Version set to 1.0-alpha9

GUI boots with a predefined configuration on new profiles now
(closes #10)
2016-08-18 06:33:02 +02:00 · 2016-08-18 06:31:16 +02:00 · 2016-08-18 06:30:02 +02:00 · 2016-08-17 16:42:19 +02:00 · 2016-08-17 16:27:43 +02:00 · 2016-08-17 15:56:11 +02:00
33 changed files with 3463 additions and 1189 deletions
--- a/include/Version.h
+++ b/include/Version.h
@@ -29,7 +29,7 @@
 // Product version as a single DWORD
 // Note: Used for version comparison within C/C++ code.
 //
-#define PRODUCT_VERSION          0x00ff0600
+#define PRODUCT_VERSION          0x00ff0900
 //
 // Product version by components
@@ -39,26 +39,26 @@
 //
 #define PRODUCT_VERSION_MAJ      0
 #define PRODUCT_VERSION_MIN      255
-#define PRODUCT_VERSION_REV      6
+#define PRODUCT_VERSION_REV      9
 #define PRODUCT_VERSION_BUILD    0
 //
 // Human readable product version and build year for UI
 //
-#define PRODUCT_VERSION_STR      "1.0-alpha6"
+#define PRODUCT_VERSION_STR      "1.0-alpha9"
 #define PRODUCT_BUILD_YEAR_STR   "2016"
 //
 // Numerical version presentation for ProductVersion propery in
 // MSI packages (syntax: N.N[.N[.N]])
 //
-#define PRODUCT_VERSION_INST     "0.255.6"
+#define PRODUCT_VERSION_INST     "0.255.9"
 //
 // The product code for ProductCode property in MSI packages
 // Replace with new on every version change, regardless how minor it is.
 //
-#define PRODUCT_VERSION_GUID     "{BC83D8A6-59FB-4DD9-87F7-CCA4822EE432}"
+#define PRODUCT_VERSION_GUID     "{E6169375-3FA7-443A-921A-44105A94201C}"
 //
 // Since the product name is not finally confirmed at the time of
--- a/lib/EAPBase/include/Config.h
+++ b/lib/EAPBase/include/Config.h
@@ -89,7 +89,6 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
 #include <eaptypes.h> // Must include after <Windows.h>
 #include <tchar.h>
 #include <list>
 #include <string>
 #include <memory>
@@ -342,7 +341,7 @@ namespace eap
        bool m_allow_save;                          ///< Are credentials allowed to be saved to Windows Credential Manager?
        bool m_use_preshared;                       ///< Use pre-shared credentials
        std::unique_ptr<credentials> m_preshared;   ///< Pre-shared credentials
-        bool m_cred_failed;                         ///< Did credential fail last time?
+        bool m_auth_failed;                         ///< Did credential fail last time?
    };
@@ -451,7 +450,7 @@ namespace eap
        winstd::tstring m_lbl_alt_credential;                   ///< Alternative label for credential prompt
        winstd::tstring m_lbl_alt_identity;                     ///< Alternative label for identity prompt
        winstd::tstring m_lbl_alt_password;                     ///< Alternative label for password prompt
-        std::list<std::unique_ptr<config_method> > m_methods;   ///< List of method configurations
+        std::vector<std::unique_ptr<config_method> > m_methods; ///< Array of method configurations
    };
@@ -551,7 +550,7 @@ namespace eap
        /// @}
    public:
-        std::list<eap::config_provider> m_providers;    ///< List of provider configurations
+        std::vector<eap::config_provider> m_providers;  ///< Array of provider configurations
    };
 }
--- a/lib/EAPBase/include/Credentials.h
+++ b/lib/EAPBase/include/Credentials.h
@@ -54,6 +54,18 @@ namespace eap
 {
    class credentials : public config
    {
    public:
        ///
        /// Credential source when combined
        ///
        enum  source_t {
            source_unknown = -1, ///< Unknown source
            source_cache = 0,    ///< Credentials were obtained from EAPHost cache
            source_preshared,    ///< Credentials were set by method configuration
            source_storage       ///< Credentials were loaded from Windows Credential Manager
        };
    public:
        ///
        /// Constructs credentials
@@ -158,26 +170,6 @@ namespace eap
        /// Returns credential name (for GUI display).
        ///
        virtual winstd::tstring get_name() const;
        ///
        /// Combine credentials in the following order:
        ///
        /// 1. Cached credentials
        /// 2. Pre-configured credentials
        /// 3. Stored credentials
        ///
        /// \param[in] cred_cached    Cached credentials (optional, can be \c NULL)
        /// \param[in] cfg            Method configuration
        /// \param[in] pszTargetName  The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
        /// - \c true  if credentials were set;
        /// - \c false otherwise
        ///
        virtual bool combine(
            _In_       const credentials       *cred_cached,
            _In_       config_method_with_cred &cfg,
            _In_opt_z_ LPCTSTR                 pszTargetName);
    };
--- a/lib/EAPBase/include/EAP.h
+++ b/lib/EAPBase/include/EAP.h
@@ -57,6 +57,25 @@ namespace eap
    ///
    typedef std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > sanitizing_blob;
    ///
    /// Sanitizing BLOB of fixed size
    ///
    template<size_t N> struct sanitizing_blob_f;
    ///
    /// Sanitizing BLOB of fixed size (zero initialized)
    ///
    template<size_t N> struct sanitizing_blob_zf;
    ///
    /// Sanitizing BLOB of fixed size (zero initialized in _DEBUG version)
    ///
 #ifdef _DEBUG
    #define sanitizing_blob_xf sanitizing_blob_zf
 #else
    #define sanitizing_blob_xf sanitizing_blob_f
 #endif
    ///
    /// Diameter AVP flags
    ///
@@ -347,6 +366,31 @@ inline size_t pksizeof(const winstd::eap_type_t &val);
 ///
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::eap_type_t &val);
 ///
 /// Packs a BLOB
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[in]    val     Variable with data to pack
 ///
 template<size_t N> inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::sanitizing_blob_f<N> &val);
 ///
 /// Returns packed size of a BLOB
 ///
 /// \param[in] val  Data to pack
 ///
 /// \returns Size of data when packed (in bytes)
 ///
 template<size_t N> inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &val);
 ///
 /// Unpacks a BLOB
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[out]   val     Variable to receive unpacked value
 ///
 template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val);
 #ifndef htonll
 ///
 /// Convert host converts an unsigned __int64 from host to TCP/IP network byte order.
@@ -381,6 +425,167 @@ namespace eap
    };
 #pragma pack(push)
 #pragma pack(1)
    template<size_t N>
    struct __declspec(novtable) sanitizing_blob_f<N>
    {
        unsigned char data[N]; ///< BLOB data
        ///
        /// Constructor
        ///
        inline sanitizing_blob_f()
        {
        }
        ///
        /// Copies a BLOB
        ///
        /// \param[in] other  BLOB to copy from
        ///
        inline sanitizing_blob_f(_In_ const sanitizing_blob_f<N> &other)
        {
            memcpy(data, other.data, N);
        }
        ///
        /// Moves the BLOB
        ///
        /// \param[inout] other  Zero-initialized BLOB to move from
        ///
        inline sanitizing_blob_f(_Inout_ sanitizing_blob_zf<N> &&other)
        {
            memcpy(data, other.data, N);
            memset(other.data, 0, N);
        }
        ///
        /// Destructor
        ///
        inline ~sanitizing_blob_f()
        {
            SecureZeroMemory(data, N);
        }
        ///
        /// Copies a BLOB
        ///
        /// \param[in] other  BLOB to copy from
        ///
        /// \returns Reference to this object
        ///
        inline sanitizing_blob_f& operator=(_In_ const sanitizing_blob_f<N> &other)
        {
            if (this != std::addressof(other))
                memcpy(data, other.data, N);
            return *this;
        }
        ///
        /// Moves the BLOB
        ///
        /// \param[inout] other  Zero-initialized BLOB to copy from
        ///
        /// \returns Reference to this object
        ///
        inline sanitizing_blob_f& operator=(_Inout_ sanitizing_blob_zf<N> &&other)
        {
            if (this != std::addressof(other)) {
                memcpy(data, other.data, N);
                memset(other.data, 0, N);
            }
            return *this;
        }
        ///
        /// Is BLOB not equal to?
        ///
        /// \param[in] other  BLOB to compare against
        ///
        /// \returns
        /// - \c true when BLOBs are not equal;
        /// - \c false otherwise
        ///
        inline bool operator!=(_In_ const sanitizing_blob_f<N> &other) const
        {
            return !operator==(other);
        }
        ///
        /// Is BLOB equal to?
        ///
        /// \param[in] other  BLOB to compare against
        ///
        /// \returns
        /// - \c true when BLOBs are equal;
        /// - \c false otherwise
        ///
        inline bool operator==(_In_ const sanitizing_blob_f<N> &other) const
        {
            for (size_t i = 0; i < N; i++)
                if (data[i] != other.data[i]) return false;
            return true;
        }
        ///
        /// Is BLOB empty?
        ///
        /// \returns
        /// - \c true when BLOB is all-zero;
        /// - \c false otherwise
        ///
        inline bool empty() const
        {
            for (size_t i = 0; i < N; i++)
                if (data[i]) return false;
            return true;
        }
        ///
        /// Zero the BLOB
        ///
        inline void clear()
        {
            memset(data, 0, N);
        }
    };
    template<size_t N>
    struct __declspec(novtable) sanitizing_blob_zf<N> : sanitizing_blob_f<N>
    {
        ///
        /// Constructor
        ///
        inline sanitizing_blob_zf() : sanitizing_blob_f<N>()
        {
            memset(data, 0, N);
        }
        ///
        /// Copies a BLOB
        ///
        /// \param[in] other  BLOB to copy from
        ///
        inline sanitizing_blob_zf(_In_ const sanitizing_blob_f<N> &other) :
            sanitizing_blob_f<N>(other)
        {
        }
        ///
        /// Moves the BLOB
        ///
        /// \param[inout] other  Zero-initialized BLOB to move from
        ///
        inline sanitizing_blob_zf(_Inout_ sanitizing_blob_zf<N> &&other) :
            sanitizing_blob_f<N>(std::move(other))
        {
        }
    };
 #pragma pack(pop)
    #pragma warning(suppress: 4480)
    enum diameter_avp_flags_t : unsigned char {
        diameter_avp_flag_vendor    = 0x80, ///< Vendor-ID present
@@ -742,6 +947,34 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::eap_type_t
 }
 template<size_t N>
 inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::sanitizing_blob_f<N> &val)
 {
    eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::sanitizing_blob_f<N>);
    assert(ptr_end <= cursor.ptr_end);
    memcpy(cursor.ptr, val.data, sizeof(eap::sanitizing_blob_f<N>));
    cursor.ptr = ptr_end;
 }
 template<size_t N>
 inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &val)
 {
    UNREFERENCED_PARAMETER(val);
    return sizeof(eap::sanitizing_blob_f<N>);
 }
 template<size_t N>
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val)
 {
    eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::sanitizing_blob_f<N>);
    assert(ptr_end <= cursor.ptr_end);
    memcpy(val.data, cursor.ptr, sizeof(eap::sanitizing_blob_f<N>));
    cursor.ptr = ptr_end;
 }
 #ifndef htonll
 inline unsigned __int64 htonll(unsigned __int64 val)
--- a/lib/EAPBase/include/Method.h
+++ b/lib/EAPBase/include/Method.h
@@ -56,12 +56,6 @@ namespace eap
        ///
        method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred);
        ///
        /// Copies an EAP method
        ///
        /// \param[in] other  EAP method to copy from
        ///
        method(_In_ const method &other);
        ///
        /// Moves an EAP method
@@ -70,15 +64,6 @@ namespace eap
        ///
        method(_Inout_ method &&other);
        ///
        /// Copies an EAP method
        ///
        /// \param[in] other  EAP method to copy from
        ///
        /// \returns Reference to this object
        ///
        method& operator=(_In_ const method &other);
        ///
        /// Moves an EAP method
        ///
@@ -139,6 +124,11 @@ namespace eap
        /// @}
    private:
        // This class is noncopyable.
        method(_In_ const method &other);
        method& operator=(_In_ const method &other);
    public:
        module &m_module;               ///< EAP module
        config_provider_list &m_cfg;    ///< Providers configuration
--- a/lib/EAPBase/src/Config.cpp
+++ b/lib/EAPBase/src/Config.cpp
@@ -139,7 +139,7 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
 eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) :
    m_allow_save(true),
    m_use_preshared(false),
-    m_cred_failed(false),
+    m_auth_failed(false),
    config_method(mod)
 {
 }
@@ -149,7 +149,7 @@ eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_w
    m_allow_save(other.m_allow_save),
    m_use_preshared(other.m_use_preshared),
    m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr),
-    m_cred_failed(other.m_cred_failed),
+    m_auth_failed(other.m_auth_failed),
    config_method(other)
 {
 }
@@ -159,7 +159,7 @@ eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with
    m_allow_save(std::move(other.m_allow_save)),
    m_use_preshared(std::move(other.m_use_preshared)),
    m_preshared(std::move(other.m_preshared)),
-    m_cred_failed(std::move(other.m_cred_failed)),
+    m_auth_failed(std::move(other.m_auth_failed)),
    config_method(std::move(other))
 {
 }
@@ -172,7 +172,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const
        m_allow_save          = other.m_allow_save;
        m_use_preshared       = other.m_use_preshared;
        m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr);
-        m_cred_failed         = other.m_cred_failed;
+        m_auth_failed         = other.m_auth_failed;
    }
    return *this;
@@ -186,7 +186,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co
        m_allow_save          = std::move(other.m_allow_save   );
        m_use_preshared       = std::move(other.m_use_preshared);
        m_preshared           = std::move(other.m_preshared    );
-        m_cred_failed         = std::move(other.m_cred_failed  );
+        m_auth_failed         = std::move(other.m_auth_failed  );
    }
    return *this;
@@ -248,7 +248,7 @@ void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const
    cursor << m_allow_save;
    cursor << m_use_preshared;
    cursor << *m_preshared;
-    cursor << m_cred_failed;
+    cursor << m_auth_failed;
 }
@@ -259,7 +259,7 @@ size_t eap::config_method_with_cred::get_pk_size() const
        pksizeof(m_allow_save   ) +
        pksizeof(m_use_preshared) +
        pksizeof(*m_preshared   ) +
-        pksizeof(m_cred_failed  );
+        pksizeof(m_auth_failed  );
 }
@@ -269,7 +269,7 @@ void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor)
    cursor >> m_allow_save;
    cursor >> m_use_preshared;
    cursor >> *m_preshared;
-    cursor >> m_cred_failed;
+    cursor >> m_auth_failed;
 }
@@ -296,7 +296,8 @@ eap::config_provider::config_provider(_In_ const config_provider &other) :
    m_lbl_alt_password(other.m_lbl_alt_password),
    config(other)
 {
-    for (list<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
+    m_methods.reserve(other.m_methods.size());
    for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
        m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
 }
@@ -332,7 +333,8 @@ eap::config_provider& eap::config_provider::operator=(_In_ const config_provider
        m_lbl_alt_password   = other.m_lbl_alt_password;
        m_methods.clear();
-        for (list<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
+        m_methods.reserve(other.m_methods.size());
        for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
            m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
    }
@@ -432,7 +434,7 @@ void eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC
    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethods> element.");
-    for (list<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
+    for (vector<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
        // <AuthenticationMethod>
        com_obj<IXMLDOMElement> pXmlElAuthenticationMethod;
        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod)))
@@ -669,7 +671,7 @@ void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
    if (FAILED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)))
        throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList> element.");
-    for (list<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
+    for (vector<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
        // <EAPIdentityProvider>
        com_obj<IXMLDOMElement> pXmlElIdentityProvider;
        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider)))
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@@ -83,19 +83,6 @@ tstring eap::credentials::get_name() const
 }
 bool eap::credentials::combine(
    _In_       const credentials       *cred_cached,
    _In_       config_method_with_cred &cfg,
    _In_opt_z_ LPCTSTR                 pszTargetName)
 {
    UNREFERENCED_PARAMETER(cred_cached);
    UNREFERENCED_PARAMETER(cfg);
    UNREFERENCED_PARAMETER(pszTargetName);
    // When there's nothing to combine...
    return true;
 }
 //////////////////////////////////////////////////////////////////////
 // eap::credentials_pass
 //////////////////////////////////////////////////////////////////////
--- a/lib/EAPBase/src/Method.cpp
+++ b/lib/EAPBase/src/Method.cpp
@@ -36,14 +36,6 @@ eap::method::method(_In_ module &module, _In_ config_provider_list &cfg, _In_ cr
 }
 eap::method::method(_In_ const method &other) :
    m_module(other.m_module),
    m_cfg(other.m_cfg),
    m_cred(other.m_cred)
 {
 }
 eap::method::method(_Inout_ method &&other) :
    m_module(other.m_module),
    m_cfg(other.m_cfg),
@@ -52,18 +44,6 @@ eap::method::method(_Inout_ method &&other) :
 }
 eap::method& eap::method::operator=(_In_ const method &other)
 {
    if (this != std::addressof(other)) {
        assert(std::addressof(m_module) == std::addressof(other.m_module)); // Copy method within same module only!
        assert(std::addressof(m_cfg   ) == std::addressof(other.m_cfg   )); // Copy method with same configuration only!
        assert(std::addressof(m_cred  ) == std::addressof(other.m_cred  )); // Copy method with same credentials only!
    }
    return *this;
 }
 eap::method& eap::method::operator=(_Inout_ method &&other)
 {
    if (this != std::addressof(other)) {
--- a/lib/EAPBase_UI/include/EAP_UI.h
+++ b/lib/EAPBase_UI/include/EAP_UI.h
@@ -20,6 +20,7 @@
 #include <wx/hyperlink.h>
 #include <wx/icon.h>
 #include <wx/scrolwin.h>
 #include <wx/statbmp.h>
 #include <Windows.h>
@@ -34,18 +35,21 @@ class wxEAPBannerPanel;
 ///
 template <class _wxT> class wxEAPConfigDialog;
 ///
 /// EAP general-use dialog
 ///
 class wxEAPGeneralDialog;
 ///
 /// EAP top-most credential dialog
 ///
 class wxEAPCredentialsDialog;
 ///
 /// EAP general note
 ///
 class wxEAPNotePanel;
 ///
 /// EAP provider-locked congifuration note
 ///
@@ -56,6 +60,21 @@ class wxEAPProviderLockedPanel;
 ///
 class wxEAPCredentialWarningPanel;
 ///
 /// EAP Configuration window
 ///
 class wxEAPConfigWindow;
 ///
 /// EAP provider identity config panel
 ///
 class wxEAPProviderIdentityPanel;
 ///
 /// EAP provider configuration dialog
 ///
 class wxEAPConfigProvider;
 ///
 /// Base template for credential configuration panel
 ///
@@ -76,6 +95,11 @@ template <class _Tcred, class _Tbase> class wxPasswordCredentialsPanel;
 ///
 inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE hinst, PCWSTR pszName);
 ///
 /// Returns GUI displayable provider name
 ///
 inline wxString wxEAPGetProviderName(const std::wstring &id);
 #pragma once
 #include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision
@@ -128,10 +152,10 @@ public:
        // Set extra style here, as wxFormBuilder overrides all default flags.
        this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
-        for (std::list<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
+        for (std::vector<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
            bool is_single = provider->m_methods.size() == 1;
-            std::list<std::unique_ptr<eap::config_method> >::size_type count = 0;
+            std::vector<std::unique_ptr<eap::config_method> >::size_type count = 0;
-            std::list<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end();
+            std::vector<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end();
            for (; method != method_end; ++method, count++)
                m_providers->AddPage(
                    new _wxT(
@@ -139,7 +163,9 @@ public:
                        *method->get(),
                        provider->m_id.c_str(),
                        m_providers),
-                    is_single ? provider->m_id : winstd::tstring_printf(_T("%s (%u)"), provider->m_id.c_str(), count));
+                    is_single ?
                        wxEAPGetProviderName(provider->m_id) :
                        winstd::tstring_printf(_T("%s (%u)"), wxEAPGetProviderName(provider->m_id), count));
        }
        this->Layout();
@@ -151,6 +177,7 @@ public:
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event)
    {
        // Forward the event to child panels.
@@ -160,6 +187,22 @@ protected:
                prov->GetEventHandler()->ProcessEvent(event);
        }
    }
    virtual void OnUpdateUI(wxUpdateUIEvent& event)
    {
        UNREFERENCED_PARAMETER(event);
        m_advanced->Enable(!m_cfg.m_providers.at(m_providers->GetSelection()).m_read_only);
    }
    virtual void OnAdvanced(wxCommandEvent& event)
    {
        UNREFERENCED_PARAMETER(event);
        wxEAPConfigProvider dlg(m_cfg.m_providers.at(m_providers->GetSelection()), this);
        dlg.ShowModal();
    }
    /// \endcond
@@ -168,23 +211,38 @@ protected:
 };
-class wxEAPCredentialsDialog : public wxEAPCredentialsDialogBase
+class wxEAPGeneralDialog : public wxEAPGeneralDialogBase
 {
 public:
    ///
    /// Constructs a dialog
    ///
    wxEAPGeneralDialog(wxWindow* parent, const wxString& title = wxEmptyString);
    ///
    /// Adds panels to the dialog
    ///
    void AddContent(wxPanel **contents, size_t content_count);
    ///
    /// Adds single panel to the dialog
    ///
    void AddContent(wxPanel *content);
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
    /// \endcond
 };
 class wxEAPCredentialsDialog : public wxEAPGeneralDialog
 {
 public:
    ///
    /// Constructs a credential dialog
    ///
    wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent);
    ///
    /// Adds panels to the dialog
    ///
    void AddContents(wxPanel **contents, size_t content_count);
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
    /// \endcond
 };
@@ -265,6 +323,103 @@ protected:
 };
 class wxEAPConfigWindow : public wxScrolledWindow
 {
 public:
    ///
    /// Constructs a configuration window
    ///
    /// \param[in]    prov    Provider configuration data
    /// \param[inout] cfg     Configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent);
    ///
    /// Destructs the configuration window
    ///
    virtual ~wxEAPConfigWindow();
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
    virtual void OnUpdateUI(wxUpdateUIEvent& event);
    /// \endcond
 protected:
    const eap::config_provider &m_prov;     ///< EAP provider
    eap::config_method &m_cfg;              ///< Method configuration
 };
 class wxEAPProviderIdentityPanel : public wxEAPProviderIdentityPanelBase
 {
 public:
    ///
    /// Constructs a provider identity pannel
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent);
    friend class wxEAPConfigProvider; // Allows direct setting of keyboard focus
 protected:
    /// \cond internal
    virtual bool TransferDataToWindow();
    virtual bool TransferDataFromWindow();
    /// \endcond
 protected:
    eap::config_provider &m_prov;   ///< EAP method configuration
    winstd::library m_shell32;      ///< shell32.dll resource library reference
    wxIcon m_icon;                  ///< Panel icon
 };
 class wxEAPProviderLockPanel : public wxEAPProviderLockPanelBase
 {
 public:
    ///
    /// Constructs a provider lock pannel
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent);
 protected:
    /// \cond internal
    virtual bool TransferDataToWindow();
    virtual bool TransferDataFromWindow();
    /// \endcond
 protected:
    eap::config_provider &m_prov;   ///< EAP method configuration
    winstd::library m_shell32;      ///< shell32.dll resource library reference
    wxIcon m_icon;                  ///< Panel icon
 };
 class wxEAPConfigProvider : public wxEAPGeneralDialog
 {
 public:
    ///
    /// Constructs a provider config dialog
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent);
 protected:
    eap::config_provider &m_prov;           ///< EAP method configuration
    wxEAPProviderIdentityPanel *m_identity; ///< Provider identity panel
    wxEAPProviderLockPanel *m_lock;         ///< Provider lock panel
 };
 template <class _Tcred, class _wxT>
 class wxEAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanelBase
 {
@@ -289,6 +444,14 @@ public:
            wxSetIconFromResource(m_credentials_icon, m_icon, m_shell32, MAKEINTRESOURCE(/*16770*/269));
    }
    ///
    /// Sets keyboard focus to the first control that do not capture mouse wheel
    ///
    inline void SetFocusFromKbd()
    {
        m_own->SetFocusFromKbd();
    }
 protected:
    /// \cond internal
@@ -402,7 +565,7 @@ protected:
        // Display credential prompt.
        wxEAPCredentialsDialog dlg(m_prov, this);
        _wxT *panel = new _wxT(m_prov, m_cfg, cred, m_target.c_str(), &dlg, true);
-        dlg.AddContents((wxPanel**)&panel, 1);
+        dlg.AddContent(panel);
        if (dlg.ShowModal() == wxID_OK && panel->GetRememberValue()) {
            // Write credentials to credential manager.
            try {
@@ -433,7 +596,7 @@ protected:
        _wxT *panel = new _wxT(m_prov, m_cfg, m_cred, _T(""), &dlg, true);
-        dlg.AddContents((wxPanel**)&panel, 1);
+        dlg.AddContent(panel);
        dlg.ShowModal();
    }
@@ -486,6 +649,11 @@ public:
        this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI));
    }
    inline void SetRememberValue(bool val)
    {
        return m_remember->SetValue(val);
    }
    inline bool GetRememberValue() const
    {
        return m_remember->GetValue();
@@ -576,12 +744,12 @@ protected:
        m_identity->SetSelection(0, -1);
        m_password->SetValue(m_cred.m_password.empty() ? wxEmptyString : s_dummy_password);
-        return wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::TransferDataToWindow();
+        return wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::TransferDataToWindow();
    }
    virtual bool TransferDataFromWindow()
    {
-        if (!wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::TransferDataFromWindow())
+        if (!wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::TransferDataFromWindow())
            return false;
        m_cred.m_identity = m_identity->GetValue();
@@ -604,7 +772,7 @@ protected:
            m_password      ->Enable(false);
        }
-        wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPanelPassBase>::OnUpdateUI(event);
+        wxEAPCredentialsPanelBase<_Tcred, wxEAPCredentialsPassPanelBase>::OnUpdateUI(event);
    }
    /// \endcond
@@ -633,3 +801,10 @@ inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE h
    } else
        return false;
 }
 inline wxString wxEAPGetProviderName(const std::wstring &id)
 {
    return
        !id.empty() ? id : _("<Your Organization>");
 }
--- a/lib/EAPBase_UI/res/wxEAP_UI.cpp
+++ b/lib/EAPBase_UI/res/wxEAP_UI.cpp
@@ -28,6 +28,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	sb_content->Add( m_providers, 1, wxEXPAND|wxALL, 10 );
 	wxBoxSizer* sb_bottom_horiz;
 	sb_bottom_horiz = new wxBoxSizer( wxHORIZONTAL );
 	wxBoxSizer* sb_bottom_horiz_inner;
 	sb_bottom_horiz_inner = new wxBoxSizer( wxHORIZONTAL );
 	m_advanced = new wxButton( this, wxID_ANY, _("Advanced..."), wxDefaultPosition, wxDefaultSize, 0 );
 	m_advanced->SetToolTip( _("Opens dialog with provider settings") );
 	sb_bottom_horiz_inner->Add( m_advanced, 0, wxALL, 5 );
 	sb_bottom_horiz->Add( sb_bottom_horiz_inner, 1, wxEXPAND, 5 );
 	m_buttons = new wxStdDialogButtonSizer();
 	m_buttonsOK = new wxButton( this, wxID_OK );
 	m_buttons->AddButton( m_buttonsOK );
@@ -35,7 +49,10 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	m_buttons->AddButton( m_buttonsCancel );
 	m_buttons->Realize();
-	sb_content->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
+	sb_bottom_horiz->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
 	sb_content->Add( sb_bottom_horiz, 0, wxEXPAND, 5 );
 	this->SetSizer( sb_content );
@@ -44,16 +61,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	// Connect Events
 	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
 	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
 	m_advanced->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
 }
 wxEAPConfigDialogBase::~wxEAPConfigDialogBase()
 {
 	// Disconnect Events
 	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
 	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
 	m_advanced->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
 }
-wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
+wxEAPGeneralDialogBase::wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
 {
 	this->SetSizeHints( wxDefaultSize, wxDefaultSize );
@@ -84,13 +105,13 @@ wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWind
 	sb_content->Fit( this );
 	// Connect Events
-	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) );
+	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
 }
-wxEAPCredentialsDialogBase::~wxEAPCredentialsDialogBase()
+wxEAPGeneralDialogBase::~wxEAPGeneralDialogBase()
 {
 	// Disconnect Events
-	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) );
+	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
 }
@@ -99,20 +120,20 @@ wxEAPBannerPanelBase::wxEAPBannerPanelBase( wxWindow* parent, wxWindowID id, con
 	this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHT ) );
 	this->SetMinSize( wxSize( -1,48 ) );
-	wxBoxSizer* sc_content;
+	wxBoxSizer* sb_content;
-	sc_content = new wxBoxSizer( wxVERTICAL );
+	sb_content = new wxBoxSizer( wxVERTICAL );
 	m_title = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxALIGN_RIGHT );
 	m_title->Wrap( -1 );
 	m_title->SetFont( wxFont( 18, 70, 90, 90, false, wxEmptyString ) );
 	m_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHTTEXT ) );
-	sc_content->Add( m_title, 0, wxALL|wxEXPAND, 5 );
+	sb_content->Add( m_title, 0, wxALL|wxEXPAND, 5 );
-	this->SetSizer( sc_content );
+	this->SetSizer( sb_content );
 	this->Layout();
-	sc_content->Fit( this );
+	sb_content->Fit( this );
 }
 wxEAPBannerPanelBase::~wxEAPBannerPanelBase()
@@ -269,7 +290,7 @@ wxEAPCredentialsConfigPanelBase::~wxEAPCredentialsConfigPanelBase()
 }
-wxEAPCredentialsPanelPassBase::wxEAPCredentialsPanelPassBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
+wxEAPCredentialsPassPanelBase::wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_credentials;
 	sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Client Credentials") ), wxVERTICAL );
@@ -330,6 +351,168 @@ wxEAPCredentialsPanelPassBase::wxEAPCredentialsPanelPassBase( wxWindow* parent,
 	this->Layout();
 }
-wxEAPCredentialsPanelPassBase::~wxEAPCredentialsPanelPassBase()
+wxEAPCredentialsPassPanelBase::~wxEAPCredentialsPassPanelBase()
 {
 }
 wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_provider_id;
 	sb_provider_id = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Your Organization") ), wxVERTICAL );
 	wxBoxSizer* sb_provider_id_horiz;
 	sb_provider_id_horiz = new wxBoxSizer( wxHORIZONTAL );
 	m_provider_id_icon = new wxStaticBitmap( sb_provider_id->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
 	sb_provider_id_horiz->Add( m_provider_id_icon, 0, wxALL, 5 );
 	wxBoxSizer* sb_provider_id_vert;
 	sb_provider_id_vert = new wxBoxSizer( wxVERTICAL );
 	m_provider_id_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Describe your organization to customize user prompts.  When organization is introduced, end-users find program messages easier to understand and act."), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_id_label->Wrap( 446 );
 	sb_provider_id_vert->Add( m_provider_id_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_provider_name;
 	sb_provider_name = new wxBoxSizer( wxVERTICAL );
 	m_provider_name_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Your organization &name:"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name_label->Wrap( -1 );
 	sb_provider_name->Add( m_provider_name_label, 0, wxBOTTOM, 5 );
 	m_provider_name = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name->SetToolTip( _("Your organization name as it will appear on helpdesk contact notifications") );
 	sb_provider_name->Add( m_provider_name, 0, wxEXPAND|wxBOTTOM, 5 );
 	m_provider_name_note = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("(Keep it short, please)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name_note->Wrap( -1 );
 	sb_provider_name->Add( m_provider_name_note, 0, wxALIGN_RIGHT, 5 );
 	sb_provider_id_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
 	wxBoxSizer* sb_provider_helpdesk;
 	sb_provider_helpdesk = new wxBoxSizer( wxVERTICAL );
 	m_provider_helpdesk_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Helpdesk contact &information:"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_helpdesk_label->Wrap( -1 );
 	sb_provider_helpdesk->Add( m_provider_helpdesk_label, 0, wxBOTTOM, 5 );
 	wxFlexGridSizer* sb_provider_helpdesk_inner;
 	sb_provider_helpdesk_inner = new wxFlexGridSizer( 0, 2, 0, 0 );
 	sb_provider_helpdesk_inner->AddGrowableCol( 1 );
 	sb_provider_helpdesk_inner->SetFlexibleDirection( wxBOTH );
 	sb_provider_helpdesk_inner->SetNonFlexibleGrowMode( wxFLEX_GROWMODE_SPECIFIED );
 	m_provider_web_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("¶"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_web_icon->Wrap( -1 );
 	m_provider_web_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_web->SetToolTip( _("Your helpdesk website") );
 	sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
 	m_provider_email_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("*"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_email_icon->Wrap( -1 );
 	m_provider_email_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_email_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_email = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_email->SetToolTip( _("Your helpdesk e-mail address") );
 	sb_provider_helpdesk_inner->Add( m_provider_email, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
 	m_provider_phone_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _(")"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_phone_icon->Wrap( -1 );
 	m_provider_phone_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_phone_icon, 0, wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
 	m_provider_phone = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_phone->SetToolTip( _("Your helpdesk phone number") );
 	sb_provider_helpdesk_inner->Add( m_provider_phone, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
 	sb_provider_helpdesk->Add( sb_provider_helpdesk_inner, 1, wxEXPAND, 5 );
 	sb_provider_id_vert->Add( sb_provider_helpdesk, 1, wxEXPAND, 5 );
 	sb_provider_id_horiz->Add( sb_provider_id_vert, 1, wxEXPAND, 5 );
 	sb_provider_id->Add( sb_provider_id_horiz, 1, wxEXPAND, 5 );
 	this->SetSizer( sb_provider_id );
 	this->Layout();
 	// Connect Events
 	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
 }
 wxEAPProviderIdentityPanelBase::~wxEAPProviderIdentityPanelBase()
 {
 	// Disconnect Events
 	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
 }
 wxEAPProviderLockPanelBase::wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_provider_lock;
 	sb_provider_lock = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Configuration Lock") ), wxVERTICAL );
 	wxBoxSizer* sb_provider_lock_horiz;
 	sb_provider_lock_horiz = new wxBoxSizer( wxHORIZONTAL );
 	m_provider_lock_icon = new wxStaticBitmap( sb_provider_lock->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
 	sb_provider_lock_horiz->Add( m_provider_lock_icon, 0, wxALL, 5 );
 	wxBoxSizer* sb_provider_lock_vert;
 	sb_provider_lock_vert = new wxBoxSizer( wxVERTICAL );
 	m_provider_lock_label = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_lock_label->Wrap( 446 );
 	sb_provider_lock_vert->Add( m_provider_lock_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_provider_name;
 	sb_provider_name = new wxBoxSizer( wxVERTICAL );
 	m_provider_lock = new wxCheckBox( sb_provider_lock->GetStaticBox(), wxID_ANY, _("&Lock this configuration and prevent any further modification via user interface."), wxDefaultPosition, wxDefaultSize, 0 );
 	sb_provider_name->Add( m_provider_lock, 0, wxEXPAND|wxBOTTOM, 5 );
 	m_provider_lock_note = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("(Warning: Once locked, you can not revert using this dialog!)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_lock_note->Wrap( -1 );
 	sb_provider_name->Add( m_provider_lock_note, 0, wxALIGN_RIGHT, 5 );
 	sb_provider_lock_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
 	sb_provider_lock_horiz->Add( sb_provider_lock_vert, 1, wxEXPAND, 5 );
 	sb_provider_lock->Add( sb_provider_lock_horiz, 1, wxEXPAND, 5 );
 	this->SetSizer( sb_provider_lock );
 	this->Layout();
 	// Connect Events
 	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
 }
 wxEAPProviderLockPanelBase::~wxEAPProviderLockPanelBase()
 {
 	// Disconnect Events
 	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
 }
--- a/lib/EAPBase_UI/res/wxEAP_UI.fbp
+++ b/lib/EAPBase_UI/res/wxEAP_UI.fbp
--- a/lib/EAPBase_UI/res/wxEAP_UI.h
+++ b/lib/EAPBase_UI/res/wxEAP_UI.h
@@ -18,8 +18,8 @@ class wxEAPBannerPanel;
 #include <wx/settings.h>
 #include <wx/string.h>
 #include <wx/notebook.h>
 #include <wx/sizer.h>
 #include <wx/button.h>
 #include <wx/sizer.h>
 #include <wx/dialog.h>
 #include <wx/stattext.h>
 #include <wx/panel.h>
@@ -44,12 +44,15 @@ class wxEAPConfigDialogBase : public wxDialog
 	protected:
 		wxEAPBannerPanel *m_banner;
 		wxNotebook* m_providers;
 		wxButton* m_advanced;
 		wxStdDialogButtonSizer* m_buttons;
 		wxButton* m_buttonsOK;
 		wxButton* m_buttonsCancel;
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); }
 		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
 		virtual void OnAdvanced( wxCommandEvent& event ) { event.Skip(); }
 	public:
@@ -60,9 +63,9 @@ class wxEAPConfigDialogBase : public wxDialog
 };
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxEAPCredentialsDialogBase
+/// Class wxEAPGeneralDialogBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxEAPCredentialsDialogBase : public wxDialog 
+class wxEAPGeneralDialogBase : public wxDialog 
 {
 	private:
@@ -79,8 +82,8 @@ class wxEAPCredentialsDialogBase : public wxDialog
 	public:
-		wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Credentials"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
+		wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = wxEmptyString, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
-		~wxEAPCredentialsDialogBase();
+		~wxEAPGeneralDialogBase();
 };
@@ -153,9 +156,9 @@ class wxEAPCredentialsConfigPanelBase : public wxPanel
 };
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxEAPCredentialsPanelPassBase
+/// Class wxEAPCredentialsPassPanelBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxEAPCredentialsPanelPassBase : public wxPanel 
+class wxEAPCredentialsPassPanelBase : public wxPanel 
 {
 	private:
@@ -170,8 +173,64 @@ class wxEAPCredentialsPanelPassBase : public wxPanel
 	public:
-		wxEAPCredentialsPanelPassBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
+		wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
-		~wxEAPCredentialsPanelPassBase();
+		~wxEAPCredentialsPassPanelBase();
 };
 ///////////////////////////////////////////////////////////////////////////////
 /// Class wxEAPProviderIdentityPanelBase
 ///////////////////////////////////////////////////////////////////////////////
 class wxEAPProviderIdentityPanelBase : public wxPanel 
 {
 	private:
 	protected:
 		wxStaticBitmap* m_provider_id_icon;
 		wxStaticText* m_provider_id_label;
 		wxStaticText* m_provider_name_label;
 		wxTextCtrl* m_provider_name;
 		wxStaticText* m_provider_name_note;
 		wxStaticText* m_provider_helpdesk_label;
 		wxStaticText* m_provider_web_icon;
 		wxTextCtrl* m_provider_web;
 		wxStaticText* m_provider_email_icon;
 		wxTextCtrl* m_provider_email;
 		wxStaticText* m_provider_phone_icon;
 		wxTextCtrl* m_provider_phone;
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
 	public:
 		wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
 		~wxEAPProviderIdentityPanelBase();
 };
 ///////////////////////////////////////////////////////////////////////////////
 /// Class wxEAPProviderLockPanelBase
 ///////////////////////////////////////////////////////////////////////////////
 class wxEAPProviderLockPanelBase : public wxPanel 
 {
 	private:
 	protected:
 		wxStaticBitmap* m_provider_lock_icon;
 		wxStaticText* m_provider_lock_label;
 		wxCheckBox* m_provider_lock;
 		wxStaticText* m_provider_lock_note;
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
 	public:
 		wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
 		~wxEAPProviderLockPanelBase();
 };
--- a/lib/EAPBase_UI/src/EAP_UI.cpp
+++ b/lib/EAPBase_UI/src/EAP_UI.cpp
@@ -38,22 +38,19 @@ bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
 //////////////////////////////////////////////////////////////////////
-// wxEAPCredentialsDialog
+// wxEAPGeneralDialog
 //////////////////////////////////////////////////////////////////////
-wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPCredentialsDialogBase(parent)
+wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow* parent, const wxString& title) : wxEAPGeneralDialogBase(parent, wxID_ANY, title)
 {
    // Set extra style here, as wxFormBuilder overrides all default flags.
    this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
    // Set banner title.
    m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), prov.m_id.c_str()));
    m_buttonsOK->SetDefault();
 }
-void wxEAPCredentialsDialog::AddContents(wxPanel **contents, size_t content_count)
+void wxEAPGeneralDialog::AddContent(wxPanel **contents, size_t content_count)
 {
    if (content_count) {
        for (size_t i = 0; i < content_count; i++)
@@ -66,13 +63,30 @@ void wxEAPCredentialsDialog::AddContents(wxPanel **contents, size_t content_coun
 }
-void wxEAPCredentialsDialog::OnInitDialog(wxInitDialogEvent& event)
+void wxEAPGeneralDialog::AddContent(wxPanel *content)
 {
    AddContent(&content, 1);
 }
 void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
 {
    for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext())
        panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event);
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPCredentialsDialog
 //////////////////////////////////////////////////////////////////////
 wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPGeneralDialog(parent, _("EAP Credentials"))
 {
    // Set banner title.
    m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPNotePanel
 //////////////////////////////////////////////////////////////////////
@@ -182,10 +196,150 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi
    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
        wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161));
-    m_note_label->SetLabel(_("Previous attempt to connect using provided credentials failed. Please, make sure your credentials are correct, or try again later."));
+    m_note_label->SetLabel(_("Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."));
    m_note_label->Wrap(449);
    CreateContactFields(prov);
    this->Layout();
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPConfigWindow
 //////////////////////////////////////////////////////////////////////
 wxEAPConfigWindow::wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) :
    m_prov(prov),
    m_cfg(cfg),
    wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL)
 {
    this->SetScrollRate(5, 5);
    // Connect Events
    this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
    this->Connect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
 }
 wxEAPConfigWindow::~wxEAPConfigWindow()
 {
    // Disconnect Events
    this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
    this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
 }
 void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
 {
    UNREFERENCED_PARAMETER(event);
    // Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
    TransferDataToWindow();
 }
 void wxEAPConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
 {
    UNREFERENCED_PARAMETER(event);
    if (m_parent && m_parent->IsKindOf(wxCLASSINFO(wxNotebook))) {
        // We're a notebook page. Set the ID of our provider as our page label.
        wxNotebook *notebook = (wxNotebook*)m_parent;
        int idx = notebook->FindPage(this);
        if (idx != wxNOT_FOUND)
            notebook->SetPageText(idx, wxEAPGetProviderName(m_prov.m_id));
    } else
        this->SetLabel(wxEAPGetProviderName(m_prov.m_id));
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderIdentityPanel
 //////////////////////////////////////////////////////////////////////
 wxEAPProviderIdentityPanel::wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent) :
    m_prov(prov),
    wxEAPProviderIdentityPanelBase(parent)
 {
    // Load and set icon.
    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
        wxSetIconFromResource(m_provider_id_icon, m_icon, m_shell32, MAKEINTRESOURCE(259));
 }
 bool wxEAPProviderIdentityPanel::TransferDataToWindow()
 {
    m_provider_name ->SetValue(m_prov.m_id        );
    m_provider_web  ->SetValue(m_prov.m_help_web  );
    m_provider_email->SetValue(m_prov.m_help_email);
    m_provider_phone->SetValue(m_prov.m_help_phone);
    return wxEAPProviderIdentityPanelBase::TransferDataToWindow();
 }
 bool wxEAPProviderIdentityPanel::TransferDataFromWindow()
 {
    wxCHECK(wxEAPProviderIdentityPanelBase::TransferDataFromWindow(), false);
    m_prov.m_id         = m_provider_name ->GetValue();
    m_prov.m_help_web   = m_provider_web  ->GetValue();
    m_prov.m_help_email = m_provider_email->GetValue();
    m_prov.m_help_phone = m_provider_phone->GetValue();
    return true;
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderLockPanel
 //////////////////////////////////////////////////////////////////////
 wxEAPProviderLockPanel::wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent) :
    m_prov(prov),
    wxEAPProviderLockPanelBase(parent)
 {
    // Load and set icon.
    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
        wxSetIconFromResource(m_provider_lock_icon, m_icon, m_shell32, MAKEINTRESOURCE(1003));
 }
 bool wxEAPProviderLockPanel::TransferDataToWindow()
 {
    m_provider_lock->SetValue(m_prov.m_read_only);
    return wxEAPProviderLockPanelBase::TransferDataToWindow();
 }
 bool wxEAPProviderLockPanel::TransferDataFromWindow()
 {
    wxCHECK(wxEAPProviderLockPanelBase::TransferDataFromWindow(), false);
    m_prov.m_read_only = m_provider_lock->GetValue();
    return true;
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPConfigProvider
 //////////////////////////////////////////////////////////////////////
 wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent) :
    m_prov(prov),
    wxEAPGeneralDialog(parent, _("Provider Settings"))
 {
    // Set banner title.
    m_banner->m_title->SetLabel(_("Provider Settings"));
    m_identity = new wxEAPProviderIdentityPanel(prov, this);
    AddContent(m_identity);
    m_lock = new wxEAPProviderLockPanel(prov, this);
    AddContent(m_lock);
    m_identity->m_provider_name->SetFocusFromKbd();
 }
--- a/lib/Events/res/EventsETW.man
+++ b/lib/Events/res/EventsETW.man
--- a/lib/PAP/include/Credentials.h
+++ b/lib/PAP/include/Credentials.h
@@ -113,7 +113,7 @@ namespace eap
        /// - \c true  if credentials were set;
        /// - \c false otherwise
        ///
-        bool combine(
+        source_t combine(
            _In_       const credentials_pap   *cred_cached,
            _In_       const config_method_pap &cfg,
            _In_opt_z_       LPCTSTR           pszTargetName);
--- a/lib/PAP/src/Credentials.cpp
+++ b/lib/PAP/src/Credentials.cpp
@@ -75,7 +75,7 @@ LPCTSTR eap::credentials_pap::target_suffix() const
 }
-bool eap::credentials_pap::combine(
+eap::credentials::source_t eap::credentials_pap::combine(
    _In_       const credentials_pap   *cred_cached,
    _In_       const config_method_pap &cfg,
    _In_opt_z_       LPCTSTR           pszTargetName)
@@ -84,14 +84,14 @@ bool eap::credentials_pap::combine(
        // Using EAP service cached credentials.
        *this = *cred_cached;
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
-        return true;
+        return source_cache;
    }
    if (cfg.m_use_preshared) {
        // Using preshared credentials.
        *this = *(credentials_pap*)cfg.m_preshared.get();
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
-        return true;
+        return source_preshared;
    }
    if (pszTargetName) {
@@ -102,11 +102,11 @@ bool eap::credentials_pap::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
-            return true;
+            return source_storage;
        } catch (...) {
            // Not actually an error.
        }
    }
-    return false;
+    return source_unknown;
 }
--- a/lib/PAP_UI/include/PAP_UI.h
+++ b/lib/PAP_UI/include/PAP_UI.h
@@ -25,7 +25,7 @@
 ///
 /// PAP credential configuration panel
 ///
-typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPanelPassBase> > wxPAPCredentialsConfigPanel;
+typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> > wxPAPCredentialsConfigPanel;
 ///
 /// PAP configuration panel
@@ -35,7 +35,7 @@ class wxPAPConfigPanel;
 ///
 /// PAP credential entry panel
 ///
-typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPanelPassBase> wxPAPCredentialsPanel;
+typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> wxPAPCredentialsPanel;
 #pragma once
--- a/lib/TLS/include/Credentials.h
+++ b/lib/TLS/include/Credentials.h
@@ -200,7 +200,7 @@ namespace eap
        /// - \c true  if credentials were set;
        /// - \c false otherwise
        ///
-        bool combine(
+        source_t combine(
            _In_       const credentials_tls   *cred_cached,
            _In_       const config_method_tls &cfg,
            _In_opt_z_       LPCTSTR           pszTargetName);
--- a/lib/TLS/include/Method.h
+++ b/lib/TLS/include/Method.h
@@ -150,13 +150,6 @@ namespace eap
        ///
        method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred);
        ///
        /// Copies an EAP method
        ///
        /// \param[in] other  EAP method to copy from
        ///
        method_tls(_In_ const method_tls &other);
        ///
        /// Moves an EAP method
        ///
@@ -169,15 +162,6 @@ namespace eap
        ///
        virtual ~method_tls();
        ///
        /// Copies an EAP method
        ///
        /// \param[in] other  EAP method to copy from
        ///
        /// \returns Reference to this object
        ///
        method_tls& operator=(_In_ const method_tls &other);
        ///
        /// Moves an EAP method
        ///
@@ -242,7 +226,7 @@ namespace eap
        ///
        /// \returns Client hello message
        ///
-        sanitizing_blob make_client_hello() const;
+        sanitizing_blob make_client_hello();
        ///
        /// Makes a TLS client certificate message
@@ -264,15 +248,6 @@ namespace eap
        ///
        sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
        ///
        /// Makes a TLS change cipher spec message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
        ///
        /// \returns Change cipher spec
        ///
        eap::sanitizing_blob make_change_chiper_spec() const;
        ///
        /// Makes a TLS finished message
        ///
@@ -324,25 +299,17 @@ namespace eap
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
        ///
        /// \param[in]    type  Message type
-        /// \param[in] data     Message data contents
+        /// \param[inout] data  Message data contents
        /// \param[in] encrypt  Should \p data get encrypted?
        ///
        /// \returns TLS message message
        ///
-        eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data, _In_ bool encrypt);
+        eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data);
        /// @}
        /// \name Key derivation
        /// @{
        ///
        /// Generates keys required by current connection state
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.3. Key Calculation)](https://tools.ietf.org/html/rfc5246#section-6.3)
        ///
        void derive_keys();
        ///
        /// Generates master session key
        ///
@@ -468,28 +435,6 @@ namespace eap
            _In_                            size_t            size_seed,
            _In_                            size_t            size);
        ///
        /// Calculates pseudo-random P_hash data defined in RFC 5246
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
        ///
        /// \param[in] secret     Hashing secret key
        /// \param[in] seed       Random seed
        /// \param[in] size_seed  \p seed size
        /// \param[in] size       Number of bytes of pseudo-random data required
        ///
        /// \returns Generated pseudo-random data (\p size bytes)
        ///
        inline sanitizing_blob prf(
            _In_                      const tls_master_secret &secret,
            _In_bytecount_(size_seed) const void              *seed,
            _In_                            size_t            size_seed,
            _In_                            size_t            size) const
        {
            return prf(m_cp, m_state.m_alg_prf, secret, seed, size_seed, size);
        }
        ///
        /// Calculates pseudo-random P_hash data defined in RFC 5246
        ///
@@ -515,27 +460,6 @@ namespace eap
            return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size);
        }
        ///
        /// Calculates pseudo-random P_hash data defined in RFC 5246
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
        ///
        /// \param[in] secret  Hashing secret key
        /// \param[in] seed    Random seed
        /// \param[in] size    Number of bytes of pseudo-random data required
        ///
        /// \returns Generated pseudo-random data (\p size bytes)
        ///
        template<class _Ty, class _Ax>
        inline sanitizing_blob prf(
            _In_ const tls_master_secret     &secret,
            _In_ const std::vector<_Ty, _Ax> &seed,
            _In_       size_t                size) const
        {
            return prf(m_cp, m_state.m_alg_prf, secret, seed.data(), seed.size() * sizeof(_Ty), size);
        }
        /// @}
        ///
@@ -543,6 +467,7 @@ namespace eap
        ///
        /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
        ///
        /// \param[in] cp           Handle of the cryptographics provider
        /// \param[in] alg          Key algorithm
        /// \param[in] key          Key that decrypts \p secret
        /// \param[in] secret       Key data
@@ -551,6 +476,7 @@ namespace eap
        /// \returns Key
        ///
        HCRYPTKEY create_key(
            _In_                              HCRYPTPROV cp,
            _In_                              ALG_ID     alg,
            _In_                              HCRYPTKEY  key,
            _In_bytecount_(size_secret) const void       *secret,
@@ -562,16 +488,22 @@ namespace eap
        packet m_packet_req;                                    ///< Request packet
        packet m_packet_res;                                    ///< Response packet
-        winstd::crypt_prov m_cp;                                ///< Cryptography provider
+        winstd::crypt_prov m_cp;                                ///< Cryptography provider for general services
        winstd::crypt_prov m_cp_enc_client;                     ///< Cryptography provider for encryption
        winstd::crypt_prov m_cp_enc_server;                     ///< Cryptography provider for encryption
        winstd::crypt_key m_key_exp1;                           ///< Key for importing derived keys
        tls_version m_tls_version;                              ///< TLS version in use
        ALG_ID m_alg_prf;                                       ///< Pseudo-random function algorithm in use
-        tls_conn_state m_state;                                 ///< TLS connection state for fast reconnect
+        tls_conn_state m_state_client;                          ///< Client TLS connection state
        tls_conn_state m_state_client_pending;                  ///< Client TLS connection state (pending)
        tls_conn_state m_state_server;                          ///< Server TLS connection state
        tls_conn_state m_state_server_pending;                  ///< Server TLS connection state (pending)
-        sanitizing_blob m_padding_hmac_client;                  ///< Padding (key) for client side HMAC calculation
+        tls_master_secret m_master_secret;                      ///< TLS master secret
-        sanitizing_blob m_padding_hmac_server;                  ///< Padding (key) for server side HMAC calculation
+        tls_random m_random_client;                             ///< Client random
-        winstd::crypt_key m_key_client;                         ///< Key for encrypting messages
+        tls_random m_random_server;                             ///< Server random
        winstd::crypt_key m_key_server;                         ///< Key for decrypting messages
        tls_random m_key_mppe_client;                           ///< MS-MPPE-Recv-Key
        tls_random m_key_mppe_server;                           ///< MS-MPPE-Send-Key
@@ -580,14 +512,19 @@ namespace eap
        std::list<winstd::cert_context> m_server_cert_chain;    ///< Server certificate chain
-        winstd::crypt_hash m_hash_handshake_msgs_md5;           ///< Running MD5 hash of handshake messages sent
+        winstd::crypt_hash m_hash_handshake_msgs_md5;           ///< Running MD5 hash of handshake messages
-        winstd::crypt_hash m_hash_handshake_msgs_sha1;          ///< Running SHA-1 hash of handshake messages sent
+        winstd::crypt_hash m_hash_handshake_msgs_sha1;          ///< Running SHA-1 hash of handshake messages
-        winstd::crypt_hash m_hash_handshake_msgs_sha256;        ///< Running SHA-256 hash of handshake messages sent
+        winstd::crypt_hash m_hash_handshake_msgs_sha256;        ///< Running SHA-256 hash of handshake messages
-        bool m_certificate_req;                                 ///< Did server request client certificate?
+        bool m_handshake[tls_handshake_type_max];               ///< Handshake flags (map od handshake messages received)
-        bool m_server_hello_done;                               ///< Is server hello done?
+
-        bool m_cipher_spec;                                     ///< Did server specify cipher?
+        enum {
-        bool m_server_finished;                                 ///< Did server send a valid finish message?
+            phase_unknown = -1,                                 ///< Unknown phase
            phase_client_hello = 0,                             ///< Send client hello
            phase_server_hello,                                 ///< Wait for server hello
            phase_change_cipher_spec,                           ///< Wait for change cipher spec
            phase_application_data                              ///< Exchange application data
        } m_phase;                                              ///< What phase is our communication at?
        unsigned __int64 m_seq_num_client;                      ///< Sequence number for encrypting
        unsigned __int64 m_seq_num_server;                      ///< Sequence number for decrypting
--- a/lib/TLS/include/TLS.h
+++ b/lib/TLS/include/TLS.h
@@ -59,7 +59,7 @@ namespace eap
    extern const tls_version tls_version_1_2;
    ///
-    /// TLS client/server tls_random
+    /// TLS client/server random
    ///
    struct tls_random;
@@ -71,11 +71,11 @@ namespace eap
    struct tls_master_secret;
    ///
-    /// TLS client connection state
+    /// HMAC padding
    ///
-    /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1)
+    /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
    ///
-    class tls_conn_state;
+    struct hmac_padding;
    ///
    /// Our own implementation of HMAC hashing
@@ -83,83 +83,40 @@ namespace eap
    ///
    /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
    ///
-    class hash_hmac;
+    class hmac_hash;
    ///
    /// TLS client connection state
    ///
    /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1)
    ///
    class tls_conn_state;
 }
-///
+/////
-/// Packs a TLS tls_random
+///// Packs a TLS connection state
-///
+/////
-/// \param[inout] cursor  Memory cursor
+///// \param[inout] cursor  Memory cursor
-/// \param[in]    val     Variable with data to pack
+///// \param[in]    val     Variable with data to pack
-///
+/////
-inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_random &val);
+//inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val);
-
+//
-///
+/////
-/// Returns packed size of TLS tls_random
+///// Returns packed size of TLS connection state
-///
+/////
-/// \param[in] val  Data to pack
+///// \param[in] val  Data to pack
-///
+/////
-/// \returns Size of data when packed (in bytes)
+///// \returns Size of data when packed (in bytes)
-///
+/////
-inline size_t pksizeof(_In_ const eap::tls_random &val);
+//inline size_t pksizeof(_In_ const eap::tls_conn_state &val);
-
+//
-///
+/////
-/// Unpacks a TLS tls_random
+///// Unpacks a TLS connection state
-///
+/////
-/// \param[inout] cursor  Memory cursor
+///// \param[inout] cursor  Memory cursor
-/// \param[out]   val     Variable to receive unpacked value
+///// \param[out]   val     Variable to receive unpacked value
-///
+/////
-inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_random &val);
+//inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val);
 ///
 /// Packs a TLS master secret
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[in]    val     Variable with data to pack
 ///
 inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_master_secret &val);
 ///
 /// Returns packed size of TLS master secret
 ///
 /// \param[in] val  Data to pack
 ///
 /// \returns Size of data when packed (in bytes)
 ///
 inline size_t pksizeof(_In_ const eap::tls_master_secret &val);
 ///
 /// Unpacks a TLS master secret
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[out]   val     Variable to receive unpacked value
 ///
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_master_secret &val);
 ///
 /// Packs a TLS connection state
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[in]    val     Variable with data to pack
 ///
 inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val);
 ///
 /// Returns packed size of TLS connection state
 ///
 /// \param[in] val  Data to pack
 ///
 /// \returns Size of data when packed (in bytes)
 ///
 inline size_t pksizeof(_In_ const eap::tls_conn_state &val);
 ///
 /// Unpacks a TLS connection state
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[out]   val     Variable to receive unpacked value
 ///
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val);
 #pragma once
@@ -191,7 +148,10 @@ namespace eap
        tls_handshake_type_server_hello_done   = 14,
        tls_handshake_type_certificate_verify  = 15,
        tls_handshake_type_client_key_exchange = 16,
-        tls_handshake_type_finished            = 20
+        tls_handshake_type_finished            = 20,
        tls_handshake_type_min                 =  0,    ///< First existing handshake message
        tls_handshake_type_max                 = 21     ///< First non-existing (officially) handshake message
    };
@@ -343,59 +303,24 @@ namespace eap
 #pragma pack(push)
 #pragma pack(1)
-    struct __declspec(novtable) tls_random
+    struct __declspec(novtable) tls_random : public sanitizing_blob_xf<32>
    {
        unsigned char data[32]; ///< Randomness
        ///
-        /// Constructs a all-zero tls_random
+        /// Generate TLS random
        ///
        tls_random();
        ///
        /// Copies a tls_random
        ///
        /// \param[in] other  Random to copy from
        ///
        tls_random(_In_ const tls_random &other);
        ///
        /// Destructor
        ///
        ~tls_random();
        ///
        /// Copies a tls_random
        ///
        /// \param[in] other  Random to copy from
        ///
        /// \returns Reference to this object
        ///
        tls_random& operator=(_In_ const tls_random &other);
        ///
        /// Empty the tls_random
        ///
        void clear();
        ///
        /// Generate tls_random
        ///
        /// \param[in] cp  Handle of the cryptographics provider
        ///
-        void reset(_In_ HCRYPTPROV cp);
+        void randomize(_In_ HCRYPTPROV cp);
    };
 #pragma pack(pop)
 #pragma pack(push)
 #pragma pack(1)
-    struct __declspec(novtable) tls_master_secret
+    struct __declspec(novtable) tls_master_secret : public sanitizing_blob_xf<48>
    {
        unsigned char data[48];
        ///
-        /// Constructs a all-zero master secret
+        /// Constructor
        ///
        tls_master_secret();
@@ -412,92 +337,68 @@ namespace eap
        ///
        /// Copies a master secret
        ///
-        /// \param[in] other  Random to copy from
+        /// \param[in] other  Master secret to copy from
        ///
-        tls_master_secret(_In_ const tls_master_secret &other);
+        tls_master_secret(_In_ const sanitizing_blob_f<48> &other);
 #ifdef _DEBUG
        ///
-        /// Destructor
+        /// Moves the master secret
        ///
-        ~tls_master_secret();
+        /// \param[inout] other  Master secret to move from
        ///
-        /// Copies a master secret
+        tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other);
-        ///
+#endif
        /// \param[in] other  Random to copy from
        ///
        /// \returns Reference to this object
        ///
        tls_master_secret& operator=(_In_ const tls_master_secret &other);
        ///
        /// Empty the master secret
        ///
        void clear();
    };
 #pragma pack(pop)
-    class tls_conn_state
+#pragma pack(push)
 #pragma pack(1)
    struct __declspec(novtable) hmac_padding : public sanitizing_blob_xf<64>
    {
    public:
        ///
-        /// Constructs a connection state
+        /// Constructor
        ///
-        tls_conn_state();
+        hmac_padding();
        ///
-        /// Copies a connection state
+        /// Derive padding from secret
        ///
-        /// \param[in] other  Connection state to copy from
+        /// \param[in] cp           Handle of the cryptographics provider
        /// \param[in] alg          Hashing algorithm
        /// \param[in] secret       HMAC secret
        /// \param[in] size_secret  \p secret size
        /// \param[in] pad          Padding value to XOR with (0x36=inner, 0x5c=outer...)
        ///
-        tls_conn_state(_In_ const tls_conn_state &other);
+        hmac_padding(
            _In_                               HCRYPTPROV    cp,
            _In_                               ALG_ID        alg,
            _In_bytecount_(size_secret ) const void          *secret,
            _In_                               size_t        size_secret,
            _In_opt_                           unsigned char pad = 0x36);
        ///
-        /// Moves a connection state
+        /// Copies a padding
        ///
-        /// \param[in] other  Connection state to move from
+        /// \param[in] other  Master secret to copy from
        ///
-        tls_conn_state(_Inout_ tls_conn_state &&other);
+        hmac_padding(_In_ const sanitizing_blob_f<64> &other);
 #ifdef _DEBUG
        ///
-        /// Copies a connection state
+        /// Moves the padding
        ///
-        /// \param[in] other  Connection state to copy from
+        /// \param[inout] other  Padding to move from
        ///
-        /// \returns Reference to this object
+        hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other);
-        ///
+#endif
        tls_conn_state& operator=(_In_ const tls_conn_state &other);
        ///
        /// Moves a connection state
        ///
        /// \param[in] other  Connection state to move from
        ///
        /// \returns Reference to this object
        ///
        tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
    public:
        ALG_ID m_alg_prf;                   ///> Pseudo-tls_random function algorithm
        ALG_ID m_alg_encrypt;               ///> Bulk encryption algorithm
        size_t m_size_enc_key;              ///> Encryption key size in bytes (has to comply with `m_alg_encrypt`)
        size_t m_size_enc_iv;               ///> Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
        size_t m_size_enc_block;            ///> Encryption block size in bytes (has to comply with `m_alg_encrypt`)
        ALG_ID m_alg_mac;                   ///> Message authenticy check algorithm
        size_t m_size_mac_key;              ///> Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
        size_t m_size_mac_hash;             ///> Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
        tls_master_secret m_master_secret;  ///< TLS master secret
        tls_random m_random_client;         ///< Client tls_random
        tls_random m_random_server;         ///< Server tls_random
    };
 #pragma pack(pop)
-    class hash_hmac
+    class hmac_hash
    {
    public:
        typedef unsigned char padding_t[64];
    public:
        ///
        /// Construct new HMAC hashing object
@@ -507,7 +408,7 @@ namespace eap
        /// \param[in] secret       HMAC secret
        /// \param[in] size_secret  \p secret size
        ///
-        hash_hmac(
+        hmac_hash(
            _In_                               HCRYPTPROV cp,
            _In_                               ALG_ID     alg,
            _In_bytecount_(size_secret ) const void       *secret,
@@ -520,10 +421,10 @@ namespace eap
        /// \param[in] alg          Hashing algorithm
        /// \param[in] padding      HMAC secret XOR inner padding
        ///
-        hash_hmac(
+        hmac_hash(
            _In_       HCRYPTPROV   cp,
            _In_       ALG_ID       alg,
-            _In_ const padding_t  padding);
+            _In_ const hmac_padding &padding);
        ///
        /// Provides access to inner hash object to hash data at will.
@@ -556,99 +457,61 @@ namespace eap
                throw win_runtime_error(__FUNCTION__ " Error calculating outer hash.");
        }
        ///
        /// Helper method to pre-derive inner padding for frequent reuse
        ///
        /// \param[in]  cp           Handle of the cryptographics provider
        /// \param[in]  alg          Hashing algorithm
        /// \param[in]  secret       HMAC secret
        /// \param[in]  size_secret  \p secret size
        /// \param[out] padding      HMAC secret XOR inner padding
        ///
        static void inner_padding(
            _In_                               HCRYPTPROV cp,
            _In_                               ALG_ID     alg,
            _In_bytecount_(size_secret ) const void       *secret,
            _In_                               size_t     size_secret,
            _Out_                              padding_t  padding);
    protected:
        winstd::crypt_hash m_hash_inner; ///< Inner hashing object
        winstd::crypt_hash m_hash_outer; ///< Outer hashing object
    };
 }
-inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_random &val)
+    class tls_conn_state
    {
-    eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_random);
+    public:
-    assert(ptr_end <= cursor.ptr_end);
+        ///
-    memcpy(cursor.ptr, val.data, sizeof(eap::tls_random));
+        /// Constructs a connection state
-    cursor.ptr = ptr_end;
+        ///
-}
+        tls_conn_state();
-
+
-
+        ///
-inline size_t pksizeof(_In_ const eap::tls_random &val)
+        /// Copy a connection state
-{
+        ///
-    UNREFERENCED_PARAMETER(val);
+        /// \param[in] other  Connection state to copy from
-    return sizeof(eap::tls_random);
+        ///
-}
+        tls_conn_state(_In_ const tls_conn_state &other);
-
+
-
+        ///
-inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_random &val)
+        /// Moves a connection state
-{
+        ///
-    eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_random);
+        /// \param[inout] other  Connection state to move from
-    assert(ptr_end <= cursor.ptr_end);
+        ///
-    memcpy(val.data, cursor.ptr, sizeof(eap::tls_random));
+        tls_conn_state(_Inout_ tls_conn_state &&other);
-    cursor.ptr = ptr_end;
+
-}
+        ///
-
+        /// Copy a connection state
-
+        ///
-inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_master_secret &val)
+        /// \param[inout] other  Connection state to copy from
-{
+        ///
-    eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_master_secret);
+        /// \returns Reference to this object
-    assert(ptr_end <= cursor.ptr_end);
+        ///
-    memcpy(cursor.ptr, val.data, sizeof(eap::tls_master_secret));
+        tls_conn_state& operator=(_In_ const tls_conn_state &other);
-    cursor.ptr = ptr_end;
+
-}
+        ///
-
+        /// Moves a connection state
-
+        ///
-inline size_t pksizeof(_In_ const eap::tls_master_secret &val)
+        /// \param[in] other  Connection state to move from
-{
+        ///
-    UNREFERENCED_PARAMETER(val);
+        /// \returns Reference to this object
-    return sizeof(eap::tls_master_secret);
+        ///
-}
+        tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
-
+
-
+    public:
-inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_master_secret &val)
+        ALG_ID m_alg_encrypt;           ///< Bulk encryption algorithm
-{
+        size_t m_size_enc_key;          ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
-    eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(eap::tls_master_secret);
+        size_t m_size_enc_iv;           ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
-    assert(ptr_end <= cursor.ptr_end);
+        size_t m_size_enc_block;        ///< Encryption block size in bytes (has to comply with `m_alg_encrypt`)
-    memcpy(val.data, cursor.ptr, sizeof(eap::tls_master_secret));
+        winstd::crypt_key m_key;        ///< Key for encrypting messages
-    cursor.ptr = ptr_end;
+        ALG_ID m_alg_mac;               ///< Message authenticy check algorithm
-}
+        size_t m_size_mac_key;          ///< Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
-
+        size_t m_size_mac_hash;         ///< Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
-
+        hmac_padding m_padding_hmac;    ///< Padding (key) for HMAC calculation
-inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val)
+    };
 {
    cursor << val.m_master_secret;
    cursor << val.m_random_client;
    cursor << val.m_random_server;
 }
 inline size_t pksizeof(_In_ const eap::tls_conn_state &val)
 {
    return
        pksizeof(val.m_master_secret) +
        pksizeof(val.m_random_client) +
        pksizeof(val.m_random_server);
 }
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val)
 {
    cursor >> val.m_master_secret;
    cursor >> val.m_random_client;
    cursor >> val.m_random_server;
 }
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@@ -254,7 +254,7 @@ tstring eap::credentials_tls::get_name() const
 }
-bool eap::credentials_tls::combine(
+eap::credentials::source_t eap::credentials_tls::combine(
    _In_       const credentials_tls   *cred_cached,
    _In_       const config_method_tls &cfg,
    _In_opt_z_       LPCTSTR           pszTargetName)
@@ -263,14 +263,14 @@ bool eap::credentials_tls::combine(
        // Using EAP service cached credentials.
        *this = *cred_cached;
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
-        return true;
+        return source_cache;
    }
    if (cfg.m_use_preshared) {
        // Using preshared credentials.
        *this = *(credentials_tls*)cfg.m_preshared.get();
        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
-        return true;
+        return source_preshared;
    }
    if (pszTargetName) {
@@ -281,13 +281,13 @@ bool eap::credentials_tls::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
-            return true;
+            return source_storage;
        } catch (...) {
            // Not actually an error.
        }
    }
-    return false;
+    return source_unknown;
 }
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
--- a/lib/TLS/src/TLS.cpp
+++ b/lib/TLS/src/TLS.cpp
@@ -37,40 +37,7 @@ const eap::tls_version eap::tls_version_1_2 = { 3, 3 };
 // eap::tls_random
 //////////////////////////////////////////////////////////////////////
-eap::tls_random::tls_random()
+void eap::tls_random::randomize(_In_ HCRYPTPROV cp)
 {
    memset(data, 0, sizeof(data));
 }
 eap::tls_random::tls_random(_In_ const tls_random &other)
 {
    memcpy(data, other.data, sizeof(data));
 }
 eap::tls_random::~tls_random()
 {
    SecureZeroMemory(data, sizeof(data));
 }
 eap::tls_random& eap::tls_random::operator=(_In_ const tls_random &other)
 {
    if (this != std::addressof(other))
        memcpy(data, other.data, sizeof(data));
    return *this;
 }
 void eap::tls_random::clear()
 {
    memset(data, 0, sizeof(data));
 }
 void eap::tls_random::reset(_In_ HCRYPTPROV cp)
 {
    _time32((__time32_t*)data);
    if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t)))
@@ -84,7 +51,6 @@ void eap::tls_random::reset(_In_ HCRYPTPROV cp)
 eap::tls_master_secret::tls_master_secret()
 {
    memset(data, 0, sizeof(data));
 }
@@ -98,30 +64,113 @@ eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version v
 }
-eap::tls_master_secret::tls_master_secret(_In_ const tls_master_secret &other)
+eap::tls_master_secret::tls_master_secret(_In_ const sanitizing_blob_f<48> &other) :
    sanitizing_blob_xf<48>(other)
 {
    memcpy(data, other.data, sizeof(data));
 }
-eap::tls_master_secret::~tls_master_secret()
+#ifdef _DEBUG
 eap::tls_master_secret::tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other) :
    sanitizing_blob_xf<48>(std::move(other))
 {
 }
 #endif
 //////////////////////////////////////////////////////////////////////
 // eap::hmac_padding
 //////////////////////////////////////////////////////////////////////
 eap::hmac_padding::hmac_padding()
 {
    SecureZeroMemory(data, sizeof(data));
 }
-eap::tls_master_secret& eap::tls_master_secret::operator=(_In_ const tls_master_secret &other)
+eap::hmac_padding::hmac_padding(
            _In_                               HCRYPTPROV    cp,
            _In_                               ALG_ID        alg,
            _In_bytecount_(size_secret ) const void          *secret,
            _In_                               size_t        size_secret,
            _In_opt_                           unsigned char pad)
 {
-    if (this != std::addressof(other))
+    if (size_secret > sizeof(hmac_padding)) {
-        memcpy(data, other.data, sizeof(data));
+        // If the secret is longer than padding, use secret's hash instead.
-
+        crypt_hash hash;
-    return *this;
+        if (!hash.create(cp, alg))
            throw win_runtime_error(__FUNCTION__ " Error creating hash.");
        if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
            throw win_runtime_error(__FUNCTION__ " Error hashing.");
        DWORD size_hash = sizeof(hmac_padding);
        if (!CryptGetHashParam(hash, HP_HASHVAL, data, &size_hash, 0))
            throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
        size_secret = size_hash;
    } else
        memcpy(data, secret, size_secret);
    for (size_t i = 0; i < size_secret; i++)
        data[i] ^= pad;
    memset(data + size_secret, pad, sizeof(hmac_padding) - size_secret);
 }
-void eap::tls_master_secret::clear()
+eap::hmac_padding::hmac_padding(_In_ const sanitizing_blob_f<64> &other) :
    sanitizing_blob_xf<64>(other)
 {
-    memset(data, 0, sizeof(data));
+}
 #ifdef _DEBUG
 eap::hmac_padding::hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other) :
    sanitizing_blob_xf<64>(std::move(other))
 {
 }
 #endif
 //////////////////////////////////////////////////////////////////////
 // eap::hmac_hash
 //////////////////////////////////////////////////////////////////////
 eap::hmac_hash::hmac_hash(
    _In_                               HCRYPTPROV cp,
    _In_                               ALG_ID     alg,
    _In_bytecount_(size_secret ) const void       *secret,
    _In_                               size_t     size_secret)
 {
    // Prepare inner padding and forward to the other constructor.
    this->hmac_hash::hmac_hash(cp, alg, hmac_padding(cp, alg, secret, size_secret));
 }
 eap::hmac_hash::hmac_hash(
    _In_       HCRYPTPROV   cp,
    _In_       ALG_ID       alg,
    _In_ const hmac_padding &padding)
 {
    // Create inner hash.
    if (!m_hash_inner.create(cp, alg))
        throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
    // Initialize it with the inner padding.
    if (!CryptHashData(m_hash_inner, padding.data, sizeof(hmac_padding), 0))
        throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
    // Convert inner padding to outer padding for final calculation.
    hmac_padding padding_out;
    for (size_t i = 0; i < sizeof(hmac_padding); i++)
        padding_out.data[i] = padding.data[i] ^ (0x36 ^ 0x5c);
    // Create outer hash.
    if (!m_hash_outer.create(cp, alg))
        throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
    // Initialize it with the outer padding.
    if (!CryptHashData(m_hash_outer, padding_out.data, sizeof(hmac_padding), 0))
        throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
 }
@@ -129,8 +178,10 @@ void eap::tls_master_secret::clear()
 // eap::tls_conn_state
 //////////////////////////////////////////////////////////////////////
-eap::tls_conn_state::tls_conn_state() :
+eap::tls_conn_state::tls_conn_state()
-    m_alg_prf       (0),
+#ifdef _DEBUG
    // Initialize state primitive members for diagnostic purposes.
    :
    m_alg_encrypt   (0),
    m_size_enc_key  (0),
    m_size_enc_iv   (0),
@@ -138,32 +189,61 @@ eap::tls_conn_state::tls_conn_state() :
    m_alg_mac       (0),
    m_size_mac_key  (0),
    m_size_mac_hash (0)
 #endif
 {
 }
 eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
-    m_master_secret(other.m_master_secret),
+    m_alg_encrypt   (other.m_alg_encrypt   ),
-    m_random_client(other.m_random_client),
+    m_size_enc_key  (other.m_size_enc_key  ),
-    m_random_server(other.m_random_server)
+    m_size_enc_iv   (other.m_size_enc_iv   ),
    m_size_enc_block(other.m_size_enc_block),
    m_key           (other.m_key           ),
    m_alg_mac       (other.m_alg_mac       ),
    m_size_mac_key  (other.m_size_mac_key  ),
    m_size_mac_hash (other.m_size_mac_hash ),
    m_padding_hmac  (other.m_padding_hmac  )
 {
 }
 eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
-    m_master_secret(std::move(other.m_master_secret)),
+    m_alg_encrypt   (std::move(other.m_alg_encrypt   )),
-    m_random_client(std::move(other.m_random_client)),
+    m_size_enc_key  (std::move(other.m_size_enc_key  )),
-    m_random_server(std::move(other.m_random_server))
+    m_size_enc_iv   (std::move(other.m_size_enc_iv   )),
    m_size_enc_block(std::move(other.m_size_enc_block)),
    m_key           (std::move(other.m_key           )),
    m_alg_mac       (std::move(other.m_alg_mac       )),
    m_size_mac_key  (std::move(other.m_size_mac_key  )),
    m_size_mac_hash (std::move(other.m_size_mac_hash )),
    m_padding_hmac  (std::move(other.m_padding_hmac  ))
 {
 #ifdef _DEBUG
    // Reinitialize other state primitive members for diagnostic purposes.
    other.m_alg_encrypt    = 0;
    other.m_size_enc_key   = 0;
    other.m_size_enc_iv    = 0;
    other.m_size_enc_block = 0;
    other.m_alg_mac        = 0;
    other.m_size_mac_key   = 0;
    other.m_size_mac_hash  = 0;
 #endif
 }
 eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
 {
    if (this != std::addressof(other)) {
-        m_master_secret = other.m_master_secret;
+        m_alg_encrypt    = other.m_alg_encrypt   ;
-        m_random_client = other.m_random_client;
+        m_size_enc_key   = other.m_size_enc_key  ;
-        m_random_server = other.m_random_server;
+        m_size_enc_iv    = other.m_size_enc_iv   ;
        m_size_enc_block = other.m_size_enc_block;
        m_key            = other.m_key           ;
        m_alg_mac        = other.m_alg_mac       ;
        m_size_mac_key   = other.m_size_mac_key  ;
        m_size_mac_hash  = other.m_size_mac_hash ;
        m_padding_hmac   = other.m_padding_hmac  ;
    }
    return *this;
@@ -173,83 +253,27 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &o
 eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
 {
    if (this != std::addressof(other)) {
-        m_master_secret = std::move(other.m_master_secret);
+        m_alg_encrypt    = std::move(other.m_alg_encrypt   );
-        m_random_client = std::move(other.m_random_client);
+        m_size_enc_key   = std::move(other.m_size_enc_key  );
-        m_random_server = std::move(other.m_random_server);
+        m_size_enc_iv    = std::move(other.m_size_enc_iv   );
        m_size_enc_block = std::move(other.m_size_enc_block);
        m_key            = std::move(other.m_key           );
        m_alg_mac        = std::move(other.m_alg_mac       );
        m_size_mac_key   = std::move(other.m_size_mac_key  );
        m_size_mac_hash  = std::move(other.m_size_mac_hash );
        m_padding_hmac   = std::move(other.m_padding_hmac  );
 #ifdef _DEBUG
        // Reinitialize other state primitive members for diagnostic purposes.
        other.m_alg_encrypt    = 0;
        other.m_size_enc_key   = 0;
        other.m_size_enc_iv    = 0;
        other.m_size_enc_block = 0;
        other.m_alg_mac        = 0;
        other.m_size_mac_key   = 0;
        other.m_size_mac_hash  = 0;
 #endif
    }
    return *this;
 }
 //////////////////////////////////////////////////////////////////////
 // eap::hash_hmac
 //////////////////////////////////////////////////////////////////////
 eap::hash_hmac::hash_hmac(
    _In_                               HCRYPTPROV cp,
    _In_                               ALG_ID     alg,
    _In_bytecount_(size_secret ) const void       *secret,
    _In_                               size_t     size_secret)
 {
    // Prepare padding.
    sanitizing_blob padding(sizeof(padding_t));
    inner_padding(cp, alg, secret, size_secret, padding.data());
    // Continue with the other constructor.
    this->hash_hmac::hash_hmac(cp, alg, padding.data());
 }
 eap::hash_hmac::hash_hmac(
    _In_       HCRYPTPROV cp,
    _In_       ALG_ID     alg,
    _In_ const padding_t  padding)
 {
    // Create inner hash.
    if (!m_hash_inner.create(cp, alg))
        throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
    // Initialize it with the inner padding.
    if (!CryptHashData(m_hash_inner, padding, sizeof(padding_t), 0))
        throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
    // Convert inner padding to outer padding for final calculation.
    padding_t padding_out;
    for (size_t i = 0; i < sizeof(padding_t); i++)
        padding_out[i] = padding[i] ^ (0x36 ^ 0x5c);
    // Create outer hash.
    if (!m_hash_outer.create(cp, alg))
        throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
    // Initialize it with the outer padding.
    if (!CryptHashData(m_hash_outer, padding_out, sizeof(padding_t), 0))
        throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
 }
 void eap::hash_hmac::inner_padding(
    _In_                               HCRYPTPROV cp,
    _In_                               ALG_ID     alg,
    _In_bytecount_(size_secret ) const void       *secret,
    _In_                               size_t     size_secret,
    _Out_                              padding_t  padding)
 {
    if (size_secret > sizeof(padding_t)) {
        // If the secret is longer than padding, use secret's hash instead.
        crypt_hash hash;
        if (!hash.create(cp, alg))
            throw win_runtime_error(__FUNCTION__ " Error creating hash.");
        if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
            throw win_runtime_error(__FUNCTION__ " Error hashing.");
        DWORD size_hash = sizeof(padding_t);
        if (!CryptGetHashParam(hash, HP_HASHVAL, padding, &size_hash, 0))
            throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
        size_secret = size_hash;
    } else
        memcpy(padding, secret, size_secret);
    for (size_t i = 0; i < size_secret; i++)
        padding[i] ^= 0x36;
    memset(padding + size_secret, 0x36, sizeof(padding_t) - size_secret);
 }
--- a/lib/TLS_UI/src/TLS_UI.cpp
+++ b/lib/TLS_UI/src/TLS_UI.cpp
@@ -423,14 +423,6 @@ wxTLSServerTrustPanel::wxTLSServerTrustPanel(const eap::config_provider &prov, e
 bool wxTLSServerTrustPanel::TransferDataToWindow()
 {
    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_root_ca_add_store->Enable(false);
        m_root_ca_add_file ->Enable(false);
        m_root_ca_remove   ->Enable(false);
        m_server_names     ->Enable(false);
    }
    // Populate trusted CA list.
    for (std::list<winstd::cert_context>::const_iterator cert = m_cfg.m_trusted_root_ca.cbegin(), cert_end = m_cfg.m_trusted_root_ca.cend(); cert != cert_end; ++cert)
        m_root_ca->Append(wxString(eap::get_cert_title(*cert)), new wxCertificateClientData(cert->duplicate()));
@@ -469,10 +461,19 @@ void wxTLSServerTrustPanel::OnUpdateUI(wxUpdateUIEvent& event)
 {
    UNREFERENCED_PARAMETER(event);
-    if (!m_prov.m_read_only) {
+    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_root_ca_add_store->Enable(false);
        m_root_ca_add_file ->Enable(false);
        m_root_ca_remove   ->Enable(false);
        m_server_names     ->Enable(false);
    } else {
        // This is not a provider-locked configuration. Selectively enable/disable controls.
        m_root_ca_add_store->Enable(true);
        m_root_ca_add_file ->Enable(true);
        wxArrayInt selections;
        m_root_ca_remove->Enable(m_root_ca->GetSelections(selections) ? true : false);
        m_server_names     ->Enable(true);
    }
 }
--- a/lib/TTLS/include/Credentials.h
+++ b/lib/TTLS/include/Credentials.h
@@ -32,6 +32,7 @@ namespace eap
 #include "../../PAP/include/Credentials.h"
 #include <memory>
 #include <utility>
 namespace eap
@@ -187,7 +188,7 @@ namespace eap
        /// - \c true  if credentials were set;
        /// - \c false otherwise
        ///
-        bool combine(
+        std::pair<source_t, source_t> combine(
            _In_       const credentials_ttls   *cred_cached,
            _In_       const config_method_ttls &cfg,
            _In_opt_z_       LPCTSTR            pszTargetName);
--- a/lib/TTLS/include/Method.h
+++ b/lib/TTLS/include/Method.h
@@ -63,13 +63,6 @@ namespace eap
        ///
        method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred);
        ///
        /// Copies an EAP method
        ///
        /// \param[in] other  EAP method to copy from
        ///
        method_ttls(_In_ const method_ttls &other);
        ///
        /// Moves an EAP method
        ///
@@ -77,15 +70,6 @@ namespace eap
        ///
        method_ttls(_Inout_ method_ttls &&other);
        ///
        /// Copies an EAP method
        ///
        /// \param[in] other  EAP method to copy from
        ///
        /// \returns Reference to this object
        ///
        method_ttls& operator=(_In_ const method_ttls &other);
        ///
        /// Moves an EAP method
        ///
--- a/lib/TTLS/src/Credentials.cpp
+++ b/lib/TTLS/src/Credentials.cpp
@@ -226,15 +226,12 @@ std::wstring eap::credentials_ttls::get_identity() const
 }
-bool eap::credentials_ttls::combine(
+pair<eap::credentials::source_t, eap::credentials::source_t> eap::credentials_ttls::combine(
    _In_       const credentials_ttls   *cred_cached,
    _In_       const config_method_ttls &cfg,
    _In_opt_z_       LPCTSTR            pszTargetName)
 {
-    bool
+    return pair<source_t, source_t>(
-        is_outer_set = credentials_tls::combine(cred_cached, cfg, pszTargetName),
+        credentials_tls::combine(cred_cached, cfg, pszTargetName),
-        is_inner_set =
+        dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : source_unknown);
            dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : false;
    return is_outer_set && is_inner_set;
 }
--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@@ -36,14 +36,6 @@ eap::method_ttls::method_ttls(_In_ module &module, _In_ config_provider_list &cf
 }
 eap::method_ttls::method_ttls(_In_ const method_ttls &other) :
    m_cred(other.m_cred),
    m_version(other.m_version),
    method_tls(other)
 {
 }
 eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) :
    m_cred(other.m_cred),
    m_version(std::move(other.m_version)),
@@ -52,17 +44,6 @@ eap::method_ttls::method_ttls(_Inout_ method_ttls &&other) :
 }
 eap::method_ttls& eap::method_ttls::operator=(_In_ const method_ttls &other)
 {
    if (this != std::addressof(other)) {
        (method_tls&)*this = other;
        m_version          = other.m_version;
    }
    return *this;
 }
 eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other)
 {
    if (this != std::addressof(other)) {
@@ -88,29 +69,25 @@ void eap::method_ttls::process_request_packet(
        m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
    }
    if (!m_server_finished) {
    // Do the TLS.
    method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
-        if (m_server_finished) {
+    if (m_phase == phase_application_data) {
-            // Piggyback inner authentication.
+        // Send inner authentication.
-            if (!m_cipher_spec)
+        if (!m_state_client.m_alg_encrypt)
            throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
        m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
        m_packet_res.m_code  = EapCodeResponse;
        m_packet_res.m_id    = m_packet_req.m_id;
        m_packet_res.m_flags = 0;
-            sanitizing_blob client(make_pap_client());
+        sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
-            sanitizing_blob application(make_message(tls_message_type_application_data, client, m_cipher_spec));
+        m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
            m_packet_res.m_data.assign(application.begin(), application.end());
        pEapOutput->fAllowNotifications = FALSE;
        pEapOutput->action = EapPeerMethodResponseActionSend;
    }
    } else {
        // Do the TLS. Again.
        method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
    }
 }
@@ -131,20 +108,36 @@ void eap::method_ttls::get_result(
    _In_    EapPeerMethodResultReason reason,
    _Inout_ EapPeerMethodResult       *ppResult)
 {
-    if (!m_server_finished) {
+    if (m_phase != phase_application_data) {
        // Do the TLS.
        method_tls::get_result(reason, ppResult);
    } else {
        // The TLS finished, this is inner authentication's bussines.
        config_provider &cfg_prov(m_cfg.m_providers.front());
        config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get());
        assert(cfg_method);
-        // Mark credentials appropriately, so GUI can re-prompt user.
+        switch (reason) {
-        cfg_method->m_inner->m_cred_failed = reason == EapPeerMethodResultFailure;
+        case EapPeerMethodResultSuccess: {
            m_module.log_event(&EAPMETHOD_TTLS_INNER_SUCCESS, event_data((unsigned int)eap_type_ttls), event_data::blank);
            cfg_method->m_inner->m_auth_failed = false;
            break;
        }
        case EapPeerMethodResultFailure:
            m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank);
            cfg_method->m_inner->m_auth_failed = true;
            break;
        default:
            throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
        }
        // The TLS was OK.
        method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
        // Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
        // EAPHost is well aware of the failed condition.
        //if (reason == EapPeerMethodResultFailure) {
        //    ppResult->fIsSuccess = FALSE;
        //    ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED;
@@ -172,9 +165,9 @@ void eap::method_ttls::derive_msk()
    //
    static const unsigned char s_label[] = "ttls keying material";
    sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
-    seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_client, (const unsigned char*)(&m_state.m_random_client + 1));
+    seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
-    seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_server, (const unsigned char*)(&m_state.m_random_server + 1));
+    seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
-    sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_state.m_master_secret, seed, 2*sizeof(tls_random)));
+    sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
    const unsigned char *_key_block = key_block.data();
    // MSK: MPPE-Recv-Key
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@@ -109,14 +109,17 @@ void eap::peer_ttls::get_identity(
    {
        // Combine credentials.
        user_impersonator impersonating(hTokenImpersonateUser);
-        *pfInvokeUI = cred_out.combine(
+        pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
            &cred_in,
 #else
            NULL,
 #endif
            *cfg_method,
-            (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL) ? FALSE : TRUE;
+            (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
        // If either of credentials is unknown, request UI.
        *pfInvokeUI = cred_source.first == eap::credentials::source_unknown || cred_source.second == eap::credentials::source_unknown ? TRUE : FALSE;
    }
    if (*pfInvokeUI) {
@@ -132,14 +135,14 @@ void eap::peer_ttls::get_identity(
    // If we got here, we have all credentials we need. But, wait!
-    if (cfg_method->m_cred_failed) {
+    if (cfg_method->m_auth_failed) {
        // Outer TLS: Credentials failed on last connection attempt.
        log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank);
        *pfInvokeUI = TRUE;
        return;
    }
-    if (cfg_method->m_inner->m_cred_failed) {
+    if (cfg_method->m_inner->m_auth_failed) {
        // Inner: Credentials failed on last connection attempt.
        log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank);
        *pfInvokeUI = TRUE;
--- a/lib/TTLS_UI/include/TTLS_UI.h
+++ b/lib/TTLS_UI/include/TTLS_UI.h
@@ -45,7 +45,6 @@ class wxTTLSCredentialsPanel;
 #include <wx/choicebk.h>
 #include <wx/icon.h>
 #include <wx/scrolwin.h>
 #include <wx/stattext.h>
 #include <Windows.h>
@@ -74,32 +73,28 @@ protected:
 };
-class wxTTLSConfigWindow : public wxScrolledWindow
+class wxTTLSConfigWindow : public wxEAPConfigWindow
 {
 public:
    ///
    /// Constructs a configuration panel
    ///
    /// \param[in]    prov           Provider configuration data
    /// \param[inout] cfg            Configuration data
    /// \param[in]    pszCredTarget  Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
    /// \param[in]    parent         Parent window
    ///
    wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
    ///
    /// Destructs the configuration panel
    ///
    virtual ~wxTTLSConfigWindow();
 protected:
    /// \cond internal
    virtual bool TransferDataToWindow();
    virtual bool TransferDataFromWindow();
    virtual void OnInitDialog(wxInitDialogEvent& event);
    virtual void OnUpdateUI(wxUpdateUIEvent& event);
    /// \endcond
 protected:
    const eap::config_provider &m_prov;     ///< EAP provider
    eap::config_method_ttls &m_cfg;         ///< TTLS configuration
    wxStaticText *m_outer_title;            ///< Outer authentication title
    wxTTLSConfigPanel *m_outer_identity;    ///< Outer identity configuration panel
--- a/lib/TTLS_UI/src/Module.cpp
+++ b/lib/TTLS_UI/src/Module.cpp
@@ -83,8 +83,26 @@ void eap::peer_ttls_ui::invoke_config_ui(
 {
    // Unpack configuration.
    config_provider_list cfg(*this);
-    if (dwConnectionDataInSize)
+    if (dwConnectionDataInSize) {
        // Load existing configuration.
        unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
    } else {
        // This is a blank network profile. Create default configuraton.
        // Start with PAP inner configuration.
        unique_ptr<config_method_ttls> cfg_method(new config_method_ttls(*this));
        cfg_method->m_inner.reset(new config_method_pap(*this));
        cfg_method->m_anonymous_identity = L"@";
        cfg_method->m_use_preshared = true;
        cfg_method->m_preshared.reset(new credentials_tls(*this));
        // Start with one method.
        config_provider cfg_provider(*this);
        cfg_provider.m_methods.push_back(std::move(cfg_method));
        // Start with one provider.
        cfg.m_providers.push_back(std::move(cfg_provider));
    }
    // Initialize application.
    new wxApp();
@@ -163,14 +181,14 @@ void eap::peer_ttls_ui::invoke_identity_ui(
    }
    // Combine credentials.
-    cred_out.combine(
+    pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
        &cred_in,
 #else
        NULL,
 #endif
        *cfg_method,
-        (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL);
+        (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
    if (dwFlags & EAP_FLAG_GUEST_ACCESS) {
        // Disable credential saving for guests.
@@ -190,10 +208,18 @@ void eap::peer_ttls_ui::invoke_identity_ui(
        parent.AdoptAttributesFromHWND();
        wxTopLevelWindows.Append(&parent);
-        // Create and launch credentials dialog.
+        // Create credentials dialog.
        wxEAPCredentialsDialog dlg(cfg_prov, &parent);
        wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg);
-        dlg.AddContents((wxPanel**)&panel, 1);
+        dlg.AddContent(panel);
        // Set "Remember" checkboxes according to credential source,
        panel->m_outer_cred->SetRememberValue(cred_source.first == eap::credentials::source_storage);
        wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
        if (panel_inner_cred_pap)
            panel_inner_cred_pap->SetRememberValue(cred_source.second == eap::credentials::source_storage);
        // Centre and display dialog.
        dlg.Centre(wxBOTH);
        result = dlg.ShowModal();
        if (result == wxID_OK) {
@@ -208,7 +234,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
                }
            }
            wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
            if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) {
                try {
                    cred_out.m_inner->store(cfg_prov.m_id.c_str());
--- a/lib/TTLS_UI/src/TTLS_UI.cpp
+++ b/lib/TTLS_UI/src/TTLS_UI.cpp
@@ -38,14 +38,6 @@ wxTTLSConfigPanel::wxTTLSConfigPanel(const eap::config_provider &prov, eap::conf
 bool wxTTLSConfigPanel::TransferDataToWindow()
 {
    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_outer_identity_same      ->Enable(false);
        m_outer_identity_empty     ->Enable(false);
        m_outer_identity_custom    ->Enable(false);
        m_outer_identity_custom_val->Enable(false);
    }
    // Populate identity controls.
    if (m_cfg.m_anonymous_identity.empty()) {
        m_outer_identity_same->SetValue(true);
@@ -82,8 +74,17 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
 {
    UNREFERENCED_PARAMETER(event);
-    if (!m_prov.m_read_only) {
+    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_outer_identity_same      ->Enable(false);
        m_outer_identity_empty     ->Enable(false);
        m_outer_identity_custom    ->Enable(false);
        m_outer_identity_custom_val->Enable(false);
    } else {
        // This is not a provider-locked configuration. Selectively enable/disable controls.
        m_outer_identity_same      ->Enable(true);
        m_outer_identity_empty     ->Enable(true);
        m_outer_identity_custom    ->Enable(true);
        m_outer_identity_custom_val->Enable(m_outer_identity_custom->GetValue());
    }
 }
@@ -94,10 +95,9 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
 //////////////////////////////////////////////////////////////////////
 wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, LPCTSTR pszCredTarget, wxWindow* parent) :
    m_prov(prov),
    m_cfg((eap::config_method_ttls&)cfg),
    m_cfg_pap(cfg.m_module),
-    wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL)
+    wxEAPConfigWindow(prov, cfg, parent)
 {
    wxBoxSizer* sb_content;
    sb_content = new wxBoxSizer( wxVERTICAL );
@@ -112,7 +112,8 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::co
    m_inner_type = new wxChoicebook(this, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxCHB_DEFAULT);
    m_inner_type->SetToolTip( _("Select inner authentication method from the list") );
-    m_inner_type->AddPage(new wxPAPConfigPanel(m_prov, m_cfg_pap, pszCredTarget, m_inner_type), _("PAP"));
+    wxPAPConfigPanel *panel_pap = new wxPAPConfigPanel(m_prov, m_cfg_pap, pszCredTarget, m_inner_type);
    m_inner_type->AddPage(panel_pap, _("PAP"));
    sb_content->Add(m_inner_type, 0, wxALL|wxEXPAND, 5);
    sb_content->Add(20, 20, 1, wxALL|wxEXPAND, 5);
@@ -135,32 +136,17 @@ wxTTLSConfigWindow::wxTTLSConfigWindow(const eap::config_provider &prov, eap::co
        size.y  = 500;
    }
    this->SetMinSize(size);
    this->SetScrollRate(5, 5);
    this->SetSizer(sb_content);
    this->Layout();
-    m_inner_type->SetFocusFromKbd();
+    // m_inner_type->SetFocusFromKbd(); // This control steals mouse-wheel scrolling for itself
-
+    panel_pap->SetFocusFromKbd();
    // Connect Events
    this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTTLSConfigWindow::OnInitDialog));
 }
 wxTTLSConfigWindow::~wxTTLSConfigWindow()
 {
    // Disconnect Events
    this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTTLSConfigWindow::OnInitDialog));
 }
 bool wxTTLSConfigWindow::TransferDataToWindow()
 {
    if (m_prov.m_read_only) {
        // This is provider-locked configuration. Disable controls.
        m_inner_type->GetChoiceCtrl()->Enable(false);
    }
    eap::config_method_pap *cfg_pap = dynamic_cast<eap::config_method_pap*>(m_cfg.m_inner.get());
    if (cfg_pap) {
        m_cfg_pap = *cfg_pap;
@@ -196,8 +182,7 @@ bool wxTTLSConfigWindow::TransferDataFromWindow()
 void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event)
 {
-    // Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
+    wxEAPConfigWindow::OnInitDialog(event);
    TransferDataToWindow();
    // Forward the event to child panels.
    m_outer_identity->GetEventHandler()->ProcessEvent(event);
@@ -207,6 +192,14 @@ void wxTTLSConfigWindow::OnInitDialog(wxInitDialogEvent& event)
 }
 void wxTTLSConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
 {
    wxEAPConfigWindow::OnUpdateUI(event);
    m_inner_type->GetChoiceCtrl()->Enable(!m_prov.m_read_only);
 }
 //////////////////////////////////////////////////////////////////////
 // wxTTLSCredentialsPanel
 //////////////////////////////////////////////////////////////////////
@@ -226,7 +219,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
    assert(m_cfg.m_inner);
-    if (m_cfg.m_inner->m_cred_failed)
+    if (m_cfg.m_inner->m_auth_failed)
        sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
    const eap::config_method_pap *cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get());
@@ -245,7 +238,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
    m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) );
    sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5);
-    if (m_cfg.m_cred_failed)
+    if (m_cfg.m_auth_failed)
        sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
    m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config);
--- a/lib/WinStd
+++ b/lib/WinStd
Author	SHA1	Message	Date
Simon Rozman	5720524abe	Version set to 1.0-alpha9	2016-08-18 06:33:02 +02:00
Simon Rozman	1f1b9b1084	GUI boots with a predefined configuration on new profiles now (closes #10)	2016-08-18 06:31:16 +02:00
Simon Rozman	076c6b77d7	GUI updated to show "<Your Provider>" when provider ID is blank	2016-08-18 06:30:02 +02:00
Simon Rozman	92460c571f	Initial focus changed to the first non-mouse-wheel-capturing control to allow initial scrolling of the configuration dialog using mouse wheel	2016-08-17 16:42:19 +02:00
Simon Rozman	b79a2f26f6	Support for read-only lock added to GUI	2016-08-17 16:27:43 +02:00
Simon Rozman	373c83dbbe	Provider identity and help-desk is configurable via GUI now	2016-08-17 15:56:11 +02:00
Simon Rozman	543dada025	Provider and method lists are arrays now, to allow random access for configuration dialog coming-up	2016-08-17 14:47:15 +02:00
Simon Rozman	ce22ec3bfa	wxEAPCredentialsPanelPassBase >> wxEAPCredentialsPassPanelBase	2016-08-17 13:48:14 +02:00
Simon Rozman	a04647b7b5	Version set to 1.0-alpha8	2016-08-17 11:51:36 +02:00
Simon Rozman	df1d431bd0	- TLS revised (again) - TLS Session resumption issues resolved - Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager - Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure - Additional log messages added	2016-08-17 11:50:34 +02:00
Simon Rozman	16527c8124	Client explicitly refuses to accept change cipher spec if no or NULL cipher was proposed now	2016-08-17 09:32:43 +02:00
Simon Rozman	69e6b775f8	Hello requests are no longer included in the handshake hashing (as per RFC)	2016-08-17 09:29:55 +02:00
Simon Rozman	c69316071f	Support for encrypted change cipher spec messages added	2016-08-17 09:26:46 +02:00
Simon Rozman	a02d1e7094	Explicit checks on server certificate chain added: - Certificate can not be self-signed: Cannot check trust against configured root CAs when server certificate is self-signed - Server can provide full certificate chain up-to and including root CA. Importing root CA to the store for certificate chain validation would implicitly trust this certificate chain. Thus, we skip all self-signed certificates on import.	2016-08-17 09:22:38 +02:00
Simon Rozman	078636eb14	make_change_chiper_spec() removed as this message can simply be created using make_message()	2016-08-17 09:09:42 +02:00
Simon Rozman	cabae26e0b	Flags describing handshake messages received assembled in a boolean table of flags	2016-08-17 09:01:11 +02:00
Simon Rozman	7376693838	Additional constants	2016-08-17 08:34:25 +02:00
Simon Rozman	a5b3914a09	Comments and some minor clean-up	2016-08-16 22:27:30 +02:00
Simon Rozman	8beb7bd27a	Version set to 1.0-alpha7	2016-08-16 16:59:03 +02:00
Simon Rozman	00dd1277c5	Switched to the new key import method, as the old one had issues with PROV_RSA_AES crystallographic provider	2016-08-16 16:55:18 +02:00
Simon Rozman	e9839706b6	TLS clean-up	2016-08-16 16:44:19 +02:00
Simon Rozman	f5b03bc0bf	Annotation update	2016-08-16 10:39:42 +02:00