contrib/wpa/src/crypto/tls_internal.c

   1 /*
   2  * TLS interface functions and an internal TLS implementation
   3  * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  *
   8  * This file interface functions for hostapd/wpa_supplicant to use the
   9  * integrated TLSv1 implementation.
  10  */
  11
  12 #include "includes.h"
  13
  14 #include "common.h"
  15 #include "tls.h"
  16 #include "tls/tlsv1_client.h"
  17 #include "tls/tlsv1_server.h"
  18
  19
  20 static int tls_ref_count = 0;
  21
  22 struct tls_global {
  23         int server;
  24         struct tlsv1_credentials *server_cred;
  25         int check_crl;
  26
  27         void (*event_cb)(void *ctx, enum tls_event ev,
  28                          union tls_event_data *data);
  29         void *cb_ctx;
  30         int cert_in_cb;
  31 };
  32
  33 struct tls_connection {
  34         struct tlsv1_client *client;
  35         struct tlsv1_server *server;
  36         struct tls_global *global;
  37 };
  38
  39
  40 void * tls_init(const struct tls_config *conf)
  41 {
  42         struct tls_global *global;
  43
  44         if (tls_ref_count == 0) {
  45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
  46                 if (tlsv1_client_global_init())
  47                         return NULL;
  48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
  49 #ifdef CONFIG_TLS_INTERNAL_SERVER
  50                 if (tlsv1_server_global_init())
  51                         return NULL;
  52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  53         }
  54         tls_ref_count++;
  55
  56         global = os_zalloc(sizeof(*global));
  57         if (global == NULL)
  58                 return NULL;
  59         if (conf) {
  60                 global->event_cb = conf->event_cb;
  61                 global->cb_ctx = conf->cb_ctx;
  62                 global->cert_in_cb = conf->cert_in_cb;
  63         }
  64
  65         return global;
  66 }
  67
  68 void tls_deinit(void *ssl_ctx)
  69 {
  70         struct tls_global *global = ssl_ctx;
  71         tls_ref_count--;
  72         if (tls_ref_count == 0) {
  73 #ifdef CONFIG_TLS_INTERNAL_CLIENT
  74                 tlsv1_client_global_deinit();
  75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
  76 #ifdef CONFIG_TLS_INTERNAL_SERVER
  77                 tlsv1_server_global_deinit();
  78 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  79         }
  80 #ifdef CONFIG_TLS_INTERNAL_SERVER
  81         tlsv1_cred_free(global->server_cred);
  82 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  83         os_free(global);
  84 }
  85
  86
  87 int tls_get_errors(void *tls_ctx)
  88 {
  89         return 0;
  90 }
  91
  92
  93 struct tls_connection * tls_connection_init(void *tls_ctx)
  94 {
  95         struct tls_connection *conn;
  96         struct tls_global *global = tls_ctx;
  97
  98         conn = os_zalloc(sizeof(*conn));
  99         if (conn == NULL)
 100                 return NULL;
 101         conn->global = global;
 102
 103 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 104         if (!global->server) {
 105                 conn->client = tlsv1_client_init();
 106                 if (conn->client == NULL) {
 107                         os_free(conn);
 108                         return NULL;
 109                 }
 110                 tlsv1_client_set_cb(conn->client, global->event_cb,
 111                                     global->cb_ctx, global->cert_in_cb);
 112         }
 113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 114 #ifdef CONFIG_TLS_INTERNAL_SERVER
 115         if (global->server) {
 116                 conn->server = tlsv1_server_init(global->server_cred);
 117                 if (conn->server == NULL) {
 118                         os_free(conn);
 119                         return NULL;
 120                 }
 121         }
 122 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 123
 124         return conn;
 125 }
 126
 127
 128 #ifdef CONFIG_TESTING_OPTIONS
 129 #ifdef CONFIG_TLS_INTERNAL_SERVER
 130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
 131 {
 132         if (conn->server)
 133                 tlsv1_server_set_test_flags(conn->server, flags);
 134 }
 135 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 136 #endif /* CONFIG_TESTING_OPTIONS */
 137
 138
 139 void tls_connection_set_log_cb(struct tls_connection *conn,
 140                                void (*log_cb)(void *ctx, const char *msg),
 141                                void *ctx)
 142 {
 143 #ifdef CONFIG_TLS_INTERNAL_SERVER
 144         if (conn->server)
 145                 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
 146 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 147 }
 148
 149
 150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
 151 {
 152         if (conn == NULL)
 153                 return;
 154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 155         if (conn->client)
 156                 tlsv1_client_deinit(conn->client);
 157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 158 #ifdef CONFIG_TLS_INTERNAL_SERVER
 159         if (conn->server)
 160                 tlsv1_server_deinit(conn->server);
 161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 162         os_free(conn);
 163 }
 164
 165
 166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
 167 {
 168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 169         if (conn->client)
 170                 return tlsv1_client_established(conn->client);
 171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 172 #ifdef CONFIG_TLS_INTERNAL_SERVER
 173         if (conn->server)
 174                 return tlsv1_server_established(conn->server);
 175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 176         return 0;
 177 }
 178
 179
 180 char * tls_connection_peer_serial_num(void *tls_ctx,
 181                                       struct tls_connection *conn)
 182 {
 183         /* TODO */
 184         return NULL;
 185 }
 186
 187
 188 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
 189 {
 190 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 191         if (conn->client)
 192                 return tlsv1_client_shutdown(conn->client);
 193 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 194 #ifdef CONFIG_TLS_INTERNAL_SERVER
 195         if (conn->server)
 196                 return tlsv1_server_shutdown(conn->server);
 197 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 198         return -1;
 199 }
 200
 201
 202 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 203                               const struct tls_connection_params *params)
 204 {
 205 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 206         struct tlsv1_credentials *cred;
 207
 208         if (conn->client == NULL)
 209                 return -1;
 210
 211         if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
 212                 wpa_printf(MSG_INFO,
 213                            "TLS: tls_ext_cert_check=1 not supported");
 214                 return -1;
 215         }
 216
 217         cred = tlsv1_cred_alloc();
 218         if (cred == NULL)
 219                 return -1;
 220
 221         if (params->subject_match) {
 222                 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
 223                 tlsv1_cred_free(cred);
 224                 return -1;
 225         }
 226
 227         if (params->altsubject_match) {
 228                 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
 229                 tlsv1_cred_free(cred);
 230                 return -1;
 231         }
 232
 233         if (params->suffix_match) {
 234                 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
 235                 tlsv1_cred_free(cred);
 236                 return -1;
 237         }
 238
 239         if (params->domain_match) {
 240                 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
 241                 tlsv1_cred_free(cred);
 242                 return -1;
 243         }
 244
 245         if (params->openssl_ciphers) {
 246                 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
 247                 tlsv1_cred_free(cred);
 248                 return -1;
 249         }
 250
 251         if (params->openssl_ecdh_curves) {
 252                 wpa_printf(MSG_INFO, "TLS: openssl_ecdh_curves not supported");
 253                 tlsv1_cred_free(cred);
 254                 return -1;
 255         }
 256
 257         if (tlsv1_set_ca_cert(cred, params->ca_cert,
 258                               params->ca_cert_blob, params->ca_cert_blob_len,
 259                               params->ca_path)) {
 260                 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 261                            "certificates");
 262                 tlsv1_cred_free(cred);
 263                 return -1;
 264         }
 265
 266         if (tlsv1_set_cert(cred, params->client_cert,
 267                            params->client_cert_blob,
 268                            params->client_cert_blob_len)) {
 269                 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
 270                            "certificate");
 271                 tlsv1_cred_free(cred);
 272                 return -1;
 273         }
 274
 275         if (tlsv1_set_private_key(cred, params->private_key,
 276                                   params->private_key_passwd,
 277                                   params->private_key_blob,
 278                                   params->private_key_blob_len)) {
 279                 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 280                 tlsv1_cred_free(cred);
 281                 return -1;
 282         }
 283
 284         if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
 285                                params->dh_blob_len)) {
 286                 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
 287                 tlsv1_cred_free(cred);
 288                 return -1;
 289         }
 290
 291         if (tlsv1_client_set_cred(conn->client, cred) < 0) {
 292                 tlsv1_cred_free(cred);
 293                 return -1;
 294         }
 295
 296         tlsv1_client_set_flags(conn->client, params->flags);
 297
 298         return 0;
 299 #else /* CONFIG_TLS_INTERNAL_CLIENT */
 300         return -1;
 301 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 302 }
 303
 304
 305 int tls_global_set_params(void *tls_ctx,
 306                           const struct tls_connection_params *params)
 307 {
 308 #ifdef CONFIG_TLS_INTERNAL_SERVER
 309         struct tls_global *global = tls_ctx;
 310         struct tlsv1_credentials *cred;
 311
 312         if (params->check_cert_subject)
 313                 return -1; /* not yet supported */
 314
 315         /* Currently, global parameters are only set when running in server
 316          * mode. */
 317         global->server = 1;
 318         tlsv1_cred_free(global->server_cred);
 319         global->server_cred = cred = tlsv1_cred_alloc();
 320         if (cred == NULL)
 321                 return -1;
 322
 323         if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
 324                               params->ca_cert_blob_len, params->ca_path)) {
 325                 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 326                            "certificates");
 327                 return -1;
 328         }
 329
 330         if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
 331                            params->client_cert_blob_len)) {
 332                 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
 333                            "certificate");
 334                 return -1;
 335         }
 336
 337         if (tlsv1_set_private_key(cred, params->private_key,
 338                                   params->private_key_passwd,
 339                                   params->private_key_blob,
 340                                   params->private_key_blob_len)) {
 341                 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 342                 return -1;
 343         }
 344
 345         if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
 346                                params->dh_blob_len)) {
 347                 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
 348                 return -1;
 349         }
 350
 351         if (params->ocsp_stapling_response)
 352                 cred->ocsp_stapling_response =
 353                         os_strdup(params->ocsp_stapling_response);
 354         if (params->ocsp_stapling_response_multi)
 355                 cred->ocsp_stapling_response_multi =
 356                         os_strdup(params->ocsp_stapling_response_multi);
 357
 358         return 0;
 359 #else /* CONFIG_TLS_INTERNAL_SERVER */
 360         return -1;
 361 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 362 }
 363
 364
 365 int tls_global_set_verify(void *tls_ctx, int check_crl, int strict)
 366 {
 367         struct tls_global *global = tls_ctx;
 368         global->check_crl = check_crl;
 369         return 0;
 370 }
 371
 372
 373 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
 374                               int verify_peer, unsigned int flags,
 375                               const u8 *session_ctx, size_t session_ctx_len)
 376 {
 377 #ifdef CONFIG_TLS_INTERNAL_SERVER
 378         if (conn->server)
 379                 return tlsv1_server_set_verify(conn->server, verify_peer);
 380 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 381         return -1;
 382 }
 383
 384
 385 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
 386                               struct tls_random *data)
 387 {
 388 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 389         if (conn->client)
 390                 return tlsv1_client_get_random(conn->client, data);
 391 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 392 #ifdef CONFIG_TLS_INTERNAL_SERVER
 393         if (conn->server)
 394                 return tlsv1_server_get_random(conn->server, data);
 395 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 396         return -1;
 397 }
 398
 399
 400 static int tls_get_keyblock_size(struct tls_connection *conn)
 401 {
 402 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 403         if (conn->client)
 404                 return tlsv1_client_get_keyblock_size(conn->client);
 405 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 406 #ifdef CONFIG_TLS_INTERNAL_SERVER
 407         if (conn->server)
 408                 return tlsv1_server_get_keyblock_size(conn->server);
 409 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 410         return -1;
 411 }
 412
 413
 414 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 415                               const char *label, const u8 *context,
 416                               size_t context_len, int server_random_first,
 417                               int skip_keyblock, u8 *out, size_t out_len)
 418 {
 419         int ret = -1, skip = 0;
 420         u8 *tmp_out = NULL;
 421         u8 *_out = out;
 422
 423         if (skip_keyblock) {
 424                 skip = tls_get_keyblock_size(conn);
 425                 if (skip < 0)
 426                         return -1;
 427                 tmp_out = os_malloc(skip + out_len);
 428                 if (!tmp_out)
 429                         return -1;
 430                 _out = tmp_out;
 431         }
 432
 433 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 434         if (conn->client) {
 435                 ret = tlsv1_client_prf(conn->client, label, context,
 436                                        context_len, server_random_first,
 437                                        _out, skip + out_len);
 438         }
 439 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 440 #ifdef CONFIG_TLS_INTERNAL_SERVER
 441         if (conn->server) {
 442                 ret = tlsv1_server_prf(conn->server, label, context,
 443                                        context_len, server_random_first,
 444                                        _out, skip + out_len);
 445         }
 446 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 447         if (ret == 0 && skip_keyblock)
 448                 os_memcpy(out, _out + skip, out_len);
 449         bin_clear_free(tmp_out, skip);
 450
 451         return ret;
 452 }
 453
 454
 455 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
 456                               const char *label, const u8 *context,
 457                               size_t context_len, u8 *out, size_t out_len)
 458 {
 459         return tls_connection_prf(tls_ctx, conn, label, context, context_len,
 460                                   0, 0, out, out_len);
 461 }
 462
 463
 464 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
 465                                     u8 *out, size_t out_len)
 466 {
 467         return tls_connection_prf(tls_ctx, conn, "key expansion", NULL, 0,
 468                                   1, 1, out, out_len);
 469 }
 470
 471
 472 struct wpabuf * tls_connection_handshake(void *tls_ctx,
 473                                          struct tls_connection *conn,
 474                                          const struct wpabuf *in_data,
 475                                          struct wpabuf **appl_data)
 476 {
 477         return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
 478                                          NULL);
 479 }
 480
 481
 482 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
 483                                           struct tls_connection *conn,
 484                                           const struct wpabuf *in_data,
 485                                           struct wpabuf **appl_data,
 486                                           int *need_more_data)
 487 {
 488 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 489         u8 *res, *ad;
 490         size_t res_len, ad_len;
 491         struct wpabuf *out;
 492
 493         if (conn->client == NULL)
 494                 return NULL;
 495
 496         ad = NULL;
 497         res = tlsv1_client_handshake(conn->client,
 498                                      in_data ? wpabuf_head(in_data) : NULL,
 499                                      in_data ? wpabuf_len(in_data) : 0,
 500                                      &res_len, &ad, &ad_len, need_more_data);
 501         if (res == NULL)
 502                 return NULL;
 503         out = wpabuf_alloc_ext_data(res, res_len);
 504         if (out == NULL) {
 505                 os_free(res);
 506                 os_free(ad);
 507                 return NULL;
 508         }
 509         if (appl_data) {
 510                 if (ad) {
 511                         *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
 512                         if (*appl_data == NULL)
 513                                 os_free(ad);
 514                 } else
 515                         *appl_data = NULL;
 516         } else
 517                 os_free(ad);
 518
 519         return out;
 520 #else /* CONFIG_TLS_INTERNAL_CLIENT */
 521         return NULL;
 522 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 523 }
 524
 525
 526 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
 527                                                 struct tls_connection *conn,
 528                                                 const struct wpabuf *in_data,
 529                                                 struct wpabuf **appl_data)
 530 {
 531 #ifdef CONFIG_TLS_INTERNAL_SERVER
 532         u8 *res;
 533         size_t res_len;
 534         struct wpabuf *out;
 535
 536         if (conn->server == NULL)
 537                 return NULL;
 538
 539         if (appl_data)
 540                 *appl_data = NULL;
 541
 542         res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
 543                                      wpabuf_len(in_data), &res_len);
 544         if (res == NULL && tlsv1_server_established(conn->server))
 545                 return wpabuf_alloc(0);
 546         if (res == NULL)
 547                 return NULL;
 548         out = wpabuf_alloc_ext_data(res, res_len);
 549         if (out == NULL) {
 550                 os_free(res);
 551                 return NULL;
 552         }
 553
 554         return out;
 555 #else /* CONFIG_TLS_INTERNAL_SERVER */
 556         return NULL;
 557 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 558 }
 559
 560
 561 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
 562                                        struct tls_connection *conn,
 563                                        const struct wpabuf *in_data)
 564 {
 565 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 566         if (conn->client) {
 567                 struct wpabuf *buf;
 568                 int res;
 569                 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
 570                 if (buf == NULL)
 571                         return NULL;
 572                 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
 573                                            wpabuf_len(in_data),
 574                                            wpabuf_mhead(buf),
 575                                            wpabuf_size(buf));
 576                 if (res < 0) {
 577                         wpabuf_free(buf);
 578                         return NULL;
 579                 }
 580                 wpabuf_put(buf, res);
 581                 return buf;
 582         }
 583 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 584 #ifdef CONFIG_TLS_INTERNAL_SERVER
 585         if (conn->server) {
 586                 struct wpabuf *buf;
 587                 int res;
 588                 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
 589                 if (buf == NULL)
 590                         return NULL;
 591                 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
 592                                            wpabuf_len(in_data),
 593                                            wpabuf_mhead(buf),
 594                                            wpabuf_size(buf));
 595                 if (res < 0) {
 596                         wpabuf_free(buf);
 597                         return NULL;
 598                 }
 599                 wpabuf_put(buf, res);
 600                 return buf;
 601         }
 602 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 603         return NULL;
 604 }
 605
 606
 607 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
 608                                        struct tls_connection *conn,
 609                                        const struct wpabuf *in_data)
 610 {
 611         return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
 612 }
 613
 614
 615 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
 616                                         struct tls_connection *conn,
 617                                         const struct wpabuf *in_data,
 618                                         int *need_more_data)
 619 {
 620         if (need_more_data)
 621                 *need_more_data = 0;
 622
 623 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 624         if (conn->client) {
 625                 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
 626                                             wpabuf_len(in_data),
 627                                             need_more_data);
 628         }
 629 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 630 #ifdef CONFIG_TLS_INTERNAL_SERVER
 631         if (conn->server) {
 632                 struct wpabuf *buf;
 633                 int res;
 634                 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
 635                 if (buf == NULL)
 636                         return NULL;
 637                 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
 638                                            wpabuf_len(in_data),
 639                                            wpabuf_mhead(buf),
 640                                            wpabuf_size(buf));
 641                 if (res < 0) {
 642                         wpabuf_free(buf);
 643                         return NULL;
 644                 }
 645                 wpabuf_put(buf, res);
 646                 return buf;
 647         }
 648 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 649         return NULL;
 650 }
 651
 652
 653 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
 654 {
 655 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 656         if (conn->client)
 657                 return tlsv1_client_resumed(conn->client);
 658 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 659 #ifdef CONFIG_TLS_INTERNAL_SERVER
 660         if (conn->server)
 661                 return tlsv1_server_resumed(conn->server);
 662 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 663         return -1;
 664 }
 665
 666
 667 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 668                                    u8 *ciphers)
 669 {
 670 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 671         if (conn->client)
 672                 return tlsv1_client_set_cipher_list(conn->client, ciphers);
 673 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 674 #ifdef CONFIG_TLS_INTERNAL_SERVER
 675         if (conn->server)
 676                 return tlsv1_server_set_cipher_list(conn->server, ciphers);
 677 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 678         return -1;
 679 }
 680
 681
 682 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
 683                     char *buf, size_t buflen)
 684 {
 685         if (conn == NULL)
 686                 return -1;
 687 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 688         if (conn->client)
 689                 return tlsv1_client_get_version(conn->client, buf, buflen);
 690 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 691         return -1;
 692 }
 693
 694
 695 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
 696                    char *buf, size_t buflen)
 697 {
 698         if (conn == NULL)
 699                 return -1;
 700 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 701         if (conn->client)
 702                 return tlsv1_client_get_cipher(conn->client, buf, buflen);
 703 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 704 #ifdef CONFIG_TLS_INTERNAL_SERVER
 705         if (conn->server)
 706                 return tlsv1_server_get_cipher(conn->server, buf, buflen);
 707 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 708         return -1;
 709 }
 710
 711
 712 int tls_connection_enable_workaround(void *tls_ctx,
 713                                      struct tls_connection *conn)
 714 {
 715         return -1;
 716 }
 717
 718
 719 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
 720                                     int ext_type, const u8 *data,
 721                                     size_t data_len)
 722 {
 723 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 724         if (conn->client) {
 725                 return tlsv1_client_hello_ext(conn->client, ext_type,
 726                                               data, data_len);
 727         }
 728 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 729         return -1;
 730 }
 731
 732
 733 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
 734 {
 735 #ifdef CONFIG_TLS_INTERNAL_SERVER
 736         if (conn->server)
 737                 return tlsv1_server_get_failed(conn->server);
 738 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 739         return 0;
 740 }
 741
 742
 743 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
 744 {
 745 #ifdef CONFIG_TLS_INTERNAL_SERVER
 746         if (conn->server)
 747                 return tlsv1_server_get_read_alerts(conn->server);
 748 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 749         return 0;
 750 }
 751
 752
 753 int tls_connection_get_write_alerts(void *tls_ctx,
 754                                     struct tls_connection *conn)
 755 {
 756 #ifdef CONFIG_TLS_INTERNAL_SERVER
 757         if (conn->server)
 758                 return tlsv1_server_get_write_alerts(conn->server);
 759 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 760         return 0;
 761 }
 762
 763
 764 int tls_connection_set_session_ticket_cb(void *tls_ctx,
 765                                          struct tls_connection *conn,
 766                                          tls_session_ticket_cb cb,
 767                                          void *ctx)
 768 {
 769 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 770         if (conn->client) {
 771                 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
 772                 return 0;
 773         }
 774 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 775 #ifdef CONFIG_TLS_INTERNAL_SERVER
 776         if (conn->server) {
 777                 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
 778                 return 0;
 779         }
 780 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 781         return -1;
 782 }
 783
 784
 785 int tls_get_library_version(char *buf, size_t buf_len)
 786 {
 787         return os_snprintf(buf, buf_len, "internal");
 788 }
 789
 790
 791 void tls_connection_set_success_data(struct tls_connection *conn,
 792                                      struct wpabuf *data)
 793 {
 794 }
 795
 796
 797 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
 798 {
 799 }
 800
 801
 802 const struct wpabuf *
 803 tls_connection_get_success_data(struct tls_connection *conn)
 804 {
 805         return NULL;
 806 }
 807
 808
 809 void tls_connection_remove_session(struct tls_connection *conn)
 810 {
 811 }