1 /* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the 9 * integrated TLSv1 implementation. 10 */ 11 12 #include "includes.h" 13 14 #include "common.h" 15 #include "tls.h" 16 #include "tls/tlsv1_client.h" 17 #include "tls/tlsv1_server.h" 18 19 20 static int tls_ref_count = 0; 21 22 struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl; 26 27 void (*event_cb)(void *ctx, enum tls_event ev, 28 union tls_event_data *data); 29 void *cb_ctx; 30 int cert_in_cb; 31 }; 32 33 struct tls_connection { 34 struct tlsv1_client *client; 35 struct tlsv1_server *server; 36 struct tls_global *global; 37 }; 38 39 40 void * tls_init(const struct tls_config *conf) 41 { 42 struct tls_global *global; 43 44 if (tls_ref_count == 0) { 45 #ifdef CONFIG_TLS_INTERNAL_CLIENT 46 if (tlsv1_client_global_init()) 47 return NULL; 48 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 49 #ifdef CONFIG_TLS_INTERNAL_SERVER 50 if (tlsv1_server_global_init()) 51 return NULL; 52 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 53 } 54 tls_ref_count++; 55 56 global = os_zalloc(sizeof(*global)); 57 if (global == NULL) 58 return NULL; 59 if (conf) { 60 global->event_cb = conf->event_cb; 61 global->cb_ctx = conf->cb_ctx; 62 global->cert_in_cb = conf->cert_in_cb; 63 } 64 65 return global; 66 } 67 68 void tls_deinit(void *ssl_ctx) 69 { 70 struct tls_global *global = ssl_ctx; 71 tls_ref_count--; 72 if (tls_ref_count == 0) { 73 #ifdef CONFIG_TLS_INTERNAL_CLIENT 74 tlsv1_client_global_deinit(); 75 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76 #ifdef CONFIG_TLS_INTERNAL_SERVER 77 tlsv1_server_global_deinit(); 78 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 79 } 80 #ifdef CONFIG_TLS_INTERNAL_SERVER 81 tlsv1_cred_free(global->server_cred); 82 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 83 os_free(global); 84 } 85 86 87 int tls_get_errors(void *tls_ctx) 88 { 89 return 0; 90 } 91 92 93 struct tls_connection * tls_connection_init(void *tls_ctx) 94 { 95 struct tls_connection *conn; 96 struct tls_global *global = tls_ctx; 97 98 conn = os_zalloc(sizeof(*conn)); 99 if (conn == NULL) 100 return NULL; 101 conn->global = global; 102 103 #ifdef CONFIG_TLS_INTERNAL_CLIENT 104 if (!global->server) { 105 conn->client = tlsv1_client_init(); 106 if (conn->client == NULL) { 107 os_free(conn); 108 return NULL; 109 } 110 tlsv1_client_set_cb(conn->client, global->event_cb, 111 global->cb_ctx, global->cert_in_cb); 112 } 113 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 114 #ifdef CONFIG_TLS_INTERNAL_SERVER 115 if (global->server) { 116 conn->server = tlsv1_server_init(global->server_cred); 117 if (conn->server == NULL) { 118 os_free(conn); 119 return NULL; 120 } 121 } 122 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 123 124 return conn; 125 } 126 127 128 #ifdef CONFIG_TESTING_OPTIONS 129 #ifdef CONFIG_TLS_INTERNAL_SERVER 130 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags) 131 { 132 if (conn->server) 133 tlsv1_server_set_test_flags(conn->server, flags); 134 } 135 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 136 #endif /* CONFIG_TESTING_OPTIONS */ 137 138 139 void tls_connection_set_log_cb(struct tls_connection *conn, 140 void (*log_cb)(void *ctx, const char *msg), 141 void *ctx) 142 { 143 #ifdef CONFIG_TLS_INTERNAL_SERVER 144 if (conn->server) 145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx); 146 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 147 } 148 149 150 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 151 { 152 if (conn == NULL) 153 return; 154 #ifdef CONFIG_TLS_INTERNAL_CLIENT 155 if (conn->client) 156 tlsv1_client_deinit(conn->client); 157 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 158 #ifdef CONFIG_TLS_INTERNAL_SERVER 159 if (conn->server) 160 tlsv1_server_deinit(conn->server); 161 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 162 os_free(conn); 163 } 164 165 166 int tls_connection_established(void *tls_ctx, struct tls_connection *conn) 167 { 168 #ifdef CONFIG_TLS_INTERNAL_CLIENT 169 if (conn->client) 170 return tlsv1_client_established(conn->client); 171 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 172 #ifdef CONFIG_TLS_INTERNAL_SERVER 173 if (conn->server) 174 return tlsv1_server_established(conn->server); 175 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 176 return 0; 177 } 178 179 180 char * tls_connection_peer_serial_num(void *tls_ctx, 181 struct tls_connection *conn) 182 { 183 /* TODO */ 184 return NULL; 185 } 186 187 188 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 189 { 190 #ifdef CONFIG_TLS_INTERNAL_CLIENT 191 if (conn->client) 192 return tlsv1_client_shutdown(conn->client); 193 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 194 #ifdef CONFIG_TLS_INTERNAL_SERVER 195 if (conn->server) 196 return tlsv1_server_shutdown(conn->server); 197 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 198 return -1; 199 } 200 201 202 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 203 const struct tls_connection_params *params) 204 { 205 #ifdef CONFIG_TLS_INTERNAL_CLIENT 206 struct tlsv1_credentials *cred; 207 208 if (conn->client == NULL) 209 return -1; 210 211 if (params->flags & TLS_CONN_EXT_CERT_CHECK) { 212 wpa_printf(MSG_INFO, 213 "TLS: tls_ext_cert_check=1 not supported"); 214 return -1; 215 } 216 217 cred = tlsv1_cred_alloc(); 218 if (cred == NULL) 219 return -1; 220 221 if (params->subject_match) { 222 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 223 tlsv1_cred_free(cred); 224 return -1; 225 } 226 227 if (params->altsubject_match) { 228 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported"); 229 tlsv1_cred_free(cred); 230 return -1; 231 } 232 233 if (params->suffix_match) { 234 wpa_printf(MSG_INFO, "TLS: suffix_match not supported"); 235 tlsv1_cred_free(cred); 236 return -1; 237 } 238 239 if (params->domain_match) { 240 wpa_printf(MSG_INFO, "TLS: domain_match not supported"); 241 tlsv1_cred_free(cred); 242 return -1; 243 } 244 245 if (params->openssl_ciphers) { 246 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported"); 247 tlsv1_cred_free(cred); 248 return -1; 249 } 250 251 if (tlsv1_set_ca_cert(cred, params->ca_cert, 252 params->ca_cert_blob, params->ca_cert_blob_len, 253 params->ca_path)) { 254 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 255 "certificates"); 256 tlsv1_cred_free(cred); 257 return -1; 258 } 259 260 if (tlsv1_set_cert(cred, params->client_cert, 261 params->client_cert_blob, 262 params->client_cert_blob_len)) { 263 wpa_printf(MSG_INFO, "TLS: Failed to configure client " 264 "certificate"); 265 tlsv1_cred_free(cred); 266 return -1; 267 } 268 269 if (tlsv1_set_private_key(cred, params->private_key, 270 params->private_key_passwd, 271 params->private_key_blob, 272 params->private_key_blob_len)) { 273 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 274 tlsv1_cred_free(cred); 275 return -1; 276 } 277 278 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 279 params->dh_blob_len)) { 280 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 281 tlsv1_cred_free(cred); 282 return -1; 283 } 284 285 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 286 tlsv1_cred_free(cred); 287 return -1; 288 } 289 290 tlsv1_client_set_flags(conn->client, params->flags); 291 292 return 0; 293 #else /* CONFIG_TLS_INTERNAL_CLIENT */ 294 return -1; 295 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 296 } 297 298 299 int tls_global_set_params(void *tls_ctx, 300 const struct tls_connection_params *params) 301 { 302 #ifdef CONFIG_TLS_INTERNAL_SERVER 303 struct tls_global *global = tls_ctx; 304 struct tlsv1_credentials *cred; 305 306 /* Currently, global parameters are only set when running in server 307 * mode. */ 308 global->server = 1; 309 tlsv1_cred_free(global->server_cred); 310 global->server_cred = cred = tlsv1_cred_alloc(); 311 if (cred == NULL) 312 return -1; 313 314 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob, 315 params->ca_cert_blob_len, params->ca_path)) { 316 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 317 "certificates"); 318 return -1; 319 } 320 321 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob, 322 params->client_cert_blob_len)) { 323 wpa_printf(MSG_INFO, "TLS: Failed to configure server " 324 "certificate"); 325 return -1; 326 } 327 328 if (tlsv1_set_private_key(cred, params->private_key, 329 params->private_key_passwd, 330 params->private_key_blob, 331 params->private_key_blob_len)) { 332 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 333 return -1; 334 } 335 336 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 337 params->dh_blob_len)) { 338 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 339 return -1; 340 } 341 342 if (params->ocsp_stapling_response) 343 cred->ocsp_stapling_response = 344 os_strdup(params->ocsp_stapling_response); 345 if (params->ocsp_stapling_response_multi) 346 cred->ocsp_stapling_response_multi = 347 os_strdup(params->ocsp_stapling_response_multi); 348 349 return 0; 350 #else /* CONFIG_TLS_INTERNAL_SERVER */ 351 return -1; 352 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 353 } 354 355 356 int tls_global_set_verify(void *tls_ctx, int check_crl) 357 { 358 struct tls_global *global = tls_ctx; 359 global->check_crl = check_crl; 360 return 0; 361 } 362 363 364 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 365 int verify_peer, unsigned int flags, 366 const u8 *session_ctx, size_t session_ctx_len) 367 { 368 #ifdef CONFIG_TLS_INTERNAL_SERVER 369 if (conn->server) 370 return tlsv1_server_set_verify(conn->server, verify_peer); 371 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 372 return -1; 373 } 374 375 376 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, 377 struct tls_random *data) 378 { 379 #ifdef CONFIG_TLS_INTERNAL_CLIENT 380 if (conn->client) 381 return tlsv1_client_get_random(conn->client, data); 382 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 383 #ifdef CONFIG_TLS_INTERNAL_SERVER 384 if (conn->server) 385 return tlsv1_server_get_random(conn->server, data); 386 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 387 return -1; 388 } 389 390 391 static int tls_get_keyblock_size(struct tls_connection *conn) 392 { 393 #ifdef CONFIG_TLS_INTERNAL_CLIENT 394 if (conn->client) 395 return tlsv1_client_get_keyblock_size(conn->client); 396 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 397 #ifdef CONFIG_TLS_INTERNAL_SERVER 398 if (conn->server) 399 return tlsv1_server_get_keyblock_size(conn->server); 400 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 401 return -1; 402 } 403 404 405 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 406 const char *label, int server_random_first, 407 int skip_keyblock, u8 *out, size_t out_len) 408 { 409 int ret = -1, skip = 0; 410 u8 *tmp_out = NULL; 411 u8 *_out = out; 412 413 if (skip_keyblock) { 414 skip = tls_get_keyblock_size(conn); 415 if (skip < 0) 416 return -1; 417 tmp_out = os_malloc(skip + out_len); 418 if (!tmp_out) 419 return -1; 420 _out = tmp_out; 421 } 422 423 #ifdef CONFIG_TLS_INTERNAL_CLIENT 424 if (conn->client) { 425 ret = tlsv1_client_prf(conn->client, label, 426 server_random_first, 427 _out, skip + out_len); 428 } 429 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 430 #ifdef CONFIG_TLS_INTERNAL_SERVER 431 if (conn->server) { 432 ret = tlsv1_server_prf(conn->server, label, 433 server_random_first, 434 _out, skip + out_len); 435 } 436 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 437 if (ret == 0 && skip_keyblock) 438 os_memcpy(out, _out + skip, out_len); 439 bin_clear_free(tmp_out, skip); 440 441 return ret; 442 } 443 444 445 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, 446 const char *label, u8 *out, size_t out_len) 447 { 448 return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len); 449 } 450 451 452 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, 453 u8 *out, size_t out_len) 454 { 455 return tls_connection_prf(tls_ctx, conn, "key expansion", 1, 1, out, 456 out_len); 457 } 458 459 460 struct wpabuf * tls_connection_handshake(void *tls_ctx, 461 struct tls_connection *conn, 462 const struct wpabuf *in_data, 463 struct wpabuf **appl_data) 464 { 465 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 466 NULL); 467 } 468 469 470 struct wpabuf * tls_connection_handshake2(void *tls_ctx, 471 struct tls_connection *conn, 472 const struct wpabuf *in_data, 473 struct wpabuf **appl_data, 474 int *need_more_data) 475 { 476 #ifdef CONFIG_TLS_INTERNAL_CLIENT 477 u8 *res, *ad; 478 size_t res_len, ad_len; 479 struct wpabuf *out; 480 481 if (conn->client == NULL) 482 return NULL; 483 484 ad = NULL; 485 res = tlsv1_client_handshake(conn->client, 486 in_data ? wpabuf_head(in_data) : NULL, 487 in_data ? wpabuf_len(in_data) : 0, 488 &res_len, &ad, &ad_len, need_more_data); 489 if (res == NULL) 490 return NULL; 491 out = wpabuf_alloc_ext_data(res, res_len); 492 if (out == NULL) { 493 os_free(res); 494 os_free(ad); 495 return NULL; 496 } 497 if (appl_data) { 498 if (ad) { 499 *appl_data = wpabuf_alloc_ext_data(ad, ad_len); 500 if (*appl_data == NULL) 501 os_free(ad); 502 } else 503 *appl_data = NULL; 504 } else 505 os_free(ad); 506 507 return out; 508 #else /* CONFIG_TLS_INTERNAL_CLIENT */ 509 return NULL; 510 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 511 } 512 513 514 struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 515 struct tls_connection *conn, 516 const struct wpabuf *in_data, 517 struct wpabuf **appl_data) 518 { 519 #ifdef CONFIG_TLS_INTERNAL_SERVER 520 u8 *res; 521 size_t res_len; 522 struct wpabuf *out; 523 524 if (conn->server == NULL) 525 return NULL; 526 527 if (appl_data) 528 *appl_data = NULL; 529 530 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data), 531 wpabuf_len(in_data), &res_len); 532 if (res == NULL && tlsv1_server_established(conn->server)) 533 return wpabuf_alloc(0); 534 if (res == NULL) 535 return NULL; 536 out = wpabuf_alloc_ext_data(res, res_len); 537 if (out == NULL) { 538 os_free(res); 539 return NULL; 540 } 541 542 return out; 543 #else /* CONFIG_TLS_INTERNAL_SERVER */ 544 return NULL; 545 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 546 } 547 548 549 struct wpabuf * tls_connection_encrypt(void *tls_ctx, 550 struct tls_connection *conn, 551 const struct wpabuf *in_data) 552 { 553 #ifdef CONFIG_TLS_INTERNAL_CLIENT 554 if (conn->client) { 555 struct wpabuf *buf; 556 int res; 557 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 558 if (buf == NULL) 559 return NULL; 560 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data), 561 wpabuf_len(in_data), 562 wpabuf_mhead(buf), 563 wpabuf_size(buf)); 564 if (res < 0) { 565 wpabuf_free(buf); 566 return NULL; 567 } 568 wpabuf_put(buf, res); 569 return buf; 570 } 571 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 572 #ifdef CONFIG_TLS_INTERNAL_SERVER 573 if (conn->server) { 574 struct wpabuf *buf; 575 int res; 576 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 577 if (buf == NULL) 578 return NULL; 579 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data), 580 wpabuf_len(in_data), 581 wpabuf_mhead(buf), 582 wpabuf_size(buf)); 583 if (res < 0) { 584 wpabuf_free(buf); 585 return NULL; 586 } 587 wpabuf_put(buf, res); 588 return buf; 589 } 590 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 591 return NULL; 592 } 593 594 595 struct wpabuf * tls_connection_decrypt(void *tls_ctx, 596 struct tls_connection *conn, 597 const struct wpabuf *in_data) 598 { 599 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL); 600 } 601 602 603 struct wpabuf * tls_connection_decrypt2(void *tls_ctx, 604 struct tls_connection *conn, 605 const struct wpabuf *in_data, 606 int *need_more_data) 607 { 608 if (need_more_data) 609 *need_more_data = 0; 610 611 #ifdef CONFIG_TLS_INTERNAL_CLIENT 612 if (conn->client) { 613 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data), 614 wpabuf_len(in_data), 615 need_more_data); 616 } 617 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 618 #ifdef CONFIG_TLS_INTERNAL_SERVER 619 if (conn->server) { 620 struct wpabuf *buf; 621 int res; 622 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 623 if (buf == NULL) 624 return NULL; 625 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data), 626 wpabuf_len(in_data), 627 wpabuf_mhead(buf), 628 wpabuf_size(buf)); 629 if (res < 0) { 630 wpabuf_free(buf); 631 return NULL; 632 } 633 wpabuf_put(buf, res); 634 return buf; 635 } 636 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 637 return NULL; 638 } 639 640 641 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 642 { 643 #ifdef CONFIG_TLS_INTERNAL_CLIENT 644 if (conn->client) 645 return tlsv1_client_resumed(conn->client); 646 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 647 #ifdef CONFIG_TLS_INTERNAL_SERVER 648 if (conn->server) 649 return tlsv1_server_resumed(conn->server); 650 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 651 return -1; 652 } 653 654 655 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 656 u8 *ciphers) 657 { 658 #ifdef CONFIG_TLS_INTERNAL_CLIENT 659 if (conn->client) 660 return tlsv1_client_set_cipher_list(conn->client, ciphers); 661 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 662 #ifdef CONFIG_TLS_INTERNAL_SERVER 663 if (conn->server) 664 return tlsv1_server_set_cipher_list(conn->server, ciphers); 665 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 666 return -1; 667 } 668 669 670 int tls_get_version(void *ssl_ctx, struct tls_connection *conn, 671 char *buf, size_t buflen) 672 { 673 if (conn == NULL) 674 return -1; 675 #ifdef CONFIG_TLS_INTERNAL_CLIENT 676 if (conn->client) 677 return tlsv1_client_get_version(conn->client, buf, buflen); 678 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 679 return -1; 680 } 681 682 683 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 684 char *buf, size_t buflen) 685 { 686 if (conn == NULL) 687 return -1; 688 #ifdef CONFIG_TLS_INTERNAL_CLIENT 689 if (conn->client) 690 return tlsv1_client_get_cipher(conn->client, buf, buflen); 691 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 692 #ifdef CONFIG_TLS_INTERNAL_SERVER 693 if (conn->server) 694 return tlsv1_server_get_cipher(conn->server, buf, buflen); 695 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 696 return -1; 697 } 698 699 700 int tls_connection_enable_workaround(void *tls_ctx, 701 struct tls_connection *conn) 702 { 703 return -1; 704 } 705 706 707 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 708 int ext_type, const u8 *data, 709 size_t data_len) 710 { 711 #ifdef CONFIG_TLS_INTERNAL_CLIENT 712 if (conn->client) { 713 return tlsv1_client_hello_ext(conn->client, ext_type, 714 data, data_len); 715 } 716 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 717 return -1; 718 } 719 720 721 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 722 { 723 return 0; 724 } 725 726 727 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 728 { 729 return 0; 730 } 731 732 733 int tls_connection_get_write_alerts(void *tls_ctx, 734 struct tls_connection *conn) 735 { 736 return 0; 737 } 738 739 740 int tls_connection_set_session_ticket_cb(void *tls_ctx, 741 struct tls_connection *conn, 742 tls_session_ticket_cb cb, 743 void *ctx) 744 { 745 #ifdef CONFIG_TLS_INTERNAL_CLIENT 746 if (conn->client) { 747 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx); 748 return 0; 749 } 750 #endif /* CONFIG_TLS_INTERNAL_CLIENT */ 751 #ifdef CONFIG_TLS_INTERNAL_SERVER 752 if (conn->server) { 753 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx); 754 return 0; 755 } 756 #endif /* CONFIG_TLS_INTERNAL_SERVER */ 757 return -1; 758 } 759 760 761 int tls_get_library_version(char *buf, size_t buf_len) 762 { 763 return os_snprintf(buf, buf_len, "internal"); 764 } 765 766 767 void tls_connection_set_success_data(struct tls_connection *conn, 768 struct wpabuf *data) 769 { 770 } 771 772 773 void tls_connection_set_success_data_resumed(struct tls_connection *conn) 774 { 775 } 776 777 778 const struct wpabuf * 779 tls_connection_get_success_data(struct tls_connection *conn) 780 { 781 return NULL; 782 } 783 784 785 void tls_connection_remove_session(struct tls_connection *conn) 786 { 787 } 788