src/crypto/tls_internal.c

   1 /*
   2  * TLS interface functions and an internal TLS implementation
   3  * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  *
   8  * This file interface functions for hostapd/wpa_supplicant to use the
   9  * integrated TLSv1 implementation.
  10  */
  11
  12 #include "includes.h"
  13
  14 #include "common.h"
  15 #include "tls.h"
  16 #include "tls/tlsv1_client.h"
  17 #include "tls/tlsv1_server.h"
  18
  19
  20 static int tls_ref_count = 0;
  21
  22 struct tls_global {
  23         int server;
  24         struct tlsv1_credentials *server_cred;
  25         int check_crl;
  26
  27         void (*event_cb)(void *ctx, enum tls_event ev,
  28                          union tls_event_data *data);
  29         void *cb_ctx;
  30         int cert_in_cb;
  31 };
  32
  33 struct tls_connection {
  34         struct tlsv1_client *client;
  35         struct tlsv1_server *server;
  36         struct tls_global *global;
  37 };
  38
  39
  40 void * tls_init(const struct tls_config *conf)
  41 {
  42         struct tls_global *global;
  43
  44         if (tls_ref_count == 0) {
  45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
  46                 if (tlsv1_client_global_init())
  47                         return NULL;
  48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
  49 #ifdef CONFIG_TLS_INTERNAL_SERVER
  50                 if (tlsv1_server_global_init())
  51                         return NULL;
  52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  53         }
  54         tls_ref_count++;
  55
  56         global = os_zalloc(sizeof(*global));
  57         if (global == NULL)
  58                 return NULL;
  59         if (conf) {
  60                 global->event_cb = conf->event_cb;
  61                 global->cb_ctx = conf->cb_ctx;
  62                 global->cert_in_cb = conf->cert_in_cb;
  63         }
  64
  65         return global;
  66 }
  67
  68 void tls_deinit(void *ssl_ctx)
  69 {
  70         struct tls_global *global = ssl_ctx;
  71         tls_ref_count--;
  72         if (tls_ref_count == 0) {
  73 #ifdef CONFIG_TLS_INTERNAL_CLIENT
  74                 tlsv1_client_global_deinit();
  75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
  76 #ifdef CONFIG_TLS_INTERNAL_SERVER
  77                 tlsv1_server_global_deinit();
  78 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  79         }
  80 #ifdef CONFIG_TLS_INTERNAL_SERVER
  81         tlsv1_cred_free(global->server_cred);
  82 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  83         os_free(global);
  84 }
  85
  86
  87 int tls_get_errors(void *tls_ctx)
  88 {
  89         return 0;
  90 }
  91
  92
  93 struct tls_connection * tls_connection_init(void *tls_ctx)
  94 {
  95         struct tls_connection *conn;
  96         struct tls_global *global = tls_ctx;
  97
  98         conn = os_zalloc(sizeof(*conn));
  99         if (conn == NULL)
 100                 return NULL;
 101         conn->global = global;
 102
 103 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 104         if (!global->server) {
 105                 conn->client = tlsv1_client_init();
 106                 if (conn->client == NULL) {
 107                         os_free(conn);
 108                         return NULL;
 109                 }
 110                 tlsv1_client_set_cb(conn->client, global->event_cb,
 111                                     global->cb_ctx, global->cert_in_cb);
 112         }
 113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 114 #ifdef CONFIG_TLS_INTERNAL_SERVER
 115         if (global->server) {
 116                 conn->server = tlsv1_server_init(global->server_cred);
 117                 if (conn->server == NULL) {
 118                         os_free(conn);
 119                         return NULL;
 120                 }
 121         }
 122 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 123
 124         return conn;
 125 }
 126
 127
 128 #ifdef CONFIG_TESTING_OPTIONS
 129 #ifdef CONFIG_TLS_INTERNAL_SERVER
 130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
 131 {
 132         if (conn->server)
 133                 tlsv1_server_set_test_flags(conn->server, flags);
 134 }
 135 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 136 #endif /* CONFIG_TESTING_OPTIONS */
 137
 138
 139 void tls_connection_set_log_cb(struct tls_connection *conn,
 140                                void (*log_cb)(void *ctx, const char *msg),
 141                                void *ctx)
 142 {
 143 #ifdef CONFIG_TLS_INTERNAL_SERVER
 144         if (conn->server)
 145                 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
 146 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 147 }
 148
 149
 150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
 151 {
 152         if (conn == NULL)
 153                 return;
 154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 155         if (conn->client)
 156                 tlsv1_client_deinit(conn->client);
 157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 158 #ifdef CONFIG_TLS_INTERNAL_SERVER
 159         if (conn->server)
 160                 tlsv1_server_deinit(conn->server);
 161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 162         os_free(conn);
 163 }
 164
 165
 166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
 167 {
 168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 169         if (conn->client)
 170                 return tlsv1_client_established(conn->client);
 171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 172 #ifdef CONFIG_TLS_INTERNAL_SERVER
 173         if (conn->server)
 174                 return tlsv1_server_established(conn->server);
 175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 176         return 0;
 177 }
 178
 179
 180 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
 181 {
 182 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 183         if (conn->client)
 184                 return tlsv1_client_shutdown(conn->client);
 185 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 186 #ifdef CONFIG_TLS_INTERNAL_SERVER
 187         if (conn->server)
 188                 return tlsv1_server_shutdown(conn->server);
 189 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 190         return -1;
 191 }
 192
 193
 194 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 195                               const struct tls_connection_params *params)
 196 {
 197 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 198         struct tlsv1_credentials *cred;
 199
 200         if (conn->client == NULL)
 201                 return -1;
 202
 203         if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
 204                 wpa_printf(MSG_INFO,
 205                            "TLS: tls_ext_cert_check=1 not supported");
 206                 return -1;
 207         }
 208
 209         cred = tlsv1_cred_alloc();
 210         if (cred == NULL)
 211                 return -1;
 212
 213         if (params->subject_match) {
 214                 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
 215                 tlsv1_cred_free(cred);
 216                 return -1;
 217         }
 218
 219         if (params->altsubject_match) {
 220                 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
 221                 tlsv1_cred_free(cred);
 222                 return -1;
 223         }
 224
 225         if (params->suffix_match) {
 226                 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
 227                 tlsv1_cred_free(cred);
 228                 return -1;
 229         }
 230
 231         if (params->domain_match) {
 232                 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
 233                 tlsv1_cred_free(cred);
 234                 return -1;
 235         }
 236
 237         if (params->openssl_ciphers) {
 238                 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
 239                 tlsv1_cred_free(cred);
 240                 return -1;
 241         }
 242
 243         if (tlsv1_set_ca_cert(cred, params->ca_cert,
 244                               params->ca_cert_blob, params->ca_cert_blob_len,
 245                               params->ca_path)) {
 246                 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 247                            "certificates");
 248                 tlsv1_cred_free(cred);
 249                 return -1;
 250         }
 251
 252         if (tlsv1_set_cert(cred, params->client_cert,
 253                            params->client_cert_blob,
 254                            params->client_cert_blob_len)) {
 255                 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
 256                            "certificate");
 257                 tlsv1_cred_free(cred);
 258                 return -1;
 259         }
 260
 261         if (tlsv1_set_private_key(cred, params->private_key,
 262                                   params->private_key_passwd,
 263                                   params->private_key_blob,
 264                                   params->private_key_blob_len)) {
 265                 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 266                 tlsv1_cred_free(cred);
 267                 return -1;
 268         }
 269
 270         if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
 271                                params->dh_blob_len)) {
 272                 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
 273                 tlsv1_cred_free(cred);
 274                 return -1;
 275         }
 276
 277         if (tlsv1_client_set_cred(conn->client, cred) < 0) {
 278                 tlsv1_cred_free(cred);
 279                 return -1;
 280         }
 281
 282         tlsv1_client_set_flags(conn->client, params->flags);
 283
 284         return 0;
 285 #else /* CONFIG_TLS_INTERNAL_CLIENT */
 286         return -1;
 287 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 288 }
 289
 290
 291 int tls_global_set_params(void *tls_ctx,
 292                           const struct tls_connection_params *params)
 293 {
 294 #ifdef CONFIG_TLS_INTERNAL_SERVER
 295         struct tls_global *global = tls_ctx;
 296         struct tlsv1_credentials *cred;
 297
 298         /* Currently, global parameters are only set when running in server
 299          * mode. */
 300         global->server = 1;
 301         tlsv1_cred_free(global->server_cred);
 302         global->server_cred = cred = tlsv1_cred_alloc();
 303         if (cred == NULL)
 304                 return -1;
 305
 306         if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
 307                               params->ca_cert_blob_len, params->ca_path)) {
 308                 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 309                            "certificates");
 310                 return -1;
 311         }
 312
 313         if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
 314                            params->client_cert_blob_len)) {
 315                 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
 316                            "certificate");
 317                 return -1;
 318         }
 319
 320         if (tlsv1_set_private_key(cred, params->private_key,
 321                                   params->private_key_passwd,
 322                                   params->private_key_blob,
 323                                   params->private_key_blob_len)) {
 324                 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 325                 return -1;
 326         }
 327
 328         if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
 329                                params->dh_blob_len)) {
 330                 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
 331                 return -1;
 332         }
 333
 334         if (params->ocsp_stapling_response)
 335                 cred->ocsp_stapling_response =
 336                         os_strdup(params->ocsp_stapling_response);
 337         if (params->ocsp_stapling_response_multi)
 338                 cred->ocsp_stapling_response_multi =
 339                         os_strdup(params->ocsp_stapling_response_multi);
 340
 341         return 0;
 342 #else /* CONFIG_TLS_INTERNAL_SERVER */
 343         return -1;
 344 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 345 }
 346
 347
 348 int tls_global_set_verify(void *tls_ctx, int check_crl)
 349 {
 350         struct tls_global *global = tls_ctx;
 351         global->check_crl = check_crl;
 352         return 0;
 353 }
 354
 355
 356 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
 357                               int verify_peer, unsigned int flags,
 358                               const u8 *session_ctx, size_t session_ctx_len)
 359 {
 360 #ifdef CONFIG_TLS_INTERNAL_SERVER
 361         if (conn->server)
 362                 return tlsv1_server_set_verify(conn->server, verify_peer);
 363 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 364         return -1;
 365 }
 366
 367
 368 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
 369                               struct tls_random *data)
 370 {
 371 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 372         if (conn->client)
 373                 return tlsv1_client_get_random(conn->client, data);
 374 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 375 #ifdef CONFIG_TLS_INTERNAL_SERVER
 376         if (conn->server)
 377                 return tlsv1_server_get_random(conn->server, data);
 378 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 379         return -1;
 380 }
 381
 382
 383 static int tls_get_keyblock_size(struct tls_connection *conn)
 384 {
 385 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 386         if (conn->client)
 387                 return tlsv1_client_get_keyblock_size(conn->client);
 388 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 389 #ifdef CONFIG_TLS_INTERNAL_SERVER
 390         if (conn->server)
 391                 return tlsv1_server_get_keyblock_size(conn->server);
 392 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 393         return -1;
 394 }
 395
 396
 397 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 398                        const char *label, int server_random_first,
 399                        int skip_keyblock, u8 *out, size_t out_len)
 400 {
 401         int ret = -1, skip = 0;
 402         u8 *tmp_out = NULL;
 403         u8 *_out = out;
 404
 405         if (skip_keyblock) {
 406                 skip = tls_get_keyblock_size(conn);
 407                 if (skip < 0)
 408                         return -1;
 409                 tmp_out = os_malloc(skip + out_len);
 410                 if (!tmp_out)
 411                         return -1;
 412                 _out = tmp_out;
 413         }
 414
 415 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 416         if (conn->client) {
 417                 ret = tlsv1_client_prf(conn->client, label,
 418                                        server_random_first,
 419                                        _out, skip + out_len);
 420         }
 421 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 422 #ifdef CONFIG_TLS_INTERNAL_SERVER
 423         if (conn->server) {
 424                 ret = tlsv1_server_prf(conn->server, label,
 425                                        server_random_first,
 426                                        _out, skip + out_len);
 427         }
 428 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 429         if (ret == 0 && skip_keyblock)
 430                 os_memcpy(out, _out + skip, out_len);
 431         bin_clear_free(tmp_out, skip);
 432
 433         return ret;
 434 }
 435
 436
 437 struct wpabuf * tls_connection_handshake(void *tls_ctx,
 438                                          struct tls_connection *conn,
 439                                          const struct wpabuf *in_data,
 440                                          struct wpabuf **appl_data)
 441 {
 442         return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
 443                                          NULL);
 444 }
 445
 446
 447 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
 448                                           struct tls_connection *conn,
 449                                           const struct wpabuf *in_data,
 450                                           struct wpabuf **appl_data,
 451                                           int *need_more_data)
 452 {
 453 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 454         u8 *res, *ad;
 455         size_t res_len, ad_len;
 456         struct wpabuf *out;
 457
 458         if (conn->client == NULL)
 459                 return NULL;
 460
 461         ad = NULL;
 462         res = tlsv1_client_handshake(conn->client,
 463                                      in_data ? wpabuf_head(in_data) : NULL,
 464                                      in_data ? wpabuf_len(in_data) : 0,
 465                                      &res_len, &ad, &ad_len, need_more_data);
 466         if (res == NULL)
 467                 return NULL;
 468         out = wpabuf_alloc_ext_data(res, res_len);
 469         if (out == NULL) {
 470                 os_free(res);
 471                 os_free(ad);
 472                 return NULL;
 473         }
 474         if (appl_data) {
 475                 if (ad) {
 476                         *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
 477                         if (*appl_data == NULL)
 478                                 os_free(ad);
 479                 } else
 480                         *appl_data = NULL;
 481         } else
 482                 os_free(ad);
 483
 484         return out;
 485 #else /* CONFIG_TLS_INTERNAL_CLIENT */
 486         return NULL;
 487 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 488 }
 489
 490
 491 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
 492                                                 struct tls_connection *conn,
 493                                                 const struct wpabuf *in_data,
 494                                                 struct wpabuf **appl_data)
 495 {
 496 #ifdef CONFIG_TLS_INTERNAL_SERVER
 497         u8 *res;
 498         size_t res_len;
 499         struct wpabuf *out;
 500
 501         if (conn->server == NULL)
 502                 return NULL;
 503
 504         if (appl_data)
 505                 *appl_data = NULL;
 506
 507         res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
 508                                      wpabuf_len(in_data), &res_len);
 509         if (res == NULL && tlsv1_server_established(conn->server))
 510                 return wpabuf_alloc(0);
 511         if (res == NULL)
 512                 return NULL;
 513         out = wpabuf_alloc_ext_data(res, res_len);
 514         if (out == NULL) {
 515                 os_free(res);
 516                 return NULL;
 517         }
 518
 519         return out;
 520 #else /* CONFIG_TLS_INTERNAL_SERVER */
 521         return NULL;
 522 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 523 }
 524
 525
 526 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
 527                                        struct tls_connection *conn,
 528                                        const struct wpabuf *in_data)
 529 {
 530 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 531         if (conn->client) {
 532                 struct wpabuf *buf;
 533                 int res;
 534                 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
 535                 if (buf == NULL)
 536                         return NULL;
 537                 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
 538                                            wpabuf_len(in_data),
 539                                            wpabuf_mhead(buf),
 540                                            wpabuf_size(buf));
 541                 if (res < 0) {
 542                         wpabuf_free(buf);
 543                         return NULL;
 544                 }
 545                 wpabuf_put(buf, res);
 546                 return buf;
 547         }
 548 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 549 #ifdef CONFIG_TLS_INTERNAL_SERVER
 550         if (conn->server) {
 551                 struct wpabuf *buf;
 552                 int res;
 553                 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
 554                 if (buf == NULL)
 555                         return NULL;
 556                 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
 557                                            wpabuf_len(in_data),
 558                                            wpabuf_mhead(buf),
 559                                            wpabuf_size(buf));
 560                 if (res < 0) {
 561                         wpabuf_free(buf);
 562                         return NULL;
 563                 }
 564                 wpabuf_put(buf, res);
 565                 return buf;
 566         }
 567 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 568         return NULL;
 569 }
 570
 571
 572 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
 573                                        struct tls_connection *conn,
 574                                        const struct wpabuf *in_data)
 575 {
 576         return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
 577 }
 578
 579
 580 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
 581                                         struct tls_connection *conn,
 582                                         const struct wpabuf *in_data,
 583                                         int *need_more_data)
 584 {
 585         if (need_more_data)
 586                 *need_more_data = 0;
 587
 588 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 589         if (conn->client) {
 590                 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
 591                                             wpabuf_len(in_data),
 592                                             need_more_data);
 593         }
 594 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 595 #ifdef CONFIG_TLS_INTERNAL_SERVER
 596         if (conn->server) {
 597                 struct wpabuf *buf;
 598                 int res;
 599                 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
 600                 if (buf == NULL)
 601                         return NULL;
 602                 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
 603                                            wpabuf_len(in_data),
 604                                            wpabuf_mhead(buf),
 605                                            wpabuf_size(buf));
 606                 if (res < 0) {
 607                         wpabuf_free(buf);
 608                         return NULL;
 609                 }
 610                 wpabuf_put(buf, res);
 611                 return buf;
 612         }
 613 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 614         return NULL;
 615 }
 616
 617
 618 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
 619 {
 620 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 621         if (conn->client)
 622                 return tlsv1_client_resumed(conn->client);
 623 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 624 #ifdef CONFIG_TLS_INTERNAL_SERVER
 625         if (conn->server)
 626                 return tlsv1_server_resumed(conn->server);
 627 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 628         return -1;
 629 }
 630
 631
 632 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 633                                    u8 *ciphers)
 634 {
 635 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 636         if (conn->client)
 637                 return tlsv1_client_set_cipher_list(conn->client, ciphers);
 638 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 639 #ifdef CONFIG_TLS_INTERNAL_SERVER
 640         if (conn->server)
 641                 return tlsv1_server_set_cipher_list(conn->server, ciphers);
 642 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 643         return -1;
 644 }
 645
 646
 647 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
 648                     char *buf, size_t buflen)
 649 {
 650         if (conn == NULL)
 651                 return -1;
 652 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 653         if (conn->client)
 654                 return tlsv1_client_get_version(conn->client, buf, buflen);
 655 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 656         return -1;
 657 }
 658
 659
 660 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
 661                    char *buf, size_t buflen)
 662 {
 663         if (conn == NULL)
 664                 return -1;
 665 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 666         if (conn->client)
 667                 return tlsv1_client_get_cipher(conn->client, buf, buflen);
 668 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 669 #ifdef CONFIG_TLS_INTERNAL_SERVER
 670         if (conn->server)
 671                 return tlsv1_server_get_cipher(conn->server, buf, buflen);
 672 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 673         return -1;
 674 }
 675
 676
 677 int tls_connection_enable_workaround(void *tls_ctx,
 678                                      struct tls_connection *conn)
 679 {
 680         return -1;
 681 }
 682
 683
 684 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
 685                                     int ext_type, const u8 *data,
 686                                     size_t data_len)
 687 {
 688 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 689         if (conn->client) {
 690                 return tlsv1_client_hello_ext(conn->client, ext_type,
 691                                               data, data_len);
 692         }
 693 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 694         return -1;
 695 }
 696
 697
 698 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
 699 {
 700         return 0;
 701 }
 702
 703
 704 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
 705 {
 706         return 0;
 707 }
 708
 709
 710 int tls_connection_get_write_alerts(void *tls_ctx,
 711                                     struct tls_connection *conn)
 712 {
 713         return 0;
 714 }
 715
 716
 717 int tls_connection_set_session_ticket_cb(void *tls_ctx,
 718                                          struct tls_connection *conn,
 719                                          tls_session_ticket_cb cb,
 720                                          void *ctx)
 721 {
 722 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 723         if (conn->client) {
 724                 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
 725                 return 0;
 726         }
 727 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 728 #ifdef CONFIG_TLS_INTERNAL_SERVER
 729         if (conn->server) {
 730                 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
 731                 return 0;
 732         }
 733 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 734         return -1;
 735 }
 736
 737
 738 int tls_get_library_version(char *buf, size_t buf_len)
 739 {
 740         return os_snprintf(buf, buf_len, "internal");
 741 }
 742
 743
 744 void tls_connection_set_success_data(struct tls_connection *conn,
 745                                      struct wpabuf *data)
 746 {
 747 }
 748
 749
 750 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
 751 {
 752 }
 753
 754
 755 const struct wpabuf *
 756 tls_connection_get_success_data(struct tls_connection *conn)
 757 {
 758         return NULL;
 759 }
 760
 761
 762 void tls_connection_remove_session(struct tls_connection *conn)
 763 {
 764 }