139beb93cSSam Leffler /*
2e28a4053SRui Paulo * TLS interface functions and an internal TLS implementation
34bc52338SCy Schubert * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
439beb93cSSam Leffler *
5f05cddf9SRui Paulo * This software may be distributed under the terms of the BSD license.
6f05cddf9SRui Paulo * See README for more details.
739beb93cSSam Leffler *
839beb93cSSam Leffler * This file interface functions for hostapd/wpa_supplicant to use the
939beb93cSSam Leffler * integrated TLSv1 implementation.
1039beb93cSSam Leffler */
1139beb93cSSam Leffler
1239beb93cSSam Leffler #include "includes.h"
1339beb93cSSam Leffler
1439beb93cSSam Leffler #include "common.h"
1539beb93cSSam Leffler #include "tls.h"
1639beb93cSSam Leffler #include "tls/tlsv1_client.h"
1739beb93cSSam Leffler #include "tls/tlsv1_server.h"
1839beb93cSSam Leffler
1939beb93cSSam Leffler
2039beb93cSSam Leffler static int tls_ref_count = 0;
2139beb93cSSam Leffler
2239beb93cSSam Leffler struct tls_global {
2339beb93cSSam Leffler int server;
2439beb93cSSam Leffler struct tlsv1_credentials *server_cred;
2539beb93cSSam Leffler int check_crl;
26780fb4a2SCy Schubert
27780fb4a2SCy Schubert void (*event_cb)(void *ctx, enum tls_event ev,
28780fb4a2SCy Schubert union tls_event_data *data);
29780fb4a2SCy Schubert void *cb_ctx;
30780fb4a2SCy Schubert int cert_in_cb;
3139beb93cSSam Leffler };
3239beb93cSSam Leffler
3339beb93cSSam Leffler struct tls_connection {
3439beb93cSSam Leffler struct tlsv1_client *client;
3539beb93cSSam Leffler struct tlsv1_server *server;
365b9c547cSRui Paulo struct tls_global *global;
3739beb93cSSam Leffler };
3839beb93cSSam Leffler
3939beb93cSSam Leffler
tls_init(const struct tls_config * conf)4039beb93cSSam Leffler void * tls_init(const struct tls_config *conf)
4139beb93cSSam Leffler {
4239beb93cSSam Leffler struct tls_global *global;
4339beb93cSSam Leffler
4439beb93cSSam Leffler if (tls_ref_count == 0) {
4539beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
4639beb93cSSam Leffler if (tlsv1_client_global_init())
4739beb93cSSam Leffler return NULL;
4839beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
4939beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
5039beb93cSSam Leffler if (tlsv1_server_global_init())
5139beb93cSSam Leffler return NULL;
5239beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
5339beb93cSSam Leffler }
5439beb93cSSam Leffler tls_ref_count++;
5539beb93cSSam Leffler
5639beb93cSSam Leffler global = os_zalloc(sizeof(*global));
5739beb93cSSam Leffler if (global == NULL)
5839beb93cSSam Leffler return NULL;
59780fb4a2SCy Schubert if (conf) {
60780fb4a2SCy Schubert global->event_cb = conf->event_cb;
61780fb4a2SCy Schubert global->cb_ctx = conf->cb_ctx;
62780fb4a2SCy Schubert global->cert_in_cb = conf->cert_in_cb;
63780fb4a2SCy Schubert }
6439beb93cSSam Leffler
6539beb93cSSam Leffler return global;
6639beb93cSSam Leffler }
6739beb93cSSam Leffler
tls_deinit(void * ssl_ctx)6839beb93cSSam Leffler void tls_deinit(void *ssl_ctx)
6939beb93cSSam Leffler {
7039beb93cSSam Leffler struct tls_global *global = ssl_ctx;
7139beb93cSSam Leffler tls_ref_count--;
7239beb93cSSam Leffler if (tls_ref_count == 0) {
7339beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
7439beb93cSSam Leffler tlsv1_client_global_deinit();
7539beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
7639beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
7739beb93cSSam Leffler tlsv1_server_global_deinit();
7839beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
7939beb93cSSam Leffler }
80780fb4a2SCy Schubert #ifdef CONFIG_TLS_INTERNAL_SERVER
81780fb4a2SCy Schubert tlsv1_cred_free(global->server_cred);
82780fb4a2SCy Schubert #endif /* CONFIG_TLS_INTERNAL_SERVER */
8339beb93cSSam Leffler os_free(global);
8439beb93cSSam Leffler }
8539beb93cSSam Leffler
8639beb93cSSam Leffler
tls_get_errors(void * tls_ctx)8739beb93cSSam Leffler int tls_get_errors(void *tls_ctx)
8839beb93cSSam Leffler {
8939beb93cSSam Leffler return 0;
9039beb93cSSam Leffler }
9139beb93cSSam Leffler
9239beb93cSSam Leffler
tls_connection_init(void * tls_ctx)9339beb93cSSam Leffler struct tls_connection * tls_connection_init(void *tls_ctx)
9439beb93cSSam Leffler {
9539beb93cSSam Leffler struct tls_connection *conn;
9639beb93cSSam Leffler struct tls_global *global = tls_ctx;
9739beb93cSSam Leffler
9839beb93cSSam Leffler conn = os_zalloc(sizeof(*conn));
9939beb93cSSam Leffler if (conn == NULL)
10039beb93cSSam Leffler return NULL;
1015b9c547cSRui Paulo conn->global = global;
10239beb93cSSam Leffler
10339beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
10439beb93cSSam Leffler if (!global->server) {
10539beb93cSSam Leffler conn->client = tlsv1_client_init();
10639beb93cSSam Leffler if (conn->client == NULL) {
10739beb93cSSam Leffler os_free(conn);
10839beb93cSSam Leffler return NULL;
10939beb93cSSam Leffler }
110780fb4a2SCy Schubert tlsv1_client_set_cb(conn->client, global->event_cb,
111780fb4a2SCy Schubert global->cb_ctx, global->cert_in_cb);
11239beb93cSSam Leffler }
11339beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
11439beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
11539beb93cSSam Leffler if (global->server) {
11639beb93cSSam Leffler conn->server = tlsv1_server_init(global->server_cred);
11739beb93cSSam Leffler if (conn->server == NULL) {
11839beb93cSSam Leffler os_free(conn);
11939beb93cSSam Leffler return NULL;
12039beb93cSSam Leffler }
12139beb93cSSam Leffler }
12239beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
12339beb93cSSam Leffler
12439beb93cSSam Leffler return conn;
12539beb93cSSam Leffler }
12639beb93cSSam Leffler
12739beb93cSSam Leffler
1285b9c547cSRui Paulo #ifdef CONFIG_TESTING_OPTIONS
1295b9c547cSRui Paulo #ifdef CONFIG_TLS_INTERNAL_SERVER
tls_connection_set_test_flags(struct tls_connection * conn,u32 flags)1305b9c547cSRui Paulo void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
1315b9c547cSRui Paulo {
1325b9c547cSRui Paulo if (conn->server)
1335b9c547cSRui Paulo tlsv1_server_set_test_flags(conn->server, flags);
1345b9c547cSRui Paulo }
1355b9c547cSRui Paulo #endif /* CONFIG_TLS_INTERNAL_SERVER */
1365b9c547cSRui Paulo #endif /* CONFIG_TESTING_OPTIONS */
1375b9c547cSRui Paulo
1385b9c547cSRui Paulo
tls_connection_set_log_cb(struct tls_connection * conn,void (* log_cb)(void * ctx,const char * msg),void * ctx)1395b9c547cSRui Paulo void tls_connection_set_log_cb(struct tls_connection *conn,
1405b9c547cSRui Paulo void (*log_cb)(void *ctx, const char *msg),
1415b9c547cSRui Paulo void *ctx)
1425b9c547cSRui Paulo {
1435b9c547cSRui Paulo #ifdef CONFIG_TLS_INTERNAL_SERVER
1445b9c547cSRui Paulo if (conn->server)
1455b9c547cSRui Paulo tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
1465b9c547cSRui Paulo #endif /* CONFIG_TLS_INTERNAL_SERVER */
1475b9c547cSRui Paulo }
1485b9c547cSRui Paulo
1495b9c547cSRui Paulo
tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)15039beb93cSSam Leffler void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
15139beb93cSSam Leffler {
15239beb93cSSam Leffler if (conn == NULL)
15339beb93cSSam Leffler return;
15439beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
15539beb93cSSam Leffler if (conn->client)
15639beb93cSSam Leffler tlsv1_client_deinit(conn->client);
15739beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
15839beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
15939beb93cSSam Leffler if (conn->server)
16039beb93cSSam Leffler tlsv1_server_deinit(conn->server);
16139beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
16239beb93cSSam Leffler os_free(conn);
16339beb93cSSam Leffler }
16439beb93cSSam Leffler
16539beb93cSSam Leffler
tls_connection_established(void * tls_ctx,struct tls_connection * conn)16639beb93cSSam Leffler int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
16739beb93cSSam Leffler {
16839beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
16939beb93cSSam Leffler if (conn->client)
17039beb93cSSam Leffler return tlsv1_client_established(conn->client);
17139beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
17239beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
17339beb93cSSam Leffler if (conn->server)
17439beb93cSSam Leffler return tlsv1_server_established(conn->server);
17539beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
17639beb93cSSam Leffler return 0;
17739beb93cSSam Leffler }
17839beb93cSSam Leffler
17939beb93cSSam Leffler
tls_connection_peer_serial_num(void * tls_ctx,struct tls_connection * conn)18085732ac8SCy Schubert char * tls_connection_peer_serial_num(void *tls_ctx,
18185732ac8SCy Schubert struct tls_connection *conn)
18285732ac8SCy Schubert {
18385732ac8SCy Schubert /* TODO */
18485732ac8SCy Schubert return NULL;
18585732ac8SCy Schubert }
18685732ac8SCy Schubert
18785732ac8SCy Schubert
tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)18839beb93cSSam Leffler int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
18939beb93cSSam Leffler {
19039beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
19139beb93cSSam Leffler if (conn->client)
19239beb93cSSam Leffler return tlsv1_client_shutdown(conn->client);
19339beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
19439beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
19539beb93cSSam Leffler if (conn->server)
19639beb93cSSam Leffler return tlsv1_server_shutdown(conn->server);
19739beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
19839beb93cSSam Leffler return -1;
19939beb93cSSam Leffler }
20039beb93cSSam Leffler
20139beb93cSSam Leffler
tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)20239beb93cSSam Leffler int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
20339beb93cSSam Leffler const struct tls_connection_params *params)
20439beb93cSSam Leffler {
20539beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
20639beb93cSSam Leffler struct tlsv1_credentials *cred;
20739beb93cSSam Leffler
20839beb93cSSam Leffler if (conn->client == NULL)
20939beb93cSSam Leffler return -1;
21039beb93cSSam Leffler
211780fb4a2SCy Schubert if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
212780fb4a2SCy Schubert wpa_printf(MSG_INFO,
213780fb4a2SCy Schubert "TLS: tls_ext_cert_check=1 not supported");
214780fb4a2SCy Schubert return -1;
215780fb4a2SCy Schubert }
216780fb4a2SCy Schubert
21739beb93cSSam Leffler cred = tlsv1_cred_alloc();
21839beb93cSSam Leffler if (cred == NULL)
21939beb93cSSam Leffler return -1;
22039beb93cSSam Leffler
2215b9c547cSRui Paulo if (params->subject_match) {
2225b9c547cSRui Paulo wpa_printf(MSG_INFO, "TLS: subject_match not supported");
223325151a3SRui Paulo tlsv1_cred_free(cred);
2245b9c547cSRui Paulo return -1;
2255b9c547cSRui Paulo }
2265b9c547cSRui Paulo
2275b9c547cSRui Paulo if (params->altsubject_match) {
2285b9c547cSRui Paulo wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
229325151a3SRui Paulo tlsv1_cred_free(cred);
2305b9c547cSRui Paulo return -1;
2315b9c547cSRui Paulo }
2325b9c547cSRui Paulo
2335b9c547cSRui Paulo if (params->suffix_match) {
2345b9c547cSRui Paulo wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
235325151a3SRui Paulo tlsv1_cred_free(cred);
2365b9c547cSRui Paulo return -1;
2375b9c547cSRui Paulo }
2385b9c547cSRui Paulo
2395b9c547cSRui Paulo if (params->domain_match) {
2405b9c547cSRui Paulo wpa_printf(MSG_INFO, "TLS: domain_match not supported");
241325151a3SRui Paulo tlsv1_cred_free(cred);
2425b9c547cSRui Paulo return -1;
2435b9c547cSRui Paulo }
2445b9c547cSRui Paulo
2455b9c547cSRui Paulo if (params->openssl_ciphers) {
246325151a3SRui Paulo wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
247325151a3SRui Paulo tlsv1_cred_free(cred);
2485b9c547cSRui Paulo return -1;
2495b9c547cSRui Paulo }
2505b9c547cSRui Paulo
2514bc52338SCy Schubert if (params->openssl_ecdh_curves) {
2524bc52338SCy Schubert wpa_printf(MSG_INFO, "TLS: openssl_ecdh_curves not supported");
2534bc52338SCy Schubert tlsv1_cred_free(cred);
2544bc52338SCy Schubert return -1;
2554bc52338SCy Schubert }
2564bc52338SCy Schubert
25739beb93cSSam Leffler if (tlsv1_set_ca_cert(cred, params->ca_cert,
25839beb93cSSam Leffler params->ca_cert_blob, params->ca_cert_blob_len,
25939beb93cSSam Leffler params->ca_path)) {
26039beb93cSSam Leffler wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
26139beb93cSSam Leffler "certificates");
26239beb93cSSam Leffler tlsv1_cred_free(cred);
26339beb93cSSam Leffler return -1;
26439beb93cSSam Leffler }
26539beb93cSSam Leffler
26639beb93cSSam Leffler if (tlsv1_set_cert(cred, params->client_cert,
26739beb93cSSam Leffler params->client_cert_blob,
26839beb93cSSam Leffler params->client_cert_blob_len)) {
26939beb93cSSam Leffler wpa_printf(MSG_INFO, "TLS: Failed to configure client "
27039beb93cSSam Leffler "certificate");
27139beb93cSSam Leffler tlsv1_cred_free(cred);
27239beb93cSSam Leffler return -1;
27339beb93cSSam Leffler }
27439beb93cSSam Leffler
27539beb93cSSam Leffler if (tlsv1_set_private_key(cred, params->private_key,
27639beb93cSSam Leffler params->private_key_passwd,
27739beb93cSSam Leffler params->private_key_blob,
27839beb93cSSam Leffler params->private_key_blob_len)) {
27939beb93cSSam Leffler wpa_printf(MSG_INFO, "TLS: Failed to load private key");
28039beb93cSSam Leffler tlsv1_cred_free(cred);
28139beb93cSSam Leffler return -1;
28239beb93cSSam Leffler }
28339beb93cSSam Leffler
28439beb93cSSam Leffler if (tlsv1_client_set_cred(conn->client, cred) < 0) {
28539beb93cSSam Leffler tlsv1_cred_free(cred);
28639beb93cSSam Leffler return -1;
28739beb93cSSam Leffler }
28839beb93cSSam Leffler
289780fb4a2SCy Schubert tlsv1_client_set_flags(conn->client, params->flags);
290f05cddf9SRui Paulo
29139beb93cSSam Leffler return 0;
29239beb93cSSam Leffler #else /* CONFIG_TLS_INTERNAL_CLIENT */
29339beb93cSSam Leffler return -1;
29439beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
29539beb93cSSam Leffler }
29639beb93cSSam Leffler
29739beb93cSSam Leffler
tls_global_set_params(void * tls_ctx,const struct tls_connection_params * params)29839beb93cSSam Leffler int tls_global_set_params(void *tls_ctx,
29939beb93cSSam Leffler const struct tls_connection_params *params)
30039beb93cSSam Leffler {
30139beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
30239beb93cSSam Leffler struct tls_global *global = tls_ctx;
30339beb93cSSam Leffler struct tlsv1_credentials *cred;
30439beb93cSSam Leffler
3054bc52338SCy Schubert if (params->check_cert_subject)
3064bc52338SCy Schubert return -1; /* not yet supported */
3074bc52338SCy Schubert
30839beb93cSSam Leffler /* Currently, global parameters are only set when running in server
30939beb93cSSam Leffler * mode. */
31039beb93cSSam Leffler global->server = 1;
31139beb93cSSam Leffler tlsv1_cred_free(global->server_cred);
31239beb93cSSam Leffler global->server_cred = cred = tlsv1_cred_alloc();
31339beb93cSSam Leffler if (cred == NULL)
31439beb93cSSam Leffler return -1;
31539beb93cSSam Leffler
31639beb93cSSam Leffler if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
31739beb93cSSam Leffler params->ca_cert_blob_len, params->ca_path)) {
31839beb93cSSam Leffler wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
31939beb93cSSam Leffler "certificates");
32039beb93cSSam Leffler return -1;
32139beb93cSSam Leffler }
32239beb93cSSam Leffler
32339beb93cSSam Leffler if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
32439beb93cSSam Leffler params->client_cert_blob_len)) {
32539beb93cSSam Leffler wpa_printf(MSG_INFO, "TLS: Failed to configure server "
32639beb93cSSam Leffler "certificate");
32739beb93cSSam Leffler return -1;
32839beb93cSSam Leffler }
32939beb93cSSam Leffler
33039beb93cSSam Leffler if (tlsv1_set_private_key(cred, params->private_key,
33139beb93cSSam Leffler params->private_key_passwd,
33239beb93cSSam Leffler params->private_key_blob,
33339beb93cSSam Leffler params->private_key_blob_len)) {
33439beb93cSSam Leffler wpa_printf(MSG_INFO, "TLS: Failed to load private key");
33539beb93cSSam Leffler return -1;
33639beb93cSSam Leffler }
33739beb93cSSam Leffler
338*a90b9d01SCy Schubert if (tlsv1_set_dhparams(cred, params->dh_file, NULL, 0)) {
33939beb93cSSam Leffler wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
34039beb93cSSam Leffler return -1;
34139beb93cSSam Leffler }
34239beb93cSSam Leffler
343780fb4a2SCy Schubert if (params->ocsp_stapling_response)
344780fb4a2SCy Schubert cred->ocsp_stapling_response =
345780fb4a2SCy Schubert os_strdup(params->ocsp_stapling_response);
346780fb4a2SCy Schubert if (params->ocsp_stapling_response_multi)
347780fb4a2SCy Schubert cred->ocsp_stapling_response_multi =
348780fb4a2SCy Schubert os_strdup(params->ocsp_stapling_response_multi);
349780fb4a2SCy Schubert
35039beb93cSSam Leffler return 0;
35139beb93cSSam Leffler #else /* CONFIG_TLS_INTERNAL_SERVER */
35239beb93cSSam Leffler return -1;
35339beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
35439beb93cSSam Leffler }
35539beb93cSSam Leffler
35639beb93cSSam Leffler
tls_global_set_verify(void * tls_ctx,int check_crl,int strict)3574bc52338SCy Schubert int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
35839beb93cSSam Leffler {
35939beb93cSSam Leffler struct tls_global *global = tls_ctx;
36039beb93cSSam Leffler global->check_crl = check_crl;
36139beb93cSSam Leffler return 0;
36239beb93cSSam Leffler }
36339beb93cSSam Leffler
36439beb93cSSam Leffler
tls_connection_set_verify(void * tls_ctx,struct tls_connection * conn,int verify_peer,unsigned int flags,const u8 * session_ctx,size_t session_ctx_len)36539beb93cSSam Leffler int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
366325151a3SRui Paulo int verify_peer, unsigned int flags,
367325151a3SRui Paulo const u8 *session_ctx, size_t session_ctx_len)
36839beb93cSSam Leffler {
36939beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
37039beb93cSSam Leffler if (conn->server)
37139beb93cSSam Leffler return tlsv1_server_set_verify(conn->server, verify_peer);
37239beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
37339beb93cSSam Leffler return -1;
37439beb93cSSam Leffler }
37539beb93cSSam Leffler
37639beb93cSSam Leffler
tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)377325151a3SRui Paulo int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
378325151a3SRui Paulo struct tls_random *data)
37939beb93cSSam Leffler {
38039beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
38139beb93cSSam Leffler if (conn->client)
382325151a3SRui Paulo return tlsv1_client_get_random(conn->client, data);
38339beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
38439beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
38539beb93cSSam Leffler if (conn->server)
386325151a3SRui Paulo return tlsv1_server_get_random(conn->server, data);
387325151a3SRui Paulo #endif /* CONFIG_TLS_INTERNAL_SERVER */
388325151a3SRui Paulo return -1;
389325151a3SRui Paulo }
390325151a3SRui Paulo
391325151a3SRui Paulo
tls_get_keyblock_size(struct tls_connection * conn)392325151a3SRui Paulo static int tls_get_keyblock_size(struct tls_connection *conn)
393325151a3SRui Paulo {
394325151a3SRui Paulo #ifdef CONFIG_TLS_INTERNAL_CLIENT
395325151a3SRui Paulo if (conn->client)
396325151a3SRui Paulo return tlsv1_client_get_keyblock_size(conn->client);
397325151a3SRui Paulo #endif /* CONFIG_TLS_INTERNAL_CLIENT */
398325151a3SRui Paulo #ifdef CONFIG_TLS_INTERNAL_SERVER
399325151a3SRui Paulo if (conn->server)
400325151a3SRui Paulo return tlsv1_server_get_keyblock_size(conn->server);
40139beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
40239beb93cSSam Leffler return -1;
40339beb93cSSam Leffler }
40439beb93cSSam Leffler
40539beb93cSSam Leffler
tls_connection_prf(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,int server_random_first,int skip_keyblock,u8 * out,size_t out_len)406780fb4a2SCy Schubert static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
4074bc52338SCy Schubert const char *label, const u8 *context,
4084bc52338SCy Schubert size_t context_len, int server_random_first,
409325151a3SRui Paulo int skip_keyblock, u8 *out, size_t out_len)
41039beb93cSSam Leffler {
411325151a3SRui Paulo int ret = -1, skip = 0;
412325151a3SRui Paulo u8 *tmp_out = NULL;
413325151a3SRui Paulo u8 *_out = out;
414325151a3SRui Paulo
415325151a3SRui Paulo if (skip_keyblock) {
416325151a3SRui Paulo skip = tls_get_keyblock_size(conn);
417325151a3SRui Paulo if (skip < 0)
418325151a3SRui Paulo return -1;
419325151a3SRui Paulo tmp_out = os_malloc(skip + out_len);
420325151a3SRui Paulo if (!tmp_out)
421325151a3SRui Paulo return -1;
422325151a3SRui Paulo _out = tmp_out;
423325151a3SRui Paulo }
424325151a3SRui Paulo
42539beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
42639beb93cSSam Leffler if (conn->client) {
4274bc52338SCy Schubert ret = tlsv1_client_prf(conn->client, label, context,
4284bc52338SCy Schubert context_len, server_random_first,
429780fb4a2SCy Schubert _out, skip + out_len);
43039beb93cSSam Leffler }
43139beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
43239beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
43339beb93cSSam Leffler if (conn->server) {
4344bc52338SCy Schubert ret = tlsv1_server_prf(conn->server, label, context,
4354bc52338SCy Schubert context_len, server_random_first,
436780fb4a2SCy Schubert _out, skip + out_len);
43739beb93cSSam Leffler }
43839beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
439325151a3SRui Paulo if (ret == 0 && skip_keyblock)
440325151a3SRui Paulo os_memcpy(out, _out + skip, out_len);
441325151a3SRui Paulo bin_clear_free(tmp_out, skip);
442325151a3SRui Paulo
443325151a3SRui Paulo return ret;
44439beb93cSSam Leffler }
44539beb93cSSam Leffler
44639beb93cSSam Leffler
tls_connection_export_key(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,u8 * out,size_t out_len)447780fb4a2SCy Schubert int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
4484bc52338SCy Schubert const char *label, const u8 *context,
4494bc52338SCy Schubert size_t context_len, u8 *out, size_t out_len)
450780fb4a2SCy Schubert {
4514bc52338SCy Schubert return tls_connection_prf(tls_ctx, conn, label, context, context_len,
4524bc52338SCy Schubert 0, 0, out, out_len);
453780fb4a2SCy Schubert }
454780fb4a2SCy Schubert
455780fb4a2SCy Schubert
tls_connection_get_eap_fast_key(void * tls_ctx,struct tls_connection * conn,u8 * out,size_t out_len)456780fb4a2SCy Schubert int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
457780fb4a2SCy Schubert u8 *out, size_t out_len)
458780fb4a2SCy Schubert {
4594bc52338SCy Schubert return tls_connection_prf(tls_ctx, conn, "key expansion", NULL, 0,
4604bc52338SCy Schubert 1, 1, out, out_len);
461780fb4a2SCy Schubert }
462780fb4a2SCy Schubert
463780fb4a2SCy Schubert
tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)464e28a4053SRui Paulo struct wpabuf * tls_connection_handshake(void *tls_ctx,
465e28a4053SRui Paulo struct tls_connection *conn,
466e28a4053SRui Paulo const struct wpabuf *in_data,
467e28a4053SRui Paulo struct wpabuf **appl_data)
46839beb93cSSam Leffler {
469f05cddf9SRui Paulo return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
470f05cddf9SRui Paulo NULL);
471f05cddf9SRui Paulo }
472f05cddf9SRui Paulo
473f05cddf9SRui Paulo
tls_connection_handshake2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data,int * need_more_data)474f05cddf9SRui Paulo struct wpabuf * tls_connection_handshake2(void *tls_ctx,
475f05cddf9SRui Paulo struct tls_connection *conn,
476f05cddf9SRui Paulo const struct wpabuf *in_data,
477f05cddf9SRui Paulo struct wpabuf **appl_data,
478f05cddf9SRui Paulo int *need_more_data)
479f05cddf9SRui Paulo {
48039beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
481e28a4053SRui Paulo u8 *res, *ad;
482e28a4053SRui Paulo size_t res_len, ad_len;
483e28a4053SRui Paulo struct wpabuf *out;
484e28a4053SRui Paulo
48539beb93cSSam Leffler if (conn->client == NULL)
48639beb93cSSam Leffler return NULL;
48739beb93cSSam Leffler
488e28a4053SRui Paulo ad = NULL;
489e28a4053SRui Paulo res = tlsv1_client_handshake(conn->client,
490e28a4053SRui Paulo in_data ? wpabuf_head(in_data) : NULL,
491e28a4053SRui Paulo in_data ? wpabuf_len(in_data) : 0,
492f05cddf9SRui Paulo &res_len, &ad, &ad_len, need_more_data);
493e28a4053SRui Paulo if (res == NULL)
494e28a4053SRui Paulo return NULL;
495e28a4053SRui Paulo out = wpabuf_alloc_ext_data(res, res_len);
496e28a4053SRui Paulo if (out == NULL) {
497e28a4053SRui Paulo os_free(res);
498e28a4053SRui Paulo os_free(ad);
499e28a4053SRui Paulo return NULL;
500e28a4053SRui Paulo }
501e28a4053SRui Paulo if (appl_data) {
502e28a4053SRui Paulo if (ad) {
503e28a4053SRui Paulo *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
504e28a4053SRui Paulo if (*appl_data == NULL)
505e28a4053SRui Paulo os_free(ad);
506e28a4053SRui Paulo } else
50739beb93cSSam Leffler *appl_data = NULL;
508e28a4053SRui Paulo } else
509e28a4053SRui Paulo os_free(ad);
51039beb93cSSam Leffler
511e28a4053SRui Paulo return out;
51239beb93cSSam Leffler #else /* CONFIG_TLS_INTERNAL_CLIENT */
51339beb93cSSam Leffler return NULL;
51439beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
51539beb93cSSam Leffler }
51639beb93cSSam Leffler
51739beb93cSSam Leffler
tls_connection_server_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)518e28a4053SRui Paulo struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
51939beb93cSSam Leffler struct tls_connection *conn,
520e28a4053SRui Paulo const struct wpabuf *in_data,
521e28a4053SRui Paulo struct wpabuf **appl_data)
52239beb93cSSam Leffler {
52339beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
524e28a4053SRui Paulo u8 *res;
525e28a4053SRui Paulo size_t res_len;
526e28a4053SRui Paulo struct wpabuf *out;
527e28a4053SRui Paulo
52839beb93cSSam Leffler if (conn->server == NULL)
52939beb93cSSam Leffler return NULL;
53039beb93cSSam Leffler
531e28a4053SRui Paulo if (appl_data)
532e28a4053SRui Paulo *appl_data = NULL;
533e28a4053SRui Paulo
534e28a4053SRui Paulo res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
535e28a4053SRui Paulo wpabuf_len(in_data), &res_len);
536e28a4053SRui Paulo if (res == NULL && tlsv1_server_established(conn->server))
537e28a4053SRui Paulo return wpabuf_alloc(0);
538e28a4053SRui Paulo if (res == NULL)
539e28a4053SRui Paulo return NULL;
540e28a4053SRui Paulo out = wpabuf_alloc_ext_data(res, res_len);
541e28a4053SRui Paulo if (out == NULL) {
542e28a4053SRui Paulo os_free(res);
543e28a4053SRui Paulo return NULL;
54439beb93cSSam Leffler }
545e28a4053SRui Paulo
54639beb93cSSam Leffler return out;
54739beb93cSSam Leffler #else /* CONFIG_TLS_INTERNAL_SERVER */
54839beb93cSSam Leffler return NULL;
54939beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
55039beb93cSSam Leffler }
55139beb93cSSam Leffler
55239beb93cSSam Leffler
tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)553e28a4053SRui Paulo struct wpabuf * tls_connection_encrypt(void *tls_ctx,
554e28a4053SRui Paulo struct tls_connection *conn,
555e28a4053SRui Paulo const struct wpabuf *in_data)
55639beb93cSSam Leffler {
55739beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
55839beb93cSSam Leffler if (conn->client) {
559e28a4053SRui Paulo struct wpabuf *buf;
560e28a4053SRui Paulo int res;
561e28a4053SRui Paulo buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
562e28a4053SRui Paulo if (buf == NULL)
563e28a4053SRui Paulo return NULL;
564e28a4053SRui Paulo res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
565e28a4053SRui Paulo wpabuf_len(in_data),
566e28a4053SRui Paulo wpabuf_mhead(buf),
567e28a4053SRui Paulo wpabuf_size(buf));
568e28a4053SRui Paulo if (res < 0) {
569e28a4053SRui Paulo wpabuf_free(buf);
570e28a4053SRui Paulo return NULL;
571e28a4053SRui Paulo }
572e28a4053SRui Paulo wpabuf_put(buf, res);
573e28a4053SRui Paulo return buf;
57439beb93cSSam Leffler }
57539beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
57639beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
57739beb93cSSam Leffler if (conn->server) {
578e28a4053SRui Paulo struct wpabuf *buf;
579e28a4053SRui Paulo int res;
580e28a4053SRui Paulo buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
581e28a4053SRui Paulo if (buf == NULL)
582e28a4053SRui Paulo return NULL;
583e28a4053SRui Paulo res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
584e28a4053SRui Paulo wpabuf_len(in_data),
585e28a4053SRui Paulo wpabuf_mhead(buf),
586e28a4053SRui Paulo wpabuf_size(buf));
587e28a4053SRui Paulo if (res < 0) {
588e28a4053SRui Paulo wpabuf_free(buf);
589e28a4053SRui Paulo return NULL;
590e28a4053SRui Paulo }
591e28a4053SRui Paulo wpabuf_put(buf, res);
592e28a4053SRui Paulo return buf;
59339beb93cSSam Leffler }
59439beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
595e28a4053SRui Paulo return NULL;
59639beb93cSSam Leffler }
59739beb93cSSam Leffler
59839beb93cSSam Leffler
tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)599e28a4053SRui Paulo struct wpabuf * tls_connection_decrypt(void *tls_ctx,
600e28a4053SRui Paulo struct tls_connection *conn,
601e28a4053SRui Paulo const struct wpabuf *in_data)
60239beb93cSSam Leffler {
603f05cddf9SRui Paulo return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
604f05cddf9SRui Paulo }
605f05cddf9SRui Paulo
606f05cddf9SRui Paulo
tls_connection_decrypt2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,int * need_more_data)607f05cddf9SRui Paulo struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
608f05cddf9SRui Paulo struct tls_connection *conn,
609f05cddf9SRui Paulo const struct wpabuf *in_data,
610f05cddf9SRui Paulo int *need_more_data)
611f05cddf9SRui Paulo {
612f05cddf9SRui Paulo if (need_more_data)
613f05cddf9SRui Paulo *need_more_data = 0;
614f05cddf9SRui Paulo
61539beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
61639beb93cSSam Leffler if (conn->client) {
617f05cddf9SRui Paulo return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
618e28a4053SRui Paulo wpabuf_len(in_data),
619f05cddf9SRui Paulo need_more_data);
62039beb93cSSam Leffler }
62139beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
62239beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
62339beb93cSSam Leffler if (conn->server) {
624e28a4053SRui Paulo struct wpabuf *buf;
625e28a4053SRui Paulo int res;
626e28a4053SRui Paulo buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
627e28a4053SRui Paulo if (buf == NULL)
628e28a4053SRui Paulo return NULL;
629e28a4053SRui Paulo res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
630e28a4053SRui Paulo wpabuf_len(in_data),
631e28a4053SRui Paulo wpabuf_mhead(buf),
632e28a4053SRui Paulo wpabuf_size(buf));
633e28a4053SRui Paulo if (res < 0) {
634e28a4053SRui Paulo wpabuf_free(buf);
635e28a4053SRui Paulo return NULL;
636e28a4053SRui Paulo }
637e28a4053SRui Paulo wpabuf_put(buf, res);
638e28a4053SRui Paulo return buf;
63939beb93cSSam Leffler }
64039beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
641e28a4053SRui Paulo return NULL;
64239beb93cSSam Leffler }
64339beb93cSSam Leffler
64439beb93cSSam Leffler
tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)64539beb93cSSam Leffler int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
64639beb93cSSam Leffler {
64739beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
64839beb93cSSam Leffler if (conn->client)
64939beb93cSSam Leffler return tlsv1_client_resumed(conn->client);
65039beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
65139beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
65239beb93cSSam Leffler if (conn->server)
65339beb93cSSam Leffler return tlsv1_server_resumed(conn->server);
65439beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
65539beb93cSSam Leffler return -1;
65639beb93cSSam Leffler }
65739beb93cSSam Leffler
65839beb93cSSam Leffler
tls_connection_set_cipher_list(void * tls_ctx,struct tls_connection * conn,u8 * ciphers)65939beb93cSSam Leffler int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
66039beb93cSSam Leffler u8 *ciphers)
66139beb93cSSam Leffler {
66239beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
66339beb93cSSam Leffler if (conn->client)
66439beb93cSSam Leffler return tlsv1_client_set_cipher_list(conn->client, ciphers);
66539beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
66639beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
66739beb93cSSam Leffler if (conn->server)
66839beb93cSSam Leffler return tlsv1_server_set_cipher_list(conn->server, ciphers);
66939beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
67039beb93cSSam Leffler return -1;
67139beb93cSSam Leffler }
67239beb93cSSam Leffler
67339beb93cSSam Leffler
tls_get_version(void * ssl_ctx,struct tls_connection * conn,char * buf,size_t buflen)674325151a3SRui Paulo int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
675325151a3SRui Paulo char *buf, size_t buflen)
676325151a3SRui Paulo {
677780fb4a2SCy Schubert if (conn == NULL)
678780fb4a2SCy Schubert return -1;
679780fb4a2SCy Schubert #ifdef CONFIG_TLS_INTERNAL_CLIENT
680780fb4a2SCy Schubert if (conn->client)
681780fb4a2SCy Schubert return tlsv1_client_get_version(conn->client, buf, buflen);
682780fb4a2SCy Schubert #endif /* CONFIG_TLS_INTERNAL_CLIENT */
683325151a3SRui Paulo return -1;
684325151a3SRui Paulo }
685325151a3SRui Paulo
686325151a3SRui Paulo
tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)68739beb93cSSam Leffler int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
68839beb93cSSam Leffler char *buf, size_t buflen)
68939beb93cSSam Leffler {
69039beb93cSSam Leffler if (conn == NULL)
69139beb93cSSam Leffler return -1;
69239beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
69339beb93cSSam Leffler if (conn->client)
69439beb93cSSam Leffler return tlsv1_client_get_cipher(conn->client, buf, buflen);
69539beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
69639beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
69739beb93cSSam Leffler if (conn->server)
69839beb93cSSam Leffler return tlsv1_server_get_cipher(conn->server, buf, buflen);
69939beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
70039beb93cSSam Leffler return -1;
70139beb93cSSam Leffler }
70239beb93cSSam Leffler
70339beb93cSSam Leffler
tls_connection_enable_workaround(void * tls_ctx,struct tls_connection * conn)70439beb93cSSam Leffler int tls_connection_enable_workaround(void *tls_ctx,
70539beb93cSSam Leffler struct tls_connection *conn)
70639beb93cSSam Leffler {
70739beb93cSSam Leffler return -1;
70839beb93cSSam Leffler }
70939beb93cSSam Leffler
71039beb93cSSam Leffler
tls_connection_client_hello_ext(void * tls_ctx,struct tls_connection * conn,int ext_type,const u8 * data,size_t data_len)71139beb93cSSam Leffler int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
71239beb93cSSam Leffler int ext_type, const u8 *data,
71339beb93cSSam Leffler size_t data_len)
71439beb93cSSam Leffler {
71539beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
71639beb93cSSam Leffler if (conn->client) {
71739beb93cSSam Leffler return tlsv1_client_hello_ext(conn->client, ext_type,
71839beb93cSSam Leffler data, data_len);
71939beb93cSSam Leffler }
72039beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
72139beb93cSSam Leffler return -1;
72239beb93cSSam Leffler }
72339beb93cSSam Leffler
72439beb93cSSam Leffler
tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)72539beb93cSSam Leffler int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
72639beb93cSSam Leffler {
7274bc52338SCy Schubert #ifdef CONFIG_TLS_INTERNAL_SERVER
7284bc52338SCy Schubert if (conn->server)
7294bc52338SCy Schubert return tlsv1_server_get_failed(conn->server);
7304bc52338SCy Schubert #endif /* CONFIG_TLS_INTERNAL_SERVER */
73139beb93cSSam Leffler return 0;
73239beb93cSSam Leffler }
73339beb93cSSam Leffler
73439beb93cSSam Leffler
tls_connection_get_read_alerts(void * tls_ctx,struct tls_connection * conn)73539beb93cSSam Leffler int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
73639beb93cSSam Leffler {
7374bc52338SCy Schubert #ifdef CONFIG_TLS_INTERNAL_SERVER
7384bc52338SCy Schubert if (conn->server)
7394bc52338SCy Schubert return tlsv1_server_get_read_alerts(conn->server);
7404bc52338SCy Schubert #endif /* CONFIG_TLS_INTERNAL_SERVER */
74139beb93cSSam Leffler return 0;
74239beb93cSSam Leffler }
74339beb93cSSam Leffler
74439beb93cSSam Leffler
tls_connection_get_write_alerts(void * tls_ctx,struct tls_connection * conn)74539beb93cSSam Leffler int tls_connection_get_write_alerts(void *tls_ctx,
74639beb93cSSam Leffler struct tls_connection *conn)
74739beb93cSSam Leffler {
7484bc52338SCy Schubert #ifdef CONFIG_TLS_INTERNAL_SERVER
7494bc52338SCy Schubert if (conn->server)
7504bc52338SCy Schubert return tlsv1_server_get_write_alerts(conn->server);
7514bc52338SCy Schubert #endif /* CONFIG_TLS_INTERNAL_SERVER */
75239beb93cSSam Leffler return 0;
75339beb93cSSam Leffler }
75439beb93cSSam Leffler
75539beb93cSSam Leffler
tls_connection_set_session_ticket_cb(void * tls_ctx,struct tls_connection * conn,tls_session_ticket_cb cb,void * ctx)75639beb93cSSam Leffler int tls_connection_set_session_ticket_cb(void *tls_ctx,
75739beb93cSSam Leffler struct tls_connection *conn,
75839beb93cSSam Leffler tls_session_ticket_cb cb,
75939beb93cSSam Leffler void *ctx)
76039beb93cSSam Leffler {
76139beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_CLIENT
76239beb93cSSam Leffler if (conn->client) {
76339beb93cSSam Leffler tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
76439beb93cSSam Leffler return 0;
76539beb93cSSam Leffler }
76639beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_CLIENT */
76739beb93cSSam Leffler #ifdef CONFIG_TLS_INTERNAL_SERVER
76839beb93cSSam Leffler if (conn->server) {
76939beb93cSSam Leffler tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
77039beb93cSSam Leffler return 0;
77139beb93cSSam Leffler }
77239beb93cSSam Leffler #endif /* CONFIG_TLS_INTERNAL_SERVER */
77339beb93cSSam Leffler return -1;
77439beb93cSSam Leffler }
7755b9c547cSRui Paulo
7765b9c547cSRui Paulo
tls_get_library_version(char * buf,size_t buf_len)7775b9c547cSRui Paulo int tls_get_library_version(char *buf, size_t buf_len)
7785b9c547cSRui Paulo {
7795b9c547cSRui Paulo return os_snprintf(buf, buf_len, "internal");
7805b9c547cSRui Paulo }
781325151a3SRui Paulo
782325151a3SRui Paulo
tls_connection_set_success_data(struct tls_connection * conn,struct wpabuf * data)783325151a3SRui Paulo void tls_connection_set_success_data(struct tls_connection *conn,
784325151a3SRui Paulo struct wpabuf *data)
785325151a3SRui Paulo {
786*a90b9d01SCy Schubert wpabuf_free(data);
787325151a3SRui Paulo }
788325151a3SRui Paulo
789325151a3SRui Paulo
tls_connection_set_success_data_resumed(struct tls_connection * conn)790325151a3SRui Paulo void tls_connection_set_success_data_resumed(struct tls_connection *conn)
791325151a3SRui Paulo {
792325151a3SRui Paulo }
793325151a3SRui Paulo
794325151a3SRui Paulo
795325151a3SRui Paulo const struct wpabuf *
tls_connection_get_success_data(struct tls_connection * conn)796325151a3SRui Paulo tls_connection_get_success_data(struct tls_connection *conn)
797325151a3SRui Paulo {
798325151a3SRui Paulo return NULL;
799325151a3SRui Paulo }
800325151a3SRui Paulo
801325151a3SRui Paulo
tls_connection_remove_session(struct tls_connection * conn)802325151a3SRui Paulo void tls_connection_remove_session(struct tls_connection *conn)
803325151a3SRui Paulo {
804325151a3SRui Paulo }
805