1 /*
2 * TLS interface functions and an internal TLS implementation
3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file interface functions for hostapd/wpa_supplicant to use the
9 * integrated TLSv1 implementation.
10 */
11
12 #include "includes.h"
13
14 #include "common.h"
15 #include "tls.h"
16 #include "tls/tlsv1_client.h"
17 #include "tls/tlsv1_server.h"
18
19
20 static int tls_ref_count = 0;
21
22 struct tls_global {
23 int server;
24 struct tlsv1_credentials *server_cred;
25 int check_crl;
26
27 void (*event_cb)(void *ctx, enum tls_event ev,
28 union tls_event_data *data);
29 void *cb_ctx;
30 int cert_in_cb;
31 };
32
33 struct tls_connection {
34 struct tlsv1_client *client;
35 struct tlsv1_server *server;
36 struct tls_global *global;
37 };
38
39
tls_init(const struct tls_config * conf)40 void * tls_init(const struct tls_config *conf)
41 {
42 struct tls_global *global;
43
44 if (tls_ref_count == 0) {
45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
46 if (tlsv1_client_global_init())
47 return NULL;
48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
49 #ifdef CONFIG_TLS_INTERNAL_SERVER
50 if (tlsv1_server_global_init())
51 return NULL;
52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
53 }
54 tls_ref_count++;
55
56 global = os_zalloc(sizeof(*global));
57 if (global == NULL)
58 return NULL;
59 if (conf) {
60 global->event_cb = conf->event_cb;
61 global->cb_ctx = conf->cb_ctx;
62 global->cert_in_cb = conf->cert_in_cb;
63 }
64
65 return global;
66 }
67
tls_deinit(void * ssl_ctx)68 void tls_deinit(void *ssl_ctx)
69 {
70 struct tls_global *global = ssl_ctx;
71 tls_ref_count--;
72 if (tls_ref_count == 0) {
73 #ifdef CONFIG_TLS_INTERNAL_CLIENT
74 tlsv1_client_global_deinit();
75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
76 #ifdef CONFIG_TLS_INTERNAL_SERVER
77 tlsv1_server_global_deinit();
78 #endif /* CONFIG_TLS_INTERNAL_SERVER */
79 }
80 #ifdef CONFIG_TLS_INTERNAL_SERVER
81 tlsv1_cred_free(global->server_cred);
82 #endif /* CONFIG_TLS_INTERNAL_SERVER */
83 os_free(global);
84 }
85
86
tls_get_errors(void * tls_ctx)87 int tls_get_errors(void *tls_ctx)
88 {
89 return 0;
90 }
91
92
tls_connection_init(void * tls_ctx)93 struct tls_connection * tls_connection_init(void *tls_ctx)
94 {
95 struct tls_connection *conn;
96 struct tls_global *global = tls_ctx;
97
98 conn = os_zalloc(sizeof(*conn));
99 if (conn == NULL)
100 return NULL;
101 conn->global = global;
102
103 #ifdef CONFIG_TLS_INTERNAL_CLIENT
104 if (!global->server) {
105 conn->client = tlsv1_client_init();
106 if (conn->client == NULL) {
107 os_free(conn);
108 return NULL;
109 }
110 tlsv1_client_set_cb(conn->client, global->event_cb,
111 global->cb_ctx, global->cert_in_cb);
112 }
113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
114 #ifdef CONFIG_TLS_INTERNAL_SERVER
115 if (global->server) {
116 conn->server = tlsv1_server_init(global->server_cred);
117 if (conn->server == NULL) {
118 os_free(conn);
119 return NULL;
120 }
121 }
122 #endif /* CONFIG_TLS_INTERNAL_SERVER */
123
124 return conn;
125 }
126
127
128 #ifdef CONFIG_TESTING_OPTIONS
129 #ifdef CONFIG_TLS_INTERNAL_SERVER
tls_connection_set_test_flags(struct tls_connection * conn,u32 flags)130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
131 {
132 if (conn->server)
133 tlsv1_server_set_test_flags(conn->server, flags);
134 }
135 #endif /* CONFIG_TLS_INTERNAL_SERVER */
136 #endif /* CONFIG_TESTING_OPTIONS */
137
138
tls_connection_set_log_cb(struct tls_connection * conn,void (* log_cb)(void * ctx,const char * msg),void * ctx)139 void tls_connection_set_log_cb(struct tls_connection *conn,
140 void (*log_cb)(void *ctx, const char *msg),
141 void *ctx)
142 {
143 #ifdef CONFIG_TLS_INTERNAL_SERVER
144 if (conn->server)
145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
146 #endif /* CONFIG_TLS_INTERNAL_SERVER */
147 }
148
149
tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
151 {
152 if (conn == NULL)
153 return;
154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
155 if (conn->client)
156 tlsv1_client_deinit(conn->client);
157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
158 #ifdef CONFIG_TLS_INTERNAL_SERVER
159 if (conn->server)
160 tlsv1_server_deinit(conn->server);
161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
162 os_free(conn);
163 }
164
165
tls_connection_established(void * tls_ctx,struct tls_connection * conn)166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
167 {
168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
169 if (conn->client)
170 return tlsv1_client_established(conn->client);
171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
172 #ifdef CONFIG_TLS_INTERNAL_SERVER
173 if (conn->server)
174 return tlsv1_server_established(conn->server);
175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
176 return 0;
177 }
178
179
tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)180 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
181 {
182 #ifdef CONFIG_TLS_INTERNAL_CLIENT
183 if (conn->client)
184 return tlsv1_client_shutdown(conn->client);
185 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
186 #ifdef CONFIG_TLS_INTERNAL_SERVER
187 if (conn->server)
188 return tlsv1_server_shutdown(conn->server);
189 #endif /* CONFIG_TLS_INTERNAL_SERVER */
190 return -1;
191 }
192
193
tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)194 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
195 const struct tls_connection_params *params)
196 {
197 #ifdef CONFIG_TLS_INTERNAL_CLIENT
198 struct tlsv1_credentials *cred;
199
200 if (conn->client == NULL)
201 return -1;
202
203 if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
204 wpa_printf(MSG_INFO,
205 "TLS: tls_ext_cert_check=1 not supported");
206 return -1;
207 }
208
209 cred = tlsv1_cred_alloc();
210 if (cred == NULL)
211 return -1;
212
213 if (params->subject_match) {
214 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
215 tlsv1_cred_free(cred);
216 return -1;
217 }
218
219 if (params->altsubject_match) {
220 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
221 tlsv1_cred_free(cred);
222 return -1;
223 }
224
225 if (params->suffix_match) {
226 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
227 tlsv1_cred_free(cred);
228 return -1;
229 }
230
231 if (params->domain_match) {
232 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
233 tlsv1_cred_free(cred);
234 return -1;
235 }
236
237 if (params->openssl_ciphers) {
238 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
239 tlsv1_cred_free(cred);
240 return -1;
241 }
242
243 if (tlsv1_set_ca_cert(cred, params->ca_cert,
244 params->ca_cert_blob, params->ca_cert_blob_len,
245 params->ca_path)) {
246 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
247 "certificates");
248 tlsv1_cred_free(cred);
249 return -1;
250 }
251
252 if (tlsv1_set_cert(cred, params->client_cert,
253 params->client_cert_blob,
254 params->client_cert_blob_len)) {
255 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
256 "certificate");
257 tlsv1_cred_free(cred);
258 return -1;
259 }
260
261 if (tlsv1_set_private_key(cred, params->private_key,
262 params->private_key_passwd,
263 params->private_key_blob,
264 params->private_key_blob_len)) {
265 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
266 tlsv1_cred_free(cred);
267 return -1;
268 }
269
270 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
271 params->dh_blob_len)) {
272 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
273 tlsv1_cred_free(cred);
274 return -1;
275 }
276
277 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
278 tlsv1_cred_free(cred);
279 return -1;
280 }
281
282 tlsv1_client_set_flags(conn->client, params->flags);
283
284 return 0;
285 #else /* CONFIG_TLS_INTERNAL_CLIENT */
286 return -1;
287 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
288 }
289
290
tls_global_set_params(void * tls_ctx,const struct tls_connection_params * params)291 int tls_global_set_params(void *tls_ctx,
292 const struct tls_connection_params *params)
293 {
294 #ifdef CONFIG_TLS_INTERNAL_SERVER
295 struct tls_global *global = tls_ctx;
296 struct tlsv1_credentials *cred;
297
298 /* Currently, global parameters are only set when running in server
299 * mode. */
300 global->server = 1;
301 tlsv1_cred_free(global->server_cred);
302 global->server_cred = cred = tlsv1_cred_alloc();
303 if (cred == NULL)
304 return -1;
305
306 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
307 params->ca_cert_blob_len, params->ca_path)) {
308 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
309 "certificates");
310 return -1;
311 }
312
313 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
314 params->client_cert_blob_len)) {
315 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
316 "certificate");
317 return -1;
318 }
319
320 if (tlsv1_set_private_key(cred, params->private_key,
321 params->private_key_passwd,
322 params->private_key_blob,
323 params->private_key_blob_len)) {
324 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
325 return -1;
326 }
327
328 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
329 params->dh_blob_len)) {
330 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
331 return -1;
332 }
333
334 if (params->ocsp_stapling_response)
335 cred->ocsp_stapling_response =
336 os_strdup(params->ocsp_stapling_response);
337 if (params->ocsp_stapling_response_multi)
338 cred->ocsp_stapling_response_multi =
339 os_strdup(params->ocsp_stapling_response_multi);
340
341 return 0;
342 #else /* CONFIG_TLS_INTERNAL_SERVER */
343 return -1;
344 #endif /* CONFIG_TLS_INTERNAL_SERVER */
345 }
346
347
tls_global_set_verify(void * tls_ctx,int check_crl)348 int tls_global_set_verify(void *tls_ctx, int check_crl)
349 {
350 struct tls_global *global = tls_ctx;
351 global->check_crl = check_crl;
352 return 0;
353 }
354
355
tls_connection_set_verify(void * tls_ctx,struct tls_connection * conn,int verify_peer,unsigned int flags,const u8 * session_ctx,size_t session_ctx_len)356 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
357 int verify_peer, unsigned int flags,
358 const u8 *session_ctx, size_t session_ctx_len)
359 {
360 #ifdef CONFIG_TLS_INTERNAL_SERVER
361 if (conn->server)
362 return tlsv1_server_set_verify(conn->server, verify_peer);
363 #endif /* CONFIG_TLS_INTERNAL_SERVER */
364 return -1;
365 }
366
367
tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)368 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
369 struct tls_random *data)
370 {
371 #ifdef CONFIG_TLS_INTERNAL_CLIENT
372 if (conn->client)
373 return tlsv1_client_get_random(conn->client, data);
374 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
375 #ifdef CONFIG_TLS_INTERNAL_SERVER
376 if (conn->server)
377 return tlsv1_server_get_random(conn->server, data);
378 #endif /* CONFIG_TLS_INTERNAL_SERVER */
379 return -1;
380 }
381
382
tls_get_keyblock_size(struct tls_connection * conn)383 static int tls_get_keyblock_size(struct tls_connection *conn)
384 {
385 #ifdef CONFIG_TLS_INTERNAL_CLIENT
386 if (conn->client)
387 return tlsv1_client_get_keyblock_size(conn->client);
388 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
389 #ifdef CONFIG_TLS_INTERNAL_SERVER
390 if (conn->server)
391 return tlsv1_server_get_keyblock_size(conn->server);
392 #endif /* CONFIG_TLS_INTERNAL_SERVER */
393 return -1;
394 }
395
396
tls_connection_prf(void * tls_ctx,struct tls_connection * conn,const char * label,int server_random_first,int skip_keyblock,u8 * out,size_t out_len)397 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
398 const char *label, int server_random_first,
399 int skip_keyblock, u8 *out, size_t out_len)
400 {
401 int ret = -1, skip = 0;
402 u8 *tmp_out = NULL;
403 u8 *_out = out;
404
405 if (skip_keyblock) {
406 skip = tls_get_keyblock_size(conn);
407 if (skip < 0)
408 return -1;
409 tmp_out = os_malloc(skip + out_len);
410 if (!tmp_out)
411 return -1;
412 _out = tmp_out;
413 }
414
415 #ifdef CONFIG_TLS_INTERNAL_CLIENT
416 if (conn->client) {
417 ret = tlsv1_client_prf(conn->client, label,
418 server_random_first,
419 _out, skip + out_len);
420 }
421 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
422 #ifdef CONFIG_TLS_INTERNAL_SERVER
423 if (conn->server) {
424 ret = tlsv1_server_prf(conn->server, label,
425 server_random_first,
426 _out, skip + out_len);
427 }
428 #endif /* CONFIG_TLS_INTERNAL_SERVER */
429 if (ret == 0 && skip_keyblock)
430 os_memcpy(out, _out + skip, out_len);
431 bin_clear_free(tmp_out, skip);
432
433 return ret;
434 }
435
436
tls_connection_export_key(void * tls_ctx,struct tls_connection * conn,const char * label,u8 * out,size_t out_len)437 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
438 const char *label, u8 *out, size_t out_len)
439 {
440 return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len);
441 }
442
443
tls_connection_get_eap_fast_key(void * tls_ctx,struct tls_connection * conn,u8 * out,size_t out_len)444 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
445 u8 *out, size_t out_len)
446 {
447 return tls_connection_prf(tls_ctx, conn, "key expansion", 1, 1, out,
448 out_len);
449 }
450
451
tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)452 struct wpabuf * tls_connection_handshake(void *tls_ctx,
453 struct tls_connection *conn,
454 const struct wpabuf *in_data,
455 struct wpabuf **appl_data)
456 {
457 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
458 NULL);
459 }
460
461
tls_connection_handshake2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data,int * need_more_data)462 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
463 struct tls_connection *conn,
464 const struct wpabuf *in_data,
465 struct wpabuf **appl_data,
466 int *need_more_data)
467 {
468 #ifdef CONFIG_TLS_INTERNAL_CLIENT
469 u8 *res, *ad;
470 size_t res_len, ad_len;
471 struct wpabuf *out;
472
473 if (conn->client == NULL)
474 return NULL;
475
476 ad = NULL;
477 res = tlsv1_client_handshake(conn->client,
478 in_data ? wpabuf_head(in_data) : NULL,
479 in_data ? wpabuf_len(in_data) : 0,
480 &res_len, &ad, &ad_len, need_more_data);
481 if (res == NULL)
482 return NULL;
483 out = wpabuf_alloc_ext_data(res, res_len);
484 if (out == NULL) {
485 os_free(res);
486 os_free(ad);
487 return NULL;
488 }
489 if (appl_data) {
490 if (ad) {
491 *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
492 if (*appl_data == NULL)
493 os_free(ad);
494 } else
495 *appl_data = NULL;
496 } else
497 os_free(ad);
498
499 return out;
500 #else /* CONFIG_TLS_INTERNAL_CLIENT */
501 return NULL;
502 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
503 }
504
505
tls_connection_server_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)506 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
507 struct tls_connection *conn,
508 const struct wpabuf *in_data,
509 struct wpabuf **appl_data)
510 {
511 #ifdef CONFIG_TLS_INTERNAL_SERVER
512 u8 *res;
513 size_t res_len;
514 struct wpabuf *out;
515
516 if (conn->server == NULL)
517 return NULL;
518
519 if (appl_data)
520 *appl_data = NULL;
521
522 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
523 wpabuf_len(in_data), &res_len);
524 if (res == NULL && tlsv1_server_established(conn->server))
525 return wpabuf_alloc(0);
526 if (res == NULL)
527 return NULL;
528 out = wpabuf_alloc_ext_data(res, res_len);
529 if (out == NULL) {
530 os_free(res);
531 return NULL;
532 }
533
534 return out;
535 #else /* CONFIG_TLS_INTERNAL_SERVER */
536 return NULL;
537 #endif /* CONFIG_TLS_INTERNAL_SERVER */
538 }
539
540
tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)541 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
542 struct tls_connection *conn,
543 const struct wpabuf *in_data)
544 {
545 #ifdef CONFIG_TLS_INTERNAL_CLIENT
546 if (conn->client) {
547 struct wpabuf *buf;
548 int res;
549 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
550 if (buf == NULL)
551 return NULL;
552 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
553 wpabuf_len(in_data),
554 wpabuf_mhead(buf),
555 wpabuf_size(buf));
556 if (res < 0) {
557 wpabuf_free(buf);
558 return NULL;
559 }
560 wpabuf_put(buf, res);
561 return buf;
562 }
563 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
564 #ifdef CONFIG_TLS_INTERNAL_SERVER
565 if (conn->server) {
566 struct wpabuf *buf;
567 int res;
568 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
569 if (buf == NULL)
570 return NULL;
571 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
572 wpabuf_len(in_data),
573 wpabuf_mhead(buf),
574 wpabuf_size(buf));
575 if (res < 0) {
576 wpabuf_free(buf);
577 return NULL;
578 }
579 wpabuf_put(buf, res);
580 return buf;
581 }
582 #endif /* CONFIG_TLS_INTERNAL_SERVER */
583 return NULL;
584 }
585
586
tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)587 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
588 struct tls_connection *conn,
589 const struct wpabuf *in_data)
590 {
591 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
592 }
593
594
tls_connection_decrypt2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,int * need_more_data)595 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
596 struct tls_connection *conn,
597 const struct wpabuf *in_data,
598 int *need_more_data)
599 {
600 if (need_more_data)
601 *need_more_data = 0;
602
603 #ifdef CONFIG_TLS_INTERNAL_CLIENT
604 if (conn->client) {
605 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
606 wpabuf_len(in_data),
607 need_more_data);
608 }
609 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
610 #ifdef CONFIG_TLS_INTERNAL_SERVER
611 if (conn->server) {
612 struct wpabuf *buf;
613 int res;
614 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
615 if (buf == NULL)
616 return NULL;
617 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
618 wpabuf_len(in_data),
619 wpabuf_mhead(buf),
620 wpabuf_size(buf));
621 if (res < 0) {
622 wpabuf_free(buf);
623 return NULL;
624 }
625 wpabuf_put(buf, res);
626 return buf;
627 }
628 #endif /* CONFIG_TLS_INTERNAL_SERVER */
629 return NULL;
630 }
631
632
tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)633 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
634 {
635 #ifdef CONFIG_TLS_INTERNAL_CLIENT
636 if (conn->client)
637 return tlsv1_client_resumed(conn->client);
638 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
639 #ifdef CONFIG_TLS_INTERNAL_SERVER
640 if (conn->server)
641 return tlsv1_server_resumed(conn->server);
642 #endif /* CONFIG_TLS_INTERNAL_SERVER */
643 return -1;
644 }
645
646
tls_connection_set_cipher_list(void * tls_ctx,struct tls_connection * conn,u8 * ciphers)647 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
648 u8 *ciphers)
649 {
650 #ifdef CONFIG_TLS_INTERNAL_CLIENT
651 if (conn->client)
652 return tlsv1_client_set_cipher_list(conn->client, ciphers);
653 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
654 #ifdef CONFIG_TLS_INTERNAL_SERVER
655 if (conn->server)
656 return tlsv1_server_set_cipher_list(conn->server, ciphers);
657 #endif /* CONFIG_TLS_INTERNAL_SERVER */
658 return -1;
659 }
660
661
tls_get_version(void * ssl_ctx,struct tls_connection * conn,char * buf,size_t buflen)662 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
663 char *buf, size_t buflen)
664 {
665 if (conn == NULL)
666 return -1;
667 #ifdef CONFIG_TLS_INTERNAL_CLIENT
668 if (conn->client)
669 return tlsv1_client_get_version(conn->client, buf, buflen);
670 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
671 return -1;
672 }
673
674
tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)675 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
676 char *buf, size_t buflen)
677 {
678 if (conn == NULL)
679 return -1;
680 #ifdef CONFIG_TLS_INTERNAL_CLIENT
681 if (conn->client)
682 return tlsv1_client_get_cipher(conn->client, buf, buflen);
683 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
684 #ifdef CONFIG_TLS_INTERNAL_SERVER
685 if (conn->server)
686 return tlsv1_server_get_cipher(conn->server, buf, buflen);
687 #endif /* CONFIG_TLS_INTERNAL_SERVER */
688 return -1;
689 }
690
691
tls_connection_enable_workaround(void * tls_ctx,struct tls_connection * conn)692 int tls_connection_enable_workaround(void *tls_ctx,
693 struct tls_connection *conn)
694 {
695 return -1;
696 }
697
698
tls_connection_client_hello_ext(void * tls_ctx,struct tls_connection * conn,int ext_type,const u8 * data,size_t data_len)699 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
700 int ext_type, const u8 *data,
701 size_t data_len)
702 {
703 #ifdef CONFIG_TLS_INTERNAL_CLIENT
704 if (conn->client) {
705 return tlsv1_client_hello_ext(conn->client, ext_type,
706 data, data_len);
707 }
708 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
709 return -1;
710 }
711
712
tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)713 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
714 {
715 return 0;
716 }
717
718
tls_connection_get_read_alerts(void * tls_ctx,struct tls_connection * conn)719 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
720 {
721 return 0;
722 }
723
724
tls_connection_get_write_alerts(void * tls_ctx,struct tls_connection * conn)725 int tls_connection_get_write_alerts(void *tls_ctx,
726 struct tls_connection *conn)
727 {
728 return 0;
729 }
730
731
tls_connection_set_session_ticket_cb(void * tls_ctx,struct tls_connection * conn,tls_session_ticket_cb cb,void * ctx)732 int tls_connection_set_session_ticket_cb(void *tls_ctx,
733 struct tls_connection *conn,
734 tls_session_ticket_cb cb,
735 void *ctx)
736 {
737 #ifdef CONFIG_TLS_INTERNAL_CLIENT
738 if (conn->client) {
739 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
740 return 0;
741 }
742 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
743 #ifdef CONFIG_TLS_INTERNAL_SERVER
744 if (conn->server) {
745 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
746 return 0;
747 }
748 #endif /* CONFIG_TLS_INTERNAL_SERVER */
749 return -1;
750 }
751
752
tls_get_library_version(char * buf,size_t buf_len)753 int tls_get_library_version(char *buf, size_t buf_len)
754 {
755 return os_snprintf(buf, buf_len, "internal");
756 }
757
758
tls_connection_set_success_data(struct tls_connection * conn,struct wpabuf * data)759 void tls_connection_set_success_data(struct tls_connection *conn,
760 struct wpabuf *data)
761 {
762 }
763
764
tls_connection_set_success_data_resumed(struct tls_connection * conn)765 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
766 {
767 }
768
769
770 const struct wpabuf *
tls_connection_get_success_data(struct tls_connection * conn)771 tls_connection_get_success_data(struct tls_connection *conn)
772 {
773 return NULL;
774 }
775
776
tls_connection_remove_session(struct tls_connection * conn)777 void tls_connection_remove_session(struct tls_connection *conn)
778 {
779 }
780