1 /*
2 * TLS interface functions and an internal TLS implementation
3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file interface functions for hostapd/wpa_supplicant to use the
9 * integrated TLSv1 implementation.
10 */
11
12 #include "includes.h"
13
14 #include "common.h"
15 #include "tls.h"
16 #include "tls/tlsv1_client.h"
17 #include "tls/tlsv1_server.h"
18
19
20 static int tls_ref_count = 0;
21
22 struct tls_global {
23 int server;
24 struct tlsv1_credentials *server_cred;
25 int check_crl;
26
27 void (*event_cb)(void *ctx, enum tls_event ev,
28 union tls_event_data *data);
29 void *cb_ctx;
30 int cert_in_cb;
31 };
32
33 struct tls_connection {
34 struct tlsv1_client *client;
35 struct tlsv1_server *server;
36 struct tls_global *global;
37 };
38
39
tls_init(const struct tls_config * conf)40 void * tls_init(const struct tls_config *conf)
41 {
42 struct tls_global *global;
43
44 if (tls_ref_count == 0) {
45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
46 if (tlsv1_client_global_init())
47 return NULL;
48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
49 #ifdef CONFIG_TLS_INTERNAL_SERVER
50 if (tlsv1_server_global_init())
51 return NULL;
52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
53 }
54 tls_ref_count++;
55
56 global = os_zalloc(sizeof(*global));
57 if (global == NULL)
58 return NULL;
59 if (conf) {
60 global->event_cb = conf->event_cb;
61 global->cb_ctx = conf->cb_ctx;
62 global->cert_in_cb = conf->cert_in_cb;
63 }
64
65 return global;
66 }
67
tls_deinit(void * ssl_ctx)68 void tls_deinit(void *ssl_ctx)
69 {
70 struct tls_global *global = ssl_ctx;
71 tls_ref_count--;
72 if (tls_ref_count == 0) {
73 #ifdef CONFIG_TLS_INTERNAL_CLIENT
74 tlsv1_client_global_deinit();
75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
76 #ifdef CONFIG_TLS_INTERNAL_SERVER
77 tlsv1_server_global_deinit();
78 #endif /* CONFIG_TLS_INTERNAL_SERVER */
79 }
80 #ifdef CONFIG_TLS_INTERNAL_SERVER
81 tlsv1_cred_free(global->server_cred);
82 #endif /* CONFIG_TLS_INTERNAL_SERVER */
83 os_free(global);
84 }
85
86
tls_get_errors(void * tls_ctx)87 int tls_get_errors(void *tls_ctx)
88 {
89 return 0;
90 }
91
92
tls_connection_init(void * tls_ctx)93 struct tls_connection * tls_connection_init(void *tls_ctx)
94 {
95 struct tls_connection *conn;
96 struct tls_global *global = tls_ctx;
97
98 conn = os_zalloc(sizeof(*conn));
99 if (conn == NULL)
100 return NULL;
101 conn->global = global;
102
103 #ifdef CONFIG_TLS_INTERNAL_CLIENT
104 if (!global->server) {
105 conn->client = tlsv1_client_init();
106 if (conn->client == NULL) {
107 os_free(conn);
108 return NULL;
109 }
110 tlsv1_client_set_cb(conn->client, global->event_cb,
111 global->cb_ctx, global->cert_in_cb);
112 }
113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
114 #ifdef CONFIG_TLS_INTERNAL_SERVER
115 if (global->server) {
116 conn->server = tlsv1_server_init(global->server_cred);
117 if (conn->server == NULL) {
118 os_free(conn);
119 return NULL;
120 }
121 }
122 #endif /* CONFIG_TLS_INTERNAL_SERVER */
123
124 return conn;
125 }
126
127
128 #ifdef CONFIG_TESTING_OPTIONS
129 #ifdef CONFIG_TLS_INTERNAL_SERVER
tls_connection_set_test_flags(struct tls_connection * conn,u32 flags)130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
131 {
132 if (conn->server)
133 tlsv1_server_set_test_flags(conn->server, flags);
134 }
135 #endif /* CONFIG_TLS_INTERNAL_SERVER */
136 #endif /* CONFIG_TESTING_OPTIONS */
137
138
tls_connection_set_log_cb(struct tls_connection * conn,void (* log_cb)(void * ctx,const char * msg),void * ctx)139 void tls_connection_set_log_cb(struct tls_connection *conn,
140 void (*log_cb)(void *ctx, const char *msg),
141 void *ctx)
142 {
143 #ifdef CONFIG_TLS_INTERNAL_SERVER
144 if (conn->server)
145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
146 #endif /* CONFIG_TLS_INTERNAL_SERVER */
147 }
148
149
tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
151 {
152 if (conn == NULL)
153 return;
154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
155 if (conn->client)
156 tlsv1_client_deinit(conn->client);
157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
158 #ifdef CONFIG_TLS_INTERNAL_SERVER
159 if (conn->server)
160 tlsv1_server_deinit(conn->server);
161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
162 os_free(conn);
163 }
164
165
tls_connection_established(void * tls_ctx,struct tls_connection * conn)166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
167 {
168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
169 if (conn->client)
170 return tlsv1_client_established(conn->client);
171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
172 #ifdef CONFIG_TLS_INTERNAL_SERVER
173 if (conn->server)
174 return tlsv1_server_established(conn->server);
175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
176 return 0;
177 }
178
179
tls_connection_peer_serial_num(void * tls_ctx,struct tls_connection * conn)180 char * tls_connection_peer_serial_num(void *tls_ctx,
181 struct tls_connection *conn)
182 {
183 /* TODO */
184 return NULL;
185 }
186
187
tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)188 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
189 {
190 #ifdef CONFIG_TLS_INTERNAL_CLIENT
191 if (conn->client)
192 return tlsv1_client_shutdown(conn->client);
193 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
194 #ifdef CONFIG_TLS_INTERNAL_SERVER
195 if (conn->server)
196 return tlsv1_server_shutdown(conn->server);
197 #endif /* CONFIG_TLS_INTERNAL_SERVER */
198 return -1;
199 }
200
201
tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)202 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
203 const struct tls_connection_params *params)
204 {
205 #ifdef CONFIG_TLS_INTERNAL_CLIENT
206 struct tlsv1_credentials *cred;
207
208 if (conn->client == NULL)
209 return -1;
210
211 if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
212 wpa_printf(MSG_INFO,
213 "TLS: tls_ext_cert_check=1 not supported");
214 return -1;
215 }
216
217 cred = tlsv1_cred_alloc();
218 if (cred == NULL)
219 return -1;
220
221 if (params->subject_match) {
222 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
223 tlsv1_cred_free(cred);
224 return -1;
225 }
226
227 if (params->altsubject_match) {
228 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
229 tlsv1_cred_free(cred);
230 return -1;
231 }
232
233 if (params->suffix_match) {
234 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
235 tlsv1_cred_free(cred);
236 return -1;
237 }
238
239 if (params->domain_match) {
240 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
241 tlsv1_cred_free(cred);
242 return -1;
243 }
244
245 if (params->openssl_ciphers) {
246 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
247 tlsv1_cred_free(cred);
248 return -1;
249 }
250
251 if (params->openssl_ecdh_curves) {
252 wpa_printf(MSG_INFO, "TLS: openssl_ecdh_curves not supported");
253 tlsv1_cred_free(cred);
254 return -1;
255 }
256
257 if (tlsv1_set_ca_cert(cred, params->ca_cert,
258 params->ca_cert_blob, params->ca_cert_blob_len,
259 params->ca_path)) {
260 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
261 "certificates");
262 tlsv1_cred_free(cred);
263 return -1;
264 }
265
266 if (tlsv1_set_cert(cred, params->client_cert,
267 params->client_cert_blob,
268 params->client_cert_blob_len)) {
269 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
270 "certificate");
271 tlsv1_cred_free(cred);
272 return -1;
273 }
274
275 if (tlsv1_set_private_key(cred, params->private_key,
276 params->private_key_passwd,
277 params->private_key_blob,
278 params->private_key_blob_len)) {
279 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
280 tlsv1_cred_free(cred);
281 return -1;
282 }
283
284 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
285 tlsv1_cred_free(cred);
286 return -1;
287 }
288
289 tlsv1_client_set_flags(conn->client, params->flags);
290
291 return 0;
292 #else /* CONFIG_TLS_INTERNAL_CLIENT */
293 return -1;
294 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
295 }
296
297
tls_global_set_params(void * tls_ctx,const struct tls_connection_params * params)298 int tls_global_set_params(void *tls_ctx,
299 const struct tls_connection_params *params)
300 {
301 #ifdef CONFIG_TLS_INTERNAL_SERVER
302 struct tls_global *global = tls_ctx;
303 struct tlsv1_credentials *cred;
304
305 if (params->check_cert_subject)
306 return -1; /* not yet supported */
307
308 /* Currently, global parameters are only set when running in server
309 * mode. */
310 global->server = 1;
311 tlsv1_cred_free(global->server_cred);
312 global->server_cred = cred = tlsv1_cred_alloc();
313 if (cred == NULL)
314 return -1;
315
316 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
317 params->ca_cert_blob_len, params->ca_path)) {
318 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
319 "certificates");
320 return -1;
321 }
322
323 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
324 params->client_cert_blob_len)) {
325 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
326 "certificate");
327 return -1;
328 }
329
330 if (tlsv1_set_private_key(cred, params->private_key,
331 params->private_key_passwd,
332 params->private_key_blob,
333 params->private_key_blob_len)) {
334 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
335 return -1;
336 }
337
338 if (tlsv1_set_dhparams(cred, params->dh_file, NULL, 0)) {
339 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
340 return -1;
341 }
342
343 if (params->ocsp_stapling_response)
344 cred->ocsp_stapling_response =
345 os_strdup(params->ocsp_stapling_response);
346 if (params->ocsp_stapling_response_multi)
347 cred->ocsp_stapling_response_multi =
348 os_strdup(params->ocsp_stapling_response_multi);
349
350 return 0;
351 #else /* CONFIG_TLS_INTERNAL_SERVER */
352 return -1;
353 #endif /* CONFIG_TLS_INTERNAL_SERVER */
354 }
355
356
tls_global_set_verify(void * tls_ctx,int check_crl,int strict)357 int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
358 {
359 struct tls_global *global = tls_ctx;
360 global->check_crl = check_crl;
361 return 0;
362 }
363
364
tls_connection_set_verify(void * tls_ctx,struct tls_connection * conn,int verify_peer,unsigned int flags,const u8 * session_ctx,size_t session_ctx_len)365 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
366 int verify_peer, unsigned int flags,
367 const u8 *session_ctx, size_t session_ctx_len)
368 {
369 #ifdef CONFIG_TLS_INTERNAL_SERVER
370 if (conn->server)
371 return tlsv1_server_set_verify(conn->server, verify_peer);
372 #endif /* CONFIG_TLS_INTERNAL_SERVER */
373 return -1;
374 }
375
376
tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)377 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
378 struct tls_random *data)
379 {
380 #ifdef CONFIG_TLS_INTERNAL_CLIENT
381 if (conn->client)
382 return tlsv1_client_get_random(conn->client, data);
383 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
384 #ifdef CONFIG_TLS_INTERNAL_SERVER
385 if (conn->server)
386 return tlsv1_server_get_random(conn->server, data);
387 #endif /* CONFIG_TLS_INTERNAL_SERVER */
388 return -1;
389 }
390
391
tls_get_keyblock_size(struct tls_connection * conn)392 static int tls_get_keyblock_size(struct tls_connection *conn)
393 {
394 #ifdef CONFIG_TLS_INTERNAL_CLIENT
395 if (conn->client)
396 return tlsv1_client_get_keyblock_size(conn->client);
397 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
398 #ifdef CONFIG_TLS_INTERNAL_SERVER
399 if (conn->server)
400 return tlsv1_server_get_keyblock_size(conn->server);
401 #endif /* CONFIG_TLS_INTERNAL_SERVER */
402 return -1;
403 }
404
405
tls_connection_prf(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,int server_random_first,int skip_keyblock,u8 * out,size_t out_len)406 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
407 const char *label, const u8 *context,
408 size_t context_len, int server_random_first,
409 int skip_keyblock, u8 *out, size_t out_len)
410 {
411 int ret = -1, skip = 0;
412 u8 *tmp_out = NULL;
413 u8 *_out = out;
414
415 if (skip_keyblock) {
416 skip = tls_get_keyblock_size(conn);
417 if (skip < 0)
418 return -1;
419 tmp_out = os_malloc(skip + out_len);
420 if (!tmp_out)
421 return -1;
422 _out = tmp_out;
423 }
424
425 #ifdef CONFIG_TLS_INTERNAL_CLIENT
426 if (conn->client) {
427 ret = tlsv1_client_prf(conn->client, label, context,
428 context_len, server_random_first,
429 _out, skip + out_len);
430 }
431 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
432 #ifdef CONFIG_TLS_INTERNAL_SERVER
433 if (conn->server) {
434 ret = tlsv1_server_prf(conn->server, label, context,
435 context_len, server_random_first,
436 _out, skip + out_len);
437 }
438 #endif /* CONFIG_TLS_INTERNAL_SERVER */
439 if (ret == 0 && skip_keyblock)
440 os_memcpy(out, _out + skip, out_len);
441 bin_clear_free(tmp_out, skip);
442
443 return ret;
444 }
445
446
tls_connection_export_key(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,u8 * out,size_t out_len)447 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
448 const char *label, const u8 *context,
449 size_t context_len, u8 *out, size_t out_len)
450 {
451 return tls_connection_prf(tls_ctx, conn, label, context, context_len,
452 0, 0, out, out_len);
453 }
454
455
tls_connection_get_eap_fast_key(void * tls_ctx,struct tls_connection * conn,u8 * out,size_t out_len)456 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
457 u8 *out, size_t out_len)
458 {
459 return tls_connection_prf(tls_ctx, conn, "key expansion", NULL, 0,
460 1, 1, out, out_len);
461 }
462
463
tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)464 struct wpabuf * tls_connection_handshake(void *tls_ctx,
465 struct tls_connection *conn,
466 const struct wpabuf *in_data,
467 struct wpabuf **appl_data)
468 {
469 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
470 NULL);
471 }
472
473
tls_connection_handshake2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data,int * need_more_data)474 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
475 struct tls_connection *conn,
476 const struct wpabuf *in_data,
477 struct wpabuf **appl_data,
478 int *need_more_data)
479 {
480 #ifdef CONFIG_TLS_INTERNAL_CLIENT
481 u8 *res, *ad;
482 size_t res_len, ad_len;
483 struct wpabuf *out;
484
485 if (conn->client == NULL)
486 return NULL;
487
488 ad = NULL;
489 res = tlsv1_client_handshake(conn->client,
490 in_data ? wpabuf_head(in_data) : NULL,
491 in_data ? wpabuf_len(in_data) : 0,
492 &res_len, &ad, &ad_len, need_more_data);
493 if (res == NULL)
494 return NULL;
495 out = wpabuf_alloc_ext_data(res, res_len);
496 if (out == NULL) {
497 os_free(res);
498 os_free(ad);
499 return NULL;
500 }
501 if (appl_data) {
502 if (ad) {
503 *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
504 if (*appl_data == NULL)
505 os_free(ad);
506 } else
507 *appl_data = NULL;
508 } else
509 os_free(ad);
510
511 return out;
512 #else /* CONFIG_TLS_INTERNAL_CLIENT */
513 return NULL;
514 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
515 }
516
517
tls_connection_server_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)518 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
519 struct tls_connection *conn,
520 const struct wpabuf *in_data,
521 struct wpabuf **appl_data)
522 {
523 #ifdef CONFIG_TLS_INTERNAL_SERVER
524 u8 *res;
525 size_t res_len;
526 struct wpabuf *out;
527
528 if (conn->server == NULL)
529 return NULL;
530
531 if (appl_data)
532 *appl_data = NULL;
533
534 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
535 wpabuf_len(in_data), &res_len);
536 if (res == NULL && tlsv1_server_established(conn->server))
537 return wpabuf_alloc(0);
538 if (res == NULL)
539 return NULL;
540 out = wpabuf_alloc_ext_data(res, res_len);
541 if (out == NULL) {
542 os_free(res);
543 return NULL;
544 }
545
546 return out;
547 #else /* CONFIG_TLS_INTERNAL_SERVER */
548 return NULL;
549 #endif /* CONFIG_TLS_INTERNAL_SERVER */
550 }
551
552
tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)553 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
554 struct tls_connection *conn,
555 const struct wpabuf *in_data)
556 {
557 #ifdef CONFIG_TLS_INTERNAL_CLIENT
558 if (conn->client) {
559 struct wpabuf *buf;
560 int res;
561 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
562 if (buf == NULL)
563 return NULL;
564 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
565 wpabuf_len(in_data),
566 wpabuf_mhead(buf),
567 wpabuf_size(buf));
568 if (res < 0) {
569 wpabuf_free(buf);
570 return NULL;
571 }
572 wpabuf_put(buf, res);
573 return buf;
574 }
575 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
576 #ifdef CONFIG_TLS_INTERNAL_SERVER
577 if (conn->server) {
578 struct wpabuf *buf;
579 int res;
580 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
581 if (buf == NULL)
582 return NULL;
583 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
584 wpabuf_len(in_data),
585 wpabuf_mhead(buf),
586 wpabuf_size(buf));
587 if (res < 0) {
588 wpabuf_free(buf);
589 return NULL;
590 }
591 wpabuf_put(buf, res);
592 return buf;
593 }
594 #endif /* CONFIG_TLS_INTERNAL_SERVER */
595 return NULL;
596 }
597
598
tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)599 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
600 struct tls_connection *conn,
601 const struct wpabuf *in_data)
602 {
603 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
604 }
605
606
tls_connection_decrypt2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,int * need_more_data)607 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
608 struct tls_connection *conn,
609 const struct wpabuf *in_data,
610 int *need_more_data)
611 {
612 if (need_more_data)
613 *need_more_data = 0;
614
615 #ifdef CONFIG_TLS_INTERNAL_CLIENT
616 if (conn->client) {
617 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
618 wpabuf_len(in_data),
619 need_more_data);
620 }
621 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
622 #ifdef CONFIG_TLS_INTERNAL_SERVER
623 if (conn->server) {
624 struct wpabuf *buf;
625 int res;
626 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
627 if (buf == NULL)
628 return NULL;
629 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
630 wpabuf_len(in_data),
631 wpabuf_mhead(buf),
632 wpabuf_size(buf));
633 if (res < 0) {
634 wpabuf_free(buf);
635 return NULL;
636 }
637 wpabuf_put(buf, res);
638 return buf;
639 }
640 #endif /* CONFIG_TLS_INTERNAL_SERVER */
641 return NULL;
642 }
643
644
tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)645 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
646 {
647 #ifdef CONFIG_TLS_INTERNAL_CLIENT
648 if (conn->client)
649 return tlsv1_client_resumed(conn->client);
650 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
651 #ifdef CONFIG_TLS_INTERNAL_SERVER
652 if (conn->server)
653 return tlsv1_server_resumed(conn->server);
654 #endif /* CONFIG_TLS_INTERNAL_SERVER */
655 return -1;
656 }
657
658
tls_connection_set_cipher_list(void * tls_ctx,struct tls_connection * conn,u8 * ciphers)659 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
660 u8 *ciphers)
661 {
662 #ifdef CONFIG_TLS_INTERNAL_CLIENT
663 if (conn->client)
664 return tlsv1_client_set_cipher_list(conn->client, ciphers);
665 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
666 #ifdef CONFIG_TLS_INTERNAL_SERVER
667 if (conn->server)
668 return tlsv1_server_set_cipher_list(conn->server, ciphers);
669 #endif /* CONFIG_TLS_INTERNAL_SERVER */
670 return -1;
671 }
672
673
tls_get_version(void * ssl_ctx,struct tls_connection * conn,char * buf,size_t buflen)674 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
675 char *buf, size_t buflen)
676 {
677 if (conn == NULL)
678 return -1;
679 #ifdef CONFIG_TLS_INTERNAL_CLIENT
680 if (conn->client)
681 return tlsv1_client_get_version(conn->client, buf, buflen);
682 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
683 return -1;
684 }
685
686
tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)687 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
688 char *buf, size_t buflen)
689 {
690 if (conn == NULL)
691 return -1;
692 #ifdef CONFIG_TLS_INTERNAL_CLIENT
693 if (conn->client)
694 return tlsv1_client_get_cipher(conn->client, buf, buflen);
695 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
696 #ifdef CONFIG_TLS_INTERNAL_SERVER
697 if (conn->server)
698 return tlsv1_server_get_cipher(conn->server, buf, buflen);
699 #endif /* CONFIG_TLS_INTERNAL_SERVER */
700 return -1;
701 }
702
703
tls_connection_enable_workaround(void * tls_ctx,struct tls_connection * conn)704 int tls_connection_enable_workaround(void *tls_ctx,
705 struct tls_connection *conn)
706 {
707 return -1;
708 }
709
710
tls_connection_client_hello_ext(void * tls_ctx,struct tls_connection * conn,int ext_type,const u8 * data,size_t data_len)711 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
712 int ext_type, const u8 *data,
713 size_t data_len)
714 {
715 #ifdef CONFIG_TLS_INTERNAL_CLIENT
716 if (conn->client) {
717 return tlsv1_client_hello_ext(conn->client, ext_type,
718 data, data_len);
719 }
720 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
721 return -1;
722 }
723
724
tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)725 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
726 {
727 #ifdef CONFIG_TLS_INTERNAL_SERVER
728 if (conn->server)
729 return tlsv1_server_get_failed(conn->server);
730 #endif /* CONFIG_TLS_INTERNAL_SERVER */
731 return 0;
732 }
733
734
tls_connection_get_read_alerts(void * tls_ctx,struct tls_connection * conn)735 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
736 {
737 #ifdef CONFIG_TLS_INTERNAL_SERVER
738 if (conn->server)
739 return tlsv1_server_get_read_alerts(conn->server);
740 #endif /* CONFIG_TLS_INTERNAL_SERVER */
741 return 0;
742 }
743
744
tls_connection_get_write_alerts(void * tls_ctx,struct tls_connection * conn)745 int tls_connection_get_write_alerts(void *tls_ctx,
746 struct tls_connection *conn)
747 {
748 #ifdef CONFIG_TLS_INTERNAL_SERVER
749 if (conn->server)
750 return tlsv1_server_get_write_alerts(conn->server);
751 #endif /* CONFIG_TLS_INTERNAL_SERVER */
752 return 0;
753 }
754
755
tls_connection_set_session_ticket_cb(void * tls_ctx,struct tls_connection * conn,tls_session_ticket_cb cb,void * ctx)756 int tls_connection_set_session_ticket_cb(void *tls_ctx,
757 struct tls_connection *conn,
758 tls_session_ticket_cb cb,
759 void *ctx)
760 {
761 #ifdef CONFIG_TLS_INTERNAL_CLIENT
762 if (conn->client) {
763 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
764 return 0;
765 }
766 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
767 #ifdef CONFIG_TLS_INTERNAL_SERVER
768 if (conn->server) {
769 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
770 return 0;
771 }
772 #endif /* CONFIG_TLS_INTERNAL_SERVER */
773 return -1;
774 }
775
776
tls_get_library_version(char * buf,size_t buf_len)777 int tls_get_library_version(char *buf, size_t buf_len)
778 {
779 return os_snprintf(buf, buf_len, "internal");
780 }
781
782
tls_connection_set_success_data(struct tls_connection * conn,struct wpabuf * data)783 void tls_connection_set_success_data(struct tls_connection *conn,
784 struct wpabuf *data)
785 {
786 wpabuf_free(data);
787 }
788
789
tls_connection_set_success_data_resumed(struct tls_connection * conn)790 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
791 {
792 }
793
794
795 const struct wpabuf *
tls_connection_get_success_data(struct tls_connection * conn)796 tls_connection_get_success_data(struct tls_connection *conn)
797 {
798 return NULL;
799 }
800
801
tls_connection_remove_session(struct tls_connection * conn)802 void tls_connection_remove_session(struct tls_connection *conn)
803 {
804 }
805