1e5b75505Sopenharmony_ci/* 2e5b75505Sopenharmony_ci * TLS interface functions and an internal TLS implementation 3e5b75505Sopenharmony_ci * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> 4e5b75505Sopenharmony_ci * 5e5b75505Sopenharmony_ci * This software may be distributed under the terms of the BSD license. 6e5b75505Sopenharmony_ci * See README for more details. 7e5b75505Sopenharmony_ci * 8e5b75505Sopenharmony_ci * This file interface functions for hostapd/wpa_supplicant to use the 9e5b75505Sopenharmony_ci * integrated TLSv1 implementation. 10e5b75505Sopenharmony_ci */ 11e5b75505Sopenharmony_ci 12e5b75505Sopenharmony_ci#include "includes.h" 13e5b75505Sopenharmony_ci 14e5b75505Sopenharmony_ci#include "common.h" 15e5b75505Sopenharmony_ci#include "tls.h" 16e5b75505Sopenharmony_ci#include "tls/tlsv1_client.h" 17e5b75505Sopenharmony_ci#include "tls/tlsv1_server.h" 18e5b75505Sopenharmony_ci 19e5b75505Sopenharmony_ci 20e5b75505Sopenharmony_cistatic int tls_ref_count = 0; 21e5b75505Sopenharmony_ci 22e5b75505Sopenharmony_cistruct tls_global { 23e5b75505Sopenharmony_ci int server; 24e5b75505Sopenharmony_ci struct tlsv1_credentials *server_cred; 25e5b75505Sopenharmony_ci int check_crl; 26e5b75505Sopenharmony_ci 27e5b75505Sopenharmony_ci void (*event_cb)(void *ctx, enum tls_event ev, 28e5b75505Sopenharmony_ci union tls_event_data *data); 29e5b75505Sopenharmony_ci void *cb_ctx; 30e5b75505Sopenharmony_ci int cert_in_cb; 31e5b75505Sopenharmony_ci}; 32e5b75505Sopenharmony_ci 33e5b75505Sopenharmony_cistruct tls_connection { 34e5b75505Sopenharmony_ci struct tlsv1_client *client; 35e5b75505Sopenharmony_ci struct tlsv1_server *server; 36e5b75505Sopenharmony_ci struct tls_global *global; 37e5b75505Sopenharmony_ci}; 38e5b75505Sopenharmony_ci 39e5b75505Sopenharmony_ci 40e5b75505Sopenharmony_civoid * tls_init(const struct tls_config *conf) 41e5b75505Sopenharmony_ci{ 42e5b75505Sopenharmony_ci struct tls_global *global; 43e5b75505Sopenharmony_ci 44e5b75505Sopenharmony_ci if (tls_ref_count == 0) { 45e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 46e5b75505Sopenharmony_ci if (tlsv1_client_global_init()) 47e5b75505Sopenharmony_ci return NULL; 48e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 49e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 50e5b75505Sopenharmony_ci if (tlsv1_server_global_init()) 51e5b75505Sopenharmony_ci return NULL; 52e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 53e5b75505Sopenharmony_ci } 54e5b75505Sopenharmony_ci tls_ref_count++; 55e5b75505Sopenharmony_ci 56e5b75505Sopenharmony_ci global = os_zalloc(sizeof(*global)); 57e5b75505Sopenharmony_ci if (global == NULL) 58e5b75505Sopenharmony_ci return NULL; 59e5b75505Sopenharmony_ci if (conf) { 60e5b75505Sopenharmony_ci global->event_cb = conf->event_cb; 61e5b75505Sopenharmony_ci global->cb_ctx = conf->cb_ctx; 62e5b75505Sopenharmony_ci global->cert_in_cb = conf->cert_in_cb; 63e5b75505Sopenharmony_ci } 64e5b75505Sopenharmony_ci 65e5b75505Sopenharmony_ci return global; 66e5b75505Sopenharmony_ci} 67e5b75505Sopenharmony_ci 68e5b75505Sopenharmony_civoid tls_deinit(void *ssl_ctx) 69e5b75505Sopenharmony_ci{ 70e5b75505Sopenharmony_ci struct tls_global *global = ssl_ctx; 71e5b75505Sopenharmony_ci tls_ref_count--; 72e5b75505Sopenharmony_ci if (tls_ref_count == 0) { 73e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 74e5b75505Sopenharmony_ci tlsv1_client_global_deinit(); 75e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 77e5b75505Sopenharmony_ci tlsv1_server_global_deinit(); 78e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 79e5b75505Sopenharmony_ci } 80e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 81e5b75505Sopenharmony_ci tlsv1_cred_free(global->server_cred); 82e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 83e5b75505Sopenharmony_ci os_free(global); 84e5b75505Sopenharmony_ci} 85e5b75505Sopenharmony_ci 86e5b75505Sopenharmony_ci 87e5b75505Sopenharmony_ciint tls_get_errors(void *tls_ctx) 88e5b75505Sopenharmony_ci{ 89e5b75505Sopenharmony_ci return 0; 90e5b75505Sopenharmony_ci} 91e5b75505Sopenharmony_ci 92e5b75505Sopenharmony_ci 93e5b75505Sopenharmony_cistruct tls_connection * tls_connection_init(void *tls_ctx) 94e5b75505Sopenharmony_ci{ 95e5b75505Sopenharmony_ci struct tls_connection *conn; 96e5b75505Sopenharmony_ci struct tls_global *global = tls_ctx; 97e5b75505Sopenharmony_ci 98e5b75505Sopenharmony_ci conn = os_zalloc(sizeof(*conn)); 99e5b75505Sopenharmony_ci if (conn == NULL) 100e5b75505Sopenharmony_ci return NULL; 101e5b75505Sopenharmony_ci conn->global = global; 102e5b75505Sopenharmony_ci 103e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 104e5b75505Sopenharmony_ci if (!global->server) { 105e5b75505Sopenharmony_ci conn->client = tlsv1_client_init(); 106e5b75505Sopenharmony_ci if (conn->client == NULL) { 107e5b75505Sopenharmony_ci os_free(conn); 108e5b75505Sopenharmony_ci return NULL; 109e5b75505Sopenharmony_ci } 110e5b75505Sopenharmony_ci tlsv1_client_set_cb(conn->client, global->event_cb, 111e5b75505Sopenharmony_ci global->cb_ctx, global->cert_in_cb); 112e5b75505Sopenharmony_ci } 113e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 114e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 115e5b75505Sopenharmony_ci if (global->server) { 116e5b75505Sopenharmony_ci conn->server = tlsv1_server_init(global->server_cred); 117e5b75505Sopenharmony_ci if (conn->server == NULL) { 118e5b75505Sopenharmony_ci os_free(conn); 119e5b75505Sopenharmony_ci return NULL; 120e5b75505Sopenharmony_ci } 121e5b75505Sopenharmony_ci } 122e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 123e5b75505Sopenharmony_ci 124e5b75505Sopenharmony_ci return conn; 125e5b75505Sopenharmony_ci} 126e5b75505Sopenharmony_ci 127e5b75505Sopenharmony_ci 128e5b75505Sopenharmony_ci#ifdef CONFIG_TESTING_OPTIONS 129e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 130e5b75505Sopenharmony_civoid tls_connection_set_test_flags(struct tls_connection *conn, u32 flags) 131e5b75505Sopenharmony_ci{ 132e5b75505Sopenharmony_ci if (conn->server) 133e5b75505Sopenharmony_ci tlsv1_server_set_test_flags(conn->server, flags); 134e5b75505Sopenharmony_ci} 135e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 136e5b75505Sopenharmony_ci#endif /* CONFIG_TESTING_OPTIONS */ 137e5b75505Sopenharmony_ci 138e5b75505Sopenharmony_ci 139e5b75505Sopenharmony_civoid tls_connection_set_log_cb(struct tls_connection *conn, 140e5b75505Sopenharmony_ci void (*log_cb)(void *ctx, const char *msg), 141e5b75505Sopenharmony_ci void *ctx) 142e5b75505Sopenharmony_ci{ 143e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 144e5b75505Sopenharmony_ci if (conn->server) 145e5b75505Sopenharmony_ci tlsv1_server_set_log_cb(conn->server, log_cb, ctx); 146e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 147e5b75505Sopenharmony_ci} 148e5b75505Sopenharmony_ci 149e5b75505Sopenharmony_ci 150e5b75505Sopenharmony_civoid tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 151e5b75505Sopenharmony_ci{ 152e5b75505Sopenharmony_ci if (conn == NULL) 153e5b75505Sopenharmony_ci return; 154e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 155e5b75505Sopenharmony_ci if (conn->client) 156e5b75505Sopenharmony_ci tlsv1_client_deinit(conn->client); 157e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 158e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 159e5b75505Sopenharmony_ci if (conn->server) 160e5b75505Sopenharmony_ci tlsv1_server_deinit(conn->server); 161e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 162e5b75505Sopenharmony_ci os_free(conn); 163e5b75505Sopenharmony_ci} 164e5b75505Sopenharmony_ci 165e5b75505Sopenharmony_ci 166e5b75505Sopenharmony_ciint tls_connection_established(void *tls_ctx, struct tls_connection *conn) 167e5b75505Sopenharmony_ci{ 168e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 169e5b75505Sopenharmony_ci if (conn->client) 170e5b75505Sopenharmony_ci return tlsv1_client_established(conn->client); 171e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 172e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 173e5b75505Sopenharmony_ci if (conn->server) 174e5b75505Sopenharmony_ci return tlsv1_server_established(conn->server); 175e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 176e5b75505Sopenharmony_ci return 0; 177e5b75505Sopenharmony_ci} 178e5b75505Sopenharmony_ci 179e5b75505Sopenharmony_ci 180e5b75505Sopenharmony_cichar * tls_connection_peer_serial_num(void *tls_ctx, 181e5b75505Sopenharmony_ci struct tls_connection *conn) 182e5b75505Sopenharmony_ci{ 183e5b75505Sopenharmony_ci /* TODO */ 184e5b75505Sopenharmony_ci return NULL; 185e5b75505Sopenharmony_ci} 186e5b75505Sopenharmony_ci 187e5b75505Sopenharmony_ci 188e5b75505Sopenharmony_ciint tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 189e5b75505Sopenharmony_ci{ 190e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 191e5b75505Sopenharmony_ci if (conn->client) 192e5b75505Sopenharmony_ci return tlsv1_client_shutdown(conn->client); 193e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 194e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 195e5b75505Sopenharmony_ci if (conn->server) 196e5b75505Sopenharmony_ci return tlsv1_server_shutdown(conn->server); 197e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 198e5b75505Sopenharmony_ci return -1; 199e5b75505Sopenharmony_ci} 200e5b75505Sopenharmony_ci 201e5b75505Sopenharmony_ci 202e5b75505Sopenharmony_ciint tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 203e5b75505Sopenharmony_ci const struct tls_connection_params *params) 204e5b75505Sopenharmony_ci{ 205e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 206e5b75505Sopenharmony_ci struct tlsv1_credentials *cred; 207e5b75505Sopenharmony_ci 208e5b75505Sopenharmony_ci if (conn->client == NULL) 209e5b75505Sopenharmony_ci return -1; 210e5b75505Sopenharmony_ci 211e5b75505Sopenharmony_ci if (params->flags & TLS_CONN_EXT_CERT_CHECK) { 212e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, 213e5b75505Sopenharmony_ci "TLS: tls_ext_cert_check=1 not supported"); 214e5b75505Sopenharmony_ci return -1; 215e5b75505Sopenharmony_ci } 216e5b75505Sopenharmony_ci 217e5b75505Sopenharmony_ci cred = tlsv1_cred_alloc(); 218e5b75505Sopenharmony_ci if (cred == NULL) 219e5b75505Sopenharmony_ci return -1; 220e5b75505Sopenharmony_ci 221e5b75505Sopenharmony_ci if (params->subject_match) { 222e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 223e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 224e5b75505Sopenharmony_ci return -1; 225e5b75505Sopenharmony_ci } 226e5b75505Sopenharmony_ci 227e5b75505Sopenharmony_ci if (params->altsubject_match) { 228e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: altsubject_match not supported"); 229e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 230e5b75505Sopenharmony_ci return -1; 231e5b75505Sopenharmony_ci } 232e5b75505Sopenharmony_ci 233e5b75505Sopenharmony_ci if (params->suffix_match) { 234e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: suffix_match not supported"); 235e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 236e5b75505Sopenharmony_ci return -1; 237e5b75505Sopenharmony_ci } 238e5b75505Sopenharmony_ci 239e5b75505Sopenharmony_ci if (params->domain_match) { 240e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: domain_match not supported"); 241e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 242e5b75505Sopenharmony_ci return -1; 243e5b75505Sopenharmony_ci } 244e5b75505Sopenharmony_ci 245e5b75505Sopenharmony_ci if (params->openssl_ciphers) { 246e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported"); 247e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 248e5b75505Sopenharmony_ci return -1; 249e5b75505Sopenharmony_ci } 250e5b75505Sopenharmony_ci 251e5b75505Sopenharmony_ci if (params->openssl_ecdh_curves) { 252e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: openssl_ecdh_curves not supported"); 253e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 254e5b75505Sopenharmony_ci return -1; 255e5b75505Sopenharmony_ci } 256e5b75505Sopenharmony_ci 257e5b75505Sopenharmony_ci if (tlsv1_set_ca_cert(cred, params->ca_cert, 258e5b75505Sopenharmony_ci params->ca_cert_blob, params->ca_cert_blob_len, 259e5b75505Sopenharmony_ci params->ca_path)) { 260e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 261e5b75505Sopenharmony_ci "certificates"); 262e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 263e5b75505Sopenharmony_ci return -1; 264e5b75505Sopenharmony_ci } 265e5b75505Sopenharmony_ci 266e5b75505Sopenharmony_ci if (tlsv1_set_cert(cred, params->client_cert, 267e5b75505Sopenharmony_ci params->client_cert_blob, 268e5b75505Sopenharmony_ci params->client_cert_blob_len)) { 269e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: Failed to configure client " 270e5b75505Sopenharmony_ci "certificate"); 271e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 272e5b75505Sopenharmony_ci return -1; 273e5b75505Sopenharmony_ci } 274e5b75505Sopenharmony_ci 275e5b75505Sopenharmony_ci if (tlsv1_set_private_key(cred, params->private_key, 276e5b75505Sopenharmony_ci params->private_key_passwd, 277e5b75505Sopenharmony_ci params->private_key_blob, 278e5b75505Sopenharmony_ci params->private_key_blob_len)) { 279e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 280e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 281e5b75505Sopenharmony_ci return -1; 282e5b75505Sopenharmony_ci } 283e5b75505Sopenharmony_ci 284e5b75505Sopenharmony_ci if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 285e5b75505Sopenharmony_ci params->dh_blob_len)) { 286e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 287e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 288e5b75505Sopenharmony_ci return -1; 289e5b75505Sopenharmony_ci } 290e5b75505Sopenharmony_ci 291e5b75505Sopenharmony_ci if (tlsv1_client_set_cred(conn->client, cred) < 0) { 292e5b75505Sopenharmony_ci tlsv1_cred_free(cred); 293e5b75505Sopenharmony_ci return -1; 294e5b75505Sopenharmony_ci } 295e5b75505Sopenharmony_ci 296e5b75505Sopenharmony_ci tlsv1_client_set_flags(conn->client, params->flags); 297e5b75505Sopenharmony_ci 298e5b75505Sopenharmony_ci return 0; 299e5b75505Sopenharmony_ci#else /* CONFIG_TLS_INTERNAL_CLIENT */ 300e5b75505Sopenharmony_ci return -1; 301e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 302e5b75505Sopenharmony_ci} 303e5b75505Sopenharmony_ci 304e5b75505Sopenharmony_ci 305e5b75505Sopenharmony_ciint tls_global_set_params(void *tls_ctx, 306e5b75505Sopenharmony_ci const struct tls_connection_params *params) 307e5b75505Sopenharmony_ci{ 308e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 309e5b75505Sopenharmony_ci struct tls_global *global = tls_ctx; 310e5b75505Sopenharmony_ci struct tlsv1_credentials *cred; 311e5b75505Sopenharmony_ci 312e5b75505Sopenharmony_ci if (params->check_cert_subject) 313e5b75505Sopenharmony_ci return -1; /* not yet supported */ 314e5b75505Sopenharmony_ci 315e5b75505Sopenharmony_ci /* Currently, global parameters are only set when running in server 316e5b75505Sopenharmony_ci * mode. */ 317e5b75505Sopenharmony_ci global->server = 1; 318e5b75505Sopenharmony_ci tlsv1_cred_free(global->server_cred); 319e5b75505Sopenharmony_ci global->server_cred = cred = tlsv1_cred_alloc(); 320e5b75505Sopenharmony_ci if (cred == NULL) 321e5b75505Sopenharmony_ci return -1; 322e5b75505Sopenharmony_ci 323e5b75505Sopenharmony_ci if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob, 324e5b75505Sopenharmony_ci params->ca_cert_blob_len, params->ca_path)) { 325e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 326e5b75505Sopenharmony_ci "certificates"); 327e5b75505Sopenharmony_ci return -1; 328e5b75505Sopenharmony_ci } 329e5b75505Sopenharmony_ci 330e5b75505Sopenharmony_ci if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob, 331e5b75505Sopenharmony_ci params->client_cert_blob_len)) { 332e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: Failed to configure server " 333e5b75505Sopenharmony_ci "certificate"); 334e5b75505Sopenharmony_ci return -1; 335e5b75505Sopenharmony_ci } 336e5b75505Sopenharmony_ci 337e5b75505Sopenharmony_ci if (tlsv1_set_private_key(cred, params->private_key, 338e5b75505Sopenharmony_ci params->private_key_passwd, 339e5b75505Sopenharmony_ci params->private_key_blob, 340e5b75505Sopenharmony_ci params->private_key_blob_len)) { 341e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 342e5b75505Sopenharmony_ci return -1; 343e5b75505Sopenharmony_ci } 344e5b75505Sopenharmony_ci 345e5b75505Sopenharmony_ci if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 346e5b75505Sopenharmony_ci params->dh_blob_len)) { 347e5b75505Sopenharmony_ci wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 348e5b75505Sopenharmony_ci return -1; 349e5b75505Sopenharmony_ci } 350e5b75505Sopenharmony_ci 351e5b75505Sopenharmony_ci if (params->ocsp_stapling_response) 352e5b75505Sopenharmony_ci cred->ocsp_stapling_response = 353e5b75505Sopenharmony_ci os_strdup(params->ocsp_stapling_response); 354e5b75505Sopenharmony_ci if (params->ocsp_stapling_response_multi) 355e5b75505Sopenharmony_ci cred->ocsp_stapling_response_multi = 356e5b75505Sopenharmony_ci os_strdup(params->ocsp_stapling_response_multi); 357e5b75505Sopenharmony_ci 358e5b75505Sopenharmony_ci return 0; 359e5b75505Sopenharmony_ci#else /* CONFIG_TLS_INTERNAL_SERVER */ 360e5b75505Sopenharmony_ci return -1; 361e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 362e5b75505Sopenharmony_ci} 363e5b75505Sopenharmony_ci 364e5b75505Sopenharmony_ci 365e5b75505Sopenharmony_ciint tls_global_set_verify(void *tls_ctx, int check_crl, int strict) 366e5b75505Sopenharmony_ci{ 367e5b75505Sopenharmony_ci struct tls_global *global = tls_ctx; 368e5b75505Sopenharmony_ci global->check_crl = check_crl; 369e5b75505Sopenharmony_ci return 0; 370e5b75505Sopenharmony_ci} 371e5b75505Sopenharmony_ci 372e5b75505Sopenharmony_ci 373e5b75505Sopenharmony_ciint tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 374e5b75505Sopenharmony_ci int verify_peer, unsigned int flags, 375e5b75505Sopenharmony_ci const u8 *session_ctx, size_t session_ctx_len) 376e5b75505Sopenharmony_ci{ 377e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 378e5b75505Sopenharmony_ci if (conn->server) 379e5b75505Sopenharmony_ci return tlsv1_server_set_verify(conn->server, verify_peer); 380e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 381e5b75505Sopenharmony_ci return -1; 382e5b75505Sopenharmony_ci} 383e5b75505Sopenharmony_ci 384e5b75505Sopenharmony_ci 385e5b75505Sopenharmony_ciint tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, 386e5b75505Sopenharmony_ci struct tls_random *data) 387e5b75505Sopenharmony_ci{ 388e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 389e5b75505Sopenharmony_ci if (conn->client) 390e5b75505Sopenharmony_ci return tlsv1_client_get_random(conn->client, data); 391e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 392e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 393e5b75505Sopenharmony_ci if (conn->server) 394e5b75505Sopenharmony_ci return tlsv1_server_get_random(conn->server, data); 395e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 396e5b75505Sopenharmony_ci return -1; 397e5b75505Sopenharmony_ci} 398e5b75505Sopenharmony_ci 399e5b75505Sopenharmony_ci 400e5b75505Sopenharmony_cistatic int tls_get_keyblock_size(struct tls_connection *conn) 401e5b75505Sopenharmony_ci{ 402e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 403e5b75505Sopenharmony_ci if (conn->client) 404e5b75505Sopenharmony_ci return tlsv1_client_get_keyblock_size(conn->client); 405e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 406e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 407e5b75505Sopenharmony_ci if (conn->server) 408e5b75505Sopenharmony_ci return tlsv1_server_get_keyblock_size(conn->server); 409e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 410e5b75505Sopenharmony_ci return -1; 411e5b75505Sopenharmony_ci} 412e5b75505Sopenharmony_ci 413e5b75505Sopenharmony_ci 414e5b75505Sopenharmony_cistatic int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 415e5b75505Sopenharmony_ci const char *label, const u8 *context, 416e5b75505Sopenharmony_ci size_t context_len, int server_random_first, 417e5b75505Sopenharmony_ci int skip_keyblock, u8 *out, size_t out_len) 418e5b75505Sopenharmony_ci{ 419e5b75505Sopenharmony_ci int ret = -1, skip = 0; 420e5b75505Sopenharmony_ci u8 *tmp_out = NULL; 421e5b75505Sopenharmony_ci u8 *_out = out; 422e5b75505Sopenharmony_ci 423e5b75505Sopenharmony_ci if (skip_keyblock) { 424e5b75505Sopenharmony_ci skip = tls_get_keyblock_size(conn); 425e5b75505Sopenharmony_ci if (skip < 0) 426e5b75505Sopenharmony_ci return -1; 427e5b75505Sopenharmony_ci tmp_out = os_malloc(skip + out_len); 428e5b75505Sopenharmony_ci if (!tmp_out) 429e5b75505Sopenharmony_ci return -1; 430e5b75505Sopenharmony_ci _out = tmp_out; 431e5b75505Sopenharmony_ci } 432e5b75505Sopenharmony_ci 433e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 434e5b75505Sopenharmony_ci if (conn->client) { 435e5b75505Sopenharmony_ci ret = tlsv1_client_prf(conn->client, label, context, 436e5b75505Sopenharmony_ci context_len, server_random_first, 437e5b75505Sopenharmony_ci _out, skip + out_len); 438e5b75505Sopenharmony_ci } 439e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 440e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 441e5b75505Sopenharmony_ci if (conn->server) { 442e5b75505Sopenharmony_ci ret = tlsv1_server_prf(conn->server, label, context, 443e5b75505Sopenharmony_ci context_len, server_random_first, 444e5b75505Sopenharmony_ci _out, skip + out_len); 445e5b75505Sopenharmony_ci } 446e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 447e5b75505Sopenharmony_ci if (ret == 0 && skip_keyblock) 448e5b75505Sopenharmony_ci os_memcpy(out, _out + skip, out_len); 449e5b75505Sopenharmony_ci bin_clear_free(tmp_out, skip); 450e5b75505Sopenharmony_ci 451e5b75505Sopenharmony_ci return ret; 452e5b75505Sopenharmony_ci} 453e5b75505Sopenharmony_ci 454e5b75505Sopenharmony_ci 455e5b75505Sopenharmony_ciint tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, 456e5b75505Sopenharmony_ci const char *label, const u8 *context, 457e5b75505Sopenharmony_ci size_t context_len, u8 *out, size_t out_len) 458e5b75505Sopenharmony_ci{ 459e5b75505Sopenharmony_ci return tls_connection_prf(tls_ctx, conn, label, context, context_len, 460e5b75505Sopenharmony_ci 0, 0, out, out_len); 461e5b75505Sopenharmony_ci} 462e5b75505Sopenharmony_ci 463e5b75505Sopenharmony_ci 464e5b75505Sopenharmony_ciint tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, 465e5b75505Sopenharmony_ci u8 *out, size_t out_len) 466e5b75505Sopenharmony_ci{ 467e5b75505Sopenharmony_ci return tls_connection_prf(tls_ctx, conn, "key expansion", NULL, 0, 468e5b75505Sopenharmony_ci 1, 1, out, out_len); 469e5b75505Sopenharmony_ci} 470e5b75505Sopenharmony_ci 471e5b75505Sopenharmony_ci 472e5b75505Sopenharmony_cistruct wpabuf * tls_connection_handshake(void *tls_ctx, 473e5b75505Sopenharmony_ci struct tls_connection *conn, 474e5b75505Sopenharmony_ci const struct wpabuf *in_data, 475e5b75505Sopenharmony_ci struct wpabuf **appl_data) 476e5b75505Sopenharmony_ci{ 477e5b75505Sopenharmony_ci return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 478e5b75505Sopenharmony_ci NULL); 479e5b75505Sopenharmony_ci} 480e5b75505Sopenharmony_ci 481e5b75505Sopenharmony_ci 482e5b75505Sopenharmony_cistruct wpabuf * tls_connection_handshake2(void *tls_ctx, 483e5b75505Sopenharmony_ci struct tls_connection *conn, 484e5b75505Sopenharmony_ci const struct wpabuf *in_data, 485e5b75505Sopenharmony_ci struct wpabuf **appl_data, 486e5b75505Sopenharmony_ci int *need_more_data) 487e5b75505Sopenharmony_ci{ 488e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 489e5b75505Sopenharmony_ci u8 *res, *ad; 490e5b75505Sopenharmony_ci size_t res_len, ad_len; 491e5b75505Sopenharmony_ci struct wpabuf *out; 492e5b75505Sopenharmony_ci 493e5b75505Sopenharmony_ci if (conn->client == NULL) 494e5b75505Sopenharmony_ci return NULL; 495e5b75505Sopenharmony_ci 496e5b75505Sopenharmony_ci ad = NULL; 497e5b75505Sopenharmony_ci res = tlsv1_client_handshake(conn->client, 498e5b75505Sopenharmony_ci in_data ? wpabuf_head(in_data) : NULL, 499e5b75505Sopenharmony_ci in_data ? wpabuf_len(in_data) : 0, 500e5b75505Sopenharmony_ci &res_len, &ad, &ad_len, need_more_data); 501e5b75505Sopenharmony_ci if (res == NULL) 502e5b75505Sopenharmony_ci return NULL; 503e5b75505Sopenharmony_ci out = wpabuf_alloc_ext_data(res, res_len); 504e5b75505Sopenharmony_ci if (out == NULL) { 505e5b75505Sopenharmony_ci os_free(res); 506e5b75505Sopenharmony_ci os_free(ad); 507e5b75505Sopenharmony_ci return NULL; 508e5b75505Sopenharmony_ci } 509e5b75505Sopenharmony_ci if (appl_data) { 510e5b75505Sopenharmony_ci if (ad) { 511e5b75505Sopenharmony_ci *appl_data = wpabuf_alloc_ext_data(ad, ad_len); 512e5b75505Sopenharmony_ci if (*appl_data == NULL) 513e5b75505Sopenharmony_ci os_free(ad); 514e5b75505Sopenharmony_ci } else 515e5b75505Sopenharmony_ci *appl_data = NULL; 516e5b75505Sopenharmony_ci } else 517e5b75505Sopenharmony_ci os_free(ad); 518e5b75505Sopenharmony_ci 519e5b75505Sopenharmony_ci return out; 520e5b75505Sopenharmony_ci#else /* CONFIG_TLS_INTERNAL_CLIENT */ 521e5b75505Sopenharmony_ci return NULL; 522e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 523e5b75505Sopenharmony_ci} 524e5b75505Sopenharmony_ci 525e5b75505Sopenharmony_ci 526e5b75505Sopenharmony_cistruct wpabuf * tls_connection_server_handshake(void *tls_ctx, 527e5b75505Sopenharmony_ci struct tls_connection *conn, 528e5b75505Sopenharmony_ci const struct wpabuf *in_data, 529e5b75505Sopenharmony_ci struct wpabuf **appl_data) 530e5b75505Sopenharmony_ci{ 531e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 532e5b75505Sopenharmony_ci u8 *res; 533e5b75505Sopenharmony_ci size_t res_len; 534e5b75505Sopenharmony_ci struct wpabuf *out; 535e5b75505Sopenharmony_ci 536e5b75505Sopenharmony_ci if (conn->server == NULL) 537e5b75505Sopenharmony_ci return NULL; 538e5b75505Sopenharmony_ci 539e5b75505Sopenharmony_ci if (appl_data) 540e5b75505Sopenharmony_ci *appl_data = NULL; 541e5b75505Sopenharmony_ci 542e5b75505Sopenharmony_ci res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data), 543e5b75505Sopenharmony_ci wpabuf_len(in_data), &res_len); 544e5b75505Sopenharmony_ci if (res == NULL && tlsv1_server_established(conn->server)) 545e5b75505Sopenharmony_ci return wpabuf_alloc(0); 546e5b75505Sopenharmony_ci if (res == NULL) 547e5b75505Sopenharmony_ci return NULL; 548e5b75505Sopenharmony_ci out = wpabuf_alloc_ext_data(res, res_len); 549e5b75505Sopenharmony_ci if (out == NULL) { 550e5b75505Sopenharmony_ci os_free(res); 551e5b75505Sopenharmony_ci return NULL; 552e5b75505Sopenharmony_ci } 553e5b75505Sopenharmony_ci 554e5b75505Sopenharmony_ci return out; 555e5b75505Sopenharmony_ci#else /* CONFIG_TLS_INTERNAL_SERVER */ 556e5b75505Sopenharmony_ci return NULL; 557e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 558e5b75505Sopenharmony_ci} 559e5b75505Sopenharmony_ci 560e5b75505Sopenharmony_ci 561e5b75505Sopenharmony_cistruct wpabuf * tls_connection_encrypt(void *tls_ctx, 562e5b75505Sopenharmony_ci struct tls_connection *conn, 563e5b75505Sopenharmony_ci const struct wpabuf *in_data) 564e5b75505Sopenharmony_ci{ 565e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 566e5b75505Sopenharmony_ci if (conn->client) { 567e5b75505Sopenharmony_ci struct wpabuf *buf; 568e5b75505Sopenharmony_ci int res; 569e5b75505Sopenharmony_ci buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 570e5b75505Sopenharmony_ci if (buf == NULL) 571e5b75505Sopenharmony_ci return NULL; 572e5b75505Sopenharmony_ci res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data), 573e5b75505Sopenharmony_ci wpabuf_len(in_data), 574e5b75505Sopenharmony_ci wpabuf_mhead(buf), 575e5b75505Sopenharmony_ci wpabuf_size(buf)); 576e5b75505Sopenharmony_ci if (res < 0) { 577e5b75505Sopenharmony_ci wpabuf_free(buf); 578e5b75505Sopenharmony_ci return NULL; 579e5b75505Sopenharmony_ci } 580e5b75505Sopenharmony_ci wpabuf_put(buf, res); 581e5b75505Sopenharmony_ci return buf; 582e5b75505Sopenharmony_ci } 583e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 584e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 585e5b75505Sopenharmony_ci if (conn->server) { 586e5b75505Sopenharmony_ci struct wpabuf *buf; 587e5b75505Sopenharmony_ci int res; 588e5b75505Sopenharmony_ci buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 589e5b75505Sopenharmony_ci if (buf == NULL) 590e5b75505Sopenharmony_ci return NULL; 591e5b75505Sopenharmony_ci res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data), 592e5b75505Sopenharmony_ci wpabuf_len(in_data), 593e5b75505Sopenharmony_ci wpabuf_mhead(buf), 594e5b75505Sopenharmony_ci wpabuf_size(buf)); 595e5b75505Sopenharmony_ci if (res < 0) { 596e5b75505Sopenharmony_ci wpabuf_free(buf); 597e5b75505Sopenharmony_ci return NULL; 598e5b75505Sopenharmony_ci } 599e5b75505Sopenharmony_ci wpabuf_put(buf, res); 600e5b75505Sopenharmony_ci return buf; 601e5b75505Sopenharmony_ci } 602e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 603e5b75505Sopenharmony_ci return NULL; 604e5b75505Sopenharmony_ci} 605e5b75505Sopenharmony_ci 606e5b75505Sopenharmony_ci 607e5b75505Sopenharmony_cistruct wpabuf * tls_connection_decrypt(void *tls_ctx, 608e5b75505Sopenharmony_ci struct tls_connection *conn, 609e5b75505Sopenharmony_ci const struct wpabuf *in_data) 610e5b75505Sopenharmony_ci{ 611e5b75505Sopenharmony_ci return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL); 612e5b75505Sopenharmony_ci} 613e5b75505Sopenharmony_ci 614e5b75505Sopenharmony_ci 615e5b75505Sopenharmony_cistruct wpabuf * tls_connection_decrypt2(void *tls_ctx, 616e5b75505Sopenharmony_ci struct tls_connection *conn, 617e5b75505Sopenharmony_ci const struct wpabuf *in_data, 618e5b75505Sopenharmony_ci int *need_more_data) 619e5b75505Sopenharmony_ci{ 620e5b75505Sopenharmony_ci if (need_more_data) 621e5b75505Sopenharmony_ci *need_more_data = 0; 622e5b75505Sopenharmony_ci 623e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 624e5b75505Sopenharmony_ci if (conn->client) { 625e5b75505Sopenharmony_ci return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data), 626e5b75505Sopenharmony_ci wpabuf_len(in_data), 627e5b75505Sopenharmony_ci need_more_data); 628e5b75505Sopenharmony_ci } 629e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 630e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 631e5b75505Sopenharmony_ci if (conn->server) { 632e5b75505Sopenharmony_ci struct wpabuf *buf; 633e5b75505Sopenharmony_ci int res; 634e5b75505Sopenharmony_ci buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 635e5b75505Sopenharmony_ci if (buf == NULL) 636e5b75505Sopenharmony_ci return NULL; 637e5b75505Sopenharmony_ci res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data), 638e5b75505Sopenharmony_ci wpabuf_len(in_data), 639e5b75505Sopenharmony_ci wpabuf_mhead(buf), 640e5b75505Sopenharmony_ci wpabuf_size(buf)); 641e5b75505Sopenharmony_ci if (res < 0) { 642e5b75505Sopenharmony_ci wpabuf_free(buf); 643e5b75505Sopenharmony_ci return NULL; 644e5b75505Sopenharmony_ci } 645e5b75505Sopenharmony_ci wpabuf_put(buf, res); 646e5b75505Sopenharmony_ci return buf; 647e5b75505Sopenharmony_ci } 648e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 649e5b75505Sopenharmony_ci return NULL; 650e5b75505Sopenharmony_ci} 651e5b75505Sopenharmony_ci 652e5b75505Sopenharmony_ci 653e5b75505Sopenharmony_ciint tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 654e5b75505Sopenharmony_ci{ 655e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 656e5b75505Sopenharmony_ci if (conn->client) 657e5b75505Sopenharmony_ci return tlsv1_client_resumed(conn->client); 658e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 659e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 660e5b75505Sopenharmony_ci if (conn->server) 661e5b75505Sopenharmony_ci return tlsv1_server_resumed(conn->server); 662e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 663e5b75505Sopenharmony_ci return -1; 664e5b75505Sopenharmony_ci} 665e5b75505Sopenharmony_ci 666e5b75505Sopenharmony_ci 667e5b75505Sopenharmony_ciint tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 668e5b75505Sopenharmony_ci u8 *ciphers) 669e5b75505Sopenharmony_ci{ 670e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 671e5b75505Sopenharmony_ci if (conn->client) 672e5b75505Sopenharmony_ci return tlsv1_client_set_cipher_list(conn->client, ciphers); 673e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 674e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 675e5b75505Sopenharmony_ci if (conn->server) 676e5b75505Sopenharmony_ci return tlsv1_server_set_cipher_list(conn->server, ciphers); 677e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 678e5b75505Sopenharmony_ci return -1; 679e5b75505Sopenharmony_ci} 680e5b75505Sopenharmony_ci 681e5b75505Sopenharmony_ci 682e5b75505Sopenharmony_ciint tls_get_version(void *ssl_ctx, struct tls_connection *conn, 683e5b75505Sopenharmony_ci char *buf, size_t buflen) 684e5b75505Sopenharmony_ci{ 685e5b75505Sopenharmony_ci if (conn == NULL) 686e5b75505Sopenharmony_ci return -1; 687e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 688e5b75505Sopenharmony_ci if (conn->client) 689e5b75505Sopenharmony_ci return tlsv1_client_get_version(conn->client, buf, buflen); 690e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 691e5b75505Sopenharmony_ci return -1; 692e5b75505Sopenharmony_ci} 693e5b75505Sopenharmony_ci 694e5b75505Sopenharmony_ci 695e5b75505Sopenharmony_ciint tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 696e5b75505Sopenharmony_ci char *buf, size_t buflen) 697e5b75505Sopenharmony_ci{ 698e5b75505Sopenharmony_ci if (conn == NULL) 699e5b75505Sopenharmony_ci return -1; 700e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 701e5b75505Sopenharmony_ci if (conn->client) 702e5b75505Sopenharmony_ci return tlsv1_client_get_cipher(conn->client, buf, buflen); 703e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 704e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 705e5b75505Sopenharmony_ci if (conn->server) 706e5b75505Sopenharmony_ci return tlsv1_server_get_cipher(conn->server, buf, buflen); 707e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 708e5b75505Sopenharmony_ci return -1; 709e5b75505Sopenharmony_ci} 710e5b75505Sopenharmony_ci 711e5b75505Sopenharmony_ci 712e5b75505Sopenharmony_ciint tls_connection_enable_workaround(void *tls_ctx, 713e5b75505Sopenharmony_ci struct tls_connection *conn) 714e5b75505Sopenharmony_ci{ 715e5b75505Sopenharmony_ci return -1; 716e5b75505Sopenharmony_ci} 717e5b75505Sopenharmony_ci 718e5b75505Sopenharmony_ci 719e5b75505Sopenharmony_ciint tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 720e5b75505Sopenharmony_ci int ext_type, const u8 *data, 721e5b75505Sopenharmony_ci size_t data_len) 722e5b75505Sopenharmony_ci{ 723e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 724e5b75505Sopenharmony_ci if (conn->client) { 725e5b75505Sopenharmony_ci return tlsv1_client_hello_ext(conn->client, ext_type, 726e5b75505Sopenharmony_ci data, data_len); 727e5b75505Sopenharmony_ci } 728e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 729e5b75505Sopenharmony_ci return -1; 730e5b75505Sopenharmony_ci} 731e5b75505Sopenharmony_ci 732e5b75505Sopenharmony_ci 733e5b75505Sopenharmony_ciint tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 734e5b75505Sopenharmony_ci{ 735e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 736e5b75505Sopenharmony_ci if (conn->server) 737e5b75505Sopenharmony_ci return tlsv1_server_get_failed(conn->server); 738e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 739e5b75505Sopenharmony_ci return 0; 740e5b75505Sopenharmony_ci} 741e5b75505Sopenharmony_ci 742e5b75505Sopenharmony_ci 743e5b75505Sopenharmony_ciint tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 744e5b75505Sopenharmony_ci{ 745e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 746e5b75505Sopenharmony_ci if (conn->server) 747e5b75505Sopenharmony_ci return tlsv1_server_get_read_alerts(conn->server); 748e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 749e5b75505Sopenharmony_ci return 0; 750e5b75505Sopenharmony_ci} 751e5b75505Sopenharmony_ci 752e5b75505Sopenharmony_ci 753e5b75505Sopenharmony_ciint tls_connection_get_write_alerts(void *tls_ctx, 754e5b75505Sopenharmony_ci struct tls_connection *conn) 755e5b75505Sopenharmony_ci{ 756e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 757e5b75505Sopenharmony_ci if (conn->server) 758e5b75505Sopenharmony_ci return tlsv1_server_get_write_alerts(conn->server); 759e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 760e5b75505Sopenharmony_ci return 0; 761e5b75505Sopenharmony_ci} 762e5b75505Sopenharmony_ci 763e5b75505Sopenharmony_ci 764e5b75505Sopenharmony_ciint tls_connection_set_session_ticket_cb(void *tls_ctx, 765e5b75505Sopenharmony_ci struct tls_connection *conn, 766e5b75505Sopenharmony_ci tls_session_ticket_cb cb, 767e5b75505Sopenharmony_ci void *ctx) 768e5b75505Sopenharmony_ci{ 769e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_CLIENT 770e5b75505Sopenharmony_ci if (conn->client) { 771e5b75505Sopenharmony_ci tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx); 772e5b75505Sopenharmony_ci return 0; 773e5b75505Sopenharmony_ci } 774e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 775e5b75505Sopenharmony_ci#ifdef CONFIG_TLS_INTERNAL_SERVER 776e5b75505Sopenharmony_ci if (conn->server) { 777e5b75505Sopenharmony_ci tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx); 778e5b75505Sopenharmony_ci return 0; 779e5b75505Sopenharmony_ci } 780e5b75505Sopenharmony_ci#endif /* CONFIG_TLS_INTERNAL_SERVER */ 781e5b75505Sopenharmony_ci return -1; 782e5b75505Sopenharmony_ci} 783e5b75505Sopenharmony_ci 784e5b75505Sopenharmony_ci 785e5b75505Sopenharmony_ciint tls_get_library_version(char *buf, size_t buf_len) 786e5b75505Sopenharmony_ci{ 787e5b75505Sopenharmony_ci return os_snprintf(buf, buf_len, "internal"); 788e5b75505Sopenharmony_ci} 789e5b75505Sopenharmony_ci 790e5b75505Sopenharmony_ci 791e5b75505Sopenharmony_civoid tls_connection_set_success_data(struct tls_connection *conn, 792e5b75505Sopenharmony_ci struct wpabuf *data) 793e5b75505Sopenharmony_ci{ 794e5b75505Sopenharmony_ci} 795e5b75505Sopenharmony_ci 796e5b75505Sopenharmony_ci 797e5b75505Sopenharmony_civoid tls_connection_set_success_data_resumed(struct tls_connection *conn) 798e5b75505Sopenharmony_ci{ 799e5b75505Sopenharmony_ci} 800e5b75505Sopenharmony_ci 801e5b75505Sopenharmony_ci 802e5b75505Sopenharmony_ciconst struct wpabuf * 803e5b75505Sopenharmony_citls_connection_get_success_data(struct tls_connection *conn) 804e5b75505Sopenharmony_ci{ 805e5b75505Sopenharmony_ci return NULL; 806e5b75505Sopenharmony_ci} 807e5b75505Sopenharmony_ci 808e5b75505Sopenharmony_ci 809e5b75505Sopenharmony_civoid tls_connection_remove_session(struct tls_connection *conn) 810e5b75505Sopenharmony_ci{ 811e5b75505Sopenharmony_ci} 812