diff options
| author | Martin Willi <martin@revosec.ch> | 2010-08-23 16:21:49 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-08-24 08:45:49 +0200 |
| commit | 1475800080d605abb1995bfba1ce8ca98637917c (patch) | |
| tree | 973c91fcd5dd8bcb6c2970227a806516479742f5 /src/libcharon/plugins/eap_tls/eap_tls.c | |
| parent | 477650005599ffb63c9833daf34be93471eba437 (diff) | |
| download | strongswan-1475800080d605abb1995bfba1ce8ca98637917c.tar.bz2 strongswan-1475800080d605abb1995bfba1ce8ca98637917c.tar.xz | |
Moved TLS record parsing/generation to tls.c
Diffstat (limited to 'src/libcharon/plugins/eap_tls/eap_tls.c')
| -rw-r--r-- | src/libcharon/plugins/eap_tls/eap_tls.c | 70 |
1 files changed, 4 insertions, 66 deletions
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index 77458007e..8b5d4cb19 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -95,16 +95,6 @@ typedef struct __attribute__((packed)) { u_int8_t flags; } eap_tls_packet_t; -/** - * TLS record - */ -typedef struct __attribute__((packed)) { - u_int8_t type; - u_int16_t version; - u_int16_t length; - char data[]; -} tls_record_t; - METHOD(eap_method_t, initiate, status_t, private_eap_tls_t *this, eap_payload_t **out) { @@ -259,70 +249,18 @@ static eap_payload_t *read_buf(private_eap_tls_t *this, u_int8_t identifier) */ static status_t process_buf(private_eap_tls_t *this) { - tls_record_t *in, out; - chunk_t data; - u_int16_t len; status_t status; - /* pass input buffer to upper layer, record for record */ - data = this->input; - while (data.len > sizeof(tls_record_t)) + status = this->tls->process(this->tls, this->input); + if (status != NEED_MORE) { - in = (tls_record_t*)data.ptr; - len = untoh16(&in->length); - DBG2(DBG_IKE, "received TLS %N record (%u bytes)", - tls_content_type_names, in->type, sizeof(tls_record_t) + len); - if (len > data.len - sizeof(tls_record_t)) - { - DBG1(DBG_IKE, "TLS record length invalid"); - return FAILED; - } - if (untoh16(&in->version) < TLS_1_0) - { - DBG1(DBG_IKE, "%N invalid with EAP-TLS", - tls_version_names, untoh16(&in->version)); - return FAILED; - } - - status = this->tls->process(this->tls, in->type, - chunk_create(in->data, len)); - if (status != NEED_MORE) - { - return status; - } - data = chunk_skip(data, len + sizeof(tls_record_t)); + return status; } chunk_free(&this->input); this->inpos = 0; - /* read in records from upper layer, append to output buffer */ chunk_free(&this->output); - while (TRUE) - { - tls_content_type_t type; - chunk_t header = chunk_from_thing(out); - - status = this->tls->build(this->tls, &type, &data); - switch (status) - { - case NEED_MORE: - break; - case INVALID_STATE: - /* invalid state means we need more input from peer first */ - return NEED_MORE; - case SUCCESS: - return SUCCESS; - case FAILED: - default: - return FAILED; - } - out.type = type; - htoun16(&out.version, this->tls->get_version(this->tls)); - htoun16(&out.length, data.len); - this->output = chunk_cat("mcm", this->output, header, data); - DBG2(DBG_IKE, "sending TLS %N record (%u bytes)", - tls_content_type_names, type, sizeof(tls_record_t) + data.len); - } + return this->tls->build(this->tls, &this->output); } METHOD(eap_method_t, process, status_t, |