Lines Matching +full:input +full:- +full:depth
3 * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi>
20 #include <wolfssl/error-ssl.h>
48 /* tls input data for wolfSSL Read Callback */
77 struct tls_in_data input; member
114 context->event_cb = conf->event_cb; in tls_context_new()
115 context->cb_ctx = conf->cb_ctx; in tls_context_new()
116 context->cert_in_cb = conf->cert_in_cb; in tls_context_new()
127 in->in_data = buf; in wolfssl_reset_in_data()
128 in->consumed = 0; in wolfssl_reset_in_data()
135 out->out_data = wpabuf_alloc_copy("", 0); in wolfssl_reset_out_data()
146 return -1; in wolfssl_receive_cb()
148 if (get > (wpabuf_len(data->in_data) - data->consumed)) in wolfssl_receive_cb()
149 get = wpabuf_len(data->in_data) - data->consumed; in wolfssl_receive_cb()
151 os_memcpy(buf, wpabuf_head_u8(data->in_data) + data->consumed, get); in wolfssl_receive_cb()
152 data->consumed += get; in wolfssl_receive_cb()
155 return -2; /* WANT_READ */ in wolfssl_receive_cb()
168 return -1; in wolfssl_send_cb()
174 return -1; in wolfssl_send_cb()
175 data->out_data = wpabuf_concat(data->out_data, tmp); in wolfssl_send_cb()
176 if (!data->out_data) in wolfssl_send_cb()
177 return -1; in wolfssl_send_cb()
256 tls_ref_count--; in tls_init()
266 context->tls_session_lifetime = conf->tls_session_lifetime; in tls_init()
269 if (conf->tls_session_lifetime > 0) { in tls_init()
276 wolfSSL_CTX_set_timeout(ssl_ctx, conf->tls_session_lifetime); in tls_init()
283 if (conf && conf->openssl_ciphers) in tls_init()
284 ciphers = conf->openssl_ciphers; in tls_init()
309 tls_ref_count--; in tls_deinit()
326 wpa_printf(MSG_INFO, "TLS - SSL error: %s", in tls_get_errors()
346 conn->ssl = wolfSSL_new(ssl_ctx); in tls_connection_init()
347 if (!conn->ssl) { in tls_connection_init()
352 wolfSSL_SetIOReadCtx(conn->ssl, &conn->input); in tls_connection_init()
353 wolfSSL_SetIOWriteCtx(conn->ssl, &conn->output); in tls_connection_init()
354 wolfSSL_set_ex_data(conn->ssl, 0, conn); in tls_connection_init()
355 conn->context = wolfSSL_CTX_get_ex_data(ssl_ctx, 0); in tls_connection_init()
357 /* Need randoms post-hanshake for EAP-FAST, export key and deriving in tls_connection_init()
359 wolfSSL_KeepArrays(conn->ssl); in tls_connection_init()
360 wolfSSL_KeepHandshakeResources(conn->ssl); in tls_connection_init()
361 wolfSSL_UseClientSuites(conn->ssl); in tls_connection_init()
375 wolfSSL_free(conn->ssl); in tls_connection_deinit()
376 os_free(conn->subject_match); in tls_connection_deinit()
377 os_free(conn->alt_subject_match); in tls_connection_deinit()
378 os_free(conn->suffix_match); in tls_connection_deinit()
379 os_free(conn->domain_match); in tls_connection_deinit()
380 os_free(conn->peer_subject); in tls_connection_deinit()
389 return conn ? wolfSSL_is_init_finished(conn->ssl) : 0; in tls_connection_established()
406 return -1; in tls_connection_shutdown()
411 wolfSSL_set_quiet_shutdown(conn->ssl, 1); in tls_connection_shutdown()
412 wolfSSL_shutdown(conn->ssl); in tls_connection_shutdown()
414 session = wolfSSL_get1_session(conn->ssl); in tls_connection_shutdown()
415 if (wolfSSL_clear(conn->ssl) != 1) { in tls_connection_shutdown()
417 return -1; in tls_connection_shutdown()
419 wolfSSL_set_session(conn->ssl, session); in tls_connection_shutdown()
432 os_free(conn->subject_match); in tls_connection_set_subject_match()
433 conn->subject_match = NULL; in tls_connection_set_subject_match()
435 conn->subject_match = os_strdup(subject_match); in tls_connection_set_subject_match()
436 if (!conn->subject_match) in tls_connection_set_subject_match()
437 return -1; in tls_connection_set_subject_match()
440 os_free(conn->alt_subject_match); in tls_connection_set_subject_match()
441 conn->alt_subject_match = NULL; in tls_connection_set_subject_match()
443 conn->alt_subject_match = os_strdup(alt_subject_match); in tls_connection_set_subject_match()
444 if (!conn->alt_subject_match) in tls_connection_set_subject_match()
445 return -1; in tls_connection_set_subject_match()
448 os_free(conn->suffix_match); in tls_connection_set_subject_match()
449 conn->suffix_match = NULL; in tls_connection_set_subject_match()
451 conn->suffix_match = os_strdup(suffix_match); in tls_connection_set_subject_match()
452 if (!conn->suffix_match) in tls_connection_set_subject_match()
453 return -1; in tls_connection_set_subject_match()
456 os_free(conn->domain_match); in tls_connection_set_subject_match()
457 conn->domain_match = NULL; in tls_connection_set_subject_match()
459 conn->domain_match = os_strdup(domain_match); in tls_connection_set_subject_match()
460 if (!conn->domain_match) in tls_connection_set_subject_match()
461 return -1; in tls_connection_set_subject_match()
478 conn->ssl, client_cert_blob, blob_len, in tls_connection_client_cert()
483 conn->ssl, client_cert_blob, blob_len, in tls_connection_client_cert()
487 return -1; in tls_connection_client_cert()
496 conn->ssl, client_cert) != SSL_SUCCESS) { in tls_connection_client_cert()
500 conn->ssl, client_cert, in tls_connection_client_cert()
504 return -1; in tls_connection_client_cert()
541 return -1; in tls_connection_private_key()
548 if (wolfSSL_use_PrivateKey_buffer(conn->ssl, in tls_connection_private_key()
555 conn->ssl, in tls_connection_private_key()
571 if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, in tls_connection_private_key()
576 if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, in tls_connection_private_key()
596 return -1; in tls_connection_private_key()
614 if (!gen || gen->type != type) in tls_match_alt_subject_component()
616 if ((size_t) wolfSSL_ASN1_STRING_length(gen->d.ia5) == len && in tls_match_alt_subject_component()
617 os_memcmp(value, wolfSSL_ASN1_STRING_data(gen->d.ia5), in tls_match_alt_subject_component()
660 len = end - pos; in tls_match_alt_subject()
681 "TLS: Embedded null in a string - reject"); in domain_suffix_match()
689 if (os_strncasecmp(val + len - match_len, match, match_len) != 0) in domain_suffix_match()
695 if (val[len - match_len - 1] == '.') in domain_suffix_match()
720 if (!gen || gen->type != ASN_DNS_TYPE) in tls_match_suffix_helper()
724 wolfSSL_ASN1_STRING_data(gen->d.ia5), in tls_match_suffix_helper()
725 wolfSSL_ASN1_STRING_length(gen->d.ia5)); in tls_match_suffix_helper()
727 (const char *) wolfSSL_ASN1_STRING_data(gen->d.ia5), in tls_match_suffix_helper()
728 wolfSSL_ASN1_STRING_length(gen->d.ia5), match, in tls_match_suffix_helper()
744 i = -1; in tls_match_suffix_helper()
750 if (i == -1) in tls_match_suffix_helper()
759 cn->data, cn->length); in tls_match_suffix_helper()
760 if (domain_suffix_match(cn->data, cn->length, in tls_match_suffix_helper()
780 if (tls_match_suffix_helper(cert, token, last - token, full)) in tls_match_suffix()
856 WOLFSSL_X509 *err_cert, int err, int depth, in wolfssl_tls_fail_event() argument
862 struct tls_context *context = conn->context; in wolfssl_tls_fail_event()
864 if (!context->event_cb) in wolfssl_tls_fail_event()
871 ev.cert_fail.depth = depth; in wolfssl_tls_fail_event()
875 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev); in wolfssl_tls_fail_event()
881 WOLFSSL_X509 *err_cert, int depth, in wolfssl_tls_cert_event() argument
886 struct tls_context *context = conn->context; in wolfssl_tls_cert_event()
896 if (!context->event_cb) in wolfssl_tls_cert_event()
900 if (conn->cert_probe || (conn->flags & TLS_CONN_EXT_CERT_CHECK) || in wolfssl_tls_cert_event()
901 context->cert_in_cb) { in wolfssl_tls_cert_event()
920 ev.peer_cert.depth = depth; in wolfssl_tls_cert_event()
931 (gen->type != GEN_EMAIL && in wolfssl_tls_cert_event()
932 gen->type != GEN_DNS && in wolfssl_tls_cert_event()
933 gen->type != GEN_URI)) in wolfssl_tls_cert_event()
936 pos = os_malloc(10 + wolfSSL_ASN1_STRING_length(gen->d.ia5) + in wolfssl_tls_cert_event()
942 switch (gen->type) { in wolfssl_tls_cert_event()
957 os_memcpy(pos, wolfSSL_ASN1_STRING_data(gen->d.ia5), in wolfssl_tls_cert_event()
958 wolfSSL_ASN1_STRING_length(gen->d.ia5)); in wolfssl_tls_cert_event()
959 pos += wolfSSL_ASN1_STRING_length(gen->d.ia5); in wolfssl_tls_cert_event()
968 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev); in wolfssl_tls_cert_event()
979 int err, depth; in tls_verify_cb() local
993 depth = wolfSSL_X509_STORE_CTX_get_error_depth(x509_ctx); in tls_verify_cb()
1005 if (depth == 0) in tls_verify_cb()
1006 conn->peer_cert = err_cert; in tls_verify_cb()
1007 else if (depth == 1) in tls_verify_cb()
1008 conn->peer_issuer = err_cert; in tls_verify_cb()
1009 else if (depth == 2) in tls_verify_cb()
1010 conn->peer_issuer_issuer = err_cert; in tls_verify_cb()
1012 context = conn->context; in tls_verify_cb()
1013 match = conn->subject_match; in tls_verify_cb()
1014 altmatch = conn->alt_subject_match; in tls_verify_cb()
1015 suffix_match = conn->suffix_match; in tls_verify_cb()
1016 domain_match = conn->domain_match; in tls_verify_cb()
1018 if (!preverify_ok && !conn->ca_cert_verify) in tls_verify_cb()
1020 if (!preverify_ok && depth > 0 && conn->server_cert_only) in tls_verify_cb()
1022 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) && in tls_verify_cb()
1038 if (depth == 0 && conn->server_cert_only) { in tls_verify_cb()
1054 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { in tls_verify_cb()
1074 "TLS: Certificate verification failed, error %d (%s) depth %d for '%s'", in tls_verify_cb()
1075 err, err_str, depth, buf); in tls_verify_cb()
1076 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1082 "TLS: %s - preverify_ok=%d err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", in tls_verify_cb()
1084 conn->ca_cert_verify, depth, buf); in tls_verify_cb()
1085 if (depth == 0 && match && os_strstr(buf, match) == NULL) { in tls_verify_cb()
1090 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1093 } else if (depth == 0 && altmatch && in tls_verify_cb()
1099 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1102 } else if (depth == 0 && suffix_match && in tls_verify_cb()
1108 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1111 } else if (depth == 0 && domain_match && in tls_verify_cb()
1116 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1120 wolfssl_tls_cert_event(conn, err_cert, depth, buf); in tls_verify_cb()
1123 if (conn->cert_probe && preverify_ok && depth == 0) { in tls_verify_cb()
1125 "wolfSSL: Reject server certificate on probe-only run"); in tls_verify_cb()
1127 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1133 if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) && in tls_verify_cb()
1137 res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert, in tls_verify_cb()
1138 conn->peer_issuer, in tls_verify_cb()
1139 conn->peer_issuer_issuer); in tls_verify_cb()
1142 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1149 (conn->flags & TLS_CONN_REQUIRE_OCSP)) { in tls_verify_cb()
1151 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1157 if (depth == 0 && preverify_ok && context->event_cb != NULL) in tls_verify_cb()
1158 context->event_cb(context->cb_ctx, in tls_verify_cb()
1161 if (depth == 0 && preverify_ok) { in tls_verify_cb()
1162 os_free(conn->peer_subject); in tls_verify_cb()
1163 conn->peer_subject = os_strdup(buf); in tls_verify_cb()
1177 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); in tls_connection_ca_cert()
1178 conn->ca_cert_verify = 1; in tls_connection_ca_cert()
1183 conn->cert_probe = 1; in tls_connection_ca_cert()
1184 conn->ca_cert_verify = 0; in tls_connection_ca_cert()
1196 return -1; in tls_connection_ca_cert()
1203 return -1; in tls_connection_ca_cert()
1205 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { in tls_connection_ca_cert()
1209 return -1; in tls_connection_ca_cert()
1211 conn->server_cert_only = 1; in tls_connection_ca_cert()
1217 "No SHA256 included in the build - cannot validate server certificate hash"); in tls_connection_ca_cert()
1218 return -1; in tls_connection_ca_cert()
1232 return -1; in tls_connection_ca_cert()
1245 return -1; in tls_connection_ca_cert()
1255 return -1; in tls_connection_ca_cert()
1262 return -1; in tls_connection_ca_cert()
1268 conn->ca_cert_verify = 0; in tls_connection_ca_cert()
1296 if (tls_connection_set_subject_match(conn, params->subject_match, in tls_connection_set_params()
1297 params->altsubject_match, in tls_connection_set_params()
1298 params->suffix_match, in tls_connection_set_params()
1299 params->domain_match) < 0) { in tls_connection_set_params()
1301 return -1; in tls_connection_set_params()
1304 if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, in tls_connection_set_params()
1305 params->ca_cert_blob, in tls_connection_set_params()
1306 params->ca_cert_blob_len, in tls_connection_set_params()
1307 params->ca_path) < 0) { in tls_connection_set_params()
1309 return -1; in tls_connection_set_params()
1312 if (tls_connection_client_cert(conn, params->client_cert, in tls_connection_set_params()
1313 params->client_cert_blob, in tls_connection_set_params()
1314 params->client_cert_blob_len) < 0) { in tls_connection_set_params()
1316 return -1; in tls_connection_set_params()
1319 if (tls_connection_private_key(tls_ctx, conn, params->private_key, in tls_connection_set_params()
1320 params->private_key_passwd, in tls_connection_set_params()
1321 params->private_key_blob, in tls_connection_set_params()
1322 params->private_key_blob_len) < 0) { in tls_connection_set_params()
1324 return -1; in tls_connection_set_params()
1328 params->openssl_ciphers ? params->openssl_ciphers : "N/A"); in tls_connection_set_params()
1329 if (params->openssl_ciphers && in tls_connection_set_params()
1330 wolfSSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) { in tls_connection_set_params()
1333 params->openssl_ciphers); in tls_connection_set_params()
1334 return -1; in tls_connection_set_params()
1337 tls_set_conn_flags(conn->ssl, params->flags); in tls_connection_set_params()
1340 if (params->flags & TLS_CONN_REQUEST_OCSP) { in tls_connection_set_params()
1341 if (wolfSSL_UseOCSPStapling(conn->ssl, WOLFSSL_CSR_OCSP, in tls_connection_set_params()
1344 return -1; in tls_connection_set_params()
1345 if (wolfSSL_EnableOCSPStapling(conn->ssl) != SSL_SUCCESS) in tls_connection_set_params()
1346 return -1; in tls_connection_set_params()
1350 if (params->flags & TLS_CONN_REQUEST_OCSP) { in tls_connection_set_params()
1351 if (wolfSSL_UseOCSPStaplingV2(conn->ssl, in tls_connection_set_params()
1354 return -1; in tls_connection_set_params()
1355 if (wolfSSL_EnableOCSPStapling(conn->ssl) != SSL_SUCCESS) in tls_connection_set_params()
1356 return -1; in tls_connection_set_params()
1362 if (params->flags & TLS_CONN_REQUEST_OCSP) in tls_connection_set_params()
1365 if (params->flags & TLS_CONN_REQUIRE_OCSP) { in tls_connection_set_params()
1367 "wolfSSL: No OCSP support included - reject configuration"); in tls_connection_set_params()
1368 return -1; in tls_connection_set_params()
1370 if (params->flags & TLS_CONN_REQUEST_OCSP) { in tls_connection_set_params()
1372 "wolfSSL: No OCSP support included - allow optional OCSP case to continue"); in tls_connection_set_params()
1378 conn->flags = params->flags; in tls_connection_set_params()
1393 return -1; in tls_global_ca_cert()
1417 return -1; in tls_global_client_cert()
1440 return -1; in tls_global_private_key()
1451 ret = -1; in tls_global_private_key()
1476 return -1; in tls_global_dh()
1499 "wolfSSL: OCSP status callback - no response configured"); in ocsp_status_cb()
1507 "wolfSSL: OCSP status callback - could not read response file"); in ocsp_status_cb()
1508 return -1; in ocsp_status_cb()
1511 "wolfSSL: OCSP status callback - send cached response"); in ocsp_status_cb()
1529 if (params->check_cert_subject) in tls_global_set_params()
1530 return -1; /* not yet supported */ in tls_global_set_params()
1532 if (tls_global_ca_cert(tls_ctx, params->ca_cert) < 0) { in tls_global_set_params()
1534 params->ca_cert); in tls_global_set_params()
1535 return -1; in tls_global_set_params()
1538 if (tls_global_client_cert(tls_ctx, params->client_cert) < 0) { in tls_global_set_params()
1541 params->client_cert); in tls_global_set_params()
1542 return -1; in tls_global_set_params()
1545 if (tls_global_private_key(tls_ctx, params->private_key, in tls_global_set_params()
1546 params->private_key_passwd) < 0) { in tls_global_set_params()
1549 params->private_key); in tls_global_set_params()
1550 return -1; in tls_global_set_params()
1553 if (tls_global_dh(tls_ctx, params->dh_file) < 0) { in tls_global_set_params()
1555 params->dh_file); in tls_global_set_params()
1556 return -1; in tls_global_set_params()
1560 params->openssl_ciphers ? params->openssl_ciphers : "N/A"); in tls_global_set_params()
1561 if (params->openssl_ciphers && in tls_global_set_params()
1563 params->openssl_ciphers) != 1) { in tls_global_set_params()
1566 params->openssl_ciphers); in tls_global_set_params()
1567 return -1; in tls_global_set_params()
1570 if (params->openssl_ecdh_curves) { in tls_global_set_params()
1573 return -1; in tls_global_set_params()
1577 /* Session ticket is off by default - can't disable once on. */ in tls_global_set_params()
1578 if (!(params->flags & TLS_CONN_DISABLE_SESSION_TICKET)) in tls_global_set_params()
1583 if (params->ocsp_stapling_response) { in tls_global_set_params()
1585 params->ocsp_stapling_response); in tls_global_set_params()
1616 return -1; in tls_connection_set_verify()
1621 conn->ca_cert_verify = 1; in tls_connection_set_verify()
1622 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER | in tls_connection_set_verify()
1626 conn->ca_cert_verify = 0; in tls_connection_set_verify()
1627 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); in tls_connection_set_verify()
1630 wolfSSL_set_accept_state(conn->ssl); in tls_connection_set_verify()
1633 if (context && context->tls_session_lifetime == 0) { in tls_connection_set_verify()
1640 wolfSSL_set_session_id_context(conn->ssl, in tls_connection_set_verify()
1644 wolfSSL_set_session_id_context(conn->ssl, session_ctx, in tls_connection_set_verify()
1660 wolfssl_reset_out_data(&conn->output); in wolfssl_handshake()
1664 wolfSSL_set_accept_state(conn->ssl); in wolfssl_handshake()
1665 res = wolfSSL_accept(conn->ssl); in wolfssl_handshake()
1668 wolfSSL_set_connect_state(conn->ssl); in wolfssl_handshake()
1669 res = wolfSSL_connect(conn->ssl); in wolfssl_handshake()
1674 int err = wolfSSL_get_error(conn->ssl, res); in wolfssl_handshake()
1678 "SSL: %s - WOLFSSL_ERROR_NONE (%d)", in wolfssl_handshake()
1683 "SSL: %s - want more data", in wolfssl_handshake()
1688 "SSL: %s - want to write", in wolfssl_handshake()
1695 "SSL: %s - failed %s", in wolfssl_handshake()
1699 conn->failed++; in wolfssl_handshake()
1703 return conn->output.out_data; in wolfssl_handshake()
1716 res = wolfSSL_read(conn->ssl, wpabuf_mhead(appl_data), in wolfssl_get_appl_data()
1719 int err = wolfSSL_get_error(conn->ssl, res); in wolfssl_get_appl_data()
1751 wolfssl_reset_in_data(&conn->input, in_data); in wolfssl_connection_handshake()
1760 if (wolfSSL_is_init_finished(conn->ssl)) { in wolfssl_connection_handshake()
1762 "wolfSSL: Handshake finished - resumed=%d", in wolfssl_connection_handshake()
1802 wolfssl_reset_out_data(&conn->output); in tls_connection_encrypt()
1804 res = wolfSSL_write(conn->ssl, wpabuf_head(in_data), in tls_connection_encrypt()
1807 int err = wolfSSL_get_error(conn->ssl, res); in tls_connection_encrypt()
1810 wpa_printf(MSG_INFO, "Encryption failed - SSL_write: %s", in tls_connection_encrypt()
1815 return conn->output.out_data; in tls_connection_encrypt()
1831 wolfssl_reset_in_data(&conn->input, in_data); in tls_connection_decrypt()
1838 * input data. in tls_connection_decrypt()
1843 res = wolfSSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); in tls_connection_decrypt()
1845 wpa_printf(MSG_INFO, "Decryption failed - SSL_read"); in tls_connection_decrypt()
1859 return conn ? wolfSSL_session_reused(conn->ssl) : 0; in tls_connection_resumed()
1870 if (!conn || !conn->ssl || !ciphers) in tls_connection_set_cipher_list()
1871 return -1; in tls_connection_set_cipher_list()
1883 suite = "RC4-SHA"; in tls_connection_set_cipher_list()
1886 suite = "AES128-SHA"; in tls_connection_set_cipher_list()
1889 suite = "DHE-RSA-AES128-SHA"; in tls_connection_set_cipher_list()
1892 suite = "ADH-AES128-SHA"; in tls_connection_set_cipher_list()
1895 suite = "DHE-RSA-AES256-SHA"; in tls_connection_set_cipher_list()
1898 suite = "AES256-SHA"; in tls_connection_set_cipher_list()
1903 return -1; in tls_connection_set_cipher_list()
1905 ret = os_snprintf(pos, end - pos, ":%s", suite); in tls_connection_set_cipher_list()
1906 if (os_snprintf_error(end - pos, ret)) in tls_connection_set_cipher_list()
1915 if (wolfSSL_set_cipher_list(conn->ssl, buf + 1) != 1) { in tls_connection_set_cipher_list()
1917 return -1; in tls_connection_set_cipher_list()
1930 if (!conn || !conn->ssl) in tls_get_cipher()
1931 return -1; in tls_get_cipher()
1933 cipher = wolfSSL_get_current_cipher(conn->ssl); in tls_get_cipher()
1935 return -1; in tls_get_cipher()
1939 return -1; in tls_get_cipher()
1942 os_strlcpy(buf, "RC4-SHA", buflen); in tls_get_cipher()
1944 os_strlcpy(buf, "AES128-SHA", buflen); in tls_get_cipher()
1946 os_strlcpy(buf, "DHE-RSA-AES128-SHA", buflen); in tls_get_cipher()
1948 os_strlcpy(buf, "ADH-AES128-SHA", buflen); in tls_get_cipher()
1950 os_strlcpy(buf, "DHE-RSA-AES256-SHA", buflen); in tls_get_cipher()
1952 os_strlcpy(buf, "AES256-SHA", buflen); in tls_get_cipher()
1971 return -1; in tls_connection_get_failed()
1973 return conn->failed; in tls_connection_get_failed()
1980 return -1; in tls_connection_get_read_alerts()
1983 return conn->read_alerts; in tls_connection_get_read_alerts()
1991 return -1; in tls_connection_get_write_alerts()
1994 return conn->write_alerts; in tls_connection_get_write_alerts()
2010 if (!conn || !conn->ssl) in tls_get_version()
2011 return -1; in tls_get_version()
2013 name = wolfSSL_get_version(conn->ssl); in tls_get_version()
2015 return -1; in tls_get_version()
2028 return -1; in tls_connection_get_random()
2029 ssl = conn->ssl; in tls_connection_get_random()
2031 return -1; in tls_connection_get_random()
2034 keys->client_random = conn->client_random; in tls_connection_get_random()
2035 keys->client_random_len = wolfSSL_get_client_random( in tls_connection_get_random()
2036 ssl, conn->client_random, sizeof(conn->client_random)); in tls_connection_get_random()
2037 keys->server_random = conn->server_random; in tls_connection_get_random()
2038 keys->server_random_len = wolfSSL_get_server_random( in tls_connection_get_random()
2039 ssl, conn->server_random, sizeof(conn->server_random)); in tls_connection_get_random()
2050 return -1; in tls_connection_export_key()
2052 if (wolfSSL_export_keying_material(conn->ssl, out, out_len, in tls_connection_export_key()
2056 return -1; in tls_connection_export_key()
2060 wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0) in tls_connection_export_key()
2061 return -1; in tls_connection_export_key()
2073 int ret = -1; in tls_connection_get_eap_fast_key()
2085 if (!conn || !conn->ssl) in tls_connection_get_eap_fast_key()
2086 return -1; in tls_connection_get_eap_fast_key()
2087 ssl = conn->ssl; in tls_connection_get_eap_fast_key()
2094 return -1; in tls_connection_get_eap_fast_key()
2111 ret = -1; in tls_connection_get_eap_fast_key()
2136 if (!conn || !conn->ssl || ext_type != 35) in tls_connection_client_hello_ext()
2137 return -1; in tls_connection_client_hello_ext()
2139 if (wolfSSL_set_SessionTicket(conn->ssl, data, in tls_connection_client_hello_ext()
2141 return -1; in tls_connection_client_hello_ext()
2153 word32 ticket_len = sizeof(conn->session_ticket); in tls_sess_sec_cb()
2155 if (!conn || !conn->session_ticket_cb) in tls_sess_sec_cb()
2162 wolfSSL_get_SessionTicket(s, conn->session_ticket, in tls_sess_sec_cb()
2169 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, in tls_sess_sec_cb()
2170 conn->session_ticket, ticket_len, in tls_sess_sec_cb()
2188 conn->session_ticket_cb = cb; in tls_connection_set_session_ticket_cb()
2189 conn->session_ticket_cb_ctx = ctx; in tls_connection_set_session_ticket_cb()
2192 if (wolfSSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, in tls_connection_set_session_ticket_cb()
2194 return -1; in tls_connection_set_session_ticket_cb()
2196 if (wolfSSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) in tls_connection_set_session_ticket_cb()
2197 return -1; in tls_connection_set_session_ticket_cb()
2202 return -1; in tls_connection_set_session_ticket_cb()
2218 sess = wolfSSL_get_session(conn->ssl); in tls_connection_remove_session()
2233 reused = wolfSSL_session_reused(conn->ssl); in tls_get_tls_unique()
2234 if ((wolfSSL_is_server(conn->ssl) && !reused) || in tls_get_tls_unique()
2235 (!wolfSSL_is_server(conn->ssl) && reused)) in tls_get_tls_unique()
2236 len = wolfSSL_get_peer_finished(conn->ssl, buf, max_len); in tls_get_tls_unique()
2238 len = wolfSSL_get_finished(conn->ssl, buf, max_len); in tls_get_tls_unique()
2241 return -1; in tls_get_tls_unique()
2249 return (u16) wolfSSL_get_current_cipher_suite(conn->ssl); in tls_connection_get_cipher_suite()
2256 return conn->peer_subject; in tls_connection_get_peer_subject()
2269 sess = wolfSSL_get_session(conn->ssl); in tls_connection_set_success_data()
2286 conn->success_data = 1; in tls_connection_set_success_data()
2302 sess = wolfSSL_get_session(conn->ssl); in tls_connection_get_success_data()
2312 return wolfSSL_get_certificate(conn->ssl) != NULL; in tls_connection_get_own_cert_used()