1 /* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the 9 * integrated TLSv1 implementation. 10 */ 11 12 #include "includes.h" 13 14 #include "common.h" 15 #include "tls.h" 16 #include "tls/tlsv1_client.h" 17 #include "tls/tlsv1_server.h" 18 19 20 static int tls_ref_count = 0; 21 22 struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl; 26 27 void (*event_cb)(void *ctx, enum tls_event ev, 28 union tls_event_data *data); 29 void *cb_ctx; 30 int cert_in_cb; 31 }; 32 33 struct tls_connection { 34 struct tlsv1_client *client; 35 struct tlsv1_server *server; 36 struct tls_global *global; 37 }; 38 39 40 void * tls_init(const struct tls_config *conf) 41 { 42 struct tls_global *global; 43 44 if (tls_ref_count == 0) { 45 #ifdef CONFIG_TLS_INTERNAL_CLIENT 46 if (tlsv1_client_global_init()) 47 return NULL; 48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 49 #ifdef CONFIG_TLS_INTERNAL_SERVER 50 if (tlsv1_server_global_init()) 51 return NULL; 52 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 53 } 54 tls_ref_count++; 55 56 global = os_zalloc(sizeof(*global)); 57 if (global == NULL) 58 return NULL; 59 if (conf) { 60 global->event_cb = conf->event_cb; 61 global->cb_ctx = conf->cb_ctx; 62 global->cert_in_cb = conf->cert_in_cb; 63 } 64 65 return global; 66 } 67 68 void tls_deinit(void *ssl_ctx) 69 { 70 struct tls_global *global = ssl_ctx; 71 tls_ref_count--; 72 if (tls_ref_count == 0) { 73 #ifdef CONFIG_TLS_INTERNAL_CLIENT 74 tlsv1_client_global_deinit(); 75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76 #ifdef CONFIG_TLS_INTERNAL_SERVER 77 tlsv1_server_global_deinit(); 78 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 79 } 80 #ifdef CONFIG_TLS_INTERNAL_SERVER 81 tlsv1_cred_free(global->server_cred); 82 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 83 os_free(global); 84 } 85 86 87 int tls_get_errors(void *tls_ctx) 88 { 89 return 0; 90 } 91 92 93 struct tls_connection * tls_connection_init(void *tls_ctx) 94 { 95 struct tls_connection *conn; 96 struct tls_global *global = tls_ctx; 97 98 conn = os_zalloc(sizeof(*conn)); 99 if (conn == NULL) 100 return NULL; 101 conn->global = global; 102 103 #ifdef CONFIG_TLS_INTERNAL_CLIENT 104 if (!global->server) { 105 conn->client = tlsv1_client_init(); 106 if (conn->client == NULL) { 107 os_free(conn); 108 return NULL; 109 } 110 tlsv1_client_set_cb(conn->client, global->event_cb, 111 global->cb_ctx, global->cert_in_cb); 112 } 113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 114 #ifdef CONFIG_TLS_INTERNAL_SERVER 115 if (global->server) { 116 conn->server = tlsv1_server_init(global->server_cred); 117 if (conn->server == NULL) { 118 os_free(conn); 119 return NULL; 120 } 121 } 122 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 123 124 return conn; 125 } 126 127 128 #ifdef CONFIG_TESTING_OPTIONS 129 #ifdef CONFIG_TLS_INTERNAL_SERVER 130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags) 131 { 132 if (conn->server) 133 tlsv1_server_set_test_flags(conn->server, flags); 134 } 135 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 136 #endif /* CONFIG_TESTING_OPTIONS */ 137 138 139 void tls_connection_set_log_cb(struct tls_connection *conn, 140 void (*log_cb)(void *ctx, const char *msg), 141 void *ctx) 142 { 143 #ifdef CONFIG_TLS_INTERNAL_SERVER 144 if (conn->server) 145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx); 146 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 147 } 148 149 150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 151 { 152 if (conn == NULL) 153 return; 154 #ifdef CONFIG_TLS_INTERNAL_CLIENT 155 if (conn->client) 156 tlsv1_client_deinit(conn->client); 157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 158 #ifdef CONFIG_TLS_INTERNAL_SERVER 159 if (conn->server) 160 tlsv1_server_deinit(conn->server); 161 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 162 os_free(conn); 163 } 164 165 166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn) 167 { 168 #ifdef CONFIG_TLS_INTERNAL_CLIENT 169 if (conn->client) 170 return tlsv1_client_established(conn->client); 171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 172 #ifdef CONFIG_TLS_INTERNAL_SERVER 173 if (conn->server) 174 return tlsv1_server_established(conn->server); 175 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 176 return 0; 177 } 178 179 180 char * tls_connection_peer_serial_num(void *tls_ctx, 181 struct tls_connection *conn) 182 { 183 /* TODO */ 184 return NULL; 185 } 186 187 188 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 189 { 190 #ifdef CONFIG_TLS_INTERNAL_CLIENT 191 if (conn->client) 192 return tlsv1_client_shutdown(conn->client); 193 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 194 #ifdef CONFIG_TLS_INTERNAL_SERVER 195 if (conn->server) 196 return tlsv1_server_shutdown(conn->server); 197 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 198 return -1; 199 } 200 201 202 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 203 const struct tls_connection_params *params) 204 { 205 #ifdef CONFIG_TLS_INTERNAL_CLIENT 206 struct tlsv1_credentials *cred; 207 208 if (conn->client == NULL) 209 return -1; 210 211 if (params->flags & TLS_CONN_EXT_CERT_CHECK) { 212 wpa_printf(MSG_INFO, 213 "TLS: tls_ext_cert_check=1 not supported"); 214 return -1; 215 } 216 217 cred = tlsv1_cred_alloc(); 218 if (cred == NULL) 219 return -1; 220 221 if (params->subject_match) { 222 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 223 tlsv1_cred_free(cred); 224 return -1; 225 } 226 227 if (params->altsubject_match) { 228 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported"); 229 tlsv1_cred_free(cred); 230 return -1; 231 } 232 233 if (params->suffix_match) { 234 wpa_printf(MSG_INFO, "TLS: suffix_match not supported"); 235 tlsv1_cred_free(cred); 236 return -1; 237 } 238 239 if (params->domain_match) { 240 wpa_printf(MSG_INFO, "TLS: domain_match not supported"); 241 tlsv1_cred_free(cred); 242 return -1; 243 } 244 245 if (params->openssl_ciphers) { 246 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported"); 247 tlsv1_cred_free(cred); 248 return -1; 249 } 250 251 if (params->openssl_ecdh_curves) { 252 wpa_printf(MSG_INFO, "TLS: openssl_ecdh_curves not supported"); 253 tlsv1_cred_free(cred); 254 return -1; 255 } 256 257 if (tlsv1_set_ca_cert(cred, params->ca_cert, 258 params->ca_cert_blob, params->ca_cert_blob_len, 259 params->ca_path)) { 260 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 261 "certificates"); 262 tlsv1_cred_free(cred); 263 return -1; 264 } 265 266 if (tlsv1_set_cert(cred, params->client_cert, 267 params->client_cert_blob, 268 params->client_cert_blob_len)) { 269 wpa_printf(MSG_INFO, "TLS: Failed to configure client " 270 "certificate"); 271 tlsv1_cred_free(cred); 272 return -1; 273 } 274 275 if (tlsv1_set_private_key(cred, params->private_key, 276 params->private_key_passwd, 277 params->private_key_blob, 278 params->private_key_blob_len)) { 279 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 280 tlsv1_cred_free(cred); 281 return -1; 282 } 283 284 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 285 params->dh_blob_len)) { 286 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 287 tlsv1_cred_free(cred); 288 return -1; 289 } 290 291 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 292 tlsv1_cred_free(cred); 293 return -1; 294 } 295 296 tlsv1_client_set_flags(conn->client, params->flags); 297 298 return 0; 299 #else /* CONFIG_TLS_INTERNAL_CLIENT */ 300 return -1; 301 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 302 } 303 304 305 int tls_global_set_params(void *tls_ctx, 306 const struct tls_connection_params *params) 307 { 308 #ifdef CONFIG_TLS_INTERNAL_SERVER 309 struct tls_global *global = tls_ctx; 310 struct tlsv1_credentials *cred; 311 312 if (params->check_cert_subject) 313 return -1; /* not yet supported */ 314 315 /* Currently, global parameters are only set when running in server 316 * mode. */ 317 global->server = 1; 318 tlsv1_cred_free(global->server_cred); 319 global->server_cred = cred = tlsv1_cred_alloc(); 320 if (cred == NULL) 321 return -1; 322 323 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob, 324 params->ca_cert_blob_len, params->ca_path)) { 325 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 326 "certificates"); 327 return -1; 328 } 329 330 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob, 331 params->client_cert_blob_len)) { 332 wpa_printf(MSG_INFO, "TLS: Failed to configure server " 333 "certificate"); 334 return -1; 335 } 336 337 if (tlsv1_set_private_key(cred, params->private_key, 338 params->private_key_passwd, 339 params->private_key_blob, 340 params->private_key_blob_len)) { 341 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 342 return -1; 343 } 344 345 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 346 params->dh_blob_len)) { 347 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 348 return -1; 349 } 350 351 if (params->ocsp_stapling_response) 352 cred->ocsp_stapling_response = 353 os_strdup(params->ocsp_stapling_response); 354 if (params->ocsp_stapling_response_multi) 355 cred->ocsp_stapling_response_multi = 356 os_strdup(params->ocsp_stapling_response_multi); 357 358 return 0; 359 #else /* CONFIG_TLS_INTERNAL_SERVER */ 360 return -1; 361 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 362 } 363 364 365 int tls_global_set_verify(void *tls_ctx, int check_crl, int strict) 366 { 367 struct tls_global *global = tls_ctx; 368 global->check_crl = check_crl; 369 return 0; 370 } 371 372 373 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 374 int verify_peer, unsigned int flags, 375 const u8 *session_ctx, size_t session_ctx_len) 376 { 377 #ifdef CONFIG_TLS_INTERNAL_SERVER 378 if (conn->server) 379 return tlsv1_server_set_verify(conn->server, verify_peer); 380 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 381 return -1; 382 } 383 384 385 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, 386 struct tls_random *data) 387 { 388 #ifdef CONFIG_TLS_INTERNAL_CLIENT 389 if (conn->client) 390 return tlsv1_client_get_random(conn->client, data); 391 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 392 #ifdef CONFIG_TLS_INTERNAL_SERVER 393 if (conn->server) 394 return tlsv1_server_get_random(conn->server, data); 395 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 396 return -1; 397 } 398 399 400 static int tls_get_keyblock_size(struct tls_connection *conn) 401 { 402 #ifdef CONFIG_TLS_INTERNAL_CLIENT 403 if (conn->client) 404 return tlsv1_client_get_keyblock_size(conn->client); 405 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 406 #ifdef CONFIG_TLS_INTERNAL_SERVER 407 if (conn->server) 408 return tlsv1_server_get_keyblock_size(conn->server); 409 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 410 return -1; 411 } 412 413 414 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 415 const char *label, const u8 *context, 416 size_t context_len, int server_random_first, 417 int skip_keyblock, u8 *out, size_t out_len) 418 { 419 int ret = -1, skip = 0; 420 u8 *tmp_out = NULL; 421 u8 *_out = out; 422 423 if (skip_keyblock) { 424 skip = tls_get_keyblock_size(conn); 425 if (skip < 0) 426 return -1; 427 tmp_out = os_malloc(skip + out_len); 428 if (!tmp_out) 429 return -1; 430 _out = tmp_out; 431 } 432 433 #ifdef CONFIG_TLS_INTERNAL_CLIENT 434 if (conn->client) { 435 ret = tlsv1_client_prf(conn->client, label, context, 436 context_len, server_random_first, 437 _out, skip + out_len); 438 } 439 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 440 #ifdef CONFIG_TLS_INTERNAL_SERVER 441 if (conn->server) { 442 ret = tlsv1_server_prf(conn->server, label, context, 443 context_len, server_random_first, 444 _out, skip + out_len); 445 } 446 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 447 if (ret == 0 && skip_keyblock) 448 os_memcpy(out, _out + skip, out_len); 449 bin_clear_free(tmp_out, skip); 450 451 return ret; 452 } 453 454 455 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, 456 const char *label, const u8 *context, 457 size_t context_len, u8 *out, size_t out_len) 458 { 459 return tls_connection_prf(tls_ctx, conn, label, context, context_len, 460 0, 0, out, out_len); 461 } 462 463 464 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, 465 u8 *out, size_t out_len) 466 { 467 return tls_connection_prf(tls_ctx, conn, "key expansion", NULL, 0, 468 1, 1, out, out_len); 469 } 470 471 472 struct wpabuf * tls_connection_handshake(void *tls_ctx, 473 struct tls_connection *conn, 474 const struct wpabuf *in_data, 475 struct wpabuf **appl_data) 476 { 477 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 478 NULL); 479 } 480 481 482 struct wpabuf * tls_connection_handshake2(void *tls_ctx, 483 struct tls_connection *conn, 484 const struct wpabuf *in_data, 485 struct wpabuf **appl_data, 486 int *need_more_data) 487 { 488 #ifdef CONFIG_TLS_INTERNAL_CLIENT 489 u8 *res, *ad; 490 size_t res_len, ad_len; 491 struct wpabuf *out; 492 493 if (conn->client == NULL) 494 return NULL; 495 496 ad = NULL; 497 res = tlsv1_client_handshake(conn->client, 498 in_data ? wpabuf_head(in_data) : NULL, 499 in_data ? wpabuf_len(in_data) : 0, 500 &res_len, &ad, &ad_len, need_more_data); 501 if (res == NULL) 502 return NULL; 503 out = wpabuf_alloc_ext_data(res, res_len); 504 if (out == NULL) { 505 os_free(res); 506 os_free(ad); 507 return NULL; 508 } 509 if (appl_data) { 510 if (ad) { 511 *appl_data = wpabuf_alloc_ext_data(ad, ad_len); 512 if (*appl_data == NULL) 513 os_free(ad); 514 } else 515 *appl_data = NULL; 516 } else 517 os_free(ad); 518 519 return out; 520 #else /* CONFIG_TLS_INTERNAL_CLIENT */ 521 return NULL; 522 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 523 } 524 525 526 struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 527 struct tls_connection *conn, 528 const struct wpabuf *in_data, 529 struct wpabuf **appl_data) 530 { 531 #ifdef CONFIG_TLS_INTERNAL_SERVER 532 u8 *res; 533 size_t res_len; 534 struct wpabuf *out; 535 536 if (conn->server == NULL) 537 return NULL; 538 539 if (appl_data) 540 *appl_data = NULL; 541 542 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data), 543 wpabuf_len(in_data), &res_len); 544 if (res == NULL && tlsv1_server_established(conn->server)) 545 return wpabuf_alloc(0); 546 if (res == NULL) 547 return NULL; 548 out = wpabuf_alloc_ext_data(res, res_len); 549 if (out == NULL) { 550 os_free(res); 551 return NULL; 552 } 553 554 return out; 555 #else /* CONFIG_TLS_INTERNAL_SERVER */ 556 return NULL; 557 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 558 } 559 560 561 struct wpabuf * tls_connection_encrypt(void *tls_ctx, 562 struct tls_connection *conn, 563 const struct wpabuf *in_data) 564 { 565 #ifdef CONFIG_TLS_INTERNAL_CLIENT 566 if (conn->client) { 567 struct wpabuf *buf; 568 int res; 569 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 570 if (buf == NULL) 571 return NULL; 572 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data), 573 wpabuf_len(in_data), 574 wpabuf_mhead(buf), 575 wpabuf_size(buf)); 576 if (res < 0) { 577 wpabuf_free(buf); 578 return NULL; 579 } 580 wpabuf_put(buf, res); 581 return buf; 582 } 583 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 584 #ifdef CONFIG_TLS_INTERNAL_SERVER 585 if (conn->server) { 586 struct wpabuf *buf; 587 int res; 588 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 589 if (buf == NULL) 590 return NULL; 591 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data), 592 wpabuf_len(in_data), 593 wpabuf_mhead(buf), 594 wpabuf_size(buf)); 595 if (res < 0) { 596 wpabuf_free(buf); 597 return NULL; 598 } 599 wpabuf_put(buf, res); 600 return buf; 601 } 602 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 603 return NULL; 604 } 605 606 607 struct wpabuf * tls_connection_decrypt(void *tls_ctx, 608 struct tls_connection *conn, 609 const struct wpabuf *in_data) 610 { 611 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL); 612 } 613 614 615 struct wpabuf * tls_connection_decrypt2(void *tls_ctx, 616 struct tls_connection *conn, 617 const struct wpabuf *in_data, 618 int *need_more_data) 619 { 620 if (need_more_data) 621 *need_more_data = 0; 622 623 #ifdef CONFIG_TLS_INTERNAL_CLIENT 624 if (conn->client) { 625 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data), 626 wpabuf_len(in_data), 627 need_more_data); 628 } 629 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 630 #ifdef CONFIG_TLS_INTERNAL_SERVER 631 if (conn->server) { 632 struct wpabuf *buf; 633 int res; 634 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 635 if (buf == NULL) 636 return NULL; 637 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data), 638 wpabuf_len(in_data), 639 wpabuf_mhead(buf), 640 wpabuf_size(buf)); 641 if (res < 0) { 642 wpabuf_free(buf); 643 return NULL; 644 } 645 wpabuf_put(buf, res); 646 return buf; 647 } 648 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 649 return NULL; 650 } 651 652 653 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 654 { 655 #ifdef CONFIG_TLS_INTERNAL_CLIENT 656 if (conn->client) 657 return tlsv1_client_resumed(conn->client); 658 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 659 #ifdef CONFIG_TLS_INTERNAL_SERVER 660 if (conn->server) 661 return tlsv1_server_resumed(conn->server); 662 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 663 return -1; 664 } 665 666 667 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 668 u8 *ciphers) 669 { 670 #ifdef CONFIG_TLS_INTERNAL_CLIENT 671 if (conn->client) 672 return tlsv1_client_set_cipher_list(conn->client, ciphers); 673 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 674 #ifdef CONFIG_TLS_INTERNAL_SERVER 675 if (conn->server) 676 return tlsv1_server_set_cipher_list(conn->server, ciphers); 677 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 678 return -1; 679 } 680 681 682 int tls_get_version(void *ssl_ctx, struct tls_connection *conn, 683 char *buf, size_t buflen) 684 { 685 if (conn == NULL) 686 return -1; 687 #ifdef CONFIG_TLS_INTERNAL_CLIENT 688 if (conn->client) 689 return tlsv1_client_get_version(conn->client, buf, buflen); 690 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 691 return -1; 692 } 693 694 695 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 696 char *buf, size_t buflen) 697 { 698 if (conn == NULL) 699 return -1; 700 #ifdef CONFIG_TLS_INTERNAL_CLIENT 701 if (conn->client) 702 return tlsv1_client_get_cipher(conn->client, buf, buflen); 703 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 704 #ifdef CONFIG_TLS_INTERNAL_SERVER 705 if (conn->server) 706 return tlsv1_server_get_cipher(conn->server, buf, buflen); 707 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 708 return -1; 709 } 710 711 712 int tls_connection_enable_workaround(void *tls_ctx, 713 struct tls_connection *conn) 714 { 715 return -1; 716 } 717 718 719 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 720 int ext_type, const u8 *data, 721 size_t data_len) 722 { 723 #ifdef CONFIG_TLS_INTERNAL_CLIENT 724 if (conn->client) { 725 return tlsv1_client_hello_ext(conn->client, ext_type, 726 data, data_len); 727 } 728 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 729 return -1; 730 } 731 732 733 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 734 { 735 #ifdef CONFIG_TLS_INTERNAL_SERVER 736 if (conn->server) 737 return tlsv1_server_get_failed(conn->server); 738 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 739 return 0; 740 } 741 742 743 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 744 { 745 #ifdef CONFIG_TLS_INTERNAL_SERVER 746 if (conn->server) 747 return tlsv1_server_get_read_alerts(conn->server); 748 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 749 return 0; 750 } 751 752 753 int tls_connection_get_write_alerts(void *tls_ctx, 754 struct tls_connection *conn) 755 { 756 #ifdef CONFIG_TLS_INTERNAL_SERVER 757 if (conn->server) 758 return tlsv1_server_get_write_alerts(conn->server); 759 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 760 return 0; 761 } 762 763 764 int tls_connection_set_session_ticket_cb(void *tls_ctx, 765 struct tls_connection *conn, 766 tls_session_ticket_cb cb, 767 void *ctx) 768 { 769 #ifdef CONFIG_TLS_INTERNAL_CLIENT 770 if (conn->client) { 771 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx); 772 return 0; 773 } 774 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 775 #ifdef CONFIG_TLS_INTERNAL_SERVER 776 if (conn->server) { 777 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx); 778 return 0; 779 } 780 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 781 return -1; 782 } 783 784 785 int tls_get_library_version(char *buf, size_t buf_len) 786 { 787 return os_snprintf(buf, buf_len, "internal"); 788 } 789 790 791 void tls_connection_set_success_data(struct tls_connection *conn, 792 struct wpabuf *data) 793 { 794 } 795 796 797 void tls_connection_set_success_data_resumed(struct tls_connection *conn) 798 { 799 } 800 801 802 const struct wpabuf * 803 tls_connection_get_success_data(struct tls_connection *conn) 804 { 805 return NULL; 806 } 807 808 809 void tls_connection_remove_session(struct tls_connection *conn) 810 { 811 } 812