1221828Sgrehan/* 2221828Sgrehan * TLS interface functions and an internal TLS implementation 3221828Sgrehan * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4221828Sgrehan * 5221828Sgrehan * This software may be distributed under the terms of the BSD license. 6221828Sgrehan * See README for more details. 7221828Sgrehan * 8221828Sgrehan * This file interface functions for hostapd/wpa_supplicant to use the 9221828Sgrehan * integrated TLSv1 implementation. 10221828Sgrehan */ 11221828Sgrehan 12221828Sgrehan#include "includes.h" 13221828Sgrehan 14221828Sgrehan#include "common.h" 15221828Sgrehan#include "tls.h" 16221828Sgrehan#include "tls/tlsv1_client.h" 17221828Sgrehan#include "tls/tlsv1_server.h" 18221828Sgrehan 19221828Sgrehan 20221828Sgrehanstatic int tls_ref_count = 0; 21221828Sgrehan 22221828Sgrehanstruct tls_global { 23221828Sgrehan int server; 24221828Sgrehan struct tlsv1_credentials *server_cred; 25221828Sgrehan int check_crl; 26221828Sgrehan}; 27221828Sgrehan 28221828Sgrehanstruct tls_connection { 29221828Sgrehan struct tlsv1_client *client; 30221828Sgrehan struct tlsv1_server *server; 31221828Sgrehan}; 32221828Sgrehan 33221828Sgrehan 34221828Sgrehanvoid * tls_init(const struct tls_config *conf) 35221828Sgrehan{ 36221828Sgrehan struct tls_global *global; 37221828Sgrehan 38267399Sjhb if (tls_ref_count == 0) { 39267399Sjhb#ifdef CONFIG_TLS_INTERNAL_CLIENT 40267399Sjhb if (tlsv1_client_global_init()) 41221828Sgrehan return NULL; 42221828Sgrehan#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 43267399Sjhb#ifdef CONFIG_TLS_INTERNAL_SERVER 44267399Sjhb if (tlsv1_server_global_init()) 45267399Sjhb return NULL; 46267399Sjhb#endif /* CONFIG_TLS_INTERNAL_SERVER */ 47267399Sjhb } 48267399Sjhb tls_ref_count++; 49221828Sgrehan 50221828Sgrehan global = os_zalloc(sizeof(*global)); 51221828Sgrehan if (global == NULL) 52221828Sgrehan return NULL; 53221828Sgrehan 54267399Sjhb return global; 55267399Sjhb} 56221828Sgrehan 57267399Sjhbvoid tls_deinit(void *ssl_ctx) 58267399Sjhb{ 59267399Sjhb struct tls_global *global = ssl_ctx; 60267399Sjhb tls_ref_count--; 61267399Sjhb if (tls_ref_count == 0) { 62267399Sjhb#ifdef CONFIG_TLS_INTERNAL_CLIENT 63267399Sjhb tlsv1_client_global_deinit(); 64267399Sjhb#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 65267399Sjhb#ifdef CONFIG_TLS_INTERNAL_SERVER 66267399Sjhb tlsv1_cred_free(global->server_cred); 67267399Sjhb tlsv1_server_global_deinit(); 68267399Sjhb#endif /* CONFIG_TLS_INTERNAL_SERVER */ 69267399Sjhb } 70267399Sjhb os_free(global); 71267399Sjhb} 72267399Sjhb 73267399Sjhb 74267399Sjhbint tls_get_errors(void *tls_ctx) 75267399Sjhb{ 76267399Sjhb return 0; 77267399Sjhb} 78267399Sjhb 79267399Sjhb 80267399Sjhbstruct tls_connection * tls_connection_init(void *tls_ctx) 81267399Sjhb{ 82267399Sjhb struct tls_connection *conn; 83267399Sjhb struct tls_global *global = tls_ctx; 84267399Sjhb 85267399Sjhb conn = os_zalloc(sizeof(*conn)); 86267399Sjhb if (conn == NULL) 87267399Sjhb return NULL; 88267399Sjhb 89267399Sjhb#ifdef CONFIG_TLS_INTERNAL_CLIENT 90267399Sjhb if (!global->server) { 91267399Sjhb conn->client = tlsv1_client_init(); 92267399Sjhb if (conn->client == NULL) { 93267399Sjhb os_free(conn); 94267399Sjhb return NULL; 95267399Sjhb } 96267399Sjhb } 97267399Sjhb#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 98267399Sjhb#ifdef CONFIG_TLS_INTERNAL_SERVER 99267399Sjhb if (global->server) { 100267399Sjhb conn->server = tlsv1_server_init(global->server_cred); 101267399Sjhb if (conn->server == NULL) { 102267399Sjhb os_free(conn); 103267399Sjhb return NULL; 104267399Sjhb } 105267399Sjhb } 106267399Sjhb#endif /* CONFIG_TLS_INTERNAL_SERVER */ 107267399Sjhb 108267399Sjhb return conn; 109267399Sjhb} 110267399Sjhb 111267399Sjhb 112267399Sjhbvoid tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 113267399Sjhb{ 114267399Sjhb if (conn == NULL) 115267399Sjhb return; 116267399Sjhb#ifdef CONFIG_TLS_INTERNAL_CLIENT 117267399Sjhb if (conn->client) 118267399Sjhb tlsv1_client_deinit(conn->client); 119267399Sjhb#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 120267399Sjhb#ifdef CONFIG_TLS_INTERNAL_SERVER 121267399Sjhb if (conn->server) 122267399Sjhb tlsv1_server_deinit(conn->server); 123267399Sjhb#endif /* CONFIG_TLS_INTERNAL_SERVER */ 124267399Sjhb os_free(conn); 125267399Sjhb} 126267399Sjhb 127267399Sjhb 128267399Sjhbint tls_connection_established(void *tls_ctx, struct tls_connection *conn) 129267399Sjhb{ 130267399Sjhb#ifdef CONFIG_TLS_INTERNAL_CLIENT 131267399Sjhb if (conn->client) 132267399Sjhb return tlsv1_client_established(conn->client); 133267399Sjhb#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 134267399Sjhb#ifdef CONFIG_TLS_INTERNAL_SERVER 135267399Sjhb if (conn->server) 136267399Sjhb return tlsv1_server_established(conn->server); 137267399Sjhb#endif /* CONFIG_TLS_INTERNAL_SERVER */ 138267399Sjhb return 0; 139267399Sjhb} 140267399Sjhb 141267399Sjhb 142267399Sjhbint tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 143267399Sjhb{ 144267399Sjhb#ifdef CONFIG_TLS_INTERNAL_CLIENT 145267399Sjhb if (conn->client) 146267399Sjhb return tlsv1_client_shutdown(conn->client); 147267399Sjhb#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 148267399Sjhb#ifdef CONFIG_TLS_INTERNAL_SERVER 149267399Sjhb if (conn->server) 150267399Sjhb return tlsv1_server_shutdown(conn->server); 151267399Sjhb#endif /* CONFIG_TLS_INTERNAL_SERVER */ 152267399Sjhb return -1; 153267399Sjhb} 154267399Sjhb 155267399Sjhb 156267399Sjhbint tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 157267399Sjhb const struct tls_connection_params *params) 158267399Sjhb{ 159267399Sjhb#ifdef CONFIG_TLS_INTERNAL_CLIENT 160267399Sjhb struct tlsv1_credentials *cred; 161267399Sjhb 162267399Sjhb if (conn->client == NULL) 163267399Sjhb return -1; 164267399Sjhb 165267399Sjhb cred = tlsv1_cred_alloc(); 166267399Sjhb if (cred == NULL) 167267399Sjhb return -1; 168267399Sjhb 169267399Sjhb if (tlsv1_set_ca_cert(cred, params->ca_cert, 170267399Sjhb params->ca_cert_blob, params->ca_cert_blob_len, 171267399Sjhb params->ca_path)) { 172267399Sjhb wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 173267399Sjhb "certificates"); 174267399Sjhb tlsv1_cred_free(cred); 175267399Sjhb return -1; 176267399Sjhb } 177267399Sjhb 178267399Sjhb if (tlsv1_set_cert(cred, params->client_cert, 179267399Sjhb params->client_cert_blob, 180267399Sjhb params->client_cert_blob_len)) { 181267399Sjhb wpa_printf(MSG_INFO, "TLS: Failed to configure client " 182267399Sjhb "certificate"); 183267399Sjhb tlsv1_cred_free(cred); 184267399Sjhb return -1; 185267399Sjhb } 186267399Sjhb 187267399Sjhb if (tlsv1_set_private_key(cred, params->private_key, 188267399Sjhb params->private_key_passwd, 189267399Sjhb params->private_key_blob, 190267399Sjhb params->private_key_blob_len)) { 191267399Sjhb wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 192267399Sjhb tlsv1_cred_free(cred); 193267399Sjhb return -1; 194267399Sjhb } 195267399Sjhb 196267399Sjhb if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 197267399Sjhb params->dh_blob_len)) { 198267399Sjhb wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 199267399Sjhb tlsv1_cred_free(cred); 200267399Sjhb return -1; 201267399Sjhb } 202267399Sjhb 203267399Sjhb if (tlsv1_client_set_cred(conn->client, cred) < 0) { 204267399Sjhb tlsv1_cred_free(cred); 205267399Sjhb return -1; 206267399Sjhb } 207267399Sjhb 208267399Sjhb tlsv1_client_set_time_checks( 209221828Sgrehan conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS)); 210221828Sgrehan 211221828Sgrehan return 0; 212221828Sgrehan#else /* CONFIG_TLS_INTERNAL_CLIENT */ 213221828Sgrehan return -1; 214221828Sgrehan#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 215221828Sgrehan} 216221828Sgrehan 217221828Sgrehan 218221828Sgrehanint tls_global_set_params(void *tls_ctx, 219221828Sgrehan const struct tls_connection_params *params) 220221828Sgrehan{ 221221828Sgrehan#ifdef CONFIG_TLS_INTERNAL_SERVER 222221828Sgrehan struct tls_global *global = tls_ctx; 223221828Sgrehan struct tlsv1_credentials *cred; 224221828Sgrehan 225221828Sgrehan /* Currently, global parameters are only set when running in server 226221828Sgrehan * mode. */ 227221828Sgrehan global->server = 1; 228221828Sgrehan tlsv1_cred_free(global->server_cred); 229221828Sgrehan global->server_cred = cred = tlsv1_cred_alloc(); 230221828Sgrehan if (cred == NULL) 231221828Sgrehan return -1; 232221828Sgrehan 233221828Sgrehan if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob, 234221828Sgrehan params->ca_cert_blob_len, params->ca_path)) { 235239025Sneel wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 236221828Sgrehan "certificates"); 237221828Sgrehan return -1; 238221828Sgrehan } 239221828Sgrehan 240221828Sgrehan if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob, 241221828Sgrehan params->client_cert_blob_len)) { 242221828Sgrehan wpa_printf(MSG_INFO, "TLS: Failed to configure server " 243221828Sgrehan "certificate"); 244221828Sgrehan return -1; 245221828Sgrehan } 246221828Sgrehan 247221828Sgrehan if (tlsv1_set_private_key(cred, params->private_key, 248221828Sgrehan params->private_key_passwd, 249221828Sgrehan params->private_key_blob, 250221828Sgrehan params->private_key_blob_len)) { 251221828Sgrehan wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 252221828Sgrehan return -1; 253221828Sgrehan } 254221828Sgrehan 255221828Sgrehan if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 256221828Sgrehan params->dh_blob_len)) { 257221828Sgrehan wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 258221828Sgrehan return -1; 259221828Sgrehan } 260221828Sgrehan 261221828Sgrehan return 0; 262221828Sgrehan#else /* CONFIG_TLS_INTERNAL_SERVER */ 263221828Sgrehan return -1; 264221828Sgrehan#endif /* CONFIG_TLS_INTERNAL_SERVER */ 265221828Sgrehan} 266221828Sgrehan 267221828Sgrehan 268221828Sgrehanint tls_global_set_verify(void *tls_ctx, int check_crl) 269221828Sgrehan{ 270221828Sgrehan struct tls_global *global = tls_ctx; 271221828Sgrehan global->check_crl = check_crl; 272221828Sgrehan return 0; 273221828Sgrehan} 274221828Sgrehan 275221828Sgrehan 276221828Sgrehanint tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 277221828Sgrehan int verify_peer) 278221828Sgrehan{ 279221828Sgrehan#ifdef CONFIG_TLS_INTERNAL_SERVER 280221828Sgrehan if (conn->server) 281221828Sgrehan return tlsv1_server_set_verify(conn->server, verify_peer); 282221828Sgrehan#endif /* CONFIG_TLS_INTERNAL_SERVER */ 283221828Sgrehan return -1; 284221828Sgrehan} 285221828Sgrehan 286221828Sgrehan 287221828Sgrehanint tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn, 288221828Sgrehan struct tls_keys *keys) 289221828Sgrehan{ 290221828Sgrehan#ifdef CONFIG_TLS_INTERNAL_CLIENT 291221828Sgrehan if (conn->client) 292221828Sgrehan return tlsv1_client_get_keys(conn->client, keys); 293221828Sgrehan#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 294221828Sgrehan#ifdef CONFIG_TLS_INTERNAL_SERVER 295221828Sgrehan if (conn->server) 296221828Sgrehan return tlsv1_server_get_keys(conn->server, keys); 297221828Sgrehan#endif /* CONFIG_TLS_INTERNAL_SERVER */ 298221828Sgrehan return -1; 299221828Sgrehan} 300221828Sgrehan 301221828Sgrehan 302221828Sgrehanint tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 303221828Sgrehan const char *label, int server_random_first, 304221828Sgrehan u8 *out, size_t out_len) 305221828Sgrehan{ 306221828Sgrehan#ifdef CONFIG_TLS_INTERNAL_CLIENT 307221828Sgrehan if (conn->client) { 308221828Sgrehan return tlsv1_client_prf(conn->client, label, 309221828Sgrehan server_random_first, 310221828Sgrehan out, out_len); 311221828Sgrehan } 312221828Sgrehan#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 313221828Sgrehan#ifdef CONFIG_TLS_INTERNAL_SERVER 314221828Sgrehan if (conn->server) { 315221828Sgrehan return tlsv1_server_prf(conn->server, label, 316221828Sgrehan server_random_first, 317221828Sgrehan out, out_len); 318221828Sgrehan } 319221828Sgrehan#endif /* CONFIG_TLS_INTERNAL_SERVER */ 320221828Sgrehan return -1; 321221828Sgrehan} 322221828Sgrehan 323221828Sgrehan 324221828Sgrehanstruct wpabuf * tls_connection_handshake(void *tls_ctx, 325221828Sgrehan struct tls_connection *conn, 326221828Sgrehan const struct wpabuf *in_data, 327221828Sgrehan struct wpabuf **appl_data) 328221828Sgrehan{ 329221828Sgrehan return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 330221828Sgrehan NULL); 331221828Sgrehan} 332221828Sgrehan 333267399Sjhb 334221828Sgrehanstruct wpabuf * tls_connection_handshake2(void *tls_ctx, 335221828Sgrehan struct tls_connection *conn, 336221828Sgrehan const struct wpabuf *in_data, 337221828Sgrehan struct wpabuf **appl_data, 338221828Sgrehan int *need_more_data) 339221828Sgrehan{ 340221828Sgrehan#ifdef CONFIG_TLS_INTERNAL_CLIENT 341221828Sgrehan u8 *res, *ad; 342221828Sgrehan size_t res_len, ad_len; 343221828Sgrehan struct wpabuf *out; 344221828Sgrehan 345221828Sgrehan if (conn->client == NULL) 346 return NULL; 347 348 ad = NULL; 349 res = tlsv1_client_handshake(conn->client, 350 in_data ? wpabuf_head(in_data) : NULL, 351 in_data ? wpabuf_len(in_data) : 0, 352 &res_len, &ad, &ad_len, need_more_data); 353 if (res == NULL) 354 return NULL; 355 out = wpabuf_alloc_ext_data(res, res_len); 356 if (out == NULL) { 357 os_free(res); 358 os_free(ad); 359 return NULL; 360 } 361 if (appl_data) { 362 if (ad) { 363 *appl_data = wpabuf_alloc_ext_data(ad, ad_len); 364 if (*appl_data == NULL) 365 os_free(ad); 366 } else 367 *appl_data = NULL; 368 } else 369 os_free(ad); 370 371 return out; 372#else /* CONFIG_TLS_INTERNAL_CLIENT */ 373 return NULL; 374#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 375} 376 377 378struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 379 struct tls_connection *conn, 380 const struct wpabuf *in_data, 381 struct wpabuf **appl_data) 382{ 383#ifdef CONFIG_TLS_INTERNAL_SERVER 384 u8 *res; 385 size_t res_len; 386 struct wpabuf *out; 387 388 if (conn->server == NULL) 389 return NULL; 390 391 if (appl_data) 392 *appl_data = NULL; 393 394 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data), 395 wpabuf_len(in_data), &res_len); 396 if (res == NULL && tlsv1_server_established(conn->server)) 397 return wpabuf_alloc(0); 398 if (res == NULL) 399 return NULL; 400 out = wpabuf_alloc_ext_data(res, res_len); 401 if (out == NULL) { 402 os_free(res); 403 return NULL; 404 } 405 406 return out; 407#else /* CONFIG_TLS_INTERNAL_SERVER */ 408 return NULL; 409#endif /* CONFIG_TLS_INTERNAL_SERVER */ 410} 411 412 413struct wpabuf * tls_connection_encrypt(void *tls_ctx, 414 struct tls_connection *conn, 415 const struct wpabuf *in_data) 416{ 417#ifdef CONFIG_TLS_INTERNAL_CLIENT 418 if (conn->client) { 419 struct wpabuf *buf; 420 int res; 421 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 422 if (buf == NULL) 423 return NULL; 424 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data), 425 wpabuf_len(in_data), 426 wpabuf_mhead(buf), 427 wpabuf_size(buf)); 428 if (res < 0) { 429 wpabuf_free(buf); 430 return NULL; 431 } 432 wpabuf_put(buf, res); 433 return buf; 434 } 435#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 436#ifdef CONFIG_TLS_INTERNAL_SERVER 437 if (conn->server) { 438 struct wpabuf *buf; 439 int res; 440 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 441 if (buf == NULL) 442 return NULL; 443 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data), 444 wpabuf_len(in_data), 445 wpabuf_mhead(buf), 446 wpabuf_size(buf)); 447 if (res < 0) { 448 wpabuf_free(buf); 449 return NULL; 450 } 451 wpabuf_put(buf, res); 452 return buf; 453 } 454#endif /* CONFIG_TLS_INTERNAL_SERVER */ 455 return NULL; 456} 457 458 459struct wpabuf * tls_connection_decrypt(void *tls_ctx, 460 struct tls_connection *conn, 461 const struct wpabuf *in_data) 462{ 463 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL); 464} 465 466 467struct wpabuf * tls_connection_decrypt2(void *tls_ctx, 468 struct tls_connection *conn, 469 const struct wpabuf *in_data, 470 int *need_more_data) 471{ 472 if (need_more_data) 473 *need_more_data = 0; 474 475#ifdef CONFIG_TLS_INTERNAL_CLIENT 476 if (conn->client) { 477 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data), 478 wpabuf_len(in_data), 479 need_more_data); 480 } 481#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 482#ifdef CONFIG_TLS_INTERNAL_SERVER 483 if (conn->server) { 484 struct wpabuf *buf; 485 int res; 486 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 487 if (buf == NULL) 488 return NULL; 489 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data), 490 wpabuf_len(in_data), 491 wpabuf_mhead(buf), 492 wpabuf_size(buf)); 493 if (res < 0) { 494 wpabuf_free(buf); 495 return NULL; 496 } 497 wpabuf_put(buf, res); 498 return buf; 499 } 500#endif /* CONFIG_TLS_INTERNAL_SERVER */ 501 return NULL; 502} 503 504 505int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 506{ 507#ifdef CONFIG_TLS_INTERNAL_CLIENT 508 if (conn->client) 509 return tlsv1_client_resumed(conn->client); 510#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 511#ifdef CONFIG_TLS_INTERNAL_SERVER 512 if (conn->server) 513 return tlsv1_server_resumed(conn->server); 514#endif /* CONFIG_TLS_INTERNAL_SERVER */ 515 return -1; 516} 517 518 519int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 520 u8 *ciphers) 521{ 522#ifdef CONFIG_TLS_INTERNAL_CLIENT 523 if (conn->client) 524 return tlsv1_client_set_cipher_list(conn->client, ciphers); 525#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 526#ifdef CONFIG_TLS_INTERNAL_SERVER 527 if (conn->server) 528 return tlsv1_server_set_cipher_list(conn->server, ciphers); 529#endif /* CONFIG_TLS_INTERNAL_SERVER */ 530 return -1; 531} 532 533 534int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 535 char *buf, size_t buflen) 536{ 537 if (conn == NULL) 538 return -1; 539#ifdef CONFIG_TLS_INTERNAL_CLIENT 540 if (conn->client) 541 return tlsv1_client_get_cipher(conn->client, buf, buflen); 542#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 543#ifdef CONFIG_TLS_INTERNAL_SERVER 544 if (conn->server) 545 return tlsv1_server_get_cipher(conn->server, buf, buflen); 546#endif /* CONFIG_TLS_INTERNAL_SERVER */ 547 return -1; 548} 549 550 551int tls_connection_enable_workaround(void *tls_ctx, 552 struct tls_connection *conn) 553{ 554 return -1; 555} 556 557 558int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 559 int ext_type, const u8 *data, 560 size_t data_len) 561{ 562#ifdef CONFIG_TLS_INTERNAL_CLIENT 563 if (conn->client) { 564 return tlsv1_client_hello_ext(conn->client, ext_type, 565 data, data_len); 566 } 567#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 568 return -1; 569} 570 571 572int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 573{ 574 return 0; 575} 576 577 578int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 579{ 580 return 0; 581} 582 583 584int tls_connection_get_write_alerts(void *tls_ctx, 585 struct tls_connection *conn) 586{ 587 return 0; 588} 589 590 591int tls_connection_get_keyblock_size(void *tls_ctx, 592 struct tls_connection *conn) 593{ 594#ifdef CONFIG_TLS_INTERNAL_CLIENT 595 if (conn->client) 596 return tlsv1_client_get_keyblock_size(conn->client); 597#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 598#ifdef CONFIG_TLS_INTERNAL_SERVER 599 if (conn->server) 600 return tlsv1_server_get_keyblock_size(conn->server); 601#endif /* CONFIG_TLS_INTERNAL_SERVER */ 602 return -1; 603} 604 605 606unsigned int tls_capabilities(void *tls_ctx) 607{ 608 return 0; 609} 610 611 612int tls_connection_set_session_ticket_cb(void *tls_ctx, 613 struct tls_connection *conn, 614 tls_session_ticket_cb cb, 615 void *ctx) 616{ 617#ifdef CONFIG_TLS_INTERNAL_CLIENT 618 if (conn->client) { 619 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx); 620 return 0; 621 } 622#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 623#ifdef CONFIG_TLS_INTERNAL_SERVER 624 if (conn->server) { 625 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx); 626 return 0; 627 } 628#endif /* CONFIG_TLS_INTERNAL_SERVER */ 629 return -1; 630} 631