Lines Matching refs:conn
339 struct tls_connection *conn; in tls_connection_init() local
343 conn = os_zalloc(sizeof(*conn)); in tls_connection_init()
344 if (!conn) in tls_connection_init()
346 conn->ssl = wolfSSL_new(ssl_ctx); in tls_connection_init()
347 if (!conn->ssl) { in tls_connection_init()
348 os_free(conn); in tls_connection_init()
352 wolfSSL_SetIOReadCtx(conn->ssl, &conn->input); in tls_connection_init()
353 wolfSSL_SetIOWriteCtx(conn->ssl, &conn->output); in tls_connection_init()
354 wolfSSL_set_ex_data(conn->ssl, 0, conn); in tls_connection_init()
355 conn->context = wolfSSL_CTX_get_ex_data(ssl_ctx, 0); in tls_connection_init()
359 wolfSSL_KeepArrays(conn->ssl); in tls_connection_init()
360 wolfSSL_KeepHandshakeResources(conn->ssl); in tls_connection_init()
361 wolfSSL_UseClientSuites(conn->ssl); in tls_connection_init()
363 return conn; in tls_connection_init()
367 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) in tls_connection_deinit() argument
369 if (!conn) in tls_connection_deinit()
375 wolfSSL_free(conn->ssl); in tls_connection_deinit()
376 os_free(conn->subject_match); in tls_connection_deinit()
377 os_free(conn->alt_subject_match); in tls_connection_deinit()
378 os_free(conn->suffix_match); in tls_connection_deinit()
379 os_free(conn->domain_match); in tls_connection_deinit()
380 os_free(conn->peer_subject); in tls_connection_deinit()
383 os_free(conn); in tls_connection_deinit()
387 int tls_connection_established(void *tls_ctx, struct tls_connection *conn) in tls_connection_established() argument
389 return conn ? wolfSSL_is_init_finished(conn->ssl) : 0; in tls_connection_established()
394 struct tls_connection *conn) in tls_connection_peer_serial_num() argument
401 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) in tls_connection_shutdown() argument
405 if (!conn) in tls_connection_shutdown()
411 wolfSSL_set_quiet_shutdown(conn->ssl, 1); in tls_connection_shutdown()
412 wolfSSL_shutdown(conn->ssl); in tls_connection_shutdown()
414 session = wolfSSL_get1_session(conn->ssl); in tls_connection_shutdown()
415 if (wolfSSL_clear(conn->ssl) != 1) { in tls_connection_shutdown()
419 wolfSSL_set_session(conn->ssl, session); in tls_connection_shutdown()
426 static int tls_connection_set_subject_match(struct tls_connection *conn, in tls_connection_set_subject_match() argument
432 os_free(conn->subject_match); in tls_connection_set_subject_match()
433 conn->subject_match = NULL; in tls_connection_set_subject_match()
435 conn->subject_match = os_strdup(subject_match); in tls_connection_set_subject_match()
436 if (!conn->subject_match) in tls_connection_set_subject_match()
440 os_free(conn->alt_subject_match); in tls_connection_set_subject_match()
441 conn->alt_subject_match = NULL; in tls_connection_set_subject_match()
443 conn->alt_subject_match = os_strdup(alt_subject_match); in tls_connection_set_subject_match()
444 if (!conn->alt_subject_match) in tls_connection_set_subject_match()
448 os_free(conn->suffix_match); in tls_connection_set_subject_match()
449 conn->suffix_match = NULL; in tls_connection_set_subject_match()
451 conn->suffix_match = os_strdup(suffix_match); in tls_connection_set_subject_match()
452 if (!conn->suffix_match) in tls_connection_set_subject_match()
456 os_free(conn->domain_match); in tls_connection_set_subject_match()
457 conn->domain_match = NULL; in tls_connection_set_subject_match()
459 conn->domain_match = os_strdup(domain_match); in tls_connection_set_subject_match()
460 if (!conn->domain_match) in tls_connection_set_subject_match()
468 static int tls_connection_client_cert(struct tls_connection *conn, in tls_connection_client_cert() argument
478 conn->ssl, client_cert_blob, blob_len, in tls_connection_client_cert()
483 conn->ssl, client_cert_blob, blob_len, in tls_connection_client_cert()
496 conn->ssl, client_cert) != SSL_SUCCESS) { in tls_connection_client_cert()
500 conn->ssl, client_cert, in tls_connection_client_cert()
525 struct tls_connection *conn, in tls_connection_private_key() argument
548 if (wolfSSL_use_PrivateKey_buffer(conn->ssl, in tls_connection_private_key()
555 conn->ssl, in tls_connection_private_key()
571 if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, in tls_connection_private_key()
576 if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, in tls_connection_private_key()
855 static void wolfssl_tls_fail_event(struct tls_connection *conn, in wolfssl_tls_fail_event() argument
862 struct tls_context *context = conn->context; in wolfssl_tls_fail_event()
880 static void wolfssl_tls_cert_event(struct tls_connection *conn, in wolfssl_tls_cert_event() argument
886 struct tls_context *context = conn->context; in wolfssl_tls_cert_event()
900 if (conn->cert_probe || (conn->flags & TLS_CONN_EXT_CERT_CHECK) || in wolfssl_tls_cert_event()
981 struct tls_connection *conn; in tls_verify_cb() local
999 conn = wolfSSL_get_ex_data(ssl, 0); in tls_verify_cb()
1000 if (!conn) { in tls_verify_cb()
1006 conn->peer_cert = err_cert; in tls_verify_cb()
1008 conn->peer_issuer = err_cert; in tls_verify_cb()
1010 conn->peer_issuer_issuer = err_cert; in tls_verify_cb()
1012 context = conn->context; in tls_verify_cb()
1013 match = conn->subject_match; in tls_verify_cb()
1014 altmatch = conn->alt_subject_match; in tls_verify_cb()
1015 suffix_match = conn->suffix_match; in tls_verify_cb()
1016 domain_match = conn->domain_match; in tls_verify_cb()
1018 if (!preverify_ok && !conn->ca_cert_verify) in tls_verify_cb()
1020 if (!preverify_ok && depth > 0 && conn->server_cert_only) in tls_verify_cb()
1022 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) && in tls_verify_cb()
1038 if (depth == 0 && conn->server_cert_only) { in tls_verify_cb()
1054 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { in tls_verify_cb()
1076 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1084 conn->ca_cert_verify, depth, buf); in tls_verify_cb()
1090 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1099 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1108 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1116 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1120 wolfssl_tls_cert_event(conn, err_cert, depth, buf); in tls_verify_cb()
1123 if (conn->cert_probe && preverify_ok && depth == 0) { in tls_verify_cb()
1127 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1133 if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) && in tls_verify_cb()
1137 res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert, in tls_verify_cb()
1138 conn->peer_issuer, in tls_verify_cb()
1139 conn->peer_issuer_issuer); in tls_verify_cb()
1142 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1149 (conn->flags & TLS_CONN_REQUIRE_OCSP)) { in tls_verify_cb()
1151 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, in tls_verify_cb()
1162 os_free(conn->peer_subject); in tls_verify_cb()
1163 conn->peer_subject = os_strdup(buf); in tls_verify_cb()
1170 static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn, in tls_connection_ca_cert() argument
1177 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); in tls_connection_ca_cert()
1178 conn->ca_cert_verify = 1; in tls_connection_ca_cert()
1183 conn->cert_probe = 1; in tls_connection_ca_cert()
1184 conn->ca_cert_verify = 0; in tls_connection_ca_cert()
1205 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { in tls_connection_ca_cert()
1211 conn->server_cert_only = 1; in tls_connection_ca_cert()
1268 conn->ca_cert_verify = 0; in tls_connection_ca_cert()
1291 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, in tls_connection_set_params() argument
1296 if (tls_connection_set_subject_match(conn, params->subject_match, in tls_connection_set_params()
1304 if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, in tls_connection_set_params()
1312 if (tls_connection_client_cert(conn, params->client_cert, in tls_connection_set_params()
1319 if (tls_connection_private_key(tls_ctx, conn, params->private_key, in tls_connection_set_params()
1330 wolfSSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) { in tls_connection_set_params()
1337 tls_set_conn_flags(conn->ssl, params->flags); in tls_connection_set_params()
1341 if (wolfSSL_UseOCSPStapling(conn->ssl, WOLFSSL_CSR_OCSP, in tls_connection_set_params()
1345 if (wolfSSL_EnableOCSPStapling(conn->ssl) != SSL_SUCCESS) in tls_connection_set_params()
1351 if (wolfSSL_UseOCSPStaplingV2(conn->ssl, in tls_connection_set_params()
1355 if (wolfSSL_EnableOCSPStapling(conn->ssl) != SSL_SUCCESS) in tls_connection_set_params()
1378 conn->flags = params->flags; in tls_connection_set_params()
1608 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, in tls_connection_set_verify() argument
1615 if (!conn) in tls_connection_set_verify()
1621 conn->ca_cert_verify = 1; in tls_connection_set_verify()
1622 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER | in tls_connection_set_verify()
1626 conn->ca_cert_verify = 0; in tls_connection_set_verify()
1627 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); in tls_connection_set_verify()
1630 wolfSSL_set_accept_state(conn->ssl); in tls_connection_set_verify()
1640 wolfSSL_set_session_id_context(conn->ssl, in tls_connection_set_verify()
1644 wolfSSL_set_session_id_context(conn->ssl, session_ctx, in tls_connection_set_verify()
1654 static struct wpabuf * wolfssl_handshake(struct tls_connection *conn, in wolfssl_handshake() argument
1660 wolfssl_reset_out_data(&conn->output); in wolfssl_handshake()
1664 wolfSSL_set_accept_state(conn->ssl); in wolfssl_handshake()
1665 res = wolfSSL_accept(conn->ssl); in wolfssl_handshake()
1668 wolfSSL_set_connect_state(conn->ssl); in wolfssl_handshake()
1669 res = wolfSSL_connect(conn->ssl); in wolfssl_handshake()
1674 int err = wolfSSL_get_error(conn->ssl, res); in wolfssl_handshake()
1699 conn->failed++; in wolfssl_handshake()
1703 return conn->output.out_data; in wolfssl_handshake()
1707 static struct wpabuf * wolfssl_get_appl_data(struct tls_connection *conn, in wolfssl_get_appl_data() argument
1716 res = wolfSSL_read(conn->ssl, wpabuf_mhead(appl_data), in wolfssl_get_appl_data()
1719 int err = wolfSSL_get_error(conn->ssl, res); in wolfssl_get_appl_data()
1745 wolfssl_connection_handshake(struct tls_connection *conn, in wolfssl_connection_handshake() argument
1751 wolfssl_reset_in_data(&conn->input, in_data); in wolfssl_connection_handshake()
1756 out_data = wolfssl_handshake(conn, in_data, server); in wolfssl_connection_handshake()
1760 if (wolfSSL_is_init_finished(conn->ssl)) { in wolfssl_connection_handshake()
1763 tls_connection_resumed(NULL, conn)); in wolfssl_connection_handshake()
1765 *appl_data = wolfssl_get_appl_data(conn, in wolfssl_connection_handshake()
1774 struct tls_connection *conn, in tls_connection_handshake() argument
1778 return wolfssl_connection_handshake(conn, in_data, appl_data, 0); in tls_connection_handshake()
1783 struct tls_connection *conn, in tls_connection_server_handshake() argument
1787 return wolfssl_connection_handshake(conn, in_data, appl_data, 1); in tls_connection_server_handshake()
1792 struct tls_connection *conn, in tls_connection_encrypt() argument
1797 if (!conn) in tls_connection_encrypt()
1802 wolfssl_reset_out_data(&conn->output); in tls_connection_encrypt()
1804 res = wolfSSL_write(conn->ssl, wpabuf_head(in_data), in tls_connection_encrypt()
1807 int err = wolfSSL_get_error(conn->ssl, res); in tls_connection_encrypt()
1815 return conn->output.out_data; in tls_connection_encrypt()
1820 struct tls_connection *conn, in tls_connection_decrypt() argument
1826 if (!conn) in tls_connection_decrypt()
1831 wolfssl_reset_in_data(&conn->input, in_data); in tls_connection_decrypt()
1843 res = wolfSSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); in tls_connection_decrypt()
1857 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) in tls_connection_resumed() argument
1859 return conn ? wolfSSL_session_reused(conn->ssl) : 0; in tls_connection_resumed()
1863 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, in tls_connection_set_cipher_list() argument
1870 if (!conn || !conn->ssl || !ciphers) in tls_connection_set_cipher_list()
1915 if (wolfSSL_set_cipher_list(conn->ssl, buf + 1) != 1) { in tls_connection_set_cipher_list()
1924 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, in tls_get_cipher() argument
1930 if (!conn || !conn->ssl) in tls_get_cipher()
1933 cipher = wolfSSL_get_current_cipher(conn->ssl); in tls_get_cipher()
1961 struct tls_connection *conn) in tls_connection_enable_workaround() argument
1968 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) in tls_connection_get_failed() argument
1970 if (!conn) in tls_connection_get_failed()
1973 return conn->failed; in tls_connection_get_failed()
1977 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) in tls_connection_get_read_alerts() argument
1979 if (!conn) in tls_connection_get_read_alerts()
1983 return conn->read_alerts; in tls_connection_get_read_alerts()
1988 struct tls_connection *conn) in tls_connection_get_write_alerts() argument
1990 if (!conn) in tls_connection_get_write_alerts()
1994 return conn->write_alerts; in tls_connection_get_write_alerts()
2005 int tls_get_version(void *ssl_ctx, struct tls_connection *conn, in tls_get_version() argument
2010 if (!conn || !conn->ssl) in tls_get_version()
2013 name = wolfSSL_get_version(conn->ssl); in tls_get_version()
2022 int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn, in tls_connection_get_random() argument
2027 if (!conn || !keys) in tls_connection_get_random()
2029 ssl = conn->ssl; in tls_connection_get_random()
2034 keys->client_random = conn->client_random; in tls_connection_get_random()
2036 ssl, conn->client_random, sizeof(conn->client_random)); in tls_connection_get_random()
2037 keys->server_random = conn->server_random; in tls_connection_get_random()
2039 ssl, conn->server_random, sizeof(conn->server_random)); in tls_connection_get_random()
2045 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, in tls_connection_export_key() argument
2049 if (!conn) in tls_connection_export_key()
2052 if (wolfSSL_export_keying_material(conn->ssl, out, out_len, in tls_connection_export_key()
2060 wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0) in tls_connection_export_key()
2069 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, in tls_connection_get_eap_fast_key() argument
2085 if (!conn || !conn->ssl) in tls_connection_get_eap_fast_key()
2087 ssl = conn->ssl; in tls_connection_get_eap_fast_key()
2130 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, in tls_connection_client_hello_ext() argument
2136 if (!conn || !conn->ssl || ext_type != 35) in tls_connection_client_hello_ext()
2139 if (wolfSSL_set_SessionTicket(conn->ssl, data, in tls_connection_client_hello_ext()
2149 struct tls_connection *conn = arg; in tls_sess_sec_cb() local
2153 word32 ticket_len = sizeof(conn->session_ticket); in tls_sess_sec_cb()
2155 if (!conn || !conn->session_ticket_cb) in tls_sess_sec_cb()
2162 wolfSSL_get_SessionTicket(s, conn->session_ticket, in tls_sess_sec_cb()
2169 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, in tls_sess_sec_cb()
2170 conn->session_ticket, ticket_len, in tls_sess_sec_cb()
2183 struct tls_connection *conn, in tls_connection_set_session_ticket_cb() argument
2188 conn->session_ticket_cb = cb; in tls_connection_set_session_ticket_cb()
2189 conn->session_ticket_cb_ctx = ctx; in tls_connection_set_session_ticket_cb()
2192 if (wolfSSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, in tls_connection_set_session_ticket_cb()
2193 conn) != 1) in tls_connection_set_session_ticket_cb()
2196 if (wolfSSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) in tls_connection_set_session_ticket_cb()
2207 void tls_connection_set_success_data_resumed(struct tls_connection *conn) in tls_connection_set_success_data_resumed() argument
2214 void tls_connection_remove_session(struct tls_connection *conn) in tls_connection_remove_session() argument
2218 sess = wolfSSL_get_session(conn->ssl); in tls_connection_remove_session()
2228 int tls_get_tls_unique(struct tls_connection *conn, u8 *buf, size_t max_len) in tls_get_tls_unique() argument
2233 reused = wolfSSL_session_reused(conn->ssl); in tls_get_tls_unique()
2234 if ((wolfSSL_is_server(conn->ssl) && !reused) || in tls_get_tls_unique()
2235 (!wolfSSL_is_server(conn->ssl) && reused)) in tls_get_tls_unique()
2236 len = wolfSSL_get_peer_finished(conn->ssl, buf, max_len); in tls_get_tls_unique()
2238 len = wolfSSL_get_finished(conn->ssl, buf, max_len); in tls_get_tls_unique()
2247 u16 tls_connection_get_cipher_suite(struct tls_connection *conn) in tls_connection_get_cipher_suite() argument
2249 return (u16) wolfSSL_get_current_cipher_suite(conn->ssl); in tls_connection_get_cipher_suite()
2253 const char * tls_connection_get_peer_subject(struct tls_connection *conn) in tls_connection_get_peer_subject() argument
2255 if (conn) in tls_connection_get_peer_subject()
2256 return conn->peer_subject; in tls_connection_get_peer_subject()
2261 void tls_connection_set_success_data(struct tls_connection *conn, in tls_connection_set_success_data() argument
2269 sess = wolfSSL_get_session(conn->ssl); in tls_connection_set_success_data()
2286 conn->success_data = 1; in tls_connection_set_success_data()
2296 tls_connection_get_success_data(struct tls_connection *conn) in tls_connection_get_success_data() argument
2302 sess = wolfSSL_get_session(conn->ssl); in tls_connection_get_success_data()
2309 bool tls_connection_get_own_cert_used(struct tls_connection *conn) in tls_connection_get_own_cert_used() argument
2311 if (conn) in tls_connection_get_own_cert_used()
2312 return wolfSSL_get_certificate(conn->ssl) != NULL; in tls_connection_get_own_cert_used()