1 /* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the 9 * integrated TLSv1 implementation. 10 */ 11 12 #include "includes.h" 13 14 #include "common.h" 15 #include "tls.h" 16 #include "tls/tlsv1_client.h" 17 #include "tls/tlsv1_server.h" 18 19 20 static int tls_ref_count = 0; 21 22 struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl; 26 27 void (*event_cb)(void *ctx, enum tls_event ev, 28 union tls_event_data *data); 29 void *cb_ctx; 30 int cert_in_cb; 31 }; 32 33 struct tls_connection { 34 struct tlsv1_client *client; 35 struct tlsv1_server *server; 36 struct tls_global *global; 37 }; 38 39 40 void * tls_init(const struct tls_config *conf) 41 { 42 struct tls_global *global; 43 44 if (tls_ref_count == 0) { 45 #ifdef CONFIG_TLS_INTERNAL_CLIENT 46 if (tlsv1_client_global_init()) 47 return NULL; 48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 49 #ifdef CONFIG_TLS_INTERNAL_SERVER 50 if (tlsv1_server_global_init()) 51 return NULL; 52 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 53 } 54 tls_ref_count++; 55 56 global = os_zalloc(sizeof(*global)); 57 if (global == NULL) 58 return NULL; 59 if (conf) { 60 global->event_cb = conf->event_cb; 61 global->cb_ctx = conf->cb_ctx; 62 global->cert_in_cb = conf->cert_in_cb; 63 } 64 65 return global; 66 } 67 68 void tls_deinit(void *ssl_ctx) 69 { 70 struct tls_global *global = ssl_ctx; 71 tls_ref_count--; 72 if (tls_ref_count == 0) { 73 #ifdef CONFIG_TLS_INTERNAL_CLIENT 74 tlsv1_client_global_deinit(); 75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76 #ifdef CONFIG_TLS_INTERNAL_SERVER 77 tlsv1_server_global_deinit(); 78 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 79 } 80 #ifdef CONFIG_TLS_INTERNAL_SERVER 81 tlsv1_cred_free(global->server_cred); 82 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 83 os_free(global); 84 } 85 86 87 int tls_get_errors(void *tls_ctx) 88 { 89 return 0; 90 } 91 92 93 struct tls_connection * tls_connection_init(void *tls_ctx) 94 { 95 struct tls_connection *conn; 96 struct tls_global *global = tls_ctx; 97 98 conn = os_zalloc(sizeof(*conn)); 99 if (conn == NULL) 100 return NULL; 101 conn->global = global; 102 103 #ifdef CONFIG_TLS_INTERNAL_CLIENT 104 if (!global->server) { 105 conn->client = tlsv1_client_init(); 106 if (conn->client == NULL) { 107 os_free(conn); 108 return NULL; 109 } 110 tlsv1_client_set_cb(conn->client, global->event_cb, 111 global->cb_ctx, global->cert_in_cb); 112 } 113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 114 #ifdef CONFIG_TLS_INTERNAL_SERVER 115 if (global->server) { 116 conn->server = tlsv1_server_init(global->server_cred); 117 if (conn->server == NULL) { 118 os_free(conn); 119 return NULL; 120 } 121 } 122 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 123 124 return conn; 125 } 126 127 128 #ifdef CONFIG_TESTING_OPTIONS 129 #ifdef CONFIG_TLS_INTERNAL_SERVER 130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags) 131 { 132 if (conn->server) 133 tlsv1_server_set_test_flags(conn->server, flags); 134 } 135 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 136 #endif /* CONFIG_TESTING_OPTIONS */ 137 138 139 void tls_connection_set_log_cb(struct tls_connection *conn, 140 void (*log_cb)(void *ctx, const char *msg), 141 void *ctx) 142 { 143 #ifdef CONFIG_TLS_INTERNAL_SERVER 144 if (conn->server) 145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx); 146 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 147 } 148 149 150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 151 { 152 if (conn == NULL) 153 return; 154 #ifdef CONFIG_TLS_INTERNAL_CLIENT 155 if (conn->client) 156 tlsv1_client_deinit(conn->client); 157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 158 #ifdef CONFIG_TLS_INTERNAL_SERVER 159 if (conn->server) 160 tlsv1_server_deinit(conn->server); 161 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 162 os_free(conn); 163 } 164 165 166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn) 167 { 168 #ifdef CONFIG_TLS_INTERNAL_CLIENT 169 if (conn->client) 170 return tlsv1_client_established(conn->client); 171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 172 #ifdef CONFIG_TLS_INTERNAL_SERVER 173 if (conn->server) 174 return tlsv1_server_established(conn->server); 175 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 176 return 0; 177 } 178 179 180 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 181 { 182 #ifdef CONFIG_TLS_INTERNAL_CLIENT 183 if (conn->client) 184 return tlsv1_client_shutdown(conn->client); 185 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 186 #ifdef CONFIG_TLS_INTERNAL_SERVER 187 if (conn->server) 188 return tlsv1_server_shutdown(conn->server); 189 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 190 return -1; 191 } 192 193 194 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 195 const struct tls_connection_params *params) 196 { 197 #ifdef CONFIG_TLS_INTERNAL_CLIENT 198 struct tlsv1_credentials *cred; 199 200 if (conn->client == NULL) 201 return -1; 202 203 if (params->flags & TLS_CONN_EXT_CERT_CHECK) { 204 wpa_printf(MSG_INFO, 205 "TLS: tls_ext_cert_check=1 not supported"); 206 return -1; 207 } 208 209 cred = tlsv1_cred_alloc(); 210 if (cred == NULL) 211 return -1; 212 213 if (params->subject_match) { 214 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 215 tlsv1_cred_free(cred); 216 return -1; 217 } 218 219 if (params->altsubject_match) { 220 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported"); 221 tlsv1_cred_free(cred); 222 return -1; 223 } 224 225 if (params->suffix_match) { 226 wpa_printf(MSG_INFO, "TLS: suffix_match not supported"); 227 tlsv1_cred_free(cred); 228 return -1; 229 } 230 231 if (params->domain_match) { 232 wpa_printf(MSG_INFO, "TLS: domain_match not supported"); 233 tlsv1_cred_free(cred); 234 return -1; 235 } 236 237 if (params->openssl_ciphers) { 238 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported"); 239 tlsv1_cred_free(cred); 240 return -1; 241 } 242 243 if (tlsv1_set_ca_cert(cred, params->ca_cert, 244 params->ca_cert_blob, params->ca_cert_blob_len, 245 params->ca_path)) { 246 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 247 "certificates"); 248 tlsv1_cred_free(cred); 249 return -1; 250 } 251 252 if (tlsv1_set_cert(cred, params->client_cert, 253 params->client_cert_blob, 254 params->client_cert_blob_len)) { 255 wpa_printf(MSG_INFO, "TLS: Failed to configure client " 256 "certificate"); 257 tlsv1_cred_free(cred); 258 return -1; 259 } 260 261 if (tlsv1_set_private_key(cred, params->private_key, 262 params->private_key_passwd, 263 params->private_key_blob, 264 params->private_key_blob_len)) { 265 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 266 tlsv1_cred_free(cred); 267 return -1; 268 } 269 270 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 271 params->dh_blob_len)) { 272 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 273 tlsv1_cred_free(cred); 274 return -1; 275 } 276 277 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 278 tlsv1_cred_free(cred); 279 return -1; 280 } 281 282 tlsv1_client_set_flags(conn->client, params->flags); 283 284 return 0; 285 #else /* CONFIG_TLS_INTERNAL_CLIENT */ 286 return -1; 287 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 288 } 289 290 291 int tls_global_set_params(void *tls_ctx, 292 const struct tls_connection_params *params) 293 { 294 #ifdef CONFIG_TLS_INTERNAL_SERVER 295 struct tls_global *global = tls_ctx; 296 struct tlsv1_credentials *cred; 297 298 /* Currently, global parameters are only set when running in server 299 * mode. */ 300 global->server = 1; 301 tlsv1_cred_free(global->server_cred); 302 global->server_cred = cred = tlsv1_cred_alloc(); 303 if (cred == NULL) 304 return -1; 305 306 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob, 307 params->ca_cert_blob_len, params->ca_path)) { 308 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 309 "certificates"); 310 return -1; 311 } 312 313 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob, 314 params->client_cert_blob_len)) { 315 wpa_printf(MSG_INFO, "TLS: Failed to configure server " 316 "certificate"); 317 return -1; 318 } 319 320 if (tlsv1_set_private_key(cred, params->private_key, 321 params->private_key_passwd, 322 params->private_key_blob, 323 params->private_key_blob_len)) { 324 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 325 return -1; 326 } 327 328 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 329 params->dh_blob_len)) { 330 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 331 return -1; 332 } 333 334 if (params->ocsp_stapling_response) 335 cred->ocsp_stapling_response = 336 os_strdup(params->ocsp_stapling_response); 337 if (params->ocsp_stapling_response_multi) 338 cred->ocsp_stapling_response_multi = 339 os_strdup(params->ocsp_stapling_response_multi); 340 341 return 0; 342 #else /* CONFIG_TLS_INTERNAL_SERVER */ 343 return -1; 344 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 345 } 346 347 348 int tls_global_set_verify(void *tls_ctx, int check_crl) 349 { 350 struct tls_global *global = tls_ctx; 351 global->check_crl = check_crl; 352 return 0; 353 } 354 355 356 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 357 int verify_peer, unsigned int flags, 358 const u8 *session_ctx, size_t session_ctx_len) 359 { 360 #ifdef CONFIG_TLS_INTERNAL_SERVER 361 if (conn->server) 362 return tlsv1_server_set_verify(conn->server, verify_peer); 363 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 364 return -1; 365 } 366 367 368 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, 369 struct tls_random *data) 370 { 371 #ifdef CONFIG_TLS_INTERNAL_CLIENT 372 if (conn->client) 373 return tlsv1_client_get_random(conn->client, data); 374 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 375 #ifdef CONFIG_TLS_INTERNAL_SERVER 376 if (conn->server) 377 return tlsv1_server_get_random(conn->server, data); 378 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 379 return -1; 380 } 381 382 383 static int tls_get_keyblock_size(struct tls_connection *conn) 384 { 385 #ifdef CONFIG_TLS_INTERNAL_CLIENT 386 if (conn->client) 387 return tlsv1_client_get_keyblock_size(conn->client); 388 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 389 #ifdef CONFIG_TLS_INTERNAL_SERVER 390 if (conn->server) 391 return tlsv1_server_get_keyblock_size(conn->server); 392 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 393 return -1; 394 } 395 396 397 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 398 const char *label, int server_random_first, 399 int skip_keyblock, u8 *out, size_t out_len) 400 { 401 int ret = -1, skip = 0; 402 u8 *tmp_out = NULL; 403 u8 *_out = out; 404 405 if (skip_keyblock) { 406 skip = tls_get_keyblock_size(conn); 407 if (skip < 0) 408 return -1; 409 tmp_out = os_malloc(skip + out_len); 410 if (!tmp_out) 411 return -1; 412 _out = tmp_out; 413 } 414 415 #ifdef CONFIG_TLS_INTERNAL_CLIENT 416 if (conn->client) { 417 ret = tlsv1_client_prf(conn->client, label, 418 server_random_first, 419 _out, skip + out_len); 420 } 421 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 422 #ifdef CONFIG_TLS_INTERNAL_SERVER 423 if (conn->server) { 424 ret = tlsv1_server_prf(conn->server, label, 425 server_random_first, 426 _out, skip + out_len); 427 } 428 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 429 if (ret == 0 && skip_keyblock) 430 os_memcpy(out, _out + skip, out_len); 431 bin_clear_free(tmp_out, skip); 432 433 return ret; 434 } 435 436 437 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, 438 const char *label, u8 *out, size_t out_len) 439 { 440 return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len); 441 } 442 443 444 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, 445 u8 *out, size_t out_len) 446 { 447 return tls_connection_prf(tls_ctx, conn, "key expansion", 1, 1, out, 448 out_len); 449 } 450 451 452 struct wpabuf * tls_connection_handshake(void *tls_ctx, 453 struct tls_connection *conn, 454 const struct wpabuf *in_data, 455 struct wpabuf **appl_data) 456 { 457 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 458 NULL); 459 } 460 461 462 struct wpabuf * tls_connection_handshake2(void *tls_ctx, 463 struct tls_connection *conn, 464 const struct wpabuf *in_data, 465 struct wpabuf **appl_data, 466 int *need_more_data) 467 { 468 #ifdef CONFIG_TLS_INTERNAL_CLIENT 469 u8 *res, *ad; 470 size_t res_len, ad_len; 471 struct wpabuf *out; 472 473 if (conn->client == NULL) 474 return NULL; 475 476 ad = NULL; 477 res = tlsv1_client_handshake(conn->client, 478 in_data ? wpabuf_head(in_data) : NULL, 479 in_data ? wpabuf_len(in_data) : 0, 480 &res_len, &ad, &ad_len, need_more_data); 481 if (res == NULL) 482 return NULL; 483 out = wpabuf_alloc_ext_data(res, res_len); 484 if (out == NULL) { 485 os_free(res); 486 os_free(ad); 487 return NULL; 488 } 489 if (appl_data) { 490 if (ad) { 491 *appl_data = wpabuf_alloc_ext_data(ad, ad_len); 492 if (*appl_data == NULL) 493 os_free(ad); 494 } else 495 *appl_data = NULL; 496 } else 497 os_free(ad); 498 499 return out; 500 #else /* CONFIG_TLS_INTERNAL_CLIENT */ 501 return NULL; 502 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 503 } 504 505 506 struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 507 struct tls_connection *conn, 508 const struct wpabuf *in_data, 509 struct wpabuf **appl_data) 510 { 511 #ifdef CONFIG_TLS_INTERNAL_SERVER 512 u8 *res; 513 size_t res_len; 514 struct wpabuf *out; 515 516 if (conn->server == NULL) 517 return NULL; 518 519 if (appl_data) 520 *appl_data = NULL; 521 522 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data), 523 wpabuf_len(in_data), &res_len); 524 if (res == NULL && tlsv1_server_established(conn->server)) 525 return wpabuf_alloc(0); 526 if (res == NULL) 527 return NULL; 528 out = wpabuf_alloc_ext_data(res, res_len); 529 if (out == NULL) { 530 os_free(res); 531 return NULL; 532 } 533 534 return out; 535 #else /* CONFIG_TLS_INTERNAL_SERVER */ 536 return NULL; 537 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 538 } 539 540 541 struct wpabuf * tls_connection_encrypt(void *tls_ctx, 542 struct tls_connection *conn, 543 const struct wpabuf *in_data) 544 { 545 #ifdef CONFIG_TLS_INTERNAL_CLIENT 546 if (conn->client) { 547 struct wpabuf *buf; 548 int res; 549 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 550 if (buf == NULL) 551 return NULL; 552 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data), 553 wpabuf_len(in_data), 554 wpabuf_mhead(buf), 555 wpabuf_size(buf)); 556 if (res < 0) { 557 wpabuf_free(buf); 558 return NULL; 559 } 560 wpabuf_put(buf, res); 561 return buf; 562 } 563 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 564 #ifdef CONFIG_TLS_INTERNAL_SERVER 565 if (conn->server) { 566 struct wpabuf *buf; 567 int res; 568 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 569 if (buf == NULL) 570 return NULL; 571 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data), 572 wpabuf_len(in_data), 573 wpabuf_mhead(buf), 574 wpabuf_size(buf)); 575 if (res < 0) { 576 wpabuf_free(buf); 577 return NULL; 578 } 579 wpabuf_put(buf, res); 580 return buf; 581 } 582 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 583 return NULL; 584 } 585 586 587 struct wpabuf * tls_connection_decrypt(void *tls_ctx, 588 struct tls_connection *conn, 589 const struct wpabuf *in_data) 590 { 591 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL); 592 } 593 594 595 struct wpabuf * tls_connection_decrypt2(void *tls_ctx, 596 struct tls_connection *conn, 597 const struct wpabuf *in_data, 598 int *need_more_data) 599 { 600 if (need_more_data) 601 *need_more_data = 0; 602 603 #ifdef CONFIG_TLS_INTERNAL_CLIENT 604 if (conn->client) { 605 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data), 606 wpabuf_len(in_data), 607 need_more_data); 608 } 609 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 610 #ifdef CONFIG_TLS_INTERNAL_SERVER 611 if (conn->server) { 612 struct wpabuf *buf; 613 int res; 614 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 615 if (buf == NULL) 616 return NULL; 617 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data), 618 wpabuf_len(in_data), 619 wpabuf_mhead(buf), 620 wpabuf_size(buf)); 621 if (res < 0) { 622 wpabuf_free(buf); 623 return NULL; 624 } 625 wpabuf_put(buf, res); 626 return buf; 627 } 628 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 629 return NULL; 630 } 631 632 633 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 634 { 635 #ifdef CONFIG_TLS_INTERNAL_CLIENT 636 if (conn->client) 637 return tlsv1_client_resumed(conn->client); 638 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 639 #ifdef CONFIG_TLS_INTERNAL_SERVER 640 if (conn->server) 641 return tlsv1_server_resumed(conn->server); 642 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 643 return -1; 644 } 645 646 647 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 648 u8 *ciphers) 649 { 650 #ifdef CONFIG_TLS_INTERNAL_CLIENT 651 if (conn->client) 652 return tlsv1_client_set_cipher_list(conn->client, ciphers); 653 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 654 #ifdef CONFIG_TLS_INTERNAL_SERVER 655 if (conn->server) 656 return tlsv1_server_set_cipher_list(conn->server, ciphers); 657 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 658 return -1; 659 } 660 661 662 int tls_get_version(void *ssl_ctx, struct tls_connection *conn, 663 char *buf, size_t buflen) 664 { 665 if (conn == NULL) 666 return -1; 667 #ifdef CONFIG_TLS_INTERNAL_CLIENT 668 if (conn->client) 669 return tlsv1_client_get_version(conn->client, buf, buflen); 670 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 671 return -1; 672 } 673 674 675 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 676 char *buf, size_t buflen) 677 { 678 if (conn == NULL) 679 return -1; 680 #ifdef CONFIG_TLS_INTERNAL_CLIENT 681 if (conn->client) 682 return tlsv1_client_get_cipher(conn->client, buf, buflen); 683 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 684 #ifdef CONFIG_TLS_INTERNAL_SERVER 685 if (conn->server) 686 return tlsv1_server_get_cipher(conn->server, buf, buflen); 687 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 688 return -1; 689 } 690 691 692 int tls_connection_enable_workaround(void *tls_ctx, 693 struct tls_connection *conn) 694 { 695 return -1; 696 } 697 698 699 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 700 int ext_type, const u8 *data, 701 size_t data_len) 702 { 703 #ifdef CONFIG_TLS_INTERNAL_CLIENT 704 if (conn->client) { 705 return tlsv1_client_hello_ext(conn->client, ext_type, 706 data, data_len); 707 } 708 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 709 return -1; 710 } 711 712 713 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 714 { 715 return 0; 716 } 717 718 719 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 720 { 721 return 0; 722 } 723 724 725 int tls_connection_get_write_alerts(void *tls_ctx, 726 struct tls_connection *conn) 727 { 728 return 0; 729 } 730 731 732 int tls_connection_set_session_ticket_cb(void *tls_ctx, 733 struct tls_connection *conn, 734 tls_session_ticket_cb cb, 735 void *ctx) 736 { 737 #ifdef CONFIG_TLS_INTERNAL_CLIENT 738 if (conn->client) { 739 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx); 740 return 0; 741 } 742 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 743 #ifdef CONFIG_TLS_INTERNAL_SERVER 744 if (conn->server) { 745 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx); 746 return 0; 747 } 748 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 749 return -1; 750 } 751 752 753 int tls_get_library_version(char *buf, size_t buf_len) 754 { 755 return os_snprintf(buf, buf_len, "internal"); 756 } 757 758 759 void tls_connection_set_success_data(struct tls_connection *conn, 760 struct wpabuf *data) 761 { 762 } 763 764 765 void tls_connection_set_success_data_resumed(struct tls_connection *conn) 766 { 767 } 768 769 770 const struct wpabuf * 771 tls_connection_get_success_data(struct tls_connection *conn) 772 { 773 return NULL; 774 } 775 776 777 void tls_connection_remove_session(struct tls_connection *conn) 778 { 779 } 780