• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * TLS interface functions and an internal TLS implementation
3  * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file interface functions for hostapd/wpa_supplicant to use the
9  * integrated TLSv1 implementation.
10  */
11 
12 #include "includes.h"
13 
14 #include "common.h"
15 #include "tls.h"
16 #include "tls/tlsv1_client.h"
17 #include "tls/tlsv1_server.h"
18 
19 
20 static int tls_ref_count = 0;
21 
22 struct tls_global {
23 	int server;
24 	struct tlsv1_credentials *server_cred;
25 	int check_crl;
26 
27 	void (*event_cb)(void *ctx, enum tls_event ev,
28 			 union tls_event_data *data);
29 	void *cb_ctx;
30 	int cert_in_cb;
31 };
32 
33 struct tls_connection {
34 	struct tlsv1_client *client;
35 	struct tlsv1_server *server;
36 	struct tls_global *global;
37 };
38 
39 
tls_init(const struct tls_config * conf)40 void * tls_init(const struct tls_config *conf)
41 {
42 	struct tls_global *global;
43 
44 	if (tls_ref_count == 0) {
45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
46 		if (tlsv1_client_global_init())
47 			return NULL;
48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
49 #ifdef CONFIG_TLS_INTERNAL_SERVER
50 		if (tlsv1_server_global_init())
51 			return NULL;
52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
53 	}
54 	tls_ref_count++;
55 
56 	global = os_zalloc(sizeof(*global));
57 	if (global == NULL)
58 		return NULL;
59 	if (conf) {
60 		global->event_cb = conf->event_cb;
61 		global->cb_ctx = conf->cb_ctx;
62 		global->cert_in_cb = conf->cert_in_cb;
63 	}
64 
65 	return global;
66 }
67 
tls_deinit(void * ssl_ctx)68 void tls_deinit(void *ssl_ctx)
69 {
70 	struct tls_global *global = ssl_ctx;
71 	tls_ref_count--;
72 	if (tls_ref_count == 0) {
73 #ifdef CONFIG_TLS_INTERNAL_CLIENT
74 		tlsv1_client_global_deinit();
75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
76 #ifdef CONFIG_TLS_INTERNAL_SERVER
77 		tlsv1_server_global_deinit();
78 #endif /* CONFIG_TLS_INTERNAL_SERVER */
79 	}
80 #ifdef CONFIG_TLS_INTERNAL_SERVER
81 	tlsv1_cred_free(global->server_cred);
82 #endif /* CONFIG_TLS_INTERNAL_SERVER */
83 	os_free(global);
84 }
85 
86 
tls_get_errors(void * tls_ctx)87 int tls_get_errors(void *tls_ctx)
88 {
89 	return 0;
90 }
91 
92 
tls_connection_init(void * tls_ctx)93 struct tls_connection * tls_connection_init(void *tls_ctx)
94 {
95 	struct tls_connection *conn;
96 	struct tls_global *global = tls_ctx;
97 
98 	conn = os_zalloc(sizeof(*conn));
99 	if (conn == NULL)
100 		return NULL;
101 	conn->global = global;
102 
103 #ifdef CONFIG_TLS_INTERNAL_CLIENT
104 	if (!global->server) {
105 		conn->client = tlsv1_client_init();
106 		if (conn->client == NULL) {
107 			os_free(conn);
108 			return NULL;
109 		}
110 		tlsv1_client_set_cb(conn->client, global->event_cb,
111 				    global->cb_ctx, global->cert_in_cb);
112 	}
113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
114 #ifdef CONFIG_TLS_INTERNAL_SERVER
115 	if (global->server) {
116 		conn->server = tlsv1_server_init(global->server_cred);
117 		if (conn->server == NULL) {
118 			os_free(conn);
119 			return NULL;
120 		}
121 	}
122 #endif /* CONFIG_TLS_INTERNAL_SERVER */
123 
124 	return conn;
125 }
126 
127 
128 #ifdef CONFIG_TESTING_OPTIONS
129 #ifdef CONFIG_TLS_INTERNAL_SERVER
tls_connection_set_test_flags(struct tls_connection * conn,u32 flags)130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
131 {
132 	if (conn->server)
133 		tlsv1_server_set_test_flags(conn->server, flags);
134 }
135 #endif /* CONFIG_TLS_INTERNAL_SERVER */
136 #endif /* CONFIG_TESTING_OPTIONS */
137 
138 
tls_connection_set_log_cb(struct tls_connection * conn,void (* log_cb)(void * ctx,const char * msg),void * ctx)139 void tls_connection_set_log_cb(struct tls_connection *conn,
140 			       void (*log_cb)(void *ctx, const char *msg),
141 			       void *ctx)
142 {
143 #ifdef CONFIG_TLS_INTERNAL_SERVER
144 	if (conn->server)
145 		tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
146 #endif /* CONFIG_TLS_INTERNAL_SERVER */
147 }
148 
149 
tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
151 {
152 	if (conn == NULL)
153 		return;
154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
155 	if (conn->client)
156 		tlsv1_client_deinit(conn->client);
157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
158 #ifdef CONFIG_TLS_INTERNAL_SERVER
159 	if (conn->server)
160 		tlsv1_server_deinit(conn->server);
161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
162 	os_free(conn);
163 }
164 
165 
tls_connection_established(void * tls_ctx,struct tls_connection * conn)166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
167 {
168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
169 	if (conn->client)
170 		return tlsv1_client_established(conn->client);
171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
172 #ifdef CONFIG_TLS_INTERNAL_SERVER
173 	if (conn->server)
174 		return tlsv1_server_established(conn->server);
175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
176 	return 0;
177 }
178 
179 
tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)180 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
181 {
182 #ifdef CONFIG_TLS_INTERNAL_CLIENT
183 	if (conn->client)
184 		return tlsv1_client_shutdown(conn->client);
185 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
186 #ifdef CONFIG_TLS_INTERNAL_SERVER
187 	if (conn->server)
188 		return tlsv1_server_shutdown(conn->server);
189 #endif /* CONFIG_TLS_INTERNAL_SERVER */
190 	return -1;
191 }
192 
193 
tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)194 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
195 			      const struct tls_connection_params *params)
196 {
197 #ifdef CONFIG_TLS_INTERNAL_CLIENT
198 	struct tlsv1_credentials *cred;
199 
200 	if (conn->client == NULL)
201 		return -1;
202 
203 	if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
204 		wpa_printf(MSG_INFO,
205 			   "TLS: tls_ext_cert_check=1 not supported");
206 		return -1;
207 	}
208 
209 	cred = tlsv1_cred_alloc();
210 	if (cred == NULL)
211 		return -1;
212 
213 	if (params->subject_match) {
214 		wpa_printf(MSG_INFO, "TLS: subject_match not supported");
215 		tlsv1_cred_free(cred);
216 		return -1;
217 	}
218 
219 	if (params->altsubject_match) {
220 		wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
221 		tlsv1_cred_free(cred);
222 		return -1;
223 	}
224 
225 	if (params->suffix_match) {
226 		wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
227 		tlsv1_cred_free(cred);
228 		return -1;
229 	}
230 
231 	if (params->domain_match) {
232 		wpa_printf(MSG_INFO, "TLS: domain_match not supported");
233 		tlsv1_cred_free(cred);
234 		return -1;
235 	}
236 
237 	if (params->openssl_ciphers) {
238 		wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
239 		tlsv1_cred_free(cred);
240 		return -1;
241 	}
242 
243 	if (tlsv1_set_ca_cert(cred, params->ca_cert,
244 			      params->ca_cert_blob, params->ca_cert_blob_len,
245 			      params->ca_path)) {
246 		wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
247 			   "certificates");
248 		tlsv1_cred_free(cred);
249 		return -1;
250 	}
251 
252 	if (tlsv1_set_cert(cred, params->client_cert,
253 			   params->client_cert_blob,
254 			   params->client_cert_blob_len)) {
255 		wpa_printf(MSG_INFO, "TLS: Failed to configure client "
256 			   "certificate");
257 		tlsv1_cred_free(cred);
258 		return -1;
259 	}
260 
261 	if (tlsv1_set_private_key(cred, params->private_key,
262 				  params->private_key_passwd,
263 				  params->private_key_blob,
264 				  params->private_key_blob_len)) {
265 		wpa_printf(MSG_INFO, "TLS: Failed to load private key");
266 		tlsv1_cred_free(cred);
267 		return -1;
268 	}
269 
270 	if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
271 			       params->dh_blob_len)) {
272 		wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
273 		tlsv1_cred_free(cred);
274 		return -1;
275 	}
276 
277 	if (tlsv1_client_set_cred(conn->client, cred) < 0) {
278 		tlsv1_cred_free(cred);
279 		return -1;
280 	}
281 
282 	tlsv1_client_set_flags(conn->client, params->flags);
283 
284 	return 0;
285 #else /* CONFIG_TLS_INTERNAL_CLIENT */
286 	return -1;
287 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
288 }
289 
290 
tls_global_set_params(void * tls_ctx,const struct tls_connection_params * params)291 int tls_global_set_params(void *tls_ctx,
292 			  const struct tls_connection_params *params)
293 {
294 #ifdef CONFIG_TLS_INTERNAL_SERVER
295 	struct tls_global *global = tls_ctx;
296 	struct tlsv1_credentials *cred;
297 
298 	/* Currently, global parameters are only set when running in server
299 	 * mode. */
300 	global->server = 1;
301 	tlsv1_cred_free(global->server_cred);
302 	global->server_cred = cred = tlsv1_cred_alloc();
303 	if (cred == NULL)
304 		return -1;
305 
306 	if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
307 			      params->ca_cert_blob_len, params->ca_path)) {
308 		wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
309 			   "certificates");
310 		return -1;
311 	}
312 
313 	if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
314 			   params->client_cert_blob_len)) {
315 		wpa_printf(MSG_INFO, "TLS: Failed to configure server "
316 			   "certificate");
317 		return -1;
318 	}
319 
320 	if (tlsv1_set_private_key(cred, params->private_key,
321 				  params->private_key_passwd,
322 				  params->private_key_blob,
323 				  params->private_key_blob_len)) {
324 		wpa_printf(MSG_INFO, "TLS: Failed to load private key");
325 		return -1;
326 	}
327 
328 	if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
329 			       params->dh_blob_len)) {
330 		wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
331 		return -1;
332 	}
333 
334 	if (params->ocsp_stapling_response)
335 		cred->ocsp_stapling_response =
336 			os_strdup(params->ocsp_stapling_response);
337 	if (params->ocsp_stapling_response_multi)
338 		cred->ocsp_stapling_response_multi =
339 			os_strdup(params->ocsp_stapling_response_multi);
340 
341 	return 0;
342 #else /* CONFIG_TLS_INTERNAL_SERVER */
343 	return -1;
344 #endif /* CONFIG_TLS_INTERNAL_SERVER */
345 }
346 
347 
tls_global_set_verify(void * tls_ctx,int check_crl)348 int tls_global_set_verify(void *tls_ctx, int check_crl)
349 {
350 	struct tls_global *global = tls_ctx;
351 	global->check_crl = check_crl;
352 	return 0;
353 }
354 
355 
tls_connection_set_verify(void * tls_ctx,struct tls_connection * conn,int verify_peer,unsigned int flags,const u8 * session_ctx,size_t session_ctx_len)356 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
357 			      int verify_peer, unsigned int flags,
358 			      const u8 *session_ctx, size_t session_ctx_len)
359 {
360 #ifdef CONFIG_TLS_INTERNAL_SERVER
361 	if (conn->server)
362 		return tlsv1_server_set_verify(conn->server, verify_peer);
363 #endif /* CONFIG_TLS_INTERNAL_SERVER */
364 	return -1;
365 }
366 
367 
tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)368 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
369 			      struct tls_random *data)
370 {
371 #ifdef CONFIG_TLS_INTERNAL_CLIENT
372 	if (conn->client)
373 		return tlsv1_client_get_random(conn->client, data);
374 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
375 #ifdef CONFIG_TLS_INTERNAL_SERVER
376 	if (conn->server)
377 		return tlsv1_server_get_random(conn->server, data);
378 #endif /* CONFIG_TLS_INTERNAL_SERVER */
379 	return -1;
380 }
381 
382 
tls_get_keyblock_size(struct tls_connection * conn)383 static int tls_get_keyblock_size(struct tls_connection *conn)
384 {
385 #ifdef CONFIG_TLS_INTERNAL_CLIENT
386 	if (conn->client)
387 		return tlsv1_client_get_keyblock_size(conn->client);
388 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
389 #ifdef CONFIG_TLS_INTERNAL_SERVER
390 	if (conn->server)
391 		return tlsv1_server_get_keyblock_size(conn->server);
392 #endif /* CONFIG_TLS_INTERNAL_SERVER */
393 	return -1;
394 }
395 
396 
tls_connection_prf(void * tls_ctx,struct tls_connection * conn,const char * label,int server_random_first,int skip_keyblock,u8 * out,size_t out_len)397 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
398 		       const char *label, int server_random_first,
399 		       int skip_keyblock, u8 *out, size_t out_len)
400 {
401 	int ret = -1, skip = 0;
402 	u8 *tmp_out = NULL;
403 	u8 *_out = out;
404 
405 	if (skip_keyblock) {
406 		skip = tls_get_keyblock_size(conn);
407 		if (skip < 0)
408 			return -1;
409 		tmp_out = os_malloc(skip + out_len);
410 		if (!tmp_out)
411 			return -1;
412 		_out = tmp_out;
413 	}
414 
415 #ifdef CONFIG_TLS_INTERNAL_CLIENT
416 	if (conn->client) {
417 		ret = tlsv1_client_prf(conn->client, label,
418 				       server_random_first,
419 				       _out, skip + out_len);
420 	}
421 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
422 #ifdef CONFIG_TLS_INTERNAL_SERVER
423 	if (conn->server) {
424 		ret = tlsv1_server_prf(conn->server, label,
425 				       server_random_first,
426 				       _out, skip + out_len);
427 	}
428 #endif /* CONFIG_TLS_INTERNAL_SERVER */
429 	if (ret == 0 && skip_keyblock)
430 		os_memcpy(out, _out + skip, out_len);
431 	bin_clear_free(tmp_out, skip);
432 
433 	return ret;
434 }
435 
436 
tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)437 struct wpabuf * tls_connection_handshake(void *tls_ctx,
438 					 struct tls_connection *conn,
439 					 const struct wpabuf *in_data,
440 					 struct wpabuf **appl_data)
441 {
442 	return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
443 					 NULL);
444 }
445 
446 
tls_connection_handshake2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data,int * need_more_data)447 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
448 					  struct tls_connection *conn,
449 					  const struct wpabuf *in_data,
450 					  struct wpabuf **appl_data,
451 					  int *need_more_data)
452 {
453 #ifdef CONFIG_TLS_INTERNAL_CLIENT
454 	u8 *res, *ad;
455 	size_t res_len, ad_len;
456 	struct wpabuf *out;
457 
458 	if (conn->client == NULL)
459 		return NULL;
460 
461 	ad = NULL;
462 	res = tlsv1_client_handshake(conn->client,
463 				     in_data ? wpabuf_head(in_data) : NULL,
464 				     in_data ? wpabuf_len(in_data) : 0,
465 				     &res_len, &ad, &ad_len, need_more_data);
466 	if (res == NULL)
467 		return NULL;
468 	out = wpabuf_alloc_ext_data(res, res_len);
469 	if (out == NULL) {
470 		os_free(res);
471 		os_free(ad);
472 		return NULL;
473 	}
474 	if (appl_data) {
475 		if (ad) {
476 			*appl_data = wpabuf_alloc_ext_data(ad, ad_len);
477 			if (*appl_data == NULL)
478 				os_free(ad);
479 		} else
480 			*appl_data = NULL;
481 	} else
482 		os_free(ad);
483 
484 	return out;
485 #else /* CONFIG_TLS_INTERNAL_CLIENT */
486 	return NULL;
487 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
488 }
489 
490 
tls_connection_server_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)491 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
492 						struct tls_connection *conn,
493 						const struct wpabuf *in_data,
494 						struct wpabuf **appl_data)
495 {
496 #ifdef CONFIG_TLS_INTERNAL_SERVER
497 	u8 *res;
498 	size_t res_len;
499 	struct wpabuf *out;
500 
501 	if (conn->server == NULL)
502 		return NULL;
503 
504 	if (appl_data)
505 		*appl_data = NULL;
506 
507 	res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
508 				     wpabuf_len(in_data), &res_len);
509 	if (res == NULL && tlsv1_server_established(conn->server))
510 		return wpabuf_alloc(0);
511 	if (res == NULL)
512 		return NULL;
513 	out = wpabuf_alloc_ext_data(res, res_len);
514 	if (out == NULL) {
515 		os_free(res);
516 		return NULL;
517 	}
518 
519 	return out;
520 #else /* CONFIG_TLS_INTERNAL_SERVER */
521 	return NULL;
522 #endif /* CONFIG_TLS_INTERNAL_SERVER */
523 }
524 
525 
tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)526 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
527 				       struct tls_connection *conn,
528 				       const struct wpabuf *in_data)
529 {
530 #ifdef CONFIG_TLS_INTERNAL_CLIENT
531 	if (conn->client) {
532 		struct wpabuf *buf;
533 		int res;
534 		buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
535 		if (buf == NULL)
536 			return NULL;
537 		res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
538 					   wpabuf_len(in_data),
539 					   wpabuf_mhead(buf),
540 					   wpabuf_size(buf));
541 		if (res < 0) {
542 			wpabuf_free(buf);
543 			return NULL;
544 		}
545 		wpabuf_put(buf, res);
546 		return buf;
547 	}
548 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
549 #ifdef CONFIG_TLS_INTERNAL_SERVER
550 	if (conn->server) {
551 		struct wpabuf *buf;
552 		int res;
553 		buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
554 		if (buf == NULL)
555 			return NULL;
556 		res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
557 					   wpabuf_len(in_data),
558 					   wpabuf_mhead(buf),
559 					   wpabuf_size(buf));
560 		if (res < 0) {
561 			wpabuf_free(buf);
562 			return NULL;
563 		}
564 		wpabuf_put(buf, res);
565 		return buf;
566 	}
567 #endif /* CONFIG_TLS_INTERNAL_SERVER */
568 	return NULL;
569 }
570 
571 
tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)572 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
573 				       struct tls_connection *conn,
574 				       const struct wpabuf *in_data)
575 {
576 	return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
577 }
578 
579 
tls_connection_decrypt2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,int * need_more_data)580 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
581 					struct tls_connection *conn,
582 					const struct wpabuf *in_data,
583 					int *need_more_data)
584 {
585 	if (need_more_data)
586 		*need_more_data = 0;
587 
588 #ifdef CONFIG_TLS_INTERNAL_CLIENT
589 	if (conn->client) {
590 		return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
591 					    wpabuf_len(in_data),
592 					    need_more_data);
593 	}
594 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
595 #ifdef CONFIG_TLS_INTERNAL_SERVER
596 	if (conn->server) {
597 		struct wpabuf *buf;
598 		int res;
599 		buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
600 		if (buf == NULL)
601 			return NULL;
602 		res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
603 					   wpabuf_len(in_data),
604 					   wpabuf_mhead(buf),
605 					   wpabuf_size(buf));
606 		if (res < 0) {
607 			wpabuf_free(buf);
608 			return NULL;
609 		}
610 		wpabuf_put(buf, res);
611 		return buf;
612 	}
613 #endif /* CONFIG_TLS_INTERNAL_SERVER */
614 	return NULL;
615 }
616 
617 
tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)618 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
619 {
620 #ifdef CONFIG_TLS_INTERNAL_CLIENT
621 	if (conn->client)
622 		return tlsv1_client_resumed(conn->client);
623 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
624 #ifdef CONFIG_TLS_INTERNAL_SERVER
625 	if (conn->server)
626 		return tlsv1_server_resumed(conn->server);
627 #endif /* CONFIG_TLS_INTERNAL_SERVER */
628 	return -1;
629 }
630 
631 
tls_connection_set_cipher_list(void * tls_ctx,struct tls_connection * conn,u8 * ciphers)632 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
633 				   u8 *ciphers)
634 {
635 #ifdef CONFIG_TLS_INTERNAL_CLIENT
636 	if (conn->client)
637 		return tlsv1_client_set_cipher_list(conn->client, ciphers);
638 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
639 #ifdef CONFIG_TLS_INTERNAL_SERVER
640 	if (conn->server)
641 		return tlsv1_server_set_cipher_list(conn->server, ciphers);
642 #endif /* CONFIG_TLS_INTERNAL_SERVER */
643 	return -1;
644 }
645 
646 
tls_get_version(void * ssl_ctx,struct tls_connection * conn,char * buf,size_t buflen)647 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
648 		    char *buf, size_t buflen)
649 {
650 	if (conn == NULL)
651 		return -1;
652 #ifdef CONFIG_TLS_INTERNAL_CLIENT
653 	if (conn->client)
654 		return tlsv1_client_get_version(conn->client, buf, buflen);
655 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
656 	return -1;
657 }
658 
659 
tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)660 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
661 		   char *buf, size_t buflen)
662 {
663 	if (conn == NULL)
664 		return -1;
665 #ifdef CONFIG_TLS_INTERNAL_CLIENT
666 	if (conn->client)
667 		return tlsv1_client_get_cipher(conn->client, buf, buflen);
668 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
669 #ifdef CONFIG_TLS_INTERNAL_SERVER
670 	if (conn->server)
671 		return tlsv1_server_get_cipher(conn->server, buf, buflen);
672 #endif /* CONFIG_TLS_INTERNAL_SERVER */
673 	return -1;
674 }
675 
676 
tls_connection_enable_workaround(void * tls_ctx,struct tls_connection * conn)677 int tls_connection_enable_workaround(void *tls_ctx,
678 				     struct tls_connection *conn)
679 {
680 	return -1;
681 }
682 
683 
tls_connection_client_hello_ext(void * tls_ctx,struct tls_connection * conn,int ext_type,const u8 * data,size_t data_len)684 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
685 				    int ext_type, const u8 *data,
686 				    size_t data_len)
687 {
688 #ifdef CONFIG_TLS_INTERNAL_CLIENT
689 	if (conn->client) {
690 		return tlsv1_client_hello_ext(conn->client, ext_type,
691 					      data, data_len);
692 	}
693 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
694 	return -1;
695 }
696 
697 
tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)698 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
699 {
700 	return 0;
701 }
702 
703 
tls_connection_get_read_alerts(void * tls_ctx,struct tls_connection * conn)704 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
705 {
706 	return 0;
707 }
708 
709 
tls_connection_get_write_alerts(void * tls_ctx,struct tls_connection * conn)710 int tls_connection_get_write_alerts(void *tls_ctx,
711 				    struct tls_connection *conn)
712 {
713 	return 0;
714 }
715 
716 
tls_connection_set_session_ticket_cb(void * tls_ctx,struct tls_connection * conn,tls_session_ticket_cb cb,void * ctx)717 int tls_connection_set_session_ticket_cb(void *tls_ctx,
718 					 struct tls_connection *conn,
719 					 tls_session_ticket_cb cb,
720 					 void *ctx)
721 {
722 #ifdef CONFIG_TLS_INTERNAL_CLIENT
723 	if (conn->client) {
724 		tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
725 		return 0;
726 	}
727 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
728 #ifdef CONFIG_TLS_INTERNAL_SERVER
729 	if (conn->server) {
730 		tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
731 		return 0;
732 	}
733 #endif /* CONFIG_TLS_INTERNAL_SERVER */
734 	return -1;
735 }
736 
737 
tls_get_library_version(char * buf,size_t buf_len)738 int tls_get_library_version(char *buf, size_t buf_len)
739 {
740 	return os_snprintf(buf, buf_len, "internal");
741 }
742 
743 
tls_connection_set_success_data(struct tls_connection * conn,struct wpabuf * data)744 void tls_connection_set_success_data(struct tls_connection *conn,
745 				     struct wpabuf *data)
746 {
747 }
748 
749 
tls_connection_set_success_data_resumed(struct tls_connection * conn)750 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
751 {
752 }
753 
754 
755 const struct wpabuf *
tls_connection_get_success_data(struct tls_connection * conn)756 tls_connection_get_success_data(struct tls_connection *conn)
757 {
758 	return NULL;
759 }
760 
761 
tls_connection_remove_session(struct tls_connection * conn)762 void tls_connection_remove_session(struct tls_connection *conn)
763 {
764 }
765