libeap/src/crypto/tls_internal.c

   1 /*
   2  * TLS interface functions and an internal TLS implementation
   3  * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  *
   8  * This file interface functions for hostapd/wpa_supplicant to use the
   9  * integrated TLSv1 implementation.
  10  */
  11
  12 #include "includes.h"
  13
  14 #include "common.h"
  15 #include "tls.h"
  16 #include "tls/tlsv1_client.h"
  17 #include "tls/tlsv1_server.h"
  18
  19
  20 static int tls_ref_count = 0;
  21
  22 struct tls_global {
  23         int server;
  24         struct tlsv1_credentials *server_cred;
  25         int check_crl;
  26
  27         void (*event_cb)(void *ctx, enum tls_event ev,
  28                          union tls_event_data *data);
  29         void *cb_ctx;
  30         int cert_in_cb;
  31 };
  32
  33 struct tls_connection {
  34         struct tlsv1_client *client;
  35         struct tlsv1_server *server;
  36         struct tls_global *global;
  37 };
  38
  39
  40 void * tls_init(const struct tls_config *conf)
  41 {
  42         struct tls_global *global;
  43
  44         if (tls_ref_count == 0) {
  45 #ifdef CONFIG_TLS_INTERNAL_CLIENT
  46                 if (tlsv1_client_global_init())
  47                         return NULL;
  48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
  49 #ifdef CONFIG_TLS_INTERNAL_SERVER
  50                 if (tlsv1_server_global_init())
  51                         return NULL;
  52 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  53         }
  54         tls_ref_count++;
  55
  56         global = os_zalloc(sizeof(*global));
  57         if (global == NULL)
  58                 return NULL;
  59         if (conf) {
  60                 global->event_cb = conf->event_cb;
  61                 global->cb_ctx = conf->cb_ctx;
  62                 global->cert_in_cb = conf->cert_in_cb;
  63         }
  64
  65         return global;
  66 }
  67
  68 void tls_deinit(void *ssl_ctx)
  69 {
  70         struct tls_global *global = ssl_ctx;
  71         tls_ref_count--;
  72         if (tls_ref_count == 0) {
  73 #ifdef CONFIG_TLS_INTERNAL_CLIENT
  74                 tlsv1_client_global_deinit();
  75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
  76 #ifdef CONFIG_TLS_INTERNAL_SERVER
  77                 tlsv1_server_global_deinit();
  78 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  79         }
  80 #ifdef CONFIG_TLS_INTERNAL_SERVER
  81         tlsv1_cred_free(global->server_cred);
  82 #endif /* CONFIG_TLS_INTERNAL_SERVER */
  83         os_free(global);
  84 }
  85
  86
  87 int tls_get_errors(void *tls_ctx)
  88 {
  89         return 0;
  90 }
  91
  92
  93 struct tls_connection * tls_connection_init(void *tls_ctx)
  94 {
  95         struct tls_connection *conn;
  96         struct tls_global *global = tls_ctx;
  97
  98         conn = os_zalloc(sizeof(*conn));
  99         if (conn == NULL)
 100                 return NULL;
 101         conn->global = global;
 102
 103 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 104         if (!global->server) {
 105                 conn->client = tlsv1_client_init();
 106                 if (conn->client == NULL) {
 107                         os_free(conn);
 108                         return NULL;
 109                 }
 110                 tlsv1_client_set_cb(conn->client, global->event_cb,
 111                                     global->cb_ctx, global->cert_in_cb);
 112         }
 113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 114 #ifdef CONFIG_TLS_INTERNAL_SERVER
 115         if (global->server) {
 116                 conn->server = tlsv1_server_init(global->server_cred);
 117                 if (conn->server == NULL) {
 118                         os_free(conn);
 119                         return NULL;
 120                 }
 121         }
 122 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 123
 124         return conn;
 125 }
 126
 127
 128 #ifdef CONFIG_TESTING_OPTIONS
 129 #ifdef CONFIG_TLS_INTERNAL_SERVER
 130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags)
 131 {
 132         if (conn->server)
 133                 tlsv1_server_set_test_flags(conn->server, flags);
 134 }
 135 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 136 #endif /* CONFIG_TESTING_OPTIONS */
 137
 138
 139 void tls_connection_set_log_cb(struct tls_connection *conn,
 140                                void (*log_cb)(void *ctx, const char *msg),
 141                                void *ctx)
 142 {
 143 #ifdef CONFIG_TLS_INTERNAL_SERVER
 144         if (conn->server)
 145                 tlsv1_server_set_log_cb(conn->server, log_cb, ctx);
 146 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 147 }
 148
 149
 150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
 151 {
 152         if (conn == NULL)
 153                 return;
 154 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 155         if (conn->client)
 156                 tlsv1_client_deinit(conn->client);
 157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 158 #ifdef CONFIG_TLS_INTERNAL_SERVER
 159         if (conn->server)
 160                 tlsv1_server_deinit(conn->server);
 161 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 162         os_free(conn);
 163 }
 164
 165
 166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
 167 {
 168 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 169         if (conn->client)
 170                 return tlsv1_client_established(conn->client);
 171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 172 #ifdef CONFIG_TLS_INTERNAL_SERVER
 173         if (conn->server)
 174                 return tlsv1_server_established(conn->server);
 175 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 176         return 0;
 177 }
 178
 179
 180 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
 181 {
 182 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 183         if (conn->client)
 184                 return tlsv1_client_shutdown(conn->client);
 185 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 186 #ifdef CONFIG_TLS_INTERNAL_SERVER
 187         if (conn->server)
 188                 return tlsv1_server_shutdown(conn->server);
 189 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 190         return -1;
 191 }
 192
 193
 194 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 195                               const struct tls_connection_params *params)
 196 {
 197 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 198         struct tlsv1_credentials *cred;
 199
 200         if (conn->client == NULL)
 201                 return -1;
 202
 203         if (params->flags & TLS_CONN_EXT_CERT_CHECK) {
 204                 wpa_printf(MSG_INFO,
 205                            "TLS: tls_ext_cert_check=1 not supported");
 206                 return -1;
 207         }
 208
 209         cred = tlsv1_cred_alloc();
 210         if (cred == NULL)
 211                 return -1;
 212
 213         if (params->subject_match) {
 214                 wpa_printf(MSG_INFO, "TLS: subject_match not supported");
 215                 tlsv1_cred_free(cred);
 216                 return -1;
 217         }
 218
 219         if (params->altsubject_match) {
 220                 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
 221                 tlsv1_cred_free(cred);
 222                 return -1;
 223         }
 224
 225         if (params->suffix_match) {
 226                 wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
 227                 tlsv1_cred_free(cred);
 228                 return -1;
 229         }
 230
 231         if (params->domain_match) {
 232                 wpa_printf(MSG_INFO, "TLS: domain_match not supported");
 233                 tlsv1_cred_free(cred);
 234                 return -1;
 235         }
 236
 237         if (params->openssl_ciphers) {
 238                 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported");
 239                 tlsv1_cred_free(cred);
 240                 return -1;
 241         }
 242
 243         if (tlsv1_set_ca_cert(cred, params->ca_cert,
 244                               params->ca_cert_blob, params->ca_cert_blob_len,
 245                               params->ca_path)) {
 246                 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 247                            "certificates");
 248                 tlsv1_cred_free(cred);
 249                 return -1;
 250         }
 251
 252         if (tlsv1_set_cert(cred, params->client_cert,
 253                            params->client_cert_blob,
 254                            params->client_cert_blob_len)) {
 255                 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
 256                            "certificate");
 257                 tlsv1_cred_free(cred);
 258                 return -1;
 259         }
 260
 261         if (tlsv1_set_private_key(cred, params->private_key,
 262                                   params->private_key_passwd,
 263                                   params->private_key_blob,
 264                                   params->private_key_blob_len)) {
 265                 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 266                 tlsv1_cred_free(cred);
 267                 return -1;
 268         }
 269
 270         if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
 271                                params->dh_blob_len)) {
 272                 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
 273                 tlsv1_cred_free(cred);
 274                 return -1;
 275         }
 276
 277         if (tlsv1_client_set_cred(conn->client, cred) < 0) {
 278                 tlsv1_cred_free(cred);
 279                 return -1;
 280         }
 281
 282         tlsv1_client_set_flags(conn->client, params->flags);
 283
 284         return 0;
 285 #else /* CONFIG_TLS_INTERNAL_CLIENT */
 286         return -1;
 287 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 288 }
 289
 290
 291 int tls_global_set_params(void *tls_ctx,
 292                           const struct tls_connection_params *params)
 293 {
 294 #ifdef CONFIG_TLS_INTERNAL_SERVER
 295         struct tls_global *global = tls_ctx;
 296         struct tlsv1_credentials *cred;
 297
 298         /* Currently, global parameters are only set when running in server
 299          * mode. */
 300         global->server = 1;
 301         tlsv1_cred_free(global->server_cred);
 302         global->server_cred = cred = tlsv1_cred_alloc();
 303         if (cred == NULL)
 304                 return -1;
 305
 306         if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
 307                               params->ca_cert_blob_len, params->ca_path)) {
 308                 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
 309                            "certificates");
 310                 return -1;
 311         }
 312
 313         if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
 314                            params->client_cert_blob_len)) {
 315                 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
 316                            "certificate");
 317                 return -1;
 318         }
 319
 320         if (tlsv1_set_private_key(cred, params->private_key,
 321                                   params->private_key_passwd,
 322                                   params->private_key_blob,
 323                                   params->private_key_blob_len)) {
 324                 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
 325                 return -1;
 326         }
 327
 328         if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
 329                                params->dh_blob_len)) {
 330                 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
 331                 return -1;
 332         }
 333
 334         if (params->ocsp_stapling_response)
 335                 cred->ocsp_stapling_response =
 336                         os_strdup(params->ocsp_stapling_response);
 337         if (params->ocsp_stapling_response_multi)
 338                 cred->ocsp_stapling_response_multi =
 339                         os_strdup(params->ocsp_stapling_response_multi);
 340
 341         return 0;
 342 #else /* CONFIG_TLS_INTERNAL_SERVER */
 343         return -1;
 344 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 345 }
 346
 347
 348 int tls_global_set_verify(void *tls_ctx, int check_crl)
 349 {
 350         struct tls_global *global = tls_ctx;
 351         global->check_crl = check_crl;
 352         return 0;
 353 }
 354
 355
 356 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
 357                               int verify_peer, unsigned int flags,
 358                               const u8 *session_ctx, size_t session_ctx_len)
 359 {
 360 #ifdef CONFIG_TLS_INTERNAL_SERVER
 361         if (conn->server)
 362                 return tlsv1_server_set_verify(conn->server, verify_peer);
 363 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 364         return -1;
 365 }
 366
 367
 368 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
 369                               struct tls_random *data)
 370 {
 371 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 372         if (conn->client)
 373                 return tlsv1_client_get_random(conn->client, data);
 374 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 375 #ifdef CONFIG_TLS_INTERNAL_SERVER
 376         if (conn->server)
 377                 return tlsv1_server_get_random(conn->server, data);
 378 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 379         return -1;
 380 }
 381
 382
 383 static int tls_get_keyblock_size(struct tls_connection *conn)
 384 {
 385 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 386         if (conn->client)
 387                 return tlsv1_client_get_keyblock_size(conn->client);
 388 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 389 #ifdef CONFIG_TLS_INTERNAL_SERVER
 390         if (conn->server)
 391                 return tlsv1_server_get_keyblock_size(conn->server);
 392 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 393         return -1;
 394 }
 395
 396
 397 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
 398                               const char *label, int server_random_first,
 399                               int skip_keyblock, u8 *out, size_t out_len)
 400 {
 401         int ret = -1, skip = 0;
 402         u8 *tmp_out = NULL;
 403         u8 *_out = out;
 404
 405         if (skip_keyblock) {
 406                 skip = tls_get_keyblock_size(conn);
 407                 if (skip < 0)
 408                         return -1;
 409                 tmp_out = os_malloc(skip + out_len);
 410                 if (!tmp_out)
 411                         return -1;
 412                 _out = tmp_out;
 413         }
 414
 415 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 416         if (conn->client) {
 417                 ret = tlsv1_client_prf(conn->client, label,
 418                                        server_random_first,
 419                                        _out, skip + out_len);
 420         }
 421 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 422 #ifdef CONFIG_TLS_INTERNAL_SERVER
 423         if (conn->server) {
 424                 ret = tlsv1_server_prf(conn->server, label,
 425                                        server_random_first,
 426                                        _out, skip + out_len);
 427         }
 428 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 429         if (ret == 0 && skip_keyblock)
 430                 os_memcpy(out, _out + skip, out_len);
 431         bin_clear_free(tmp_out, skip);
 432
 433         return ret;
 434 }
 435
 436
 437 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
 438                               const char *label, u8 *out, size_t out_len)
 439 {
 440         return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len);
 441 }
 442
 443
 444 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
 445                                     u8 *out, size_t out_len)
 446 {
 447         return tls_connection_prf(tls_ctx, conn, "key expansion", 1, 1, out,
 448                                   out_len);
 449 }
 450
 451
 452 struct wpabuf * tls_connection_handshake(void *tls_ctx,
 453                                          struct tls_connection *conn,
 454                                          const struct wpabuf *in_data,
 455                                          struct wpabuf **appl_data)
 456 {
 457         return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
 458                                          NULL);
 459 }
 460
 461
 462 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
 463                                           struct tls_connection *conn,
 464                                           const struct wpabuf *in_data,
 465                                           struct wpabuf **appl_data,
 466                                           int *need_more_data)
 467 {
 468 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 469         u8 *res, *ad;
 470         size_t res_len, ad_len;
 471         struct wpabuf *out;
 472
 473         if (conn->client == NULL)
 474                 return NULL;
 475
 476         ad = NULL;
 477         res = tlsv1_client_handshake(conn->client,
 478                                      in_data ? wpabuf_head(in_data) : NULL,
 479                                      in_data ? wpabuf_len(in_data) : 0,
 480                                      &res_len, &ad, &ad_len, need_more_data);
 481         if (res == NULL)
 482                 return NULL;
 483         out = wpabuf_alloc_ext_data(res, res_len);
 484         if (out == NULL) {
 485                 os_free(res);
 486                 os_free(ad);
 487                 return NULL;
 488         }
 489         if (appl_data) {
 490                 if (ad) {
 491                         *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
 492                         if (*appl_data == NULL)
 493                                 os_free(ad);
 494                 } else
 495                         *appl_data = NULL;
 496         } else
 497                 os_free(ad);
 498
 499         return out;
 500 #else /* CONFIG_TLS_INTERNAL_CLIENT */
 501         return NULL;
 502 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 503 }
 504
 505
 506 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
 507                                                 struct tls_connection *conn,
 508                                                 const struct wpabuf *in_data,
 509                                                 struct wpabuf **appl_data)
 510 {
 511 #ifdef CONFIG_TLS_INTERNAL_SERVER
 512         u8 *res;
 513         size_t res_len;
 514         struct wpabuf *out;
 515
 516         if (conn->server == NULL)
 517                 return NULL;
 518
 519         if (appl_data)
 520                 *appl_data = NULL;
 521
 522         res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
 523                                      wpabuf_len(in_data), &res_len);
 524         if (res == NULL && tlsv1_server_established(conn->server))
 525                 return wpabuf_alloc(0);
 526         if (res == NULL)
 527                 return NULL;
 528         out = wpabuf_alloc_ext_data(res, res_len);
 529         if (out == NULL) {
 530                 os_free(res);
 531                 return NULL;
 532         }
 533
 534         return out;
 535 #else /* CONFIG_TLS_INTERNAL_SERVER */
 536         return NULL;
 537 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 538 }
 539
 540
 541 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
 542                                        struct tls_connection *conn,
 543                                        const struct wpabuf *in_data)
 544 {
 545 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 546         if (conn->client) {
 547                 struct wpabuf *buf;
 548                 int res;
 549                 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
 550                 if (buf == NULL)
 551                         return NULL;
 552                 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
 553                                            wpabuf_len(in_data),
 554                                            wpabuf_mhead(buf),
 555                                            wpabuf_size(buf));
 556                 if (res < 0) {
 557                         wpabuf_free(buf);
 558                         return NULL;
 559                 }
 560                 wpabuf_put(buf, res);
 561                 return buf;
 562         }
 563 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 564 #ifdef CONFIG_TLS_INTERNAL_SERVER
 565         if (conn->server) {
 566                 struct wpabuf *buf;
 567                 int res;
 568                 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
 569                 if (buf == NULL)
 570                         return NULL;
 571                 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
 572                                            wpabuf_len(in_data),
 573                                            wpabuf_mhead(buf),
 574                                            wpabuf_size(buf));
 575                 if (res < 0) {
 576                         wpabuf_free(buf);
 577                         return NULL;
 578                 }
 579                 wpabuf_put(buf, res);
 580                 return buf;
 581         }
 582 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 583         return NULL;
 584 }
 585
 586
 587 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
 588                                        struct tls_connection *conn,
 589                                        const struct wpabuf *in_data)
 590 {
 591         return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
 592 }
 593
 594
 595 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
 596                                         struct tls_connection *conn,
 597                                         const struct wpabuf *in_data,
 598                                         int *need_more_data)
 599 {
 600         if (need_more_data)
 601                 *need_more_data = 0;
 602
 603 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 604         if (conn->client) {
 605                 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
 606                                             wpabuf_len(in_data),
 607                                             need_more_data);
 608         }
 609 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 610 #ifdef CONFIG_TLS_INTERNAL_SERVER
 611         if (conn->server) {
 612                 struct wpabuf *buf;
 613                 int res;
 614                 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
 615                 if (buf == NULL)
 616                         return NULL;
 617                 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
 618                                            wpabuf_len(in_data),
 619                                            wpabuf_mhead(buf),
 620                                            wpabuf_size(buf));
 621                 if (res < 0) {
 622                         wpabuf_free(buf);
 623                         return NULL;
 624                 }
 625                 wpabuf_put(buf, res);
 626                 return buf;
 627         }
 628 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 629         return NULL;
 630 }
 631
 632
 633 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
 634 {
 635 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 636         if (conn->client)
 637                 return tlsv1_client_resumed(conn->client);
 638 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 639 #ifdef CONFIG_TLS_INTERNAL_SERVER
 640         if (conn->server)
 641                 return tlsv1_server_resumed(conn->server);
 642 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 643         return -1;
 644 }
 645
 646
 647 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 648                                    u8 *ciphers)
 649 {
 650 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 651         if (conn->client)
 652                 return tlsv1_client_set_cipher_list(conn->client, ciphers);
 653 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 654 #ifdef CONFIG_TLS_INTERNAL_SERVER
 655         if (conn->server)
 656                 return tlsv1_server_set_cipher_list(conn->server, ciphers);
 657 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 658         return -1;
 659 }
 660
 661
 662 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
 663                     char *buf, size_t buflen)
 664 {
 665         if (conn == NULL)
 666                 return -1;
 667 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 668         if (conn->client)
 669                 return tlsv1_client_get_version(conn->client, buf, buflen);
 670 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 671         return -1;
 672 }
 673
 674
 675 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
 676                    char *buf, size_t buflen)
 677 {
 678         if (conn == NULL)
 679                 return -1;
 680 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 681         if (conn->client)
 682                 return tlsv1_client_get_cipher(conn->client, buf, buflen);
 683 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 684 #ifdef CONFIG_TLS_INTERNAL_SERVER
 685         if (conn->server)
 686                 return tlsv1_server_get_cipher(conn->server, buf, buflen);
 687 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 688         return -1;
 689 }
 690
 691
 692 int tls_connection_enable_workaround(void *tls_ctx,
 693                                      struct tls_connection *conn)
 694 {
 695         return -1;
 696 }
 697
 698
 699 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
 700                                     int ext_type, const u8 *data,
 701                                     size_t data_len)
 702 {
 703 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 704         if (conn->client) {
 705                 return tlsv1_client_hello_ext(conn->client, ext_type,
 706                                               data, data_len);
 707         }
 708 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 709         return -1;
 710 }
 711
 712
 713 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
 714 {
 715         return 0;
 716 }
 717
 718
 719 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
 720 {
 721         return 0;
 722 }
 723
 724
 725 int tls_connection_get_write_alerts(void *tls_ctx,
 726                                     struct tls_connection *conn)
 727 {
 728         return 0;
 729 }
 730
 731
 732 int tls_connection_set_session_ticket_cb(void *tls_ctx,
 733                                          struct tls_connection *conn,
 734                                          tls_session_ticket_cb cb,
 735                                          void *ctx)
 736 {
 737 #ifdef CONFIG_TLS_INTERNAL_CLIENT
 738         if (conn->client) {
 739                 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
 740                 return 0;
 741         }
 742 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
 743 #ifdef CONFIG_TLS_INTERNAL_SERVER
 744         if (conn->server) {
 745                 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
 746                 return 0;
 747         }
 748 #endif /* CONFIG_TLS_INTERNAL_SERVER */
 749         return -1;
 750 }
 751
 752
 753 int tls_get_library_version(char *buf, size_t buf_len)
 754 {
 755         return os_snprintf(buf, buf_len, "internal");
 756 }
 757
 758
 759 void tls_connection_set_success_data(struct tls_connection *conn,
 760                                      struct wpabuf *data)
 761 {
 762 }
 763
 764
 765 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
 766 {
 767 }
 768
 769
 770 const struct wpabuf *
 771 tls_connection_get_success_data(struct tls_connection *conn)
 772 {
 773         return NULL;
 774 }
 775
 776
 777 void tls_connection_remove_session(struct tls_connection *conn)
 778 {
 779 }