diff -r 093cf0757204 -r 938269283a16 eapol/eapol_framework/eapol_common/type/tls_peap/tls/src/tls_record.cpp --- a/eapol/eapol_framework/eapol_common/type/tls_peap/tls/src/tls_record.cpp Fri May 14 15:54:13 2010 +0300 +++ b/eapol/eapol_framework/eapol_common/type/tls_peap/tls/src/tls_record.cpp Fri Jun 11 13:40:22 2010 +0300 @@ -16,7 +16,7 @@ */ /* -* %version: 177.1.9 % +* %version: 195 % */ // This is enumeration of EAPOL source code. @@ -1932,8 +1932,8 @@ } case tls_completion_action_complete_create_handshake_type_client_key_exchange: { - if (cipher_suite_is_TLS_RSA() == true - && m_own_encrypted_premaster_secret.get_is_valid_data() == true + if ((cipher_suite_is_TLS_RSA() == true + && m_own_encrypted_premaster_secret.get_is_valid_data() == true) || ((cipher_suite_is_TLS_DHE_DSS() == true || cipher_suite_is_TLS_DHE_RSA() == true #if defined(USE_FAST_EAP_TYPE) @@ -3418,10 +3418,12 @@ EAP_TRACE_ALWAYS( m_am_tools, TRACE_FLAGS_DEFAULT, - (EAPL("this = 0x%08x, %s: starts: tls_record_c::state_notification(): EAP-type 0x%08x: m_tls_session_type=%d=%s, tls_state=%d=%s, notification state=%s\n"), + (EAPL("this = 0x%08x, %s: starts: tls_record_c::state_notification(): EAP-type 0xfe%06x%08x=%s: m_tls_session_type=%d=%s, tls_state=%d=%s, notification state=%s\n"), this, (m_is_client == true ? "client": "server"), - convert_eap_type_to_u32_t(m_eap_type), + m_eap_type.get_vendor_id(), + m_eap_type.get_vendor_type(), + eap_header_string_c::get_eap_type_string(m_eap_type), m_tls_session_type, eap_tls_trace_string_c::get_tls_session_type_string(m_tls_session_type), m_tls_peap_state, @@ -3566,9 +3568,11 @@ m_am_tools, TRACE_FLAGS_DEFAULT, (EAPL("%s: tls_record_c::state_notification(): ") - EAPL("waits TTLS/plain MsChapv2 empty Ack: EAP-type 0x%08x\n"), + EAPL("waits TTLS/plain MsChapv2 empty Ack: EAP-type 0xfe%06x%08x=%s\n"), (m_is_client == true ? "client": "server"), - convert_eap_type_to_u32_t(m_eap_type))); + m_eap_type.get_vendor_id(), + m_eap_type.get_vendor_type(), + eap_header_string_c::get_eap_type_string(m_eap_type))); } #endif //#if defined(EAP_USE_TTLS_PLAIN_MS_CHAP_V2_HACK) @@ -3627,23 +3631,6 @@ //-------------------------------------------------- // This is commented in abs_tls_base_application_c. -EAP_FUNC_EXPORT eap_status_e tls_record_c::cancel_all_timers() -{ - EAP_TRACE_BEGIN(m_am_tools, TRACE_FLAGS_DEFAULT); - - if (get_type_partner() == 0) - { - EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); - return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); - } - - EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); - return get_type_partner()->cancel_all_timers(); -} - -//-------------------------------------------------- - -// This is commented in abs_tls_base_application_c. EAP_FUNC_EXPORT eap_status_e tls_record_c::load_module( const eap_type_value_e type, const eap_type_value_e tunneling_type, @@ -8864,6 +8851,22 @@ EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); } + + { + for (u32_t ind = 0ul; ind < m_peer_certificate_types.get_object_count(); ++ind) + { + const u8_t * const certificate_type = m_peer_certificate_types.get_object(ind); + if (certificate_type != 0) + { + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("peer certificate type %d=0x%02x\n"), + *certificate_type, + *certificate_type)); + } + } + } } // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -8889,6 +8892,22 @@ EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); return EAP_STATUS_RETURN(m_am_tools, eap_status_illegal_payload); } + + { + for (u32_t ind = 0ul; ind < m_peer_certificate_authorities.get_object_count(); ++ind) + { + const eap_variable_data_c * const ca_authority = m_peer_certificate_authorities.get_object(ind); + if (ca_authority != 0) + { + EAP_TRACE_DATA_DEBUG( + m_am_tools, + EAP_TRACE_FLAGS_MESSAGE_DATA, + (EAPL("peer CA-authority"), + ca_authority->get_data(), + ca_authority->get_data_length())); + } + } + } } m_tls_peap_server_requested_client_certificate = true; @@ -12318,6 +12337,9 @@ return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); } + // After this point *member_cbc_crypto_block_algorithm will delete crypto_block_algorithm. + block_algorithm_remove.do_not_free_variable(); + *member_cbc_crypto_block_algorithm = new crypto_cbc_c( m_am_tools, crypto_block_algorithm, @@ -12330,15 +12352,6 @@ return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); } - // After this point *member_cbc_crypto_block_algorithm will delete crypto_block_algorithm. - block_algorithm_remove.do_not_free_variable(); - - if ((*member_cbc_crypto_block_algorithm)->get_is_valid() == false) - { - EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); - return EAP_STATUS_RETURN(m_am_tools, eap_status_allocation_error); - } - eap_status_e status = eap_status_process_general_error; @@ -16647,6 +16660,12 @@ && m_eap_type == eap_type_fast && m_tls_session_type == tls_session_type_eap_fast_pac_session_resumption) { + if (m_application == 0) + { + EAP_TRACE_END(m_am_tools, TRACE_FLAGS_DEFAULT); + return EAP_STATUS_RETURN(m_am_tools, eap_status_process_general_error); + } + // This is server. // EAP-FAST is using Tunnel PAC. // Here we cannot start tunneled authentication immediately @@ -16738,7 +16757,10 @@ } } else if (tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_none - || tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_runs) +#if defined(USE_EAP_TLS_IDENTITY_PRIVACY) + || tmp_identity_privacy_handshake_state == tls_identity_privacy_handshake_state_runs +#endif + ) { if ((m_eap_type == eap_type_peap && m_peap_version >= peap_version_0_xp @@ -19040,7 +19062,12 @@ { if (completion_status != eap_status_ok) { - (void)EAP_STATUS_RETURN(m_am_tools, completion_status); + EAP_TRACE_DEBUG( + m_am_tools, + TRACE_FLAGS_DEFAULT, + (EAPL("WARNING: TLS: this = 0x%08x, %s: message_function: starts: tls_record_c::complete_query_certificate_chain(): No certificate chain configured.\n"), + this, + (m_is_client == true ? "client": "server"))); } if (m_is_client == false)