contrib/wpa/src/crypto/tls_internal.c

   1 /*
   2  * TLS interface functions and an internal TLS implementation
   3  * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  *
   8  * This file interface functions for hostapd/wpa_supplicant to use the
   9  * integrated TLSv1 implementation.
  10  */
  11
  12 #include "includes.h"
  13
  14 #include "common.h"
  15 #include "tls.h"
  16 #include "tls/tlsv1_client.h"
  17 #include "tls/tlsv1_server.h"
  18
  19
  20 static int tls_ref_count = 0;
  21
  22 struct tls_global {
  23         int server;
  24         struct tlsv1_credentials *server_cred;
  25         int check_crl;
  26
  27         void (*event_cb)(void *ctx, enum tls_event ev,
  28                          union tls_event_data *data);
  29         void *cb_ctx;
  30         int cert_in_cb;
  31 };
  32
  33 struct tls_connection {
  34         struct tlsv1_client *client;
  35         struct tlsv1_server *server;
  36         struct tls_global *global;
  37 };
  38
  39
  40 void * tls_init(const struct tls_config *conf)
  41 {
  42         struct tls_global *global;
  43
  44         if (tls_ref_count == 0) {
  45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
  46                 if (tlsv1_client_global_init())
  47                         return NULL;
  48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
  49 #ifdef CONFIG_TLS_INTERNAL_SERVER
  50                 if (tlsv1_server_global_init())
  51                         return NULL;
  52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  53         }
  54         tls_ref_count++;
  55
  56         global = os_zalloc(sizeof(*global));
  57         if (global == NULL)
  58                 return NULL;
  59         if (conf) {
  60                 global->event_cb = conf->event_cb;
  61                 global->cb_ctx = conf->cb_ctx;
  62                 global->cert_in_cb = conf->cert_in_cb;
  63         }
  64
  65         return global;
  66 }
  67
  68 void tls_deinit(void *ssl_ctx)
  69 {
  70         struct tls_global *global = ssl_ctx;
  71         tls_ref_count--;
  72         if (tls_ref_count == 0) {
  73 #ifdef CONFIG_TLS_INTERNAL_CLIENT
  74                 tlsv1_client_global_deinit();
  75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
  76 #ifdef CONFIG_TLS_INTERNAL_SERVER
  77                 tlsv1_server_global_deinit();
  78 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  79         }
  80 #ifdef CONFIG_TLS_INTERNAL_SERVER
  81         tlsv1_cred_free(global->server_cred);
  82 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  83         os_free(global);
  84 }
  85
  86
  87 int tls_get_errors(void *tls_ctx)
  88 {
  89         return 0;
  90 }
  91
  92
  93 struct tls_connection * tls_connection_init(void *tls_ctx)
  94 {
  95         struct tls_connection *conn;
  96         struct tls_global *global = tls_ctx;
  97
  98         conn = os_zalloc(sizeof(*conn));
  99         if (conn == NULL)
 100                 return NULL;
 101         conn->global = global;
 102
 103 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 104         if (!global->server) {
 105                 conn->client = tlsv1_client_init();
 106                 if (conn->client == NULL) {
 107                         os_free(conn);
 108                         return NULL;
 109                 }
 110                 tlsv1_client_set_cb(conn->client, global->event_cb,
 111                                     global->cb_ctx, global->cert_in_cb);
 112         }
 113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 114 #ifdef CONFIG_TLS_INTERNAL_SERVER
 115         if (global->server) {
 116                 conn->server = tlsv1_server_init(global->server_cred);
 117                 if (conn->server == NULL) {
 118                         os_free(conn);
 119                         return NULL;
 120                 }
 121         }
 122 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 123
 124         return conn;
 125 }
 126
 127
 128 #ifdef CONFIG_TESTING_OPTIONS
 129 #ifdef CONFIG_TLS_INTERNAL_SERVER
 130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
 131 {
 132         if (conn->server)
 133                 tlsv1_server_set_test_flags(conn->server, flags);
 134 }
 135 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 136 #endif /* CONFIG_TESTING_OPTIONS */
 137
 138
 139 void tls_connection_set_log_cb(struct tls_connection *conn,
 140                                void (*log_cb)(void *ctx, const char *msg),
 141                                void *ctx)
 142 {
 143 #ifdef CONFIG_TLS_INTERNAL_SERVER
 144         if (conn->server)
 145                 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
 146 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 147 }
 148
 149
 150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
 151 {
 152         if (conn == NULL)
 153                 return;
 154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 155         if (conn->client)
 156                 tlsv1_client_deinit(conn->client);
 157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 158 #ifdef CONFIG_TLS_INTERNAL_SERVER
 159         if (conn->server)
 160                 tlsv1_server_deinit(conn->server);
 161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 162         os_free(conn);
 163 }
 164
 165
 166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
 167 {
 168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 169         if (conn->client)
 170                 return tlsv1_client_established(conn->client);
 171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 172 #ifdef CONFIG_TLS_INTERNAL_SERVER
 173         if (conn->server)
 174                 return tlsv1_server_established(conn->server);
 175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 176         return 0;
 177 }
 178
 179
 180 char * tls_connection_peer_serial_num(void *tls_ctx,
 181                                       struct tls_connection *conn)
 182 {
 183         /* TODO */
 184         return NULL;
 185 }
 186
 187
 188 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
 189 {
 190 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 191         if (conn->client)
 192                 return tlsv1_client_shutdown(conn->client);
 193 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 194 #ifdef CONFIG_TLS_INTERNAL_SERVER
 195         if (conn->server)
 196                 return tlsv1_server_shutdown(conn->server);
 197 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 198         return -1;
 199 }
 200
 201
 202 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 203                               const struct tls_connection_params *params)
 204 {
 205 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 206         struct tlsv1_credentials *cred;
 207
 208         if (conn->client == NULL)
 209                 return -1;
 210
 211         if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
 212                 wpa_printf(MSG_INFO,
 213                            "TLS: tls_ext_cert_check=1 not supported");
 214                 return -1;
 215         }
 216
 217         cred = tlsv1_cred_alloc();
 218         if (cred == NULL)
 219                 return -1;
 220
 221         if (params->subject_match) {
 222                 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
 223                 tlsv1_cred_free(cred);
 224                 return -1;
 225         }
 226
 227         if (params->altsubject_match) {
 228                 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
 229                 tlsv1_cred_free(cred);
 230                 return -1;
 231         }
 232
 233         if (params->suffix_match) {
 234                 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
 235                 tlsv1_cred_free(cred);
 236                 return -1;
 237         }
 238
 239         if (params->domain_match) {
 240                 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
 241                 tlsv1_cred_free(cred);
 242                 return -1;
 243         }
 244
 245         if (params->openssl_ciphers) {
 246                 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
 247                 tlsv1_cred_free(cred);
 248                 return -1;
 249         }
 250
 251         if (tlsv1_set_ca_cert(cred, params->ca_cert,
 252                               params->ca_cert_blob, params->ca_cert_blob_len,
 253                               params->ca_path)) {
 254                 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 255                            "certificates");
 256                 tlsv1_cred_free(cred);
 257                 return -1;
 258         }
 259
 260         if (tlsv1_set_cert(cred, params->client_cert,
 261                            params->client_cert_blob,
 262                            params->client_cert_blob_len)) {
 263                 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
 264                            "certificate");
 265                 tlsv1_cred_free(cred);
 266                 return -1;
 267         }
 268
 269         if (tlsv1_set_private_key(cred, params->private_key,
 270                                   params->private_key_passwd,
 271                                   params->private_key_blob,
 272                                   params->private_key_blob_len)) {
 273                 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 274                 tlsv1_cred_free(cred);
 275                 return -1;
 276         }
 277
 278         if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
 279                                params->dh_blob_len)) {
 280                 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
 281                 tlsv1_cred_free(cred);
 282                 return -1;
 283         }
 284
 285         if (tlsv1_client_set_cred(conn->client, cred) < 0) {
 286                 tlsv1_cred_free(cred);
 287                 return -1;
 288         }
 289
 290         tlsv1_client_set_flags(conn->client, params->flags);
 291
 292         return 0;
 293 #else /* CONFIG_TLS_INTERNAL_CLIENT */
 294         return -1;
 295 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 296 }
 297
 298
 299 int tls_global_set_params(void *tls_ctx,
 300                           const struct tls_connection_params *params)
 301 {
 302 #ifdef CONFIG_TLS_INTERNAL_SERVER
 303         struct tls_global *global = tls_ctx;
 304         struct tlsv1_credentials *cred;
 305
 306         /* Currently, global parameters are only set when running in server
 307          * mode. */
 308         global->server = 1;
 309         tlsv1_cred_free(global->server_cred);
 310         global->server_cred = cred = tlsv1_cred_alloc();
 311         if (cred == NULL)
 312                 return -1;
 313
 314         if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
 315                               params->ca_cert_blob_len, params->ca_path)) {
 316                 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 317                            "certificates");
 318                 return -1;
 319         }
 320
 321         if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
 322                            params->client_cert_blob_len)) {
 323                 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
 324                            "certificate");
 325                 return -1;
 326         }
 327
 328         if (tlsv1_set_private_key(cred, params->private_key,
 329                                   params->private_key_passwd,
 330                                   params->private_key_blob,
 331                                   params->private_key_blob_len)) {
 332                 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 333                 return -1;
 334         }
 335
 336         if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
 337                                params->dh_blob_len)) {
 338                 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
 339                 return -1;
 340         }
 341
 342         if (params->ocsp_stapling_response)
 343                 cred->ocsp_stapling_response =
 344                         os_strdup(params->ocsp_stapling_response);
 345         if (params->ocsp_stapling_response_multi)
 346                 cred->ocsp_stapling_response_multi =
 347                         os_strdup(params->ocsp_stapling_response_multi);
 348
 349         return 0;
 350 #else /* CONFIG_TLS_INTERNAL_SERVER */
 351         return -1;
 352 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 353 }
 354
 355
 356 int tls_global_set_verify(void *tls_ctx, int check_crl)
 357 {
 358         struct tls_global *global = tls_ctx;
 359         global->check_crl = check_crl;
 360         return 0;
 361 }
 362
 363
 364 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
 365                               int verify_peer, unsigned int flags,
 366                               const u8 *session_ctx, size_t session_ctx_len)
 367 {
 368 #ifdef CONFIG_TLS_INTERNAL_SERVER
 369         if (conn->server)
 370                 return tlsv1_server_set_verify(conn->server, verify_peer);
 371 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 372         return -1;
 373 }
 374
 375
 376 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
 377                               struct tls_random *data)
 378 {
 379 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 380         if (conn->client)
 381                 return tlsv1_client_get_random(conn->client, data);
 382 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 383 #ifdef CONFIG_TLS_INTERNAL_SERVER
 384         if (conn->server)
 385                 return tlsv1_server_get_random(conn->server, data);
 386 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 387         return -1;
 388 }
 389
 390
 391 static int tls_get_keyblock_size(struct tls_connection *conn)
 392 {
 393 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 394         if (conn->client)
 395                 return tlsv1_client_get_keyblock_size(conn->client);
 396 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 397 #ifdef CONFIG_TLS_INTERNAL_SERVER
 398         if (conn->server)
 399                 return tlsv1_server_get_keyblock_size(conn->server);
 400 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 401         return -1;
 402 }
 403
 404
 405 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 406                               const char *label, int server_random_first,
 407                               int skip_keyblock, u8 *out, size_t out_len)
 408 {
 409         int ret = -1, skip = 0;
 410         u8 *tmp_out = NULL;
 411         u8 *_out = out;
 412
 413         if (skip_keyblock) {
 414                 skip = tls_get_keyblock_size(conn);
 415                 if (skip < 0)
 416                         return -1;
 417                 tmp_out = os_malloc(skip + out_len);
 418                 if (!tmp_out)
 419                         return -1;
 420                 _out = tmp_out;
 421         }
 422
 423 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 424         if (conn->client) {
 425                 ret = tlsv1_client_prf(conn->client, label,
 426                                        server_random_first,
 427                                        _out, skip + out_len);
 428         }
 429 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 430 #ifdef CONFIG_TLS_INTERNAL_SERVER
 431         if (conn->server) {
 432                 ret = tlsv1_server_prf(conn->server, label,
 433                                        server_random_first,
 434                                        _out, skip + out_len);
 435         }
 436 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 437         if (ret == 0 && skip_keyblock)
 438                 os_memcpy(out, _out + skip, out_len);
 439         bin_clear_free(tmp_out, skip);
 440
 441         return ret;
 442 }
 443
 444
 445 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
 446                               const char *label, u8 *out, size_t out_len)
 447 {
 448         return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len);
 449 }
 450
 451
 452 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
 453                                     u8 *out, size_t out_len)
 454 {
 455         return tls_connection_prf(tls_ctx, conn, "key expansion", 1, 1, out,
 456                                   out_len);
 457 }
 458
 459
 460 struct wpabuf * tls_connection_handshake(void *tls_ctx,
 461                                          struct tls_connection *conn,
 462                                          const struct wpabuf *in_data,
 463                                          struct wpabuf **appl_data)
 464 {
 465         return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
 466                                          NULL);
 467 }
 468
 469
 470 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
 471                                           struct tls_connection *conn,
 472                                           const struct wpabuf *in_data,
 473                                           struct wpabuf **appl_data,
 474                                           int *need_more_data)
 475 {
 476 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 477         u8 *res, *ad;
 478         size_t res_len, ad_len;
 479         struct wpabuf *out;
 480
 481         if (conn->client == NULL)
 482                 return NULL;
 483
 484         ad = NULL;
 485         res = tlsv1_client_handshake(conn->client,
 486                                      in_data ? wpabuf_head(in_data) : NULL,
 487                                      in_data ? wpabuf_len(in_data) : 0,
 488                                      &res_len, &ad, &ad_len, need_more_data);
 489         if (res == NULL)
 490                 return NULL;
 491         out = wpabuf_alloc_ext_data(res, res_len);
 492         if (out == NULL) {
 493                 os_free(res);
 494                 os_free(ad);
 495                 return NULL;
 496         }
 497         if (appl_data) {
 498                 if (ad) {
 499                         *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
 500                         if (*appl_data == NULL)
 501                                 os_free(ad);
 502                 } else
 503                         *appl_data = NULL;
 504         } else
 505                 os_free(ad);
 506
 507         return out;
 508 #else /* CONFIG_TLS_INTERNAL_CLIENT */
 509         return NULL;
 510 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 511 }
 512
 513
 514 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
 515                                                 struct tls_connection *conn,
 516                                                 const struct wpabuf *in_data,
 517                                                 struct wpabuf **appl_data)
 518 {
 519 #ifdef CONFIG_TLS_INTERNAL_SERVER
 520         u8 *res;
 521         size_t res_len;
 522         struct wpabuf *out;
 523
 524         if (conn->server == NULL)
 525                 return NULL;
 526
 527         if (appl_data)
 528                 *appl_data = NULL;
 529
 530         res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
 531                                      wpabuf_len(in_data), &res_len);
 532         if (res == NULL && tlsv1_server_established(conn->server))
 533                 return wpabuf_alloc(0);
 534         if (res == NULL)
 535                 return NULL;
 536         out = wpabuf_alloc_ext_data(res, res_len);
 537         if (out == NULL) {
 538                 os_free(res);
 539                 return NULL;
 540         }
 541
 542         return out;
 543 #else /* CONFIG_TLS_INTERNAL_SERVER */
 544         return NULL;
 545 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 546 }
 547
 548
 549 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
 550                                        struct tls_connection *conn,
 551                                        const struct wpabuf *in_data)
 552 {
 553 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 554         if (conn->client) {
 555                 struct wpabuf *buf;
 556                 int res;
 557                 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
 558                 if (buf == NULL)
 559                         return NULL;
 560                 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
 561                                            wpabuf_len(in_data),
 562                                            wpabuf_mhead(buf),
 563                                            wpabuf_size(buf));
 564                 if (res < 0) {
 565                         wpabuf_free(buf);
 566                         return NULL;
 567                 }
 568                 wpabuf_put(buf, res);
 569                 return buf;
 570         }
 571 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 572 #ifdef CONFIG_TLS_INTERNAL_SERVER
 573         if (conn->server) {
 574                 struct wpabuf *buf;
 575                 int res;
 576                 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
 577                 if (buf == NULL)
 578                         return NULL;
 579                 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
 580                                            wpabuf_len(in_data),
 581                                            wpabuf_mhead(buf),
 582                                            wpabuf_size(buf));
 583                 if (res < 0) {
 584                         wpabuf_free(buf);
 585                         return NULL;
 586                 }
 587                 wpabuf_put(buf, res);
 588                 return buf;
 589         }
 590 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 591         return NULL;
 592 }
 593
 594
 595 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
 596                                        struct tls_connection *conn,
 597                                        const struct wpabuf *in_data)
 598 {
 599         return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
 600 }
 601
 602
 603 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
 604                                         struct tls_connection *conn,
 605                                         const struct wpabuf *in_data,
 606                                         int *need_more_data)
 607 {
 608         if (need_more_data)
 609                 *need_more_data = 0;
 610
 611 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 612         if (conn->client) {
 613                 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
 614                                             wpabuf_len(in_data),
 615                                             need_more_data);
 616         }
 617 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 618 #ifdef CONFIG_TLS_INTERNAL_SERVER
 619         if (conn->server) {
 620                 struct wpabuf *buf;
 621                 int res;
 622                 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
 623                 if (buf == NULL)
 624                         return NULL;
 625                 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
 626                                            wpabuf_len(in_data),
 627                                            wpabuf_mhead(buf),
 628                                            wpabuf_size(buf));
 629                 if (res < 0) {
 630                         wpabuf_free(buf);
 631                         return NULL;
 632                 }
 633                 wpabuf_put(buf, res);
 634                 return buf;
 635         }
 636 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 637         return NULL;
 638 }
 639
 640
 641 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
 642 {
 643 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 644         if (conn->client)
 645                 return tlsv1_client_resumed(conn->client);
 646 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 647 #ifdef CONFIG_TLS_INTERNAL_SERVER
 648         if (conn->server)
 649                 return tlsv1_server_resumed(conn->server);
 650 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 651         return -1;
 652 }
 653
 654
 655 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 656                                    u8 *ciphers)
 657 {
 658 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 659         if (conn->client)
 660                 return tlsv1_client_set_cipher_list(conn->client, ciphers);
 661 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 662 #ifdef CONFIG_TLS_INTERNAL_SERVER
 663         if (conn->server)
 664                 return tlsv1_server_set_cipher_list(conn->server, ciphers);
 665 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 666         return -1;
 667 }
 668
 669
 670 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
 671                     char *buf, size_t buflen)
 672 {
 673         if (conn == NULL)
 674                 return -1;
 675 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 676         if (conn->client)
 677                 return tlsv1_client_get_version(conn->client, buf, buflen);
 678 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 679         return -1;
 680 }
 681
 682
 683 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
 684                    char *buf, size_t buflen)
 685 {
 686         if (conn == NULL)
 687                 return -1;
 688 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 689         if (conn->client)
 690                 return tlsv1_client_get_cipher(conn->client, buf, buflen);
 691 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 692 #ifdef CONFIG_TLS_INTERNAL_SERVER
 693         if (conn->server)
 694                 return tlsv1_server_get_cipher(conn->server, buf, buflen);
 695 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 696         return -1;
 697 }
 698
 699
 700 int tls_connection_enable_workaround(void *tls_ctx,
 701                                      struct tls_connection *conn)
 702 {
 703         return -1;
 704 }
 705
 706
 707 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
 708                                     int ext_type, const u8 *data,
 709                                     size_t data_len)
 710 {
 711 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 712         if (conn->client) {
 713                 return tlsv1_client_hello_ext(conn->client, ext_type,
 714                                               data, data_len);
 715         }
 716 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 717         return -1;
 718 }
 719
 720
 721 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
 722 {
 723         return 0;
 724 }
 725
 726
 727 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
 728 {
 729         return 0;
 730 }
 731
 732
 733 int tls_connection_get_write_alerts(void *tls_ctx,
 734                                     struct tls_connection *conn)
 735 {
 736         return 0;
 737 }
 738
 739
 740 int tls_connection_set_session_ticket_cb(void *tls_ctx,
 741                                          struct tls_connection *conn,
 742                                          tls_session_ticket_cb cb,
 743                                          void *ctx)
 744 {
 745 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 746         if (conn->client) {
 747                 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
 748                 return 0;
 749         }
 750 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 751 #ifdef CONFIG_TLS_INTERNAL_SERVER
 752         if (conn->server) {
 753                 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
 754                 return 0;
 755         }
 756 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 757         return -1;
 758 }
 759
 760
 761 int tls_get_library_version(char *buf, size_t buf_len)
 762 {
 763         return os_snprintf(buf, buf_len, "internal");
 764 }
 765
 766
 767 void tls_connection_set_success_data(struct tls_connection *conn,
 768                                      struct wpabuf *data)
 769 {
 770 }
 771
 772
 773 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
 774 {
 775 }
 776
 777
 778 const struct wpabuf *
 779 tls_connection_get_success_data(struct tls_connection *conn)
 780 {
 781         return NULL;
 782 }
 783
 784
 785 void tls_connection_remove_session(struct tls_connection *conn)
 786 {
 787 }