hostap/src/eap_server/eap_server_tls_common.c - nest-learning-thermostat/5.6.2/hostap - Git at Google

 /*
  * EAP-TLS/PEAP/TTLS/FAST server common functions
  * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
  */

 #include "includes.h"

 #include "common.h"
 #include "crypto/sha1.h"
 #include "crypto/tls.h"
 #include "eap_i.h"
 #include "eap_tls_common.h"


 static void eap_server_tls_free_in_buf(struct eap_ssl_data *data);


 struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
 				  u8 code, u8 identifier)
 {
 	if (type == EAP_UNAUTH_TLS_TYPE)
 		return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS,
 				     EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len,
 				     code, identifier);
 	return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code,
 			     identifier);
 }


 int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 			    int verify_peer)
 {
 	data->eap = sm;
 	data->phase2 = sm->init_phase2;

 	data->conn = tls_connection_init(sm->ssl_ctx);
 	if (data->conn == NULL) {
 		wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS "
 			   "connection");
 		return -1;
 	}

 	if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
 		wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
 			   "of TLS peer certificate");
 		tls_connection_deinit(sm->ssl_ctx, data->conn);
 		data->conn = NULL;
 		return -1;
 	}

 	data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398;
 	if (data->phase2) {
 		/* Limit the fragment size in the inner TLS authentication
 		 * since the outer authentication with EAP-PEAP does not yet
 		 * support fragmentation */
 		if (data->tls_out_limit > 100)
 			data->tls_out_limit -= 100;
 	}
 	return 0;
 }


 void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data)
 {
 	tls_connection_deinit(sm->ssl_ctx, data->conn);
 	eap_server_tls_free_in_buf(data);
 	wpabuf_free(data->tls_out);
 	data->tls_out = NULL;
 }


 u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
 			       char *label, size_t len)
 {
 	struct tls_keys keys;
 	u8 *rnd = NULL, *out;

 	out = os_malloc(len);
 	if (out == NULL)
 		return NULL;

 	if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 0, out, len) ==
 	    0)
 		return out;

 	if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
 		goto fail;

 	if (keys.client_random == NULL || keys.server_random == NULL ||
 	    keys.master_key == NULL)
 		goto fail;

 	rnd = os_malloc(keys.client_random_len + keys.server_random_len);
 	if (rnd == NULL)
 		goto fail;
 	os_memcpy(rnd, keys.client_random, keys.client_random_len);
 	os_memcpy(rnd + keys.client_random_len, keys.server_random,
 		  keys.server_random_len);

 	if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len,
 			     label, rnd, keys.client_random_len +
 			     keys.server_random_len, out, len))
 		goto fail;

 	os_free(rnd);
 	return out;

 fail:
 	os_free(out);
 	os_free(rnd);
 	return NULL;
 }


 struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
 					 int eap_type, int version, u8 id)
 {
 	struct wpabuf *req;
 	u8 flags;
 	size_t send_len, plen;

 	wpa_printf(MSG_DEBUG, "SSL: Generating Request");
 	if (data->tls_out == NULL) {
 		wpa_printf(MSG_ERROR, "SSL: tls_out NULL in %s", __func__);
 		return NULL;
 	}

 	flags = version;
 	send_len = wpabuf_len(data->tls_out) - data->tls_out_pos;
 	if (1 + send_len > data->tls_out_limit) {
 		send_len = data->tls_out_limit - 1;
 		flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS;
 		if (data->tls_out_pos == 0) {
 			flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED;
 			send_len -= 4;
 		}
 	}

 	plen = 1 + send_len;
 	if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)
 		plen += 4;

 	req = eap_tls_msg_alloc(eap_type, plen, EAP_CODE_REQUEST, id);
 	if (req == NULL)
 		return NULL;

 	wpabuf_put_u8(req, flags); /* Flags */
 	if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)
 		wpabuf_put_be32(req, wpabuf_len(data->tls_out));

 	wpabuf_put_data(req, wpabuf_head_u8(data->tls_out) + data->tls_out_pos,
 			send_len);
 	data->tls_out_pos += send_len;

 	if (data->tls_out_pos == wpabuf_len(data->tls_out)) {
 		wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes "
 			   "(message sent completely)",
 			   (unsigned long) send_len);
 		wpabuf_free(data->tls_out);
 		data->tls_out = NULL;
 		data->tls_out_pos = 0;
 		data->state = MSG;
 	} else {
 		wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes "
 			   "(%lu more to send)", (unsigned long) send_len,
 			   (unsigned long) wpabuf_len(data->tls_out) -
 			   data->tls_out_pos);
 		data->state = WAIT_FRAG_ACK;
 	}

 	return req;
 }


 struct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version)
 {
 	struct wpabuf *req;

 	req = eap_tls_msg_alloc(eap_type, 1, EAP_CODE_REQUEST, id);
 	if (req == NULL)
 		return NULL;
 	wpa_printf(MSG_DEBUG, "SSL: Building ACK");
 	wpabuf_put_u8(req, version); /* Flags */
 	return req;
 }


 static int eap_server_tls_process_cont(struct eap_ssl_data *data,
 				       const u8 *buf, size_t len)
 {
 	/* Process continuation of a pending message */
 	if (len > wpabuf_tailroom(data->tls_in)) {
 		wpa_printf(MSG_DEBUG, "SSL: Fragment overflow");
 		return -1;
 	}

 	wpabuf_put_data(data->tls_in, buf, len);
 	wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes, waiting for %lu "
 		   "bytes more", (unsigned long) len,
 		   (unsigned long) wpabuf_tailroom(data->tls_in));

 	return 0;
 }


 static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
 					   u8 flags, u32 message_length,
 					   const u8 *buf, size_t len)
 {
 	/* Process a fragment that is not the last one of the message */
 	if (data->tls_in == NULL && !(flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)) {
 		wpa_printf(MSG_DEBUG, "SSL: No Message Length field in a "
 			   "fragmented packet");
 		return -1;
 	}

 	if (data->tls_in == NULL) {
 		/* First fragment of the message */

 		/* Limit length to avoid rogue peers from causing large
 		 * memory allocations. */
 		if (message_length > 65536) {
 			wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size"
 				   " over 64 kB)");
 			return -1;
 		}

 		if (len > message_length) {
 			wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
 				   "first fragment of frame (TLS Message "
 				   "Length %d bytes)",
 				   (int) len, (int) message_length);
 			return -1;
 		}

 		data->tls_in = wpabuf_alloc(message_length);
 		if (data->tls_in == NULL) {
 			wpa_printf(MSG_DEBUG, "SSL: No memory for message");
 			return -1;
 		}
 		wpabuf_put_data(data->tls_in, buf, len);
 		wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes in first "
 			   "fragment, waiting for %lu bytes more",
 			   (unsigned long) len,
 			   (unsigned long) wpabuf_tailroom(data->tls_in));
 	}

 	return 0;
 }


 int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
 {
 	if (data->tls_out) {
 		/* This should not happen.. */
 		wpa_printf(MSG_INFO, "SSL: pending tls_out data when "
 			   "processing new message");
 		wpabuf_free(data->tls_out);
 		WPA_ASSERT(data->tls_out == NULL);
 	}

 	data->tls_out = tls_connection_server_handshake(sm->ssl_ctx,
 							data->conn,
 							data->tls_in, NULL);
 	if (data->tls_out == NULL) {
 		wpa_printf(MSG_INFO, "SSL: TLS processing failed");
 		return -1;
 	}
 	if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
 		/* TLS processing has failed - return error */
 		wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
 			   "report error");
 		return -1;
 	}

 	return 0;
 }


 static int eap_server_tls_reassemble(struct eap_ssl_data *data, u8 flags,
 				     const u8 **pos, size_t *left)
 {
 	unsigned int tls_msg_len = 0;
 	const u8 *end = *pos + *left;

 	if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) {
 		if (*left < 4) {
 			wpa_printf(MSG_INFO, "SSL: Short frame with TLS "
 				   "length");
 			return -1;
 		}
 		tls_msg_len = WPA_GET_BE32(*pos);
 		wpa_printf(MSG_DEBUG, "SSL: TLS Message Length: %d",
 			   tls_msg_len);
 		*pos += 4;
 		*left -= 4;

 		if (*left > tls_msg_len) {
 			wpa_printf(MSG_INFO, "SSL: TLS Message Length (%d "
 				   "bytes) smaller than this fragment (%d "
 				   "bytes)", (int) tls_msg_len, (int) *left);
 			return -1;
 		}
 	}

 	wpa_printf(MSG_DEBUG, "SSL: Received packet: Flags 0x%x "
 		   "Message Length %u", flags, tls_msg_len);

 	if (data->state == WAIT_FRAG_ACK) {
 		if (*left != 0) {
 			wpa_printf(MSG_DEBUG, "SSL: Unexpected payload in "
 				   "WAIT_FRAG_ACK state");
 			return -1;
 		}
 		wpa_printf(MSG_DEBUG, "SSL: Fragment acknowledged");
 		return 1;
 	}

 	if (data->tls_in &&
 	    eap_server_tls_process_cont(data, *pos, end - *pos) < 0)
 		return -1;

 	if (flags & EAP_TLS_FLAGS_MORE_FRAGMENTS) {
 		if (eap_server_tls_process_fragment(data, flags, tls_msg_len,
 						    *pos, end - *pos) < 0)
 			return -1;

 		data->state = FRAG_ACK;
 		return 1;
 	}

 	if (data->state == FRAG_ACK) {
 		wpa_printf(MSG_DEBUG, "SSL: All fragments received");
 		data->state = MSG;
 	}

 	if (data->tls_in == NULL) {
 		/* Wrap unfragmented messages as wpabuf without extra copy */
 		wpabuf_set(&data->tmpbuf, *pos, end - *pos);
 		data->tls_in = &data->tmpbuf;
 	}

 	return 0;
 }


 static void eap_server_tls_free_in_buf(struct eap_ssl_data *data)
 {
 	if (data->tls_in != &data->tmpbuf)
 		wpabuf_free(data->tls_in);
 	data->tls_in = NULL;
 }


 struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
 				       struct eap_ssl_data *data,
 				       const struct wpabuf *plain)
 {
 	struct wpabuf *buf;

 	buf = tls_connection_encrypt(sm->ssl_ctx, data->conn,
 				     plain);
 	if (buf == NULL) {
 		wpa_printf(MSG_INFO, "SSL: Failed to encrypt Phase 2 data");
 		return NULL;
 	}

 	return buf;
 }


 int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
 			   struct wpabuf *respData, void *priv, int eap_type,
 			   int (*proc_version)(struct eap_sm *sm, void *priv,
 					       int peer_version),
 			   void (*proc_msg)(struct eap_sm *sm, void *priv,
 					    const struct wpabuf *respData))
 {
 	const u8 *pos;
 	u8 flags;
 	size_t left;
 	int ret, res = 0;

 	if (eap_type == EAP_UNAUTH_TLS_TYPE)
 		pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
 				       EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
 				       &left);
 	else
 		pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, respData,
 				       &left);
 	if (pos == NULL || left < 1)
 		return 0; /* Should not happen - frame already validated */
 	flags = *pos++;
 	left--;
 	wpa_printf(MSG_DEBUG, "SSL: Received packet(len=%lu) - Flags 0x%02x",
 		   (unsigned long) wpabuf_len(respData), flags);

 	if (proc_version &&
 	    proc_version(sm, priv, flags & EAP_TLS_VERSION_MASK) < 0)
 		return -1;

 	ret = eap_server_tls_reassemble(data, flags, &pos, &left);
 	if (ret < 0) {
 		res = -1;
 		goto done;
 	} else if (ret == 1)
 		return 0;

 	if (proc_msg)
 		proc_msg(sm, priv, respData);

 	if (tls_connection_get_write_alerts(sm->ssl_ctx, data->conn) > 1) {
 		wpa_printf(MSG_INFO, "SSL: Locally detected fatal error in "
 			   "TLS processing");
 		res = -1;
 	}

 done:
 	eap_server_tls_free_in_buf(data);

 	return res;
 }
	/*
	* EAP-TLS/PEAP/TTLS/FAST server common functions
	* Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
	*
	* This software may be distributed under the terms of the BSD license.
	* See README for more details.
	*/

	#include "includes.h"

	#include "common.h"
	#include "crypto/sha1.h"
	#include "crypto/tls.h"
	#include "eap_i.h"
	#include "eap_tls_common.h"


	static void eap_server_tls_free_in_buf(struct eap_ssl_data *data);


	struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
	u8 code, u8 identifier)
	{
	if (type == EAP_UNAUTH_TLS_TYPE)
	return eap_msg_alloc(EAP_VENDOR_UNAUTH_TLS,
	EAP_VENDOR_TYPE_UNAUTH_TLS, payload_len,
	code, identifier);
	return eap_msg_alloc(EAP_VENDOR_IETF, type, payload_len, code,
	identifier);
	}


	int eap_server_tls_ssl_init(struct eap_sm sm, struct eap_ssl_data data,
	int verify_peer)
	{
	data->eap = sm;
	data->phase2 = sm->init_phase2;

	data->conn = tls_connection_init(sm->ssl_ctx);
	if (data->conn == NULL) {
	wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS "
	"connection");
	return -1;
	}

	if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
	wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
	"of TLS peer certificate");
	tls_connection_deinit(sm->ssl_ctx, data->conn);
	data->conn = NULL;
	return -1;
	}

	data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398;
	if (data->phase2) {
	/* Limit the fragment size in the inner TLS authentication
	* since the outer authentication with EAP-PEAP does not yet
	* support fragmentation */
	if (data->tls_out_limit > 100)
	data->tls_out_limit -= 100;
	}
	return 0;
	}


	void eap_server_tls_ssl_deinit(struct eap_sm sm, struct eap_ssl_data data)
	{
	tls_connection_deinit(sm->ssl_ctx, data->conn);
	eap_server_tls_free_in_buf(data);
	wpabuf_free(data->tls_out);
	data->tls_out = NULL;
	}


	u8 * eap_server_tls_derive_key(struct eap_sm sm, struct eap_ssl_data data,
	char *label, size_t len)
	{
	struct tls_keys keys;
	u8 rnd = NULL, out;

	out = os_malloc(len);
	if (out == NULL)
	return NULL;

	if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 0, out, len) ==
	0)
	return out;

	if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
	goto fail;

	if (keys.client_random == NULL \|\| keys.server_random == NULL \|\|
	keys.master_key == NULL)
	goto fail;

	rnd = os_malloc(keys.client_random_len + keys.server_random_len);
	if (rnd == NULL)
	goto fail;
	os_memcpy(rnd, keys.client_random, keys.client_random_len);
	os_memcpy(rnd + keys.client_random_len, keys.server_random,
	keys.server_random_len);

	if (tls_prf_sha1_md5(keys.master_key, keys.master_key_len,
	label, rnd, keys.client_random_len +
	keys.server_random_len, out, len))
	goto fail;

	os_free(rnd);
	return out;

	fail:
	os_free(out);
	os_free(rnd);
	return NULL;
	}


	struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data,
	int eap_type, int version, u8 id)
	{
	struct wpabuf *req;
	u8 flags;
	size_t send_len, plen;

	wpa_printf(MSG_DEBUG, "SSL: Generating Request");
	if (data->tls_out == NULL) {
	wpa_printf(MSG_ERROR, "SSL: tls_out NULL in %s", __func__);
	return NULL;
	}

	flags = version;
	send_len = wpabuf_len(data->tls_out) - data->tls_out_pos;
	if (1 + send_len > data->tls_out_limit) {
	send_len = data->tls_out_limit - 1;
	flags \|= EAP_TLS_FLAGS_MORE_FRAGMENTS;
	if (data->tls_out_pos == 0) {
	flags \|= EAP_TLS_FLAGS_LENGTH_INCLUDED;
	send_len -= 4;
	}
	}

	plen = 1 + send_len;
	if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)
	plen += 4;

	req = eap_tls_msg_alloc(eap_type, plen, EAP_CODE_REQUEST, id);
	if (req == NULL)
	return NULL;

	wpabuf_put_u8(req, flags); /* Flags */
	if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)
	wpabuf_put_be32(req, wpabuf_len(data->tls_out));

	wpabuf_put_data(req, wpabuf_head_u8(data->tls_out) + data->tls_out_pos,
	send_len);
	data->tls_out_pos += send_len;

	if (data->tls_out_pos == wpabuf_len(data->tls_out)) {
	wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes "
	"(message sent completely)",
	(unsigned long) send_len);
	wpabuf_free(data->tls_out);
	data->tls_out = NULL;
	data->tls_out_pos = 0;
	data->state = MSG;
	} else {
	wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes "
	"(%lu more to send)", (unsigned long) send_len,
	(unsigned long) wpabuf_len(data->tls_out) -
	data->tls_out_pos);
	data->state = WAIT_FRAG_ACK;
	}

	return req;
	}


	struct wpabuf * eap_server_tls_build_ack(u8 id, int eap_type, int version)
	{
	struct wpabuf *req;

	req = eap_tls_msg_alloc(eap_type, 1, EAP_CODE_REQUEST, id);
	if (req == NULL)
	return NULL;
	wpa_printf(MSG_DEBUG, "SSL: Building ACK");
	wpabuf_put_u8(req, version); /* Flags */
	return req;
	}


	static int eap_server_tls_process_cont(struct eap_ssl_data *data,
	const u8 *buf, size_t len)
	{
	/* Process continuation of a pending message */
	if (len > wpabuf_tailroom(data->tls_in)) {
	wpa_printf(MSG_DEBUG, "SSL: Fragment overflow");
	return -1;
	}

	wpabuf_put_data(data->tls_in, buf, len);
	wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes, waiting for %lu "
	"bytes more", (unsigned long) len,
	(unsigned long) wpabuf_tailroom(data->tls_in));

	return 0;
	}


	static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
	u8 flags, u32 message_length,
	const u8 *buf, size_t len)
	{
	/* Process a fragment that is not the last one of the message */
	if (data->tls_in == NULL && !(flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)) {
	wpa_printf(MSG_DEBUG, "SSL: No Message Length field in a "
	"fragmented packet");
	return -1;
	}

	if (data->tls_in == NULL) {
	/* First fragment of the message */

	/* Limit length to avoid rogue peers from causing large
	* memory allocations. */
	if (message_length > 65536) {
	wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size"
	" over 64 kB)");
	return -1;
	}

	if (len > message_length) {
	wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
	"first fragment of frame (TLS Message "
	"Length %d bytes)",
	(int) len, (int) message_length);
	return -1;
	}

	data->tls_in = wpabuf_alloc(message_length);
	if (data->tls_in == NULL) {
	wpa_printf(MSG_DEBUG, "SSL: No memory for message");
	return -1;
	}
	wpabuf_put_data(data->tls_in, buf, len);
	wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes in first "
	"fragment, waiting for %lu bytes more",
	(unsigned long) len,
	(unsigned long) wpabuf_tailroom(data->tls_in));
	}

	return 0;
	}


	int eap_server_tls_phase1(struct eap_sm sm, struct eap_ssl_data data)
	{
	if (data->tls_out) {
	/* This should not happen.. */
	wpa_printf(MSG_INFO, "SSL: pending tls_out data when "
	"processing new message");
	wpabuf_free(data->tls_out);
	WPA_ASSERT(data->tls_out == NULL);
	}

	data->tls_out = tls_connection_server_handshake(sm->ssl_ctx,
	data->conn,
	data->tls_in, NULL);
	if (data->tls_out == NULL) {
	wpa_printf(MSG_INFO, "SSL: TLS processing failed");
	return -1;
	}
	if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
	/* TLS processing has failed - return error */
	wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
	"report error");
	return -1;
	}

	return 0;
	}


	static int eap_server_tls_reassemble(struct eap_ssl_data *data, u8 flags,
	const u8 *pos, size_t left)
	{
	unsigned int tls_msg_len = 0;
	const u8 end = pos + *left;

	if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) {
	if (*left < 4) {
	wpa_printf(MSG_INFO, "SSL: Short frame with TLS "
	"length");
	return -1;
	}
	tls_msg_len = WPA_GET_BE32(*pos);
	wpa_printf(MSG_DEBUG, "SSL: TLS Message Length: %d",
	tls_msg_len);
	*pos += 4;
	*left -= 4;

	if (*left > tls_msg_len) {
	wpa_printf(MSG_INFO, "SSL: TLS Message Length (%d "
	"bytes) smaller than this fragment (%d "
	"bytes)", (int) tls_msg_len, (int) *left);
	return -1;
	}
	}

	wpa_printf(MSG_DEBUG, "SSL: Received packet: Flags 0x%x "
	"Message Length %u", flags, tls_msg_len);

	if (data->state == WAIT_FRAG_ACK) {
	if (*left != 0) {
	wpa_printf(MSG_DEBUG, "SSL: Unexpected payload in "
	"WAIT_FRAG_ACK state");
	return -1;
	}
	wpa_printf(MSG_DEBUG, "SSL: Fragment acknowledged");
	return 1;
	}

	if (data->tls_in &&
	eap_server_tls_process_cont(data, pos, end - pos) < 0)
	return -1;

	if (flags & EAP_TLS_FLAGS_MORE_FRAGMENTS) {
	if (eap_server_tls_process_fragment(data, flags, tls_msg_len,
	pos, end - pos) < 0)
	return -1;

	data->state = FRAG_ACK;
	return 1;
	}

	if (data->state == FRAG_ACK) {
	wpa_printf(MSG_DEBUG, "SSL: All fragments received");
	data->state = MSG;
	}

	if (data->tls_in == NULL) {
	/* Wrap unfragmented messages as wpabuf without extra copy */
	wpabuf_set(&data->tmpbuf, pos, end - pos);
	data->tls_in = &data->tmpbuf;
	}

	return 0;
	}


	static void eap_server_tls_free_in_buf(struct eap_ssl_data *data)
	{
	if (data->tls_in != &data->tmpbuf)
	wpabuf_free(data->tls_in);
	data->tls_in = NULL;
	}


	struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
	struct eap_ssl_data *data,
	const struct wpabuf *plain)
	{
	struct wpabuf *buf;

	buf = tls_connection_encrypt(sm->ssl_ctx, data->conn,
	plain);
	if (buf == NULL) {
	wpa_printf(MSG_INFO, "SSL: Failed to encrypt Phase 2 data");
	return NULL;
	}

	return buf;
	}


	int eap_server_tls_process(struct eap_sm sm, struct eap_ssl_data data,
	struct wpabuf respData, void priv, int eap_type,
	int (proc_version)(struct eap_sm sm, void *priv,
	int peer_version),
	void (proc_msg)(struct eap_sm sm, void *priv,
	const struct wpabuf *respData))
	{
	const u8 *pos;
	u8 flags;
	size_t left;
	int ret, res = 0;

	if (eap_type == EAP_UNAUTH_TLS_TYPE)
	pos = eap_hdr_validate(EAP_VENDOR_UNAUTH_TLS,
	EAP_VENDOR_TYPE_UNAUTH_TLS, respData,
	&left);
	else
	pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, respData,
	&left);
	if (pos == NULL \|\| left < 1)
	return 0; /* Should not happen - frame already validated */
	flags = *pos++;
	left--;
	wpa_printf(MSG_DEBUG, "SSL: Received packet(len=%lu) - Flags 0x%02x",
	(unsigned long) wpabuf_len(respData), flags);

	if (proc_version &&
	proc_version(sm, priv, flags & EAP_TLS_VERSION_MASK) < 0)
	return -1;

	ret = eap_server_tls_reassemble(data, flags, &pos, &left);
	if (ret < 0) {
	res = -1;
	goto done;
	} else if (ret == 1)
	return 0;

	if (proc_msg)
	proc_msg(sm, priv, respData);

	if (tls_connection_get_write_alerts(sm->ssl_ctx, data->conn) > 1) {
	wpa_printf(MSG_INFO, "SSL: Locally detected fatal error in "
	"TLS processing");
	res = -1;
	}

	done:
	eap_server_tls_free_in_buf(data);

	return res;
	}