_tools,
+ TRACE_FLAGS_DEFAULT,
+ (EAPL("peer certificate type %d=0x%02x\n"),
+ *certificate_type,
+ *certificate_type));
+ }
+ }
+ }
}
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -8889,6 +8892,22 @@
EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT);
return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload);
}
+
+ {
+ for (u32_t ind = 0ul; ind < m_peer_certificate_authorities.get_object_count(); ++ind)
+ {
+ const eap_variable_data_c * const ca_authority = m_peer_certificate_authorities.get_object(ind);
+ if (ca_authority != 0)
+ {
+ EAP_TRACE_DATA_DEBUG(
+ m_am_tools,
+ EAP_TRACE_FLAGS_MESSAGE_DATA,
+ (EAPL("peer CA-authority"),
+ ca_authority->get_data(),
+ ca_authority->get_data_length()));
+ }
+ }
+ }
}
m_tls_peap_server_requested_client_certificate = true;
@@ -12318,6 +12337,9 @@
return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error);
}
+ // After this point *member_cbc_crypto_block_algorithm will delete crypto_block_algorithm.
+ block_algorithm_remove.do_not_free_variable();
+
*member_cbc_crypto_block_algorithm = new crypto_cbc_c(
m_am_tools,
crypto_block_algorithm,
@@ -12330,15 +12352,6 @@
return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error);
}
- // After this point *member_cbc_crypto_block_algorithm will delete crypto_block_algorithm.
- block_algorithm_remove.do_not_free_variable();
-
- if ((*member_cbc_crypto_block_algorithm)->get_is_valid() == false)
- {
- EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT);
- return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error);
- }
-
eap_status_e status = eap_status_process_general_error;
@@ -16647,6 +16660,12 @@
&& m_eap_type == eap_type_fast
&& m_tls_session_type == tls_session_type_eap_fast_pac_session_resumption)
{
+ if (m_application == 0)
+ {
+ EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT);
+ return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error);
+ }
+
// This is server.
// EAP-FAST is using Tunnel PAC.
// Here we cannot start tunneled authentication immediately
@@ -16738,7 +16757,10 @@
}
}
else if (tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_none
- || tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_runs)
+#if defined(USE_EAP_TLS_IDENTITY_PRIVACY)
+ || tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_runs
+#endif
+ )
{
if ((m_eap_type == eap_type_peap
&& m_peap_version >= peap_version_0_xp
@@ -19040,7 +19062,12 @@
{
if (completion_status != eap_status_ok)
{
- (void)EAP_STATUS_RETURN(m_am_tools, completion_status);
+ EAP_TRACE_DEBUG(
+ m_am_tools,
+ TRACE_FLAGS_DEFAULT,
+ (EAPL("WARNING: TLS: this = 0x%08x, %s: message_function: starts: tls_record_c::complete_query_certificate_chain(): No certificate chain configured.\n"),
+ this,
+ (m_is_client == true ? "client": "server")));
}
if (m_is_client == false)