69 	struct eap_peap_data *data;  in eap_peap_init()  local
72 	data = os_zalloc(sizeof(*data));  in eap_peap_init()
73 	if (data == NULL)  in eap_peap_init()
76 	data->peap_version = EAP_PEAP_VERSION;  in eap_peap_init()
77 	data->force_peap_version = -1;  in eap_peap_init()
78 	data->peap_outer_success = 2;  in eap_peap_init()
83 			data->force_peap_version = atoi(pos + 8);  in eap_peap_init()
84 			data->peap_version = data->force_peap_version;  in eap_peap_init()
86 				   "%d", data->force_peap_version);  in eap_peap_init()
90 			data->force_new_label = 1;  in eap_peap_init()
96 			data->peap_outer_success = 0;  in eap_peap_init()
100 			data->peap_outer_success = 1;  in eap_peap_init()
105 			data->peap_outer_success = 2;  in eap_peap_init()
118 			eap_peap_deinit(sm, data);  in eap_peap_init()
148 					eap_peap_deinit(sm, data);  in eap_peap_init()
159 		data->phase2_types = methods;  in eap_peap_init()
160 		data->num_phase2_types = num_methods;  in eap_peap_init()
162 	if (data->phase2_types == NULL) {  in eap_peap_init()
163 		data->phase2_types =  in eap_peap_init()
164 			eap_get_phase2_types(config, &data->num_phase2_types);  in eap_peap_init()
166 	if (data->phase2_types == NULL) {  in eap_peap_init()
168 		eap_peap_deinit(sm, data);  in eap_peap_init()
172 		    (u8 *) data->phase2_types,  in eap_peap_init()
173 		    data->num_phase2_types * sizeof(struct eap_method_type));  in eap_peap_init()
174 	data->phase2_type.vendor = EAP_VENDOR_IETF;  in eap_peap_init()
175 	data->phase2_type.method = EAP_TYPE_NONE;  in eap_peap_init()
177 	if (eap_tls_ssl_init(sm, &data->ssl, config)) {  in eap_peap_init()
179 		eap_peap_deinit(sm, data);  in eap_peap_init()
183 	return data;  in eap_peap_init()
189 	struct eap_peap_data *data = priv;  in eap_peap_deinit()  local
190 	if (data == NULL)  in eap_peap_deinit()
192 	if (data->phase2_priv && data->phase2_method)  in eap_peap_deinit()
193 		data->phase2_method->deinit(sm, data->phase2_priv);  in eap_peap_deinit()
194 	os_free(data->phase2_types);  in eap_peap_deinit()
195 	eap_tls_ssl_deinit(sm, &data->ssl);  in eap_peap_deinit()
196 	os_free(data->key_data);  in eap_peap_deinit()
197 	os_free(data->pending_phase2_req);  in eap_peap_deinit()
198 	os_free(data);  in eap_peap_deinit()
202 static int eap_peap_encrypt(struct eap_sm *sm, struct eap_peap_data *data,  in eap_peap_encrypt()  argument
214 	resp = os_malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit);  in eap_peap_encrypt()
223 	*pos++ = data->peap_version;  in eap_peap_encrypt()
225 	res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn,  in eap_peap_encrypt()
227 				     pos, data->ssl.tls_out_limit);  in eap_peap_encrypt()
242 static int eap_peap_phase2_nak(struct eap_peap_data *data, struct eap_hdr *hdr,  in eap_peap_phase2_nak()  argument
252 		    (u8 *) data->phase2_types,  in eap_peap_phase2_nak()
253 		    data->num_phase2_types * sizeof(struct eap_method_type));  in eap_peap_phase2_nak()
255 	*resp = os_malloc(*resp_len + data->num_phase2_types);  in eap_peap_phase2_nak()
264 	for (i = 0; i < data->num_phase2_types; i++) {  in eap_peap_phase2_nak()
265 		if (data->phase2_types[i].vendor == EAP_VENDOR_IETF &&  in eap_peap_phase2_nak()
266 		    data->phase2_types[i].method < 256) {  in eap_peap_phase2_nak()
268 			*pos++ = data->phase2_types[i].method;  in eap_peap_phase2_nak()
278 				   struct eap_peap_data *data,  in eap_peap_phase2_request()  argument
302 				    data->phase2_eap_started &&  in eap_peap_phase2_request()
303 				    !data->phase2_eap_success)) {  in eap_peap_phase2_request()
312 			data->phase2_success = 1;  in eap_peap_phase2_request()
316 		if (data->phase2_type.vendor == EAP_VENDOR_IETF &&  in eap_peap_phase2_request()
317 		    data->phase2_type.method == EAP_TYPE_NONE) {  in eap_peap_phase2_request()
319 			for (i = 0; i < data->num_phase2_types; i++) {  in eap_peap_phase2_request()
320 				if (data->phase2_types[i].vendor !=  in eap_peap_phase2_request()
322 				    data->phase2_types[i].method != *pos)  in eap_peap_phase2_request()
325 				data->phase2_type.vendor =  in eap_peap_phase2_request()
326 					data->phase2_types[i].vendor;  in eap_peap_phase2_request()
327 				data->phase2_type.method =  in eap_peap_phase2_request()
328 					data->phase2_types[i].method;  in eap_peap_phase2_request()
331 					   data->phase2_type.vendor,  in eap_peap_phase2_request()
332 					   data->phase2_type.method);  in eap_peap_phase2_request()
336 		if (*pos != data->phase2_type.method ||  in eap_peap_phase2_request()
338 			if (eap_peap_phase2_nak(data, hdr, resp, resp_len))  in eap_peap_phase2_request()
343 		if (data->phase2_priv == NULL) {  in eap_peap_phase2_request()
344 			data->phase2_method = eap_sm_get_eap_methods(  in eap_peap_phase2_request()
345 				data->phase2_type.vendor,  in eap_peap_phase2_request()
346 				data->phase2_type.method);  in eap_peap_phase2_request()
347 			if (data->phase2_method) {  in eap_peap_phase2_request()
349 				data->phase2_priv =  in eap_peap_phase2_request()
350 					data->phase2_method->init(sm);  in eap_peap_phase2_request()
354 		if (data->phase2_priv == NULL || data->phase2_method == NULL) {  in eap_peap_phase2_request()
361 		data->phase2_eap_started = 1;  in eap_peap_phase2_request()
363 		*resp = data->phase2_method->process(sm, data->phase2_priv,  in eap_peap_phase2_request()
370 			data->phase2_eap_success = 1;  in eap_peap_phase2_request()
371 			data->phase2_success = 1;  in eap_peap_phase2_request()
379 		os_free(data->pending_phase2_req);  in eap_peap_phase2_request()
380 		data->pending_phase2_req = os_malloc(len);  in eap_peap_phase2_request()
381 		if (data->pending_phase2_req) {  in eap_peap_phase2_request()
382 			os_memcpy(data->pending_phase2_req, hdr, len);  in eap_peap_phase2_request()
383 			data->pending_phase2_req_len = len;  in eap_peap_phase2_request()
391 static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,  in eap_peap_decrypt()  argument
409 	if (data->pending_phase2_req) {  in eap_peap_decrypt()
413 		os_free(data->ssl.tls_in);  in eap_peap_decrypt()
414 		data->ssl.tls_in = NULL;  in eap_peap_decrypt()
415 		data->ssl.tls_in_len = 0;  in eap_peap_decrypt()
416 		data->ssl.tls_in_left = 0;  in eap_peap_decrypt()
417 		data->ssl.tls_in_total = 0;  in eap_peap_decrypt()
418 		in_decrypted = data->pending_phase2_req;  in eap_peap_decrypt()
419 		data->pending_phase2_req = NULL;  in eap_peap_decrypt()
420 		len_decrypted = data->pending_phase2_req_len;  in eap_peap_decrypt()
425 	msg = eap_tls_data_reassemble(sm, &data->ssl, in_data, in_len,  in eap_peap_decrypt()
430 	if (in_len == 0 && sm->workaround && data->phase2_success) {  in eap_peap_decrypt()
444 	if (data->ssl.tls_in_total > buf_len)  in eap_peap_decrypt()
445 		buf_len = data->ssl.tls_in_total;  in eap_peap_decrypt()
448 		os_free(data->ssl.tls_in);  in eap_peap_decrypt()
449 		data->ssl.tls_in = NULL;  in eap_peap_decrypt()
450 		data->ssl.tls_in_len = 0;  in eap_peap_decrypt()
456 	res = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,  in eap_peap_decrypt()
458 	os_free(data->ssl.tls_in);  in eap_peap_decrypt()
459 	data->ssl.tls_in = NULL;  in eap_peap_decrypt()
460 	data->ssl.tls_in_len = 0;  in eap_peap_decrypt()
486 	if (data->peap_version == 0 && !skip_change) {  in eap_peap_decrypt()
545 		if (eap_peap_phase2_request(sm, data, ret, hdr,  in eap_peap_decrypt()
555 		if (data->peap_version == 1) {  in eap_peap_decrypt()
559 			if (data->phase2_eap_started &&  in eap_peap_decrypt()
560 			    !data->phase2_eap_success) {  in eap_peap_decrypt()
575 			data->phase2_success = 1;  in eap_peap_decrypt()
576 			if (data->peap_outer_success == 2) {  in eap_peap_decrypt()
581 			} else if (data->peap_outer_success == 1) {  in eap_peap_decrypt()
637 		if (data->peap_version == 0 && !skip_change2) {  in eap_peap_decrypt()
645 		if (eap_peap_encrypt(sm, data, req->identifier,  in eap_peap_decrypt()
668 	struct eap_peap_data *data = priv;  in eap_peap_process()  local
670 	pos = eap_tls_process_init(sm, &data->ssl, EAP_TYPE_PEAP, ret,  in eap_peap_process()
680 			data->peap_version);  in eap_peap_process()
681 		if ((flags & EAP_PEAP_VERSION_MASK) < data->peap_version)  in eap_peap_process()
682 			data->peap_version = flags & EAP_PEAP_VERSION_MASK;  in eap_peap_process()
683 		if (data->force_peap_version >= 0 &&  in eap_peap_process()
684 		    data->force_peap_version != data->peap_version) {  in eap_peap_process()
687 				   data->force_peap_version);  in eap_peap_process()
694 			   data->peap_version);  in eap_peap_process()
700 	if (tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&  in eap_peap_process()
701 	    !data->resuming) {  in eap_peap_process()
702 		res = eap_peap_decrypt(sm, data, ret, req, pos, left,  in eap_peap_process()
705 		res = eap_tls_process_helper(sm, &data->ssl, EAP_TYPE_PEAP,  in eap_peap_process()
706 					     data->peap_version, id, pos, left,  in eap_peap_process()
709 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {  in eap_peap_process()
713 			os_free(data->key_data);  in eap_peap_process()
721 			if (data->peap_version > 1 || data->force_new_label)  in eap_peap_process()
727 			data->key_data =  in eap_peap_process()
728 				eap_tls_derive_key(sm, &data->ssl, label,  in eap_peap_process()
730 			if (data->key_data) {  in eap_peap_process()
733 						data->key_data,  in eap_peap_process()
740 			if (sm->workaround && data->resuming) {  in eap_peap_process()
755 				data->phase2_success = 1;  in eap_peap_process()
758 			data->resuming = 0;  in eap_peap_process()
765 			os_free(data->pending_phase2_req);  in eap_peap_process()
766 			data->pending_phase2_req = resp;  in eap_peap_process()
767 			data->pending_phase2_req_len = *respDataLen;  in eap_peap_process()
770 			res = eap_peap_decrypt(sm, data, ret, req, pos, left,  in eap_peap_process()
780 		return eap_tls_build_ack(&data->ssl, respDataLen, id,  in eap_peap_process()
781 					 EAP_TYPE_PEAP, data->peap_version);  in eap_peap_process()
790 	struct eap_peap_data *data = priv;  in eap_peap_has_reauth_data()  local
791 	return tls_connection_established(sm->ssl_ctx, data->ssl.conn) &&  in eap_peap_has_reauth_data()
792 		data->phase2_success;  in eap_peap_has_reauth_data()
798 	struct eap_peap_data *data = priv;  in eap_peap_deinit_for_reauth()  local
799 	os_free(data->pending_phase2_req);  in eap_peap_deinit_for_reauth()
800 	data->pending_phase2_req = NULL;  in eap_peap_deinit_for_reauth()
806 	struct eap_peap_data *data = priv;  in eap_peap_init_for_reauth()  local
807 	os_free(data->key_data);  in eap_peap_init_for_reauth()
808 	data->key_data = NULL;  in eap_peap_init_for_reauth()
809 	if (eap_tls_reauth_init(sm, &data->ssl)) {  in eap_peap_init_for_reauth()
810 		os_free(data);  in eap_peap_init_for_reauth()
813 	if (data->phase2_priv && data->phase2_method &&  in eap_peap_init_for_reauth()
814 	    data->phase2_method->init_for_reauth)  in eap_peap_init_for_reauth()
815 		data->phase2_method->init_for_reauth(sm, data->phase2_priv);  in eap_peap_init_for_reauth()
816 	data->phase2_success = 0;  in eap_peap_init_for_reauth()
817 	data->phase2_eap_success = 0;  in eap_peap_init_for_reauth()
818 	data->phase2_eap_started = 0;  in eap_peap_init_for_reauth()
819 	data->resuming = 1;  in eap_peap_init_for_reauth()
828 	struct eap_peap_data *data = priv;  in eap_peap_get_status()  local
831 	len = eap_tls_status(sm, &data->ssl, buf, buflen, verbose);  in eap_peap_get_status()
832 	if (data->phase2_method) {  in eap_peap_get_status()
835 				  data->peap_version,  in eap_peap_get_status()
836 				  data->phase2_method->name);  in eap_peap_get_status()
847 	struct eap_peap_data *data = priv;  in eap_peap_isKeyAvailable()  local
848 	return data->key_data != NULL && data->phase2_success;  in eap_peap_isKeyAvailable()
854 	struct eap_peap_data *data = priv;  in eap_peap_getKey()  local
857 	if (data->key_data == NULL || !data->phase2_success)  in eap_peap_getKey()
865 	os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);  in eap_peap_getKey()