1 /*
2 * TLS interface functions and an internal TLS implementation
3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file interface functions for hostapd/wpa_supplicant to use the
9 * integrated TLSv1 implementation.
10 */
11
12 #include "includes.h"
13
14 #include "common.h"
15 #include "tls.h"
16 #include "tls/tlsv1_client.h"
17 #include "tls/tlsv1_server.h"
18
19
20 static int tls_ref_count = 0;
21
22 struct tls_global {
23 int server;
24 struct tlsv1_credentials *server_cred;
25 int check_crl;
26
27 void (*event_cb)(void *ctx, enum tls_event ev,
28 union tls_event_data *data);
29 void *cb_ctx;
30 int cert_in_cb;
31 };
32
33 struct tls_connection {
34 struct tlsv1_client *client;
35 struct tlsv1_server *server;
36 struct tls_global *global;
37 };
38
39
tls_init(const struct tls_config * conf)40 void * tls_init(const struct tls_config *conf)
41 {
42 struct tls_global *global;
43
44 if (tls_ref_count == 0) {
45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
46 if (tlsv1_client_global_init())
47 return NULL;
48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
49 #ifdef CONFIG_TLS_INTERNAL_SERVER
50 if (tlsv1_server_global_init())
51 return NULL;
52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
53 }
54 tls_ref_count++;
55
56 global = os_zalloc(sizeof(*global));
57 if (global == NULL)
58 return NULL;
59 if (conf) {
60 global->event_cb = conf->event_cb;
61 global->cb_ctx = conf->cb_ctx;
62 global->cert_in_cb = conf->cert_in_cb;
63 }
64
65 return global;
66 }
67
tls_deinit(void * ssl_ctx)68 void tls_deinit(void *ssl_ctx)
69 {
70 struct tls_global *global = ssl_ctx;
71 tls_ref_count--;
72 if (tls_ref_count == 0) {
73 #ifdef CONFIG_TLS_INTERNAL_CLIENT
74 tlsv1_client_global_deinit();
75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
76 #ifdef CONFIG_TLS_INTERNAL_SERVER
77 tlsv1_server_global_deinit();
78 #endif /* CONFIG_TLS_INTERNAL_SERVER */
79 }
80 #ifdef CONFIG_TLS_INTERNAL_SERVER
81 tlsv1_cred_free(global->server_cred);
82 #endif /* CONFIG_TLS_INTERNAL_SERVER */
83 os_free(global);
84 }
85
86
tls_get_errors(void * tls_ctx)87 int tls_get_errors(void *tls_ctx)
88 {
89 return 0;
90 }
91
92
tls_connection_init(void * tls_ctx)93 struct tls_connection * tls_connection_init(void *tls_ctx)
94 {
95 struct tls_connection *conn;
96 struct tls_global *global = tls_ctx;
97
98 conn = os_zalloc(sizeof(*conn));
99 if (conn == NULL)
100 return NULL;
101 conn->global = global;
102
103 #ifdef CONFIG_TLS_INTERNAL_CLIENT
104 if (!global->server) {
105 conn->client = tlsv1_client_init();
106 if (conn->client == NULL) {
107 os_free(conn);
108 return NULL;
109 }
110 tlsv1_client_set_cb(conn->client, global->event_cb,
111 global->cb_ctx, global->cert_in_cb);
112 }
113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
114 #ifdef CONFIG_TLS_INTERNAL_SERVER
115 if (global->server) {
116 conn->server = tlsv1_server_init(global->server_cred);
117 if (conn->server == NULL) {
118 os_free(conn);
119 return NULL;
120 }
121 }
122 #endif /* CONFIG_TLS_INTERNAL_SERVER */
123
124 return conn;
125 }
126
127
128 #ifdef CONFIG_TESTING_OPTIONS
129 #ifdef CONFIG_TLS_INTERNAL_SERVER
tls_connection_set_test_flags(struct tls_connection * conn,u32 flags)130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
131 {
132 if (conn->server)
133 tlsv1_server_set_test_flags(conn->server, flags);
134 }
135 #endif /* CONFIG_TLS_INTERNAL_SERVER */
136 #endif /* CONFIG_TESTING_OPTIONS */
137
138
tls_connection_set_log_cb(struct tls_connection * conn,void (* log_cb)(void * ctx,const char * msg),void * ctx)139 void tls_connection_set_log_cb(struct tls_connection *conn,
140 void (*log_cb)(void *ctx, const char *msg),
141 void *ctx)
142 {
143 #ifdef CONFIG_TLS_INTERNAL_SERVER
144 if (conn->server)
145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
146 #endif /* CONFIG_TLS_INTERNAL_SERVER */
147 }
148
149
tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
151 {
152 if (conn == NULL)
153 return;
154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
155 if (conn->client)
156 tlsv1_client_deinit(conn->client);
157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
158 #ifdef CONFIG_TLS_INTERNAL_SERVER
159 if (conn->server)
160 tlsv1_server_deinit(conn->server);
161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
162 os_free(conn);
163 }
164
165
tls_connection_established(void * tls_ctx,struct tls_connection * conn)166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
167 {
168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
169 if (conn->client)
170 return tlsv1_client_established(conn->client);
171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
172 #ifdef CONFIG_TLS_INTERNAL_SERVER
173 if (conn->server)
174 return tlsv1_server_established(conn->server);
175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
176 return 0;
177 }
178
179
tls_connection_peer_serial_num(void * tls_ctx,struct tls_connection * conn)180 char * tls_connection_peer_serial_num(void *tls_ctx,
181 struct tls_connection *conn)
182 {
183 /* TODO */
184 return NULL;
185 }
186
187
tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)188 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
189 {
190 #ifdef CONFIG_TLS_INTERNAL_CLIENT
191 if (conn->client)
192 return tlsv1_client_shutdown(conn->client);
193 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
194 #ifdef CONFIG_TLS_INTERNAL_SERVER
195 if (conn->server)
196 return tlsv1_server_shutdown(conn->server);
197 #endif /* CONFIG_TLS_INTERNAL_SERVER */
198 return -1;
199 }
200
201
tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)202 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
203 const struct tls_connection_params *params)
204 {
205 #ifdef CONFIG_TLS_INTERNAL_CLIENT
206 struct tlsv1_credentials *cred;
207
208 if (conn->client == NULL)
209 return -1;
210
211 if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
212 wpa_printf(MSG_INFO,
213 "TLS: tls_ext_cert_check=1 not supported");
214 return -1;
215 }
216
217 cred = tlsv1_cred_alloc();
218 if (cred == NULL)
219 return -1;
220
221 if (params->subject_match) {
222 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
223 tlsv1_cred_free(cred);
224 return -1;
225 }
226
227 if (params->altsubject_match) {
228 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
229 tlsv1_cred_free(cred);
230 return -1;
231 }
232
233 if (params->suffix_match) {
234 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
235 tlsv1_cred_free(cred);
236 return -1;
237 }
238
239 if (params->domain_match) {
240 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
241 tlsv1_cred_free(cred);
242 return -1;
243 }
244
245 if (params->openssl_ciphers) {
246 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
247 tlsv1_cred_free(cred);
248 return -1;
249 }
250
251 if (params->openssl_ecdh_curves) {
252 wpa_printf(MSG_INFO, "TLS: openssl_ecdh_curves not supported");
253 tlsv1_cred_free(cred);
254 return -1;
255 }
256
257 if (tlsv1_set_ca_cert(cred, params->ca_cert,
258 params->ca_cert_blob, params->ca_cert_blob_len,
259 params->ca_path)) {
260 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
261 "certificates");
262 tlsv1_cred_free(cred);
263 return -1;
264 }
265
266 if (tlsv1_set_cert(cred, params->client_cert,
267 params->client_cert_blob,
268 params->client_cert_blob_len)) {
269 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
270 "certificate");
271 tlsv1_cred_free(cred);
272 return -1;
273 }
274
275 if (tlsv1_set_private_key(cred, params->private_key,
276 params->private_key_passwd,
277 params->private_key_blob,
278 params->private_key_blob_len)) {
279 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
280 tlsv1_cred_free(cred);
281 return -1;
282 }
283
284 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
285 params->dh_blob_len)) {
286 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
287 tlsv1_cred_free(cred);
288 return -1;
289 }
290
291 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
292 tlsv1_cred_free(cred);
293 return -1;
294 }
295
296 tlsv1_client_set_flags(conn->client, params->flags);
297
298 return 0;
299 #else /* CONFIG_TLS_INTERNAL_CLIENT */
300 return -1;
301 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
302 }
303
304
tls_global_set_params(void * tls_ctx,const struct tls_connection_params * params)305 int tls_global_set_params(void *tls_ctx,
306 const struct tls_connection_params *params)
307 {
308 #ifdef CONFIG_TLS_INTERNAL_SERVER
309 struct tls_global *global = tls_ctx;
310 struct tlsv1_credentials *cred;
311
312 if (params->check_cert_subject)
313 return -1; /* not yet supported */
314
315 /* Currently, global parameters are only set when running in server
316 * mode. */
317 global->server = 1;
318 tlsv1_cred_free(global->server_cred);
319 global->server_cred = cred = tlsv1_cred_alloc();
320 if (cred == NULL)
321 return -1;
322
323 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
324 params->ca_cert_blob_len, params->ca_path)) {
325 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
326 "certificates");
327 return -1;
328 }
329
330 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
331 params->client_cert_blob_len)) {
332 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
333 "certificate");
334 return -1;
335 }
336
337 if (tlsv1_set_private_key(cred, params->private_key,
338 params->private_key_passwd,
339 params->private_key_blob,
340 params->private_key_blob_len)) {
341 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
342 return -1;
343 }
344
345 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
346 params->dh_blob_len)) {
347 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
348 return -1;
349 }
350
351 if (params->ocsp_stapling_response)
352 cred->ocsp_stapling_response =
353 os_strdup(params->ocsp_stapling_response);
354 if (params->ocsp_stapling_response_multi)
355 cred->ocsp_stapling_response_multi =
356 os_strdup(params->ocsp_stapling_response_multi);
357
358 return 0;
359 #else /* CONFIG_TLS_INTERNAL_SERVER */
360 return -1;
361 #endif /* CONFIG_TLS_INTERNAL_SERVER */
362 }
363
364
tls_global_set_verify(void * tls_ctx,int check_crl,int strict)365 int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
366 {
367 struct tls_global *global = tls_ctx;
368 global->check_crl = check_crl;
369 return 0;
370 }
371
372
tls_connection_set_verify(void * tls_ctx,struct tls_connection * conn,int verify_peer,unsigned int flags,const u8 * session_ctx,size_t session_ctx_len)373 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
374 int verify_peer, unsigned int flags,
375 const u8 *session_ctx, size_t session_ctx_len)
376 {
377 #ifdef CONFIG_TLS_INTERNAL_SERVER
378 if (conn->server)
379 return tlsv1_server_set_verify(conn->server, verify_peer);
380 #endif /* CONFIG_TLS_INTERNAL_SERVER */
381 return -1;
382 }
383
384
tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)385 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
386 struct tls_random *data)
387 {
388 #ifdef CONFIG_TLS_INTERNAL_CLIENT
389 if (conn->client)
390 return tlsv1_client_get_random(conn->client, data);
391 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
392 #ifdef CONFIG_TLS_INTERNAL_SERVER
393 if (conn->server)
394 return tlsv1_server_get_random(conn->server, data);
395 #endif /* CONFIG_TLS_INTERNAL_SERVER */
396 return -1;
397 }
398
399
tls_get_keyblock_size(struct tls_connection * conn)400 static int tls_get_keyblock_size(struct tls_connection *conn)
401 {
402 #ifdef CONFIG_TLS_INTERNAL_CLIENT
403 if (conn->client)
404 return tlsv1_client_get_keyblock_size(conn->client);
405 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
406 #ifdef CONFIG_TLS_INTERNAL_SERVER
407 if (conn->server)
408 return tlsv1_server_get_keyblock_size(conn->server);
409 #endif /* CONFIG_TLS_INTERNAL_SERVER */
410 return -1;
411 }
412
413
tls_connection_prf(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,int server_random_first,int skip_keyblock,u8 * out,size_t out_len)414 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
415 const char *label, const u8 *context,
416 size_t context_len, int server_random_first,
417 int skip_keyblock, u8 *out, size_t out_len)
418 {
419 int ret = -1, skip = 0;
420 u8 *tmp_out = NULL;
421 u8 *_out = out;
422
423 if (skip_keyblock) {
424 skip = tls_get_keyblock_size(conn);
425 if (skip < 0)
426 return -1;
427 tmp_out = os_malloc(skip + out_len);
428 if (!tmp_out)
429 return -1;
430 _out = tmp_out;
431 }
432
433 #ifdef CONFIG_TLS_INTERNAL_CLIENT
434 if (conn->client) {
435 ret = tlsv1_client_prf(conn->client, label, context,
436 context_len, server_random_first,
437 _out, skip + out_len);
438 }
439 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
440 #ifdef CONFIG_TLS_INTERNAL_SERVER
441 if (conn->server) {
442 ret = tlsv1_server_prf(conn->server, label, context,
443 context_len, server_random_first,
444 _out, skip + out_len);
445 }
446 #endif /* CONFIG_TLS_INTERNAL_SERVER */
447 if (ret == 0 && skip_keyblock)
448 os_memcpy(out, _out + skip, out_len);
449 bin_clear_free(tmp_out, skip);
450
451 return ret;
452 }
453
454
tls_connection_export_key(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,u8 * out,size_t out_len)455 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
456 const char *label, const u8 *context,
457 size_t context_len, u8 *out, size_t out_len)
458 {
459 return tls_connection_prf(tls_ctx, conn, label, context, context_len,
460 0, 0, out, out_len);
461 }
462
463
tls_connection_get_eap_fast_key(void * tls_ctx,struct tls_connection * conn,u8 * out,size_t out_len)464 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
465 u8 *out, size_t out_len)
466 {
467 return tls_connection_prf(tls_ctx, conn, "key expansion", NULL, 0,
468 1, 1, out, out_len);
469 }
470
471
tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)472 struct wpabuf * tls_connection_handshake(void *tls_ctx,
473 struct tls_connection *conn,
474 const struct wpabuf *in_data,
475 struct wpabuf **appl_data)
476 {
477 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
478 NULL);
479 }
480
481
tls_connection_handshake2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data,int * need_more_data)482 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
483 struct tls_connection *conn,
484 const struct wpabuf *in_data,
485 struct wpabuf **appl_data,
486 int *need_more_data)
487 {
488 #ifdef CONFIG_TLS_INTERNAL_CLIENT
489 u8 *res, *ad;
490 size_t res_len, ad_len;
491 struct wpabuf *out;
492
493 if (conn->client == NULL)
494 return NULL;
495
496 ad = NULL;
497 res = tlsv1_client_handshake(conn->client,
498 in_data ? wpabuf_head(in_data) : NULL,
499 in_data ? wpabuf_len(in_data) : 0,
500 &res_len, &ad, &ad_len, need_more_data);
501 if (res == NULL)
502 return NULL;
503 out = wpabuf_alloc_ext_data(res, res_len);
504 if (out == NULL) {
505 os_free(res);
506 os_free(ad);
507 return NULL;
508 }
509 if (appl_data) {
510 if (ad) {
511 *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
512 if (*appl_data == NULL)
513 os_free(ad);
514 } else
515 *appl_data = NULL;
516 } else
517 os_free(ad);
518
519 return out;
520 #else /* CONFIG_TLS_INTERNAL_CLIENT */
521 return NULL;
522 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
523 }
524
525
tls_connection_server_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)526 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
527 struct tls_connection *conn,
528 const struct wpabuf *in_data,
529 struct wpabuf **appl_data)
530 {
531 #ifdef CONFIG_TLS_INTERNAL_SERVER
532 u8 *res;
533 size_t res_len;
534 struct wpabuf *out;
535
536 if (conn->server == NULL)
537 return NULL;
538
539 if (appl_data)
540 *appl_data = NULL;
541
542 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
543 wpabuf_len(in_data), &res_len);
544 if (res == NULL && tlsv1_server_established(conn->server))
545 return wpabuf_alloc(0);
546 if (res == NULL)
547 return NULL;
548 out = wpabuf_alloc_ext_data(res, res_len);
549 if (out == NULL) {
550 os_free(res);
551 return NULL;
552 }
553
554 return out;
555 #else /* CONFIG_TLS_INTERNAL_SERVER */
556 return NULL;
557 #endif /* CONFIG_TLS_INTERNAL_SERVER */
558 }
559
560
tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)561 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
562 struct tls_connection *conn,
563 const struct wpabuf *in_data)
564 {
565 #ifdef CONFIG_TLS_INTERNAL_CLIENT
566 if (conn->client) {
567 struct wpabuf *buf;
568 int res;
569 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
570 if (buf == NULL)
571 return NULL;
572 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
573 wpabuf_len(in_data),
574 wpabuf_mhead(buf),
575 wpabuf_size(buf));
576 if (res < 0) {
577 wpabuf_free(buf);
578 return NULL;
579 }
580 wpabuf_put(buf, res);
581 return buf;
582 }
583 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
584 #ifdef CONFIG_TLS_INTERNAL_SERVER
585 if (conn->server) {
586 struct wpabuf *buf;
587 int res;
588 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
589 if (buf == NULL)
590 return NULL;
591 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
592 wpabuf_len(in_data),
593 wpabuf_mhead(buf),
594 wpabuf_size(buf));
595 if (res < 0) {
596 wpabuf_free(buf);
597 return NULL;
598 }
599 wpabuf_put(buf, res);
600 return buf;
601 }
602 #endif /* CONFIG_TLS_INTERNAL_SERVER */
603 return NULL;
604 }
605
606
tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)607 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
608 struct tls_connection *conn,
609 const struct wpabuf *in_data)
610 {
611 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
612 }
613
614
tls_connection_decrypt2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,int * need_more_data)615 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
616 struct tls_connection *conn,
617 const struct wpabuf *in_data,
618 int *need_more_data)
619 {
620 if (need_more_data)
621 *need_more_data = 0;
622
623 #ifdef CONFIG_TLS_INTERNAL_CLIENT
624 if (conn->client) {
625 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
626 wpabuf_len(in_data),
627 need_more_data);
628 }
629 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
630 #ifdef CONFIG_TLS_INTERNAL_SERVER
631 if (conn->server) {
632 struct wpabuf *buf;
633 int res;
634 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
635 if (buf == NULL)
636 return NULL;
637 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
638 wpabuf_len(in_data),
639 wpabuf_mhead(buf),
640 wpabuf_size(buf));
641 if (res < 0) {
642 wpabuf_free(buf);
643 return NULL;
644 }
645 wpabuf_put(buf, res);
646 return buf;
647 }
648 #endif /* CONFIG_TLS_INTERNAL_SERVER */
649 return NULL;
650 }
651
652
tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)653 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
654 {
655 #ifdef CONFIG_TLS_INTERNAL_CLIENT
656 if (conn->client)
657 return tlsv1_client_resumed(conn->client);
658 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
659 #ifdef CONFIG_TLS_INTERNAL_SERVER
660 if (conn->server)
661 return tlsv1_server_resumed(conn->server);
662 #endif /* CONFIG_TLS_INTERNAL_SERVER */
663 return -1;
664 }
665
666
tls_connection_set_cipher_list(void * tls_ctx,struct tls_connection * conn,u8 * ciphers)667 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
668 u8 *ciphers)
669 {
670 #ifdef CONFIG_TLS_INTERNAL_CLIENT
671 if (conn->client)
672 return tlsv1_client_set_cipher_list(conn->client, ciphers);
673 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
674 #ifdef CONFIG_TLS_INTERNAL_SERVER
675 if (conn->server)
676 return tlsv1_server_set_cipher_list(conn->server, ciphers);
677 #endif /* CONFIG_TLS_INTERNAL_SERVER */
678 return -1;
679 }
680
681
tls_get_version(void * ssl_ctx,struct tls_connection * conn,char * buf,size_t buflen)682 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
683 char *buf, size_t buflen)
684 {
685 if (conn == NULL)
686 return -1;
687 #ifdef CONFIG_TLS_INTERNAL_CLIENT
688 if (conn->client)
689 return tlsv1_client_get_version(conn->client, buf, buflen);
690 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
691 return -1;
692 }
693
694
tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)695 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
696 char *buf, size_t buflen)
697 {
698 if (conn == NULL)
699 return -1;
700 #ifdef CONFIG_TLS_INTERNAL_CLIENT
701 if (conn->client)
702 return tlsv1_client_get_cipher(conn->client, buf, buflen);
703 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
704 #ifdef CONFIG_TLS_INTERNAL_SERVER
705 if (conn->server)
706 return tlsv1_server_get_cipher(conn->server, buf, buflen);
707 #endif /* CONFIG_TLS_INTERNAL_SERVER */
708 return -1;
709 }
710
711
tls_connection_enable_workaround(void * tls_ctx,struct tls_connection * conn)712 int tls_connection_enable_workaround(void *tls_ctx,
713 struct tls_connection *conn)
714 {
715 return -1;
716 }
717
718
tls_connection_client_hello_ext(void * tls_ctx,struct tls_connection * conn,int ext_type,const u8 * data,size_t data_len)719 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
720 int ext_type, const u8 *data,
721 size_t data_len)
722 {
723 #ifdef CONFIG_TLS_INTERNAL_CLIENT
724 if (conn->client) {
725 return tlsv1_client_hello_ext(conn->client, ext_type,
726 data, data_len);
727 }
728 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
729 return -1;
730 }
731
732
tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)733 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
734 {
735 #ifdef CONFIG_TLS_INTERNAL_SERVER
736 if (conn->server)
737 return tlsv1_server_get_failed(conn->server);
738 #endif /* CONFIG_TLS_INTERNAL_SERVER */
739 return 0;
740 }
741
742
tls_connection_get_read_alerts(void * tls_ctx,struct tls_connection * conn)743 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
744 {
745 #ifdef CONFIG_TLS_INTERNAL_SERVER
746 if (conn->server)
747 return tlsv1_server_get_read_alerts(conn->server);
748 #endif /* CONFIG_TLS_INTERNAL_SERVER */
749 return 0;
750 }
751
752
tls_connection_get_write_alerts(void * tls_ctx,struct tls_connection * conn)753 int tls_connection_get_write_alerts(void *tls_ctx,
754 struct tls_connection *conn)
755 {
756 #ifdef CONFIG_TLS_INTERNAL_SERVER
757 if (conn->server)
758 return tlsv1_server_get_write_alerts(conn->server);
759 #endif /* CONFIG_TLS_INTERNAL_SERVER */
760 return 0;
761 }
762
763
tls_connection_set_session_ticket_cb(void * tls_ctx,struct tls_connection * conn,tls_session_ticket_cb cb,void * ctx)764 int tls_connection_set_session_ticket_cb(void *tls_ctx,
765 struct tls_connection *conn,
766 tls_session_ticket_cb cb,
767 void *ctx)
768 {
769 #ifdef CONFIG_TLS_INTERNAL_CLIENT
770 if (conn->client) {
771 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
772 return 0;
773 }
774 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
775 #ifdef CONFIG_TLS_INTERNAL_SERVER
776 if (conn->server) {
777 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
778 return 0;
779 }
780 #endif /* CONFIG_TLS_INTERNAL_SERVER */
781 return -1;
782 }
783
784
tls_get_library_version(char * buf,size_t buf_len)785 int tls_get_library_version(char *buf, size_t buf_len)
786 {
787 return os_snprintf(buf, buf_len, "internal");
788 }
789
790
tls_connection_set_success_data(struct tls_connection * conn,struct wpabuf * data)791 void tls_connection_set_success_data(struct tls_connection *conn,
792 struct wpabuf *data)
793 {
794 }
795
796
tls_connection_set_success_data_resumed(struct tls_connection * conn)797 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
798 {
799 }
800
801
802 const struct wpabuf *
tls_connection_get_success_data(struct tls_connection * conn)803 tls_connection_get_success_data(struct tls_connection *conn)
804 {
805 return NULL;
806 }
807
808
tls_connection_remove_session(struct tls_connection * conn)809 void tls_connection_remove_session(struct tls_connection *conn)
810 {
811 }
812