1 /*
2 * TLS interface functions and an internal TLS implementation
3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file interface functions for hostapd/wpa_supplicant to use the
9 * integrated TLSv1 implementation.
10 */
11
12 #include "includes.h"
13
14 #include "common.h"
15 #include "tls.h"
16 #include "tls/tlsv1_client.h"
17 #include "tls/tlsv1_server.h"
18
19
20 static int tls_ref_count = 0;
21
22 struct tls_global {
23 int server;
24 struct tlsv1_credentials *server_cred;
25 int check_crl;
26 };
27
28 struct tls_connection {
29 struct tlsv1_client *client;
30 struct tlsv1_server *server;
31 struct tls_global *global;
32 };
33
34
tls_init(const struct tls_config * conf)35 void * tls_init(const struct tls_config *conf)
36 {
37 struct tls_global *global;
38
39 if (tls_ref_count == 0) {
40 #ifdef CONFIG_TLS_INTERNAL_CLIENT
41 if (tlsv1_client_global_init())
42 return NULL;
43 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
44 #ifdef CONFIG_TLS_INTERNAL_SERVER
45 if (tlsv1_server_global_init())
46 return NULL;
47 #endif /* CONFIG_TLS_INTERNAL_SERVER */
48 }
49 tls_ref_count++;
50
51 global = os_zalloc(sizeof(*global));
52 if (global == NULL)
53 return NULL;
54
55 return global;
56 }
57
tls_deinit(void * ssl_ctx)58 void tls_deinit(void *ssl_ctx)
59 {
60 struct tls_global *global = ssl_ctx;
61 tls_ref_count--;
62 if (tls_ref_count == 0) {
63 #ifdef CONFIG_TLS_INTERNAL_CLIENT
64 tlsv1_client_global_deinit();
65 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
66 #ifdef CONFIG_TLS_INTERNAL_SERVER
67 tlsv1_cred_free(global->server_cred);
68 tlsv1_server_global_deinit();
69 #endif /* CONFIG_TLS_INTERNAL_SERVER */
70 }
71 os_free(global);
72 }
73
74
tls_get_errors(void * tls_ctx)75 int tls_get_errors(void *tls_ctx)
76 {
77 return 0;
78 }
79
80
tls_connection_init(void * tls_ctx)81 struct tls_connection * tls_connection_init(void *tls_ctx)
82 {
83 struct tls_connection *conn;
84 struct tls_global *global = tls_ctx;
85
86 conn = os_zalloc(sizeof(*conn));
87 if (conn == NULL)
88 return NULL;
89 conn->global = global;
90
91 #ifdef CONFIG_TLS_INTERNAL_CLIENT
92 if (!global->server) {
93 conn->client = tlsv1_client_init();
94 if (conn->client == NULL) {
95 os_free(conn);
96 return NULL;
97 }
98 }
99 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
100 #ifdef CONFIG_TLS_INTERNAL_SERVER
101 if (global->server) {
102 conn->server = tlsv1_server_init(global->server_cred);
103 if (conn->server == NULL) {
104 os_free(conn);
105 return NULL;
106 }
107 }
108 #endif /* CONFIG_TLS_INTERNAL_SERVER */
109
110 return conn;
111 }
112
113
114 #ifdef CONFIG_TESTING_OPTIONS
115 #ifdef CONFIG_TLS_INTERNAL_SERVER
tls_connection_set_test_flags(struct tls_connection * conn,u32 flags)116 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
117 {
118 if (conn->server)
119 tlsv1_server_set_test_flags(conn->server, flags);
120 }
121 #endif /* CONFIG_TLS_INTERNAL_SERVER */
122 #endif /* CONFIG_TESTING_OPTIONS */
123
124
tls_connection_set_log_cb(struct tls_connection * conn,void (* log_cb)(void * ctx,const char * msg),void * ctx)125 void tls_connection_set_log_cb(struct tls_connection *conn,
126 void (*log_cb)(void *ctx, const char *msg),
127 void *ctx)
128 {
129 #ifdef CONFIG_TLS_INTERNAL_SERVER
130 if (conn->server)
131 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
132 #endif /* CONFIG_TLS_INTERNAL_SERVER */
133 }
134
135
tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)136 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
137 {
138 if (conn == NULL)
139 return;
140 #ifdef CONFIG_TLS_INTERNAL_CLIENT
141 if (conn->client)
142 tlsv1_client_deinit(conn->client);
143 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
144 #ifdef CONFIG_TLS_INTERNAL_SERVER
145 if (conn->server)
146 tlsv1_server_deinit(conn->server);
147 #endif /* CONFIG_TLS_INTERNAL_SERVER */
148 os_free(conn);
149 }
150
151
tls_connection_established(void * tls_ctx,struct tls_connection * conn)152 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
153 {
154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
155 if (conn->client)
156 return tlsv1_client_established(conn->client);
157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
158 #ifdef CONFIG_TLS_INTERNAL_SERVER
159 if (conn->server)
160 return tlsv1_server_established(conn->server);
161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
162 return 0;
163 }
164
165
tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)166 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
167 {
168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
169 if (conn->client)
170 return tlsv1_client_shutdown(conn->client);
171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
172 #ifdef CONFIG_TLS_INTERNAL_SERVER
173 if (conn->server)
174 return tlsv1_server_shutdown(conn->server);
175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
176 return -1;
177 }
178
179
tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)180 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
181 const struct tls_connection_params *params)
182 {
183 #ifdef CONFIG_TLS_INTERNAL_CLIENT
184 struct tlsv1_credentials *cred;
185
186 if (conn->client == NULL)
187 return -1;
188
189 cred = tlsv1_cred_alloc();
190 if (cred == NULL)
191 return -1;
192
193 if (params->subject_match) {
194 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
195 tlsv1_cred_free(cred);
196 return -1;
197 }
198
199 if (params->altsubject_match) {
200 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
201 tlsv1_cred_free(cred);
202 return -1;
203 }
204
205 if (params->suffix_match) {
206 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
207 tlsv1_cred_free(cred);
208 return -1;
209 }
210
211 if (params->domain_match) {
212 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
213 tlsv1_cred_free(cred);
214 return -1;
215 }
216
217 if (params->openssl_ciphers) {
218 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
219 tlsv1_cred_free(cred);
220 return -1;
221 }
222
223 if (tlsv1_set_ca_cert(cred, params->ca_cert,
224 params->ca_cert_blob, params->ca_cert_blob_len,
225 params->ca_path)) {
226 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
227 "certificates");
228 tlsv1_cred_free(cred);
229 return -1;
230 }
231
232 if (tlsv1_set_cert(cred, params->client_cert,
233 params->client_cert_blob,
234 params->client_cert_blob_len)) {
235 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
236 "certificate");
237 tlsv1_cred_free(cred);
238 return -1;
239 }
240
241 if (tlsv1_set_private_key(cred, params->private_key,
242 params->private_key_passwd,
243 params->private_key_blob,
244 params->private_key_blob_len)) {
245 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
246 tlsv1_cred_free(cred);
247 return -1;
248 }
249
250 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
251 params->dh_blob_len)) {
252 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
253 tlsv1_cred_free(cred);
254 return -1;
255 }
256
257 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
258 tlsv1_cred_free(cred);
259 return -1;
260 }
261
262 tlsv1_client_set_time_checks(
263 conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));
264
265 return 0;
266 #else /* CONFIG_TLS_INTERNAL_CLIENT */
267 return -1;
268 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
269 }
270
271
tls_global_set_params(void * tls_ctx,const struct tls_connection_params * params)272 int tls_global_set_params(void *tls_ctx,
273 const struct tls_connection_params *params)
274 {
275 #ifdef CONFIG_TLS_INTERNAL_SERVER
276 struct tls_global *global = tls_ctx;
277 struct tlsv1_credentials *cred;
278
279 /* Currently, global parameters are only set when running in server
280 * mode. */
281 global->server = 1;
282 tlsv1_cred_free(global->server_cred);
283 global->server_cred = cred = tlsv1_cred_alloc();
284 if (cred == NULL)
285 return -1;
286
287 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
288 params->ca_cert_blob_len, params->ca_path)) {
289 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
290 "certificates");
291 return -1;
292 }
293
294 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
295 params->client_cert_blob_len)) {
296 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
297 "certificate");
298 return -1;
299 }
300
301 if (tlsv1_set_private_key(cred, params->private_key,
302 params->private_key_passwd,
303 params->private_key_blob,
304 params->private_key_blob_len)) {
305 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
306 return -1;
307 }
308
309 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
310 params->dh_blob_len)) {
311 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
312 return -1;
313 }
314
315 return 0;
316 #else /* CONFIG_TLS_INTERNAL_SERVER */
317 return -1;
318 #endif /* CONFIG_TLS_INTERNAL_SERVER */
319 }
320
321
tls_global_set_verify(void * tls_ctx,int check_crl)322 int tls_global_set_verify(void *tls_ctx, int check_crl)
323 {
324 struct tls_global *global = tls_ctx;
325 global->check_crl = check_crl;
326 return 0;
327 }
328
329
tls_connection_set_verify(void * tls_ctx,struct tls_connection * conn,int verify_peer,unsigned int flags,const u8 * session_ctx,size_t session_ctx_len)330 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
331 int verify_peer, unsigned int flags,
332 const u8 *session_ctx, size_t session_ctx_len)
333 {
334 #ifdef CONFIG_TLS_INTERNAL_SERVER
335 if (conn->server)
336 return tlsv1_server_set_verify(conn->server, verify_peer);
337 #endif /* CONFIG_TLS_INTERNAL_SERVER */
338 return -1;
339 }
340
341
tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)342 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
343 struct tls_random *data)
344 {
345 #ifdef CONFIG_TLS_INTERNAL_CLIENT
346 if (conn->client)
347 return tlsv1_client_get_random(conn->client, data);
348 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
349 #ifdef CONFIG_TLS_INTERNAL_SERVER
350 if (conn->server)
351 return tlsv1_server_get_random(conn->server, data);
352 #endif /* CONFIG_TLS_INTERNAL_SERVER */
353 return -1;
354 }
355
356
tls_get_keyblock_size(struct tls_connection * conn)357 static int tls_get_keyblock_size(struct tls_connection *conn)
358 {
359 #ifdef CONFIG_TLS_INTERNAL_CLIENT
360 if (conn->client)
361 return tlsv1_client_get_keyblock_size(conn->client);
362 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
363 #ifdef CONFIG_TLS_INTERNAL_SERVER
364 if (conn->server)
365 return tlsv1_server_get_keyblock_size(conn->server);
366 #endif /* CONFIG_TLS_INTERNAL_SERVER */
367 return -1;
368 }
369
370
tls_connection_prf(void * tls_ctx,struct tls_connection * conn,const char * label,int server_random_first,int skip_keyblock,u8 * out,size_t out_len)371 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
372 const char *label, int server_random_first,
373 int skip_keyblock, u8 *out, size_t out_len)
374 {
375 int ret = -1, skip = 0;
376 u8 *tmp_out = NULL;
377 u8 *_out = out;
378
379 if (skip_keyblock) {
380 skip = tls_get_keyblock_size(conn);
381 if (skip < 0)
382 return -1;
383 tmp_out = os_malloc(skip + out_len);
384 if (!tmp_out)
385 return -1;
386 _out = tmp_out;
387 }
388
389 #ifdef CONFIG_TLS_INTERNAL_CLIENT
390 if (conn->client) {
391 ret = tlsv1_client_prf(conn->client, label,
392 server_random_first,
393 _out, out_len);
394 }
395 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
396 #ifdef CONFIG_TLS_INTERNAL_SERVER
397 if (conn->server) {
398 ret = tlsv1_server_prf(conn->server, label,
399 server_random_first,
400 _out, out_len);
401 }
402 #endif /* CONFIG_TLS_INTERNAL_SERVER */
403 if (ret == 0 && skip_keyblock)
404 os_memcpy(out, _out + skip, out_len);
405 bin_clear_free(tmp_out, skip);
406
407 return ret;
408 }
409
410
tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)411 struct wpabuf * tls_connection_handshake(void *tls_ctx,
412 struct tls_connection *conn,
413 const struct wpabuf *in_data,
414 struct wpabuf **appl_data)
415 {
416 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
417 NULL);
418 }
419
420
tls_connection_handshake2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data,int * need_more_data)421 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
422 struct tls_connection *conn,
423 const struct wpabuf *in_data,
424 struct wpabuf **appl_data,
425 int *need_more_data)
426 {
427 #ifdef CONFIG_TLS_INTERNAL_CLIENT
428 u8 *res, *ad;
429 size_t res_len, ad_len;
430 struct wpabuf *out;
431
432 if (conn->client == NULL)
433 return NULL;
434
435 ad = NULL;
436 res = tlsv1_client_handshake(conn->client,
437 in_data ? wpabuf_head(in_data) : NULL,
438 in_data ? wpabuf_len(in_data) : 0,
439 &res_len, &ad, &ad_len, need_more_data);
440 if (res == NULL)
441 return NULL;
442 out = wpabuf_alloc_ext_data(res, res_len);
443 if (out == NULL) {
444 os_free(res);
445 os_free(ad);
446 return NULL;
447 }
448 if (appl_data) {
449 if (ad) {
450 *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
451 if (*appl_data == NULL)
452 os_free(ad);
453 } else
454 *appl_data = NULL;
455 } else
456 os_free(ad);
457
458 return out;
459 #else /* CONFIG_TLS_INTERNAL_CLIENT */
460 return NULL;
461 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
462 }
463
464
tls_connection_server_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)465 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
466 struct tls_connection *conn,
467 const struct wpabuf *in_data,
468 struct wpabuf **appl_data)
469 {
470 #ifdef CONFIG_TLS_INTERNAL_SERVER
471 u8 *res;
472 size_t res_len;
473 struct wpabuf *out;
474
475 if (conn->server == NULL)
476 return NULL;
477
478 if (appl_data)
479 *appl_data = NULL;
480
481 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
482 wpabuf_len(in_data), &res_len);
483 if (res == NULL && tlsv1_server_established(conn->server))
484 return wpabuf_alloc(0);
485 if (res == NULL)
486 return NULL;
487 out = wpabuf_alloc_ext_data(res, res_len);
488 if (out == NULL) {
489 os_free(res);
490 return NULL;
491 }
492
493 return out;
494 #else /* CONFIG_TLS_INTERNAL_SERVER */
495 return NULL;
496 #endif /* CONFIG_TLS_INTERNAL_SERVER */
497 }
498
499
tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)500 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
501 struct tls_connection *conn,
502 const struct wpabuf *in_data)
503 {
504 #ifdef CONFIG_TLS_INTERNAL_CLIENT
505 if (conn->client) {
506 struct wpabuf *buf;
507 int res;
508 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
509 if (buf == NULL)
510 return NULL;
511 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
512 wpabuf_len(in_data),
513 wpabuf_mhead(buf),
514 wpabuf_size(buf));
515 if (res < 0) {
516 wpabuf_free(buf);
517 return NULL;
518 }
519 wpabuf_put(buf, res);
520 return buf;
521 }
522 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
523 #ifdef CONFIG_TLS_INTERNAL_SERVER
524 if (conn->server) {
525 struct wpabuf *buf;
526 int res;
527 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
528 if (buf == NULL)
529 return NULL;
530 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
531 wpabuf_len(in_data),
532 wpabuf_mhead(buf),
533 wpabuf_size(buf));
534 if (res < 0) {
535 wpabuf_free(buf);
536 return NULL;
537 }
538 wpabuf_put(buf, res);
539 return buf;
540 }
541 #endif /* CONFIG_TLS_INTERNAL_SERVER */
542 return NULL;
543 }
544
545
tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)546 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
547 struct tls_connection *conn,
548 const struct wpabuf *in_data)
549 {
550 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
551 }
552
553
tls_connection_decrypt2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,int * need_more_data)554 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
555 struct tls_connection *conn,
556 const struct wpabuf *in_data,
557 int *need_more_data)
558 {
559 if (need_more_data)
560 *need_more_data = 0;
561
562 #ifdef CONFIG_TLS_INTERNAL_CLIENT
563 if (conn->client) {
564 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
565 wpabuf_len(in_data),
566 need_more_data);
567 }
568 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
569 #ifdef CONFIG_TLS_INTERNAL_SERVER
570 if (conn->server) {
571 struct wpabuf *buf;
572 int res;
573 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
574 if (buf == NULL)
575 return NULL;
576 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
577 wpabuf_len(in_data),
578 wpabuf_mhead(buf),
579 wpabuf_size(buf));
580 if (res < 0) {
581 wpabuf_free(buf);
582 return NULL;
583 }
584 wpabuf_put(buf, res);
585 return buf;
586 }
587 #endif /* CONFIG_TLS_INTERNAL_SERVER */
588 return NULL;
589 }
590
591
tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)592 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
593 {
594 #ifdef CONFIG_TLS_INTERNAL_CLIENT
595 if (conn->client)
596 return tlsv1_client_resumed(conn->client);
597 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
598 #ifdef CONFIG_TLS_INTERNAL_SERVER
599 if (conn->server)
600 return tlsv1_server_resumed(conn->server);
601 #endif /* CONFIG_TLS_INTERNAL_SERVER */
602 return -1;
603 }
604
605
tls_connection_set_cipher_list(void * tls_ctx,struct tls_connection * conn,u8 * ciphers)606 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
607 u8 *ciphers)
608 {
609 #ifdef CONFIG_TLS_INTERNAL_CLIENT
610 if (conn->client)
611 return tlsv1_client_set_cipher_list(conn->client, ciphers);
612 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
613 #ifdef CONFIG_TLS_INTERNAL_SERVER
614 if (conn->server)
615 return tlsv1_server_set_cipher_list(conn->server, ciphers);
616 #endif /* CONFIG_TLS_INTERNAL_SERVER */
617 return -1;
618 }
619
620
tls_get_version(void * ssl_ctx,struct tls_connection * conn,char * buf,size_t buflen)621 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
622 char *buf, size_t buflen)
623 {
624 /* TODO */
625 return -1;
626 }
627
628
tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)629 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
630 char *buf, size_t buflen)
631 {
632 if (conn == NULL)
633 return -1;
634 #ifdef CONFIG_TLS_INTERNAL_CLIENT
635 if (conn->client)
636 return tlsv1_client_get_cipher(conn->client, buf, buflen);
637 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
638 #ifdef CONFIG_TLS_INTERNAL_SERVER
639 if (conn->server)
640 return tlsv1_server_get_cipher(conn->server, buf, buflen);
641 #endif /* CONFIG_TLS_INTERNAL_SERVER */
642 return -1;
643 }
644
645
tls_connection_enable_workaround(void * tls_ctx,struct tls_connection * conn)646 int tls_connection_enable_workaround(void *tls_ctx,
647 struct tls_connection *conn)
648 {
649 return -1;
650 }
651
652
tls_connection_client_hello_ext(void * tls_ctx,struct tls_connection * conn,int ext_type,const u8 * data,size_t data_len)653 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
654 int ext_type, const u8 *data,
655 size_t data_len)
656 {
657 #ifdef CONFIG_TLS_INTERNAL_CLIENT
658 if (conn->client) {
659 return tlsv1_client_hello_ext(conn->client, ext_type,
660 data, data_len);
661 }
662 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
663 return -1;
664 }
665
666
tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)667 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
668 {
669 return 0;
670 }
671
672
tls_connection_get_read_alerts(void * tls_ctx,struct tls_connection * conn)673 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
674 {
675 return 0;
676 }
677
678
tls_connection_get_write_alerts(void * tls_ctx,struct tls_connection * conn)679 int tls_connection_get_write_alerts(void *tls_ctx,
680 struct tls_connection *conn)
681 {
682 return 0;
683 }
684
685
tls_connection_set_session_ticket_cb(void * tls_ctx,struct tls_connection * conn,tls_session_ticket_cb cb,void * ctx)686 int tls_connection_set_session_ticket_cb(void *tls_ctx,
687 struct tls_connection *conn,
688 tls_session_ticket_cb cb,
689 void *ctx)
690 {
691 #ifdef CONFIG_TLS_INTERNAL_CLIENT
692 if (conn->client) {
693 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
694 return 0;
695 }
696 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
697 #ifdef CONFIG_TLS_INTERNAL_SERVER
698 if (conn->server) {
699 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
700 return 0;
701 }
702 #endif /* CONFIG_TLS_INTERNAL_SERVER */
703 return -1;
704 }
705
706
tls_get_library_version(char * buf,size_t buf_len)707 int tls_get_library_version(char *buf, size_t buf_len)
708 {
709 return os_snprintf(buf, buf_len, "internal");
710 }
711
712
tls_connection_set_success_data(struct tls_connection * conn,struct wpabuf * data)713 void tls_connection_set_success_data(struct tls_connection *conn,
714 struct wpabuf *data)
715 {
716 }
717
718
tls_connection_set_success_data_resumed(struct tls_connection * conn)719 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
720 {
721 }
722
723
724 const struct wpabuf *
tls_connection_get_success_data(struct tls_connection * conn)725 tls_connection_get_success_data(struct tls_connection *conn)
726 {
727 return NULL;
728 }
729
730
tls_connection_remove_session(struct tls_connection * conn)731 void tls_connection_remove_session(struct tls_connection *conn)
732 {
733 }
734