tls_schannel.c (189261) | tls_schannel.c (214734) |
---|---|
1/* | 1/* |
2 * WPA Supplicant / SSL/TLS interface functions for Microsoft Schannel 3 * Copyright (c) 2005, Jouni Malinen | 2 * SSL/TLS interface functions for Microsoft Schannel 3 * Copyright (c) 2005-2009, Jouni Malinen <j@w1.fi> |
4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * --- 198 unchanged lines hidden (view full) --- 210 return -1; 211 212 os_memcpy(out, conn->eap_tls_prf, out_len); 213 214 return 0; 215} 216 217 | 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * --- 198 unchanged lines hidden (view full) --- 210 return -1; 211 212 os_memcpy(out, conn->eap_tls_prf, out_len); 213 214 return 0; 215} 216 217 |
218static u8 * tls_conn_hs_clienthello(struct tls_global *global, 219 struct tls_connection *conn, 220 size_t *out_len) | 218static struct wpabuf * tls_conn_hs_clienthello(struct tls_global *global, 219 struct tls_connection *conn) |
221{ 222 DWORD sspi_flags, sspi_flags_out; 223 SecBufferDesc outbuf; 224 SecBuffer outbufs[1]; 225 SECURITY_STATUS status; 226 TimeStamp ts_expiry; 227 228 sspi_flags = ISC_REQ_REPLAY_DETECT | --- 26 unchanged lines hidden (view full) --- 255 if (status != SEC_I_CONTINUE_NEEDED) { 256 wpa_printf(MSG_ERROR, "%s: InitializeSecurityContextA " 257 "failed - 0x%x", 258 __func__, (unsigned int) status); 259 return NULL; 260 } 261 262 if (outbufs[0].cbBuffer != 0 && outbufs[0].pvBuffer) { | 220{ 221 DWORD sspi_flags, sspi_flags_out; 222 SecBufferDesc outbuf; 223 SecBuffer outbufs[1]; 224 SECURITY_STATUS status; 225 TimeStamp ts_expiry; 226 227 sspi_flags = ISC_REQ_REPLAY_DETECT | --- 26 unchanged lines hidden (view full) --- 254 if (status != SEC_I_CONTINUE_NEEDED) { 255 wpa_printf(MSG_ERROR, "%s: InitializeSecurityContextA " 256 "failed - 0x%x", 257 __func__, (unsigned int) status); 258 return NULL; 259 } 260 261 if (outbufs[0].cbBuffer != 0 && outbufs[0].pvBuffer) { |
263 u8 *buf; | 262 struct wpabuf *buf; |
264 wpa_hexdump(MSG_MSGDUMP, "SChannel - ClientHello", 265 outbufs[0].pvBuffer, outbufs[0].cbBuffer); 266 conn->start = 0; | 263 wpa_hexdump(MSG_MSGDUMP, "SChannel - ClientHello", 264 outbufs[0].pvBuffer, outbufs[0].cbBuffer); 265 conn->start = 0; |
267 *out_len = outbufs[0].cbBuffer; 268 buf = os_malloc(*out_len); | 266 buf = wpabuf_alloc_copy(outbufs[0].pvBuffer, 267 outbufs[0].cbBuffer); |
269 if (buf == NULL) 270 return NULL; | 268 if (buf == NULL) 269 return NULL; |
271 os_memcpy(buf, outbufs[0].pvBuffer, *out_len); | |
272 global->sspi->FreeContextBuffer(outbufs[0].pvBuffer); 273 return buf; 274 } 275 276 wpa_printf(MSG_ERROR, "SChannel: Failed to generate ClientHello"); 277 278 return NULL; 279} --- 31 unchanged lines hidden (view full) --- 311 kb.rgbIVs, sizeof(kb.rgbIVs)); 312 313 os_memcpy(conn->eap_tls_prf, kb.rgbKeys, sizeof(kb.rgbKeys)); 314 conn->eap_tls_prf_set = 1; 315 return 0; 316} 317 318 | 270 global->sspi->FreeContextBuffer(outbufs[0].pvBuffer); 271 return buf; 272 } 273 274 wpa_printf(MSG_ERROR, "SChannel: Failed to generate ClientHello"); 275 276 return NULL; 277} --- 31 unchanged lines hidden (view full) --- 309 kb.rgbIVs, sizeof(kb.rgbIVs)); 310 311 os_memcpy(conn->eap_tls_prf, kb.rgbKeys, sizeof(kb.rgbKeys)); 312 conn->eap_tls_prf_set = 1; 313 return 0; 314} 315 316 |
319u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, 320 const u8 *in_data, size_t in_len, 321 size_t *out_len, u8 **appl_data, 322 size_t *appl_data_len) | 317struct wpabuf * tls_connection_handshake(void *tls_ctx, 318 struct tls_connection *conn, 319 const struct wpabuf *in_data, 320 struct wpabuf **appl_data) |
323{ | 321{ |
324 struct tls_global *global = ssl_ctx; | 322 struct tls_global *global = tls_ctx; |
325 DWORD sspi_flags, sspi_flags_out; 326 SecBufferDesc inbuf, outbuf; 327 SecBuffer inbufs[2], outbufs[1]; 328 SECURITY_STATUS status; 329 TimeStamp ts_expiry; | 323 DWORD sspi_flags, sspi_flags_out; 324 SecBufferDesc inbuf, outbuf; 325 SecBuffer inbufs[2], outbufs[1]; 326 SECURITY_STATUS status; 327 TimeStamp ts_expiry; |
330 u8 *out_buf = NULL; | 328 struct wpabuf *out_buf = NULL; |
331 332 if (appl_data) 333 *appl_data = NULL; 334 | 329 330 if (appl_data) 331 *appl_data = NULL; 332 |
335 if (conn->start) { 336 return tls_conn_hs_clienthello(global, conn, out_len); 337 } | 333 if (conn->start) 334 return tls_conn_hs_clienthello(global, conn); |
338 339 wpa_printf(MSG_DEBUG, "SChannel: %d bytes handshake data to process", | 335 336 wpa_printf(MSG_DEBUG, "SChannel: %d bytes handshake data to process", |
340 in_len); | 337 (int) wpabuf_len(in_data)); |
341 342 sspi_flags = ISC_REQ_REPLAY_DETECT | 343 ISC_REQ_CONFIDENTIALITY | 344 ISC_RET_EXTENDED_ERROR | 345 ISC_REQ_ALLOCATE_MEMORY | 346 ISC_REQ_MANUAL_CRED_VALIDATION; 347 348 /* Input buffer for Schannel */ | 338 339 sspi_flags = ISC_REQ_REPLAY_DETECT | 340 ISC_REQ_CONFIDENTIALITY | 341 ISC_RET_EXTENDED_ERROR | 342 ISC_REQ_ALLOCATE_MEMORY | 343 ISC_REQ_MANUAL_CRED_VALIDATION; 344 345 /* Input buffer for Schannel */ |
349 inbufs[0].pvBuffer = (u8 *) in_data; 350 inbufs[0].cbBuffer = in_len; | 346 inbufs[0].pvBuffer = (u8 *) wpabuf_head(in_data); 347 inbufs[0].cbBuffer = wpabuf_len(in_data); |
351 inbufs[0].BufferType = SECBUFFER_TOKEN; 352 353 /* Place for leftover data from Schannel */ 354 inbufs[1].pvBuffer = NULL; 355 inbufs[1].cbBuffer = 0; 356 inbufs[1].BufferType = SECBUFFER_EMPTY; 357 358 inbuf.cBuffers = 2; --- 28 unchanged lines hidden (view full) --- 387 (int) inbufs[0].BufferType, (int) inbufs[1].cbBuffer, 388 (int) inbufs[1].BufferType, 389 (int) outbufs[0].cbBuffer); 390 if (status == SEC_E_OK || status == SEC_I_CONTINUE_NEEDED || 391 (FAILED(status) && (sspi_flags_out & ISC_RET_EXTENDED_ERROR))) { 392 if (outbufs[0].cbBuffer != 0 && outbufs[0].pvBuffer) { 393 wpa_hexdump(MSG_MSGDUMP, "SChannel - output", 394 outbufs[0].pvBuffer, outbufs[0].cbBuffer); | 348 inbufs[0].BufferType = SECBUFFER_TOKEN; 349 350 /* Place for leftover data from Schannel */ 351 inbufs[1].pvBuffer = NULL; 352 inbufs[1].cbBuffer = 0; 353 inbufs[1].BufferType = SECBUFFER_EMPTY; 354 355 inbuf.cBuffers = 2; --- 28 unchanged lines hidden (view full) --- 384 (int) inbufs[0].BufferType, (int) inbufs[1].cbBuffer, 385 (int) inbufs[1].BufferType, 386 (int) outbufs[0].cbBuffer); 387 if (status == SEC_E_OK || status == SEC_I_CONTINUE_NEEDED || 388 (FAILED(status) && (sspi_flags_out & ISC_RET_EXTENDED_ERROR))) { 389 if (outbufs[0].cbBuffer != 0 && outbufs[0].pvBuffer) { 390 wpa_hexdump(MSG_MSGDUMP, "SChannel - output", 391 outbufs[0].pvBuffer, outbufs[0].cbBuffer); |
395 *out_len = outbufs[0].cbBuffer; 396 out_buf = os_malloc(*out_len); 397 if (out_buf) 398 os_memcpy(out_buf, outbufs[0].pvBuffer, 399 *out_len); | 392 out_buf = wpabuf_alloc_copy(outbufs[0].pvBuffer, 393 outbufs[0].cbBuffer); |
400 global->sspi->FreeContextBuffer(outbufs[0].pvBuffer); 401 outbufs[0].pvBuffer = NULL; 402 if (out_buf == NULL) 403 return NULL; 404 } 405 } 406 407 switch (status) { --- 7 unchanged lines hidden (view full) --- 415 /* TODO: verify server certificate chain */ 416 wpa_printf(MSG_DEBUG, "Schannel: SEC_E_OK - Handshake " 417 "completed successfully"); 418 conn->established = 1; 419 tls_get_eap(global, conn); 420 421 /* Need to return something to get final TLS ACK. */ 422 if (out_buf == NULL) | 394 global->sspi->FreeContextBuffer(outbufs[0].pvBuffer); 395 outbufs[0].pvBuffer = NULL; 396 if (out_buf == NULL) 397 return NULL; 398 } 399 } 400 401 switch (status) { --- 7 unchanged lines hidden (view full) --- 409 /* TODO: verify server certificate chain */ 410 wpa_printf(MSG_DEBUG, "Schannel: SEC_E_OK - Handshake " 411 "completed successfully"); 412 conn->established = 1; 413 tls_get_eap(global, conn); 414 415 /* Need to return something to get final TLS ACK. */ 416 if (out_buf == NULL) |
423 out_buf = os_malloc(1); | 417 out_buf = wpabuf_alloc(0); |
424 425 if (inbufs[1].BufferType == SECBUFFER_EXTRA) { 426 wpa_hexdump(MSG_MSGDUMP, "SChannel - Encrypted " 427 "application data", 428 inbufs[1].pvBuffer, inbufs[1].cbBuffer); 429 if (appl_data) { | 418 419 if (inbufs[1].BufferType == SECBUFFER_EXTRA) { 420 wpa_hexdump(MSG_MSGDUMP, "SChannel - Encrypted " 421 "application data", 422 inbufs[1].pvBuffer, inbufs[1].cbBuffer); 423 if (appl_data) { |
430 *appl_data_len = outbufs[1].cbBuffer; 431 appl_data = os_malloc(*appl_data_len); 432 if (appl_data) 433 os_memcpy(appl_data, 434 outbufs[1].pvBuffer, 435 *appl_data_len); | 424 *appl_data = wpabuf_alloc_copy( 425 outbufs[1].pvBuffer, 426 outbufs[1].cbBuffer); |
436 } 437 global->sspi->FreeContextBuffer(inbufs[1].pvBuffer); 438 inbufs[1].pvBuffer = NULL; 439 } 440 break; 441 case SEC_I_INCOMPLETE_CREDENTIALS: 442 wpa_printf(MSG_DEBUG, 443 "Schannel: SEC_I_INCOMPLETE_CREDENTIALS"); --- 21 unchanged lines hidden (view full) --- 465 global->sspi->FreeContextBuffer(inbufs[1].pvBuffer); 466 inbufs[1].pvBuffer = NULL; 467 } 468 469 return out_buf; 470} 471 472 | 427 } 428 global->sspi->FreeContextBuffer(inbufs[1].pvBuffer); 429 inbufs[1].pvBuffer = NULL; 430 } 431 break; 432 case SEC_I_INCOMPLETE_CREDENTIALS: 433 wpa_printf(MSG_DEBUG, 434 "Schannel: SEC_I_INCOMPLETE_CREDENTIALS"); --- 21 unchanged lines hidden (view full) --- 456 global->sspi->FreeContextBuffer(inbufs[1].pvBuffer); 457 inbufs[1].pvBuffer = NULL; 458 } 459 460 return out_buf; 461} 462 463 |
473u8 * tls_connection_server_handshake(void *ssl_ctx, 474 struct tls_connection *conn, 475 const u8 *in_data, size_t in_len, 476 size_t *out_len) | 464struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 465 struct tls_connection *conn, 466 const struct wpabuf *in_data, 467 struct wpabuf **appl_data) |
477{ 478 return NULL; 479} 480 481 | 468{ 469 return NULL; 470} 471 472 |
482int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn, 483 const u8 *in_data, size_t in_len, 484 u8 *out_data, size_t out_len) | 473struct wpabuf * tls_connection_encrypt(void *tls_ctx, 474 struct tls_connection *conn, 475 const struct wpabuf *in_data) |
485{ | 476{ |
486 struct tls_global *global = ssl_ctx; | 477 struct tls_global *global = tls_ctx; |
487 SECURITY_STATUS status; 488 SecBufferDesc buf; 489 SecBuffer bufs[4]; 490 SecPkgContext_StreamSizes sizes; 491 int i; | 478 SECURITY_STATUS status; 479 SecBufferDesc buf; 480 SecBuffer bufs[4]; 481 SecPkgContext_StreamSizes sizes; 482 int i; |
492 size_t total_len; | 483 struct wpabuf *out; |
493 494 status = global->sspi->QueryContextAttributes(&conn->context, 495 SECPKG_ATTR_STREAM_SIZES, 496 &sizes); 497 if (status != SEC_E_OK) { 498 wpa_printf(MSG_DEBUG, "%s: QueryContextAttributes failed", 499 __func__); | 484 485 status = global->sspi->QueryContextAttributes(&conn->context, 486 SECPKG_ATTR_STREAM_SIZES, 487 &sizes); 488 if (status != SEC_E_OK) { 489 wpa_printf(MSG_DEBUG, "%s: QueryContextAttributes failed", 490 __func__); |
500 return -1; | 491 return NULL; |
501 } 502 wpa_printf(MSG_DEBUG, "%s: Stream sizes: header=%u trailer=%u", 503 __func__, 504 (unsigned int) sizes.cbHeader, 505 (unsigned int) sizes.cbTrailer); 506 | 492 } 493 wpa_printf(MSG_DEBUG, "%s: Stream sizes: header=%u trailer=%u", 494 __func__, 495 (unsigned int) sizes.cbHeader, 496 (unsigned int) sizes.cbTrailer); 497 |
507 total_len = sizes.cbHeader + in_len + sizes.cbTrailer; | 498 out = wpabuf_alloc(sizes.cbHeader + wpabuf_len(in_data) + 499 sizes.cbTrailer); |
508 | 500 |
509 if (out_len < total_len) { 510 wpa_printf(MSG_DEBUG, "%s: too short out_data (out_len=%lu " 511 "in_len=%lu total_len=%lu)", __func__, 512 (unsigned long) out_len, (unsigned long) in_len, 513 (unsigned long) total_len); 514 return -1; 515 } 516 | |
517 os_memset(&bufs, 0, sizeof(bufs)); | 501 os_memset(&bufs, 0, sizeof(bufs)); |
518 bufs[0].pvBuffer = out_data; | 502 bufs[0].pvBuffer = wpabuf_put(out, sizes.cbHeader); |
519 bufs[0].cbBuffer = sizes.cbHeader; 520 bufs[0].BufferType = SECBUFFER_STREAM_HEADER; 521 | 503 bufs[0].cbBuffer = sizes.cbHeader; 504 bufs[0].BufferType = SECBUFFER_STREAM_HEADER; 505 |
522 os_memcpy(out_data + sizes.cbHeader, in_data, in_len); 523 bufs[1].pvBuffer = out_data + sizes.cbHeader; 524 bufs[1].cbBuffer = in_len; | 506 bufs[1].pvBuffer = wpabuf_put(out, 0); 507 wpabuf_put_buf(out, in_data); 508 bufs[1].cbBuffer = wpabuf_len(in_data); |
525 bufs[1].BufferType = SECBUFFER_DATA; 526 | 509 bufs[1].BufferType = SECBUFFER_DATA; 510 |
527 bufs[2].pvBuffer = out_data + sizes.cbHeader + in_len; | 511 bufs[2].pvBuffer = wpabuf_put(out, sizes.cbTrailer); |
528 bufs[2].cbBuffer = sizes.cbTrailer; 529 bufs[2].BufferType = SECBUFFER_STREAM_TRAILER; 530 531 buf.ulVersion = SECBUFFER_VERSION; 532 buf.cBuffers = 3; 533 buf.pBuffers = bufs; 534 535 status = global->sspi->EncryptMessage(&conn->context, 0, &buf, 0); 536 537 wpa_printf(MSG_MSGDUMP, "Schannel: EncryptMessage -> " 538 "status=%d len[0]=%d type[0]=%d len[1]=%d type[1]=%d " 539 "len[2]=%d type[2]=%d", 540 (int) status, 541 (int) bufs[0].cbBuffer, (int) bufs[0].BufferType, 542 (int) bufs[1].cbBuffer, (int) bufs[1].BufferType, 543 (int) bufs[2].cbBuffer, (int) bufs[2].BufferType); 544 wpa_printf(MSG_MSGDUMP, "Schannel: EncryptMessage pointers: " 545 "out_data=%p bufs %p %p %p", | 512 bufs[2].cbBuffer = sizes.cbTrailer; 513 bufs[2].BufferType = SECBUFFER_STREAM_TRAILER; 514 515 buf.ulVersion = SECBUFFER_VERSION; 516 buf.cBuffers = 3; 517 buf.pBuffers = bufs; 518 519 status = global->sspi->EncryptMessage(&conn->context, 0, &buf, 0); 520 521 wpa_printf(MSG_MSGDUMP, "Schannel: EncryptMessage -> " 522 "status=%d len[0]=%d type[0]=%d len[1]=%d type[1]=%d " 523 "len[2]=%d type[2]=%d", 524 (int) status, 525 (int) bufs[0].cbBuffer, (int) bufs[0].BufferType, 526 (int) bufs[1].cbBuffer, (int) bufs[1].BufferType, 527 (int) bufs[2].cbBuffer, (int) bufs[2].BufferType); 528 wpa_printf(MSG_MSGDUMP, "Schannel: EncryptMessage pointers: " 529 "out_data=%p bufs %p %p %p", |
546 out_data, bufs[0].pvBuffer, bufs[1].pvBuffer, | 530 wpabuf_head(out), bufs[0].pvBuffer, bufs[1].pvBuffer, |
547 bufs[2].pvBuffer); 548 549 for (i = 0; i < 3; i++) { 550 if (bufs[i].pvBuffer && bufs[i].BufferType != SECBUFFER_EMPTY) 551 { 552 wpa_hexdump(MSG_MSGDUMP, "SChannel: bufs", 553 bufs[i].pvBuffer, bufs[i].cbBuffer); 554 } 555 } 556 557 if (status == SEC_E_OK) { 558 wpa_printf(MSG_DEBUG, "%s: SEC_E_OK", __func__); | 531 bufs[2].pvBuffer); 532 533 for (i = 0; i < 3; i++) { 534 if (bufs[i].pvBuffer && bufs[i].BufferType != SECBUFFER_EMPTY) 535 { 536 wpa_hexdump(MSG_MSGDUMP, "SChannel: bufs", 537 bufs[i].pvBuffer, bufs[i].cbBuffer); 538 } 539 } 540 541 if (status == SEC_E_OK) { 542 wpa_printf(MSG_DEBUG, "%s: SEC_E_OK", __func__); |
559 wpa_hexdump_key(MSG_MSGDUMP, "Schannel: Encrypted data from " 560 "EncryptMessage", out_data, total_len); 561 return total_len; | 543 wpa_hexdump_buf_key(MSG_MSGDUMP, "Schannel: Encrypted data " 544 "from EncryptMessage", out); 545 return out; |
562 } 563 564 wpa_printf(MSG_DEBUG, "%s: Failed - status=%d", 565 __func__, (int) status); | 546 } 547 548 wpa_printf(MSG_DEBUG, "%s: Failed - status=%d", 549 __func__, (int) status); |
566 return -1; | 550 wpabuf_free(out); 551 return NULL; |
567} 568 569 | 552} 553 554 |
570int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn, 571 const u8 *in_data, size_t in_len, 572 u8 *out_data, size_t out_len) | 555struct wpabuf * tls_connection_decrypt(void *tls_ctx, 556 struct tls_connection *conn, 557 const struct wpabuf *in_data) |
573{ | 558{ |
574 struct tls_global *global = ssl_ctx; | 559 struct tls_global *global = tls_ctx; |
575 SECURITY_STATUS status; 576 SecBufferDesc buf; 577 SecBuffer bufs[4]; 578 int i; | 560 SECURITY_STATUS status; 561 SecBufferDesc buf; 562 SecBuffer bufs[4]; 563 int i; |
564 struct wpabuf *out, *tmp; |
|
579 | 565 |
580 if (out_len < in_len) { 581 wpa_printf(MSG_DEBUG, "%s: out_len=%lu < in_len=%lu", __func__, 582 (unsigned long) out_len, (unsigned long) in_len); 583 return -1; 584 } 585 586 wpa_hexdump(MSG_MSGDUMP, "Schannel: Encrypted data to DecryptMessage", 587 in_data, in_len); | 566 wpa_hexdump_buf(MSG_MSGDUMP, 567 "Schannel: Encrypted data to DecryptMessage", in_data); |
588 os_memset(&bufs, 0, sizeof(bufs)); | 568 os_memset(&bufs, 0, sizeof(bufs)); |
589 os_memcpy(out_data, in_data, in_len); 590 bufs[0].pvBuffer = out_data; 591 bufs[0].cbBuffer = in_len; | 569 tmp = wpabuf_dup(in_data); 570 if (tmp == NULL) 571 return NULL; 572 bufs[0].pvBuffer = wpabuf_mhead(tmp); 573 bufs[0].cbBuffer = wpabuf_len(in_data); |
592 bufs[0].BufferType = SECBUFFER_DATA; 593 594 bufs[1].BufferType = SECBUFFER_EMPTY; 595 bufs[2].BufferType = SECBUFFER_EMPTY; 596 bufs[3].BufferType = SECBUFFER_EMPTY; 597 598 buf.ulVersion = SECBUFFER_VERSION; 599 buf.cBuffers = 4; --- 6 unchanged lines hidden (view full) --- 606 "len[2]=%d type[2]=%d len[3]=%d type[3]=%d", 607 (int) status, 608 (int) bufs[0].cbBuffer, (int) bufs[0].BufferType, 609 (int) bufs[1].cbBuffer, (int) bufs[1].BufferType, 610 (int) bufs[2].cbBuffer, (int) bufs[2].BufferType, 611 (int) bufs[3].cbBuffer, (int) bufs[3].BufferType); 612 wpa_printf(MSG_MSGDUMP, "Schannel: DecryptMessage pointers: " 613 "out_data=%p bufs %p %p %p %p", | 574 bufs[0].BufferType = SECBUFFER_DATA; 575 576 bufs[1].BufferType = SECBUFFER_EMPTY; 577 bufs[2].BufferType = SECBUFFER_EMPTY; 578 bufs[3].BufferType = SECBUFFER_EMPTY; 579 580 buf.ulVersion = SECBUFFER_VERSION; 581 buf.cBuffers = 4; --- 6 unchanged lines hidden (view full) --- 588 "len[2]=%d type[2]=%d len[3]=%d type[3]=%d", 589 (int) status, 590 (int) bufs[0].cbBuffer, (int) bufs[0].BufferType, 591 (int) bufs[1].cbBuffer, (int) bufs[1].BufferType, 592 (int) bufs[2].cbBuffer, (int) bufs[2].BufferType, 593 (int) bufs[3].cbBuffer, (int) bufs[3].BufferType); 594 wpa_printf(MSG_MSGDUMP, "Schannel: DecryptMessage pointers: " 595 "out_data=%p bufs %p %p %p %p", |
614 out_data, bufs[0].pvBuffer, bufs[1].pvBuffer, | 596 wpabuf_head(tmp), bufs[0].pvBuffer, bufs[1].pvBuffer, |
615 bufs[2].pvBuffer, bufs[3].pvBuffer); 616 617 switch (status) { 618 case SEC_E_INCOMPLETE_MESSAGE: 619 wpa_printf(MSG_DEBUG, "%s: SEC_E_INCOMPLETE_MESSAGE", 620 __func__); 621 break; 622 case SEC_E_OK: 623 wpa_printf(MSG_DEBUG, "%s: SEC_E_OK", __func__); 624 for (i = 0; i < 4; i++) { 625 if (bufs[i].BufferType == SECBUFFER_DATA) 626 break; 627 } 628 if (i == 4) { 629 wpa_printf(MSG_DEBUG, "%s: No output data from " 630 "DecryptMessage", __func__); | 597 bufs[2].pvBuffer, bufs[3].pvBuffer); 598 599 switch (status) { 600 case SEC_E_INCOMPLETE_MESSAGE: 601 wpa_printf(MSG_DEBUG, "%s: SEC_E_INCOMPLETE_MESSAGE", 602 __func__); 603 break; 604 case SEC_E_OK: 605 wpa_printf(MSG_DEBUG, "%s: SEC_E_OK", __func__); 606 for (i = 0; i < 4; i++) { 607 if (bufs[i].BufferType == SECBUFFER_DATA) 608 break; 609 } 610 if (i == 4) { 611 wpa_printf(MSG_DEBUG, "%s: No output data from " 612 "DecryptMessage", __func__); |
631 return -1; | 613 wpabuf_free(tmp); 614 return NULL; |
632 } 633 wpa_hexdump_key(MSG_MSGDUMP, "Schannel: Decrypted data from " 634 "DecryptMessage", 635 bufs[i].pvBuffer, bufs[i].cbBuffer); | 615 } 616 wpa_hexdump_key(MSG_MSGDUMP, "Schannel: Decrypted data from " 617 "DecryptMessage", 618 bufs[i].pvBuffer, bufs[i].cbBuffer); |
636 if (bufs[i].cbBuffer > out_len) { 637 wpa_printf(MSG_DEBUG, "%s: Too long output data", 638 __func__); 639 return -1; 640 } 641 os_memmove(out_data, bufs[i].pvBuffer, bufs[i].cbBuffer); 642 return bufs[i].cbBuffer; | 619 out = wpabuf_alloc_copy(bufs[i].pvBuffer, bufs[i].cbBuffer); 620 wpabuf_free(tmp); 621 return out; |
643 } 644 645 wpa_printf(MSG_DEBUG, "%s: Failed - status=%d", 646 __func__, (int) status); | 622 } 623 624 wpa_printf(MSG_DEBUG, "%s: Failed - status=%d", 625 __func__, (int) status); |
647 return -1; | 626 wpabuf_free(tmp); 627 return NULL; |
648} 649 650 651int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 652{ 653 return 0; 654} 655 --- 104 unchanged lines hidden (view full) --- 760 761int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, 762 int tls_ia) 763{ 764 return -1; 765} 766 767 | 628} 629 630 631int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 632{ 633 return 0; 634} 635 --- 104 unchanged lines hidden (view full) --- 740 741int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, 742 int tls_ia) 743{ 744 return -1; 745} 746 747 |
768int tls_connection_ia_send_phase_finished(void *tls_ctx, 769 struct tls_connection *conn, 770 int final, 771 u8 *out_data, size_t out_len) | 748struct wpabuf * tls_connection_ia_send_phase_finished( 749 void *tls_ctx, struct tls_connection *conn, int final); |
772{ | 750{ |
773 return -1; | 751 return NULL; |
774} 775 776 777int tls_connection_ia_final_phase_finished(void *tls_ctx, 778 struct tls_connection *conn) 779{ 780 return -1; 781} 782 783 784int tls_connection_ia_permute_inner_secret(void *tls_ctx, 785 struct tls_connection *conn, 786 const u8 *key, size_t key_len) 787{ 788 return -1; 789} | 752} 753 754 755int tls_connection_ia_final_phase_finished(void *tls_ctx, 756 struct tls_connection *conn) 757{ 758 return -1; 759} 760 761 762int tls_connection_ia_permute_inner_secret(void *tls_ctx, 763 struct tls_connection *conn, 764 const u8 *key, size_t key_len) 765{ 766 return -1; 767} |