xref: /freebsd/contrib/wpa/src/crypto/tls_internal.c (revision 907b59d76938e654f0d040a888e8dfca3de1e222)
1 /*
2  * TLS interface functions and an internal TLS implementation
3  * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file interface functions for hostapd/wpa_supplicant to use the
9  * integrated TLSv1 implementation.
10  */
11 
12 #include "includes.h"
13 
14 #include "common.h"
15 #include "tls.h"
16 #include "tls/tlsv1_client.h"
17 #include "tls/tlsv1_server.h"
18 
19 
20 static int tls_ref_count = 0;
21 
22 struct tls_global {
23 	int server;
24 	struct tlsv1_credentials *server_cred;
25 	int check_crl;
26 };
27 
28 struct tls_connection {
29 	struct tlsv1_client *client;
30 	struct tlsv1_server *server;
31 	struct tls_global *global;
32 };
33 
34 
35 void * tls_init(const struct tls_config *conf)
36 {
37 	struct tls_global *global;
38 
39 	if (tls_ref_count == 0) {
40 #ifdef CONFIG_TLS_INTERNAL_CLIENT
41 		if (tlsv1_client_global_init())
42 			return NULL;
43 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
44 #ifdef CONFIG_TLS_INTERNAL_SERVER
45 		if (tlsv1_server_global_init())
46 			return NULL;
47 #endif /* CONFIG_TLS_INTERNAL_SERVER */
48 	}
49 	tls_ref_count++;
50 
51 	global = os_zalloc(sizeof(*global));
52 	if (global == NULL)
53 		return NULL;
54 
55 	return global;
56 }
57 
58 void tls_deinit(void *ssl_ctx)
59 {
60 	struct tls_global *global = ssl_ctx;
61 	tls_ref_count--;
62 	if (tls_ref_count == 0) {
63 #ifdef CONFIG_TLS_INTERNAL_CLIENT
64 		tlsv1_client_global_deinit();
65 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
66 #ifdef CONFIG_TLS_INTERNAL_SERVER
67 		tlsv1_cred_free(global->server_cred);
68 		tlsv1_server_global_deinit();
69 #endif /* CONFIG_TLS_INTERNAL_SERVER */
70 	}
71 	os_free(global);
72 }
73 
74 
75 int tls_get_errors(void *tls_ctx)
76 {
77 	return 0;
78 }
79 
80 
81 struct tls_connection * tls_connection_init(void *tls_ctx)
82 {
83 	struct tls_connection *conn;
84 	struct tls_global *global = tls_ctx;
85 
86 	conn = os_zalloc(sizeof(*conn));
87 	if (conn == NULL)
88 		return NULL;
89 	conn->global = global;
90 
91 #ifdef CONFIG_TLS_INTERNAL_CLIENT
92 	if (!global->server) {
93 		conn->client = tlsv1_client_init();
94 		if (conn->client == NULL) {
95 			os_free(conn);
96 			return NULL;
97 		}
98 	}
99 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
100 #ifdef CONFIG_TLS_INTERNAL_SERVER
101 	if (global->server) {
102 		conn->server = tlsv1_server_init(global->server_cred);
103 		if (conn->server == NULL) {
104 			os_free(conn);
105 			return NULL;
106 		}
107 	}
108 #endif /* CONFIG_TLS_INTERNAL_SERVER */
109 
110 	return conn;
111 }
112 
113 
114 #ifdef CONFIG_TESTING_OPTIONS
115 #ifdef CONFIG_TLS_INTERNAL_SERVER
116 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
117 {
118 	if (conn->server)
119 		tlsv1_server_set_test_flags(conn->server, flags);
120 }
121 #endif /* CONFIG_TLS_INTERNAL_SERVER */
122 #endif /* CONFIG_TESTING_OPTIONS */
123 
124 
125 void tls_connection_set_log_cb(struct tls_connection *conn,
126 			       void (*log_cb)(void *ctx, const char *msg),
127 			       void *ctx)
128 {
129 #ifdef CONFIG_TLS_INTERNAL_SERVER
130 	if (conn->server)
131 		tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
132 #endif /* CONFIG_TLS_INTERNAL_SERVER */
133 }
134 
135 
136 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
137 {
138 	if (conn == NULL)
139 		return;
140 #ifdef CONFIG_TLS_INTERNAL_CLIENT
141 	if (conn->client)
142 		tlsv1_client_deinit(conn->client);
143 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
144 #ifdef CONFIG_TLS_INTERNAL_SERVER
145 	if (conn->server)
146 		tlsv1_server_deinit(conn->server);
147 #endif /* CONFIG_TLS_INTERNAL_SERVER */
148 	os_free(conn);
149 }
150 
151 
152 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
153 {
154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
155 	if (conn->client)
156 		return tlsv1_client_established(conn->client);
157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
158 #ifdef CONFIG_TLS_INTERNAL_SERVER
159 	if (conn->server)
160 		return tlsv1_server_established(conn->server);
161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
162 	return 0;
163 }
164 
165 
166 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
167 {
168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
169 	if (conn->client)
170 		return tlsv1_client_shutdown(conn->client);
171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
172 #ifdef CONFIG_TLS_INTERNAL_SERVER
173 	if (conn->server)
174 		return tlsv1_server_shutdown(conn->server);
175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
176 	return -1;
177 }
178 
179 
180 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
181 			      const struct tls_connection_params *params)
182 {
183 #ifdef CONFIG_TLS_INTERNAL_CLIENT
184 	struct tlsv1_credentials *cred;
185 
186 	if (conn->client == NULL)
187 		return -1;
188 
189 	cred = tlsv1_cred_alloc();
190 	if (cred == NULL)
191 		return -1;
192 
193 	if (params->subject_match) {
194 		wpa_printf(MSG_INFO, "TLS: subject_match not supported");
195 		tlsv1_cred_free(cred);
196 		return -1;
197 	}
198 
199 	if (params->altsubject_match) {
200 		wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
201 		tlsv1_cred_free(cred);
202 		return -1;
203 	}
204 
205 	if (params->suffix_match) {
206 		wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
207 		tlsv1_cred_free(cred);
208 		return -1;
209 	}
210 
211 	if (params->domain_match) {
212 		wpa_printf(MSG_INFO, "TLS: domain_match not supported");
213 		tlsv1_cred_free(cred);
214 		return -1;
215 	}
216 
217 	if (params->openssl_ciphers) {
218 		wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
219 		tlsv1_cred_free(cred);
220 		return -1;
221 	}
222 
223 	if (tlsv1_set_ca_cert(cred, params->ca_cert,
224 			      params->ca_cert_blob, params->ca_cert_blob_len,
225 			      params->ca_path)) {
226 		wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
227 			   "certificates");
228 		tlsv1_cred_free(cred);
229 		return -1;
230 	}
231 
232 	if (tlsv1_set_cert(cred, params->client_cert,
233 			   params->client_cert_blob,
234 			   params->client_cert_blob_len)) {
235 		wpa_printf(MSG_INFO, "TLS: Failed to configure client "
236 			   "certificate");
237 		tlsv1_cred_free(cred);
238 		return -1;
239 	}
240 
241 	if (tlsv1_set_private_key(cred, params->private_key,
242 				  params->private_key_passwd,
243 				  params->private_key_blob,
244 				  params->private_key_blob_len)) {
245 		wpa_printf(MSG_INFO, "TLS: Failed to load private key");
246 		tlsv1_cred_free(cred);
247 		return -1;
248 	}
249 
250 	if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
251 			       params->dh_blob_len)) {
252 		wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
253 		tlsv1_cred_free(cred);
254 		return -1;
255 	}
256 
257 	if (tlsv1_client_set_cred(conn->client, cred) < 0) {
258 		tlsv1_cred_free(cred);
259 		return -1;
260 	}
261 
262 	tlsv1_client_set_time_checks(
263 		conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));
264 
265 	return 0;
266 #else /* CONFIG_TLS_INTERNAL_CLIENT */
267 	return -1;
268 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
269 }
270 
271 
272 int tls_global_set_params(void *tls_ctx,
273 			  const struct tls_connection_params *params)
274 {
275 #ifdef CONFIG_TLS_INTERNAL_SERVER
276 	struct tls_global *global = tls_ctx;
277 	struct tlsv1_credentials *cred;
278 
279 	/* Currently, global parameters are only set when running in server
280 	 * mode. */
281 	global->server = 1;
282 	tlsv1_cred_free(global->server_cred);
283 	global->server_cred = cred = tlsv1_cred_alloc();
284 	if (cred == NULL)
285 		return -1;
286 
287 	if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
288 			      params->ca_cert_blob_len, params->ca_path)) {
289 		wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
290 			   "certificates");
291 		return -1;
292 	}
293 
294 	if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
295 			   params->client_cert_blob_len)) {
296 		wpa_printf(MSG_INFO, "TLS: Failed to configure server "
297 			   "certificate");
298 		return -1;
299 	}
300 
301 	if (tlsv1_set_private_key(cred, params->private_key,
302 				  params->private_key_passwd,
303 				  params->private_key_blob,
304 				  params->private_key_blob_len)) {
305 		wpa_printf(MSG_INFO, "TLS: Failed to load private key");
306 		return -1;
307 	}
308 
309 	if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
310 			       params->dh_blob_len)) {
311 		wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
312 		return -1;
313 	}
314 
315 	return 0;
316 #else /* CONFIG_TLS_INTERNAL_SERVER */
317 	return -1;
318 #endif /* CONFIG_TLS_INTERNAL_SERVER */
319 }
320 
321 
322 int tls_global_set_verify(void *tls_ctx, int check_crl)
323 {
324 	struct tls_global *global = tls_ctx;
325 	global->check_crl = check_crl;
326 	return 0;
327 }
328 
329 
330 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
331 			      int verify_peer, unsigned int flags,
332 			      const u8 *session_ctx, size_t session_ctx_len)
333 {
334 #ifdef CONFIG_TLS_INTERNAL_SERVER
335 	if (conn->server)
336 		return tlsv1_server_set_verify(conn->server, verify_peer);
337 #endif /* CONFIG_TLS_INTERNAL_SERVER */
338 	return -1;
339 }
340 
341 
342 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
343 			      struct tls_random *data)
344 {
345 #ifdef CONFIG_TLS_INTERNAL_CLIENT
346 	if (conn->client)
347 		return tlsv1_client_get_random(conn->client, data);
348 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
349 #ifdef CONFIG_TLS_INTERNAL_SERVER
350 	if (conn->server)
351 		return tlsv1_server_get_random(conn->server, data);
352 #endif /* CONFIG_TLS_INTERNAL_SERVER */
353 	return -1;
354 }
355 
356 
357 static int tls_get_keyblock_size(struct tls_connection *conn)
358 {
359 #ifdef CONFIG_TLS_INTERNAL_CLIENT
360 	if (conn->client)
361 		return tlsv1_client_get_keyblock_size(conn->client);
362 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
363 #ifdef CONFIG_TLS_INTERNAL_SERVER
364 	if (conn->server)
365 		return tlsv1_server_get_keyblock_size(conn->server);
366 #endif /* CONFIG_TLS_INTERNAL_SERVER */
367 	return -1;
368 }
369 
370 
371 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
372 		       const char *label, int server_random_first,
373 		       int skip_keyblock, u8 *out, size_t out_len)
374 {
375 	int ret = -1, skip = 0;
376 	u8 *tmp_out = NULL;
377 	u8 *_out = out;
378 
379 	if (skip_keyblock) {
380 		skip = tls_get_keyblock_size(conn);
381 		if (skip < 0)
382 			return -1;
383 		tmp_out = os_malloc(skip + out_len);
384 		if (!tmp_out)
385 			return -1;
386 		_out = tmp_out;
387 	}
388 
389 #ifdef CONFIG_TLS_INTERNAL_CLIENT
390 	if (conn->client) {
391 		ret = tlsv1_client_prf(conn->client, label,
392 				       server_random_first,
393 				       _out, out_len);
394 	}
395 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
396 #ifdef CONFIG_TLS_INTERNAL_SERVER
397 	if (conn->server) {
398 		ret = tlsv1_server_prf(conn->server, label,
399 				       server_random_first,
400 				       _out, out_len);
401 	}
402 #endif /* CONFIG_TLS_INTERNAL_SERVER */
403 	if (ret == 0 && skip_keyblock)
404 		os_memcpy(out, _out + skip, out_len);
405 	bin_clear_free(tmp_out, skip);
406 
407 	return ret;
408 }
409 
410 
411 struct wpabuf * tls_connection_handshake(void *tls_ctx,
412 					 struct tls_connection *conn,
413 					 const struct wpabuf *in_data,
414 					 struct wpabuf **appl_data)
415 {
416 	return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
417 					 NULL);
418 }
419 
420 
421 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
422 					  struct tls_connection *conn,
423 					  const struct wpabuf *in_data,
424 					  struct wpabuf **appl_data,
425 					  int *need_more_data)
426 {
427 #ifdef CONFIG_TLS_INTERNAL_CLIENT
428 	u8 *res, *ad;
429 	size_t res_len, ad_len;
430 	struct wpabuf *out;
431 
432 	if (conn->client == NULL)
433 		return NULL;
434 
435 	ad = NULL;
436 	res = tlsv1_client_handshake(conn->client,
437 				     in_data ? wpabuf_head(in_data) : NULL,
438 				     in_data ? wpabuf_len(in_data) : 0,
439 				     &res_len, &ad, &ad_len, need_more_data);
440 	if (res == NULL)
441 		return NULL;
442 	out = wpabuf_alloc_ext_data(res, res_len);
443 	if (out == NULL) {
444 		os_free(res);
445 		os_free(ad);
446 		return NULL;
447 	}
448 	if (appl_data) {
449 		if (ad) {
450 			*appl_data = wpabuf_alloc_ext_data(ad, ad_len);
451 			if (*appl_data == NULL)
452 				os_free(ad);
453 		} else
454 			*appl_data = NULL;
455 	} else
456 		os_free(ad);
457 
458 	return out;
459 #else /* CONFIG_TLS_INTERNAL_CLIENT */
460 	return NULL;
461 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
462 }
463 
464 
465 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
466 						struct tls_connection *conn,
467 						const struct wpabuf *in_data,
468 						struct wpabuf **appl_data)
469 {
470 #ifdef CONFIG_TLS_INTERNAL_SERVER
471 	u8 *res;
472 	size_t res_len;
473 	struct wpabuf *out;
474 
475 	if (conn->server == NULL)
476 		return NULL;
477 
478 	if (appl_data)
479 		*appl_data = NULL;
480 
481 	res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
482 				     wpabuf_len(in_data), &res_len);
483 	if (res == NULL && tlsv1_server_established(conn->server))
484 		return wpabuf_alloc(0);
485 	if (res == NULL)
486 		return NULL;
487 	out = wpabuf_alloc_ext_data(res, res_len);
488 	if (out == NULL) {
489 		os_free(res);
490 		return NULL;
491 	}
492 
493 	return out;
494 #else /* CONFIG_TLS_INTERNAL_SERVER */
495 	return NULL;
496 #endif /* CONFIG_TLS_INTERNAL_SERVER */
497 }
498 
499 
500 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
501 				       struct tls_connection *conn,
502 				       const struct wpabuf *in_data)
503 {
504 #ifdef CONFIG_TLS_INTERNAL_CLIENT
505 	if (conn->client) {
506 		struct wpabuf *buf;
507 		int res;
508 		buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
509 		if (buf == NULL)
510 			return NULL;
511 		res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
512 					   wpabuf_len(in_data),
513 					   wpabuf_mhead(buf),
514 					   wpabuf_size(buf));
515 		if (res < 0) {
516 			wpabuf_free(buf);
517 			return NULL;
518 		}
519 		wpabuf_put(buf, res);
520 		return buf;
521 	}
522 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
523 #ifdef CONFIG_TLS_INTERNAL_SERVER
524 	if (conn->server) {
525 		struct wpabuf *buf;
526 		int res;
527 		buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
528 		if (buf == NULL)
529 			return NULL;
530 		res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
531 					   wpabuf_len(in_data),
532 					   wpabuf_mhead(buf),
533 					   wpabuf_size(buf));
534 		if (res < 0) {
535 			wpabuf_free(buf);
536 			return NULL;
537 		}
538 		wpabuf_put(buf, res);
539 		return buf;
540 	}
541 #endif /* CONFIG_TLS_INTERNAL_SERVER */
542 	return NULL;
543 }
544 
545 
546 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
547 				       struct tls_connection *conn,
548 				       const struct wpabuf *in_data)
549 {
550 	return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
551 }
552 
553 
554 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
555 					struct tls_connection *conn,
556 					const struct wpabuf *in_data,
557 					int *need_more_data)
558 {
559 	if (need_more_data)
560 		*need_more_data = 0;
561 
562 #ifdef CONFIG_TLS_INTERNAL_CLIENT
563 	if (conn->client) {
564 		return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
565 					    wpabuf_len(in_data),
566 					    need_more_data);
567 	}
568 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
569 #ifdef CONFIG_TLS_INTERNAL_SERVER
570 	if (conn->server) {
571 		struct wpabuf *buf;
572 		int res;
573 		buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
574 		if (buf == NULL)
575 			return NULL;
576 		res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
577 					   wpabuf_len(in_data),
578 					   wpabuf_mhead(buf),
579 					   wpabuf_size(buf));
580 		if (res < 0) {
581 			wpabuf_free(buf);
582 			return NULL;
583 		}
584 		wpabuf_put(buf, res);
585 		return buf;
586 	}
587 #endif /* CONFIG_TLS_INTERNAL_SERVER */
588 	return NULL;
589 }
590 
591 
592 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
593 {
594 #ifdef CONFIG_TLS_INTERNAL_CLIENT
595 	if (conn->client)
596 		return tlsv1_client_resumed(conn->client);
597 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
598 #ifdef CONFIG_TLS_INTERNAL_SERVER
599 	if (conn->server)
600 		return tlsv1_server_resumed(conn->server);
601 #endif /* CONFIG_TLS_INTERNAL_SERVER */
602 	return -1;
603 }
604 
605 
606 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
607 				   u8 *ciphers)
608 {
609 #ifdef CONFIG_TLS_INTERNAL_CLIENT
610 	if (conn->client)
611 		return tlsv1_client_set_cipher_list(conn->client, ciphers);
612 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
613 #ifdef CONFIG_TLS_INTERNAL_SERVER
614 	if (conn->server)
615 		return tlsv1_server_set_cipher_list(conn->server, ciphers);
616 #endif /* CONFIG_TLS_INTERNAL_SERVER */
617 	return -1;
618 }
619 
620 
621 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
622 		    char *buf, size_t buflen)
623 {
624 	/* TODO */
625 	return -1;
626 }
627 
628 
629 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
630 		   char *buf, size_t buflen)
631 {
632 	if (conn == NULL)
633 		return -1;
634 #ifdef CONFIG_TLS_INTERNAL_CLIENT
635 	if (conn->client)
636 		return tlsv1_client_get_cipher(conn->client, buf, buflen);
637 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
638 #ifdef CONFIG_TLS_INTERNAL_SERVER
639 	if (conn->server)
640 		return tlsv1_server_get_cipher(conn->server, buf, buflen);
641 #endif /* CONFIG_TLS_INTERNAL_SERVER */
642 	return -1;
643 }
644 
645 
646 int tls_connection_enable_workaround(void *tls_ctx,
647 				     struct tls_connection *conn)
648 {
649 	return -1;
650 }
651 
652 
653 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
654 				    int ext_type, const u8 *data,
655 				    size_t data_len)
656 {
657 #ifdef CONFIG_TLS_INTERNAL_CLIENT
658 	if (conn->client) {
659 		return tlsv1_client_hello_ext(conn->client, ext_type,
660 					      data, data_len);
661 	}
662 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
663 	return -1;
664 }
665 
666 
667 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
668 {
669 	return 0;
670 }
671 
672 
673 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
674 {
675 	return 0;
676 }
677 
678 
679 int tls_connection_get_write_alerts(void *tls_ctx,
680 				    struct tls_connection *conn)
681 {
682 	return 0;
683 }
684 
685 
686 int tls_connection_set_session_ticket_cb(void *tls_ctx,
687 					 struct tls_connection *conn,
688 					 tls_session_ticket_cb cb,
689 					 void *ctx)
690 {
691 #ifdef CONFIG_TLS_INTERNAL_CLIENT
692 	if (conn->client) {
693 		tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
694 		return 0;
695 	}
696 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
697 #ifdef CONFIG_TLS_INTERNAL_SERVER
698 	if (conn->server) {
699 		tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
700 		return 0;
701 	}
702 #endif /* CONFIG_TLS_INTERNAL_SERVER */
703 	return -1;
704 }
705 
706 
707 int tls_get_library_version(char *buf, size_t buf_len)
708 {
709 	return os_snprintf(buf, buf_len, "internal");
710 }
711 
712 
713 void tls_connection_set_success_data(struct tls_connection *conn,
714 				     struct wpabuf *data)
715 {
716 }
717 
718 
719 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
720 {
721 }
722 
723 
724 const struct wpabuf *
725 tls_connection_get_success_data(struct tls_connection *conn)
726 {
727 	return NULL;
728 }
729 
730 
731 void tls_connection_remove_session(struct tls_connection *conn)
732 {
733 }
734