Cross Reference: /freebsd-11-stable/contrib/wpa/src/crypto/tls

Deleted Added

sdiff udiff text old ( 302408 ) new ( 337817 )

full compact

tls_internal.c (302408)	tls_internal.c (337817)
1/* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the --- 9 unchanged lines hidden (view full) --- 18 19 20static int tls_ref_count = 0; 21 22struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl;	1/* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the --- 9 unchanged lines hidden (view full) --- 18 19 20static int tls_ref_count = 0; 21 22struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl;
	26 27 void (event_cb)(void ctx, enum tls_event ev, 28 union tls_event_data data); 29 void cb_ctx; 30 int cert_in_cb;
26}; 27 28struct tls_connection { 29 struct tlsv1_client client; 30 struct tlsv1_server server; 31 struct tls_global global; 32}; 33 --- 12 unchanged lines hidden* (view full) --- 46 return NULL; 47#endif /* CONFIG_TLS_INTERNAL_SERVER / 48 } 49 tls_ref_count++; 50 51 global = os_zalloc(sizeof(global)); 52 if (global == NULL) 53 return NULL;	31}; 32 33struct tls_connection { 34 struct tlsv1_client client; 35 struct tlsv1_server server; 36 struct tls_global global; 37}; 38 --- 12 unchanged lines hidden* (view full) --- 51 return NULL; 52#endif /* CONFIG_TLS_INTERNAL_SERVER / 53 } 54 tls_ref_count++; 55 56 global = os_zalloc(sizeof(global)); 57 if (global == NULL) 58 return NULL;
	59 if (conf) { 60 global->event_cb = conf->event_cb; 61 global->cb_ctx = conf->cb_ctx; 62 global->cert_in_cb = conf->cert_in_cb; 63 }
54 55 return global; 56} 57 58void tls_deinit(void ssl_ctx) 59{ 60 struct tls_global global = ssl_ctx; 61 tls_ref_count--; 62 if (tls_ref_count == 0) { 63#ifdef CONFIG_TLS_INTERNAL_CLIENT 64 tlsv1_client_global_deinit(); 65#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 66#ifdef CONFIG_TLS_INTERNAL_SERVER	64 65 return global; 66} 67 68void tls_deinit(void ssl_ctx) 69{ 70 struct tls_global global = ssl_ctx; 71 tls_ref_count--; 72 if (tls_ref_count == 0) { 73#ifdef CONFIG_TLS_INTERNAL_CLIENT 74 tlsv1_client_global_deinit(); 75#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76#ifdef CONFIG_TLS_INTERNAL_SERVER
67 tlsv1_cred_free(global->server_cred);
68 tlsv1_server_global_deinit(); 69#endif /* CONFIG_TLS_INTERNAL_SERVER */ 70 }	77 tlsv1_server_global_deinit(); 78#endif /* CONFIG_TLS_INTERNAL_SERVER */ 79 }
	80#ifdef CONFIG_TLS_INTERNAL_SERVER 81 tlsv1_cred_free(global->server_cred); 82#endif /* CONFIG_TLS_INTERNAL_SERVER */
71 os_free(global); 72} 73 74 75int tls_get_errors(void tls_ctx) 76{ 77 return 0; 78} --- 11 unchanged lines hidden* (view full) --- 90 91#ifdef CONFIG_TLS_INTERNAL_CLIENT 92 if (!global->server) { 93 conn->client = tlsv1_client_init(); 94 if (conn->client == NULL) { 95 os_free(conn); 96 return NULL; 97 }	83 os_free(global); 84} 85 86 87int tls_get_errors(void tls_ctx) 88{ 89 return 0; 90} --- 11 unchanged lines hidden* (view full) --- 102 103#ifdef CONFIG_TLS_INTERNAL_CLIENT 104 if (!global->server) { 105 conn->client = tlsv1_client_init(); 106 if (conn->client == NULL) { 107 os_free(conn); 108 return NULL; 109 }
	110 tlsv1_client_set_cb(conn->client, global->event_cb, 111 global->cb_ctx, global->cert_in_cb);
98 } 99#endif /* CONFIG_TLS_INTERNAL_CLIENT / 100#ifdef CONFIG_TLS_INTERNAL_SERVER 101* if (global->server) { 102 conn->server = tlsv1_server_init(global->server_cred); 103 if (conn->server == NULL) { 104 os_free(conn); 105 return NULL; --- 75 unchanged lines hidden (view full) --- 181 const struct tls_connection_params params) 182{ 183#ifdef CONFIG_TLS_INTERNAL_CLIENT 184* struct tlsv1_credentials cred; 185* 186 if (conn->client == NULL) 187 return -1; 188	112 } 113#endif /* CONFIG_TLS_INTERNAL_CLIENT / 114#ifdef CONFIG_TLS_INTERNAL_SERVER 115* if (global->server) { 116 conn->server = tlsv1_server_init(global->server_cred); 117 if (conn->server == NULL) { 118 os_free(conn); 119 return NULL; --- 75 unchanged lines hidden (view full) --- 195 const struct tls_connection_params params) 196{ 197#ifdef CONFIG_TLS_INTERNAL_CLIENT 198* struct tlsv1_credentials cred; 199* 200 if (conn->client == NULL) 201 return -1; 202
	203 if (params->flags & TLS_CONN_EXT_CERT_CHECK) { 204 wpa_printf(MSG_INFO, 205 "TLS: tls_ext_cert_check=1 not supported"); 206 return -1; 207 } 208
189 cred = tlsv1_cred_alloc(); 190 if (cred == NULL) 191 return -1; 192 193 if (params->subject_match) { 194 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 195 tlsv1_cred_free(cred); 196 return -1; --- 57 unchanged lines hidden (view full) --- 254 return -1; 255 } 256 257 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 258 tlsv1_cred_free(cred); 259 return -1; 260 } 261	209 cred = tlsv1_cred_alloc(); 210 if (cred == NULL) 211 return -1; 212 213 if (params->subject_match) { 214 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 215 tlsv1_cred_free(cred); 216 return -1; --- 57 unchanged lines hidden (view full) --- 274 return -1; 275 } 276 277 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 278 tlsv1_cred_free(cred); 279 return -1; 280 } 281
262 tlsv1_client_set_time_checks( 263 conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));	282 tlsv1_client_set_flags(conn->client, params->flags);
264 265 return 0; 266#else /* CONFIG_TLS_INTERNAL_CLIENT / 267* return -1; 268#endif /* CONFIG_TLS_INTERNAL_CLIENT / 269} 270* 271 --- 35 unchanged lines hidden (view full) --- 307 } 308 309 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 310 params->dh_blob_len)) { 311 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 312 return -1; 313 } 314	283 284 return 0; 285#else /* CONFIG_TLS_INTERNAL_CLIENT / 286* return -1; 287#endif /* CONFIG_TLS_INTERNAL_CLIENT / 288} 289* 290 --- 35 unchanged lines hidden (view full) --- 326 } 327 328 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 329 params->dh_blob_len)) { 330 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 331 return -1; 332 } 333
	334 if (params->ocsp_stapling_response) 335 cred->ocsp_stapling_response = 336 os_strdup(params->ocsp_stapling_response); 337 if (params->ocsp_stapling_response_multi) 338 cred->ocsp_stapling_response_multi = 339 os_strdup(params->ocsp_stapling_response_multi); 340
315 return 0; 316#else /* CONFIG_TLS_INTERNAL_SERVER / 317* return -1; 318#endif /* CONFIG_TLS_INTERNAL_SERVER / 319} 320* 321 322int tls_global_set_verify(void tls_ctx, int check_crl) --- 40 unchanged lines hidden* (view full) --- 363#ifdef CONFIG_TLS_INTERNAL_SERVER 364 if (conn->server) 365 return tlsv1_server_get_keyblock_size(conn->server); 366#endif /* CONFIG_TLS_INTERNAL_SERVER / 367* return -1; 368} 369 370	341 return 0; 342#else /* CONFIG_TLS_INTERNAL_SERVER / 343* return -1; 344#endif /* CONFIG_TLS_INTERNAL_SERVER / 345} 346* 347 348int tls_global_set_verify(void tls_ctx, int check_crl) --- 40 unchanged lines hidden* (view full) --- 389#ifdef CONFIG_TLS_INTERNAL_SERVER 390 if (conn->server) 391 return tlsv1_server_get_keyblock_size(conn->server); 392#endif /* CONFIG_TLS_INTERNAL_SERVER / 393* return -1; 394} 395 396
371int tls_connection_prf(void tls_ctx, struct tls_connection conn, 372 const char label, int server_random_first, 373* int skip_keyblock, u8 *out, size_t out_len)	397static int tls_connection_prf(void tls_ctx, struct tls_connection conn, 398 const char label, int server_random_first, 399* int skip_keyblock, u8 *out, size_t out_len)
374{ 375 int ret = -1, skip = 0; 376 u8 tmp_out = NULL; 377* u8 _out = out; 378* 379 if (skip_keyblock) { 380 skip = tls_get_keyblock_size(conn); 381 if (skip < 0) 382 return -1; 383 tmp_out = os_malloc(skip + out_len); 384 if (!tmp_out) 385 return -1; 386 _out = tmp_out; 387 } 388 389#ifdef CONFIG_TLS_INTERNAL_CLIENT 390 if (conn->client) { 391 ret = tlsv1_client_prf(conn->client, label, 392 server_random_first,	400{ 401 int ret = -1, skip = 0; 402 u8 tmp_out = NULL; 403* u8 _out = out; 404* 405 if (skip_keyblock) { 406 skip = tls_get_keyblock_size(conn); 407 if (skip < 0) 408 return -1; 409 tmp_out = os_malloc(skip + out_len); 410 if (!tmp_out) 411 return -1; 412 _out = tmp_out; 413 } 414 415#ifdef CONFIG_TLS_INTERNAL_CLIENT 416 if (conn->client) { 417 ret = tlsv1_client_prf(conn->client, label, 418 server_random_first,
393 _out, out_len);	419 _out, skip + out_len);
394 } 395#endif /* CONFIG_TLS_INTERNAL_CLIENT / 396#ifdef CONFIG_TLS_INTERNAL_SERVER 397* if (conn->server) { 398 ret = tlsv1_server_prf(conn->server, label, 399 server_random_first,	420 } 421#endif /* CONFIG_TLS_INTERNAL_CLIENT / 422#ifdef CONFIG_TLS_INTERNAL_SERVER 423* if (conn->server) { 424 ret = tlsv1_server_prf(conn->server, label, 425 server_random_first,
400 _out, out_len);	426 _out, skip + out_len);
401 } 402#endif /* CONFIG_TLS_INTERNAL_SERVER / 403* if (ret == 0 && skip_keyblock) 404 os_memcpy(out, _out + skip, out_len); 405 bin_clear_free(tmp_out, skip); 406 407 return ret; 408} 409 410	427 } 428#endif /* CONFIG_TLS_INTERNAL_SERVER / 429* if (ret == 0 && skip_keyblock) 430 os_memcpy(out, _out + skip, out_len); 431 bin_clear_free(tmp_out, skip); 432 433 return ret; 434} 435 436
	437int tls_connection_export_key(void tls_ctx, struct tls_connection conn, 438 const char label, u8 out, size_t out_len) 439{ 440 return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len); 441} 442 443 444int tls_connection_get_eap_fast_key(void tls_ctx, struct tls_connection conn, 445 u8 out, size_t out_len) 446{ 447* return tls_connection_prf(tls_ctx, conn, "key expansion", 1, 1, out, 448 out_len); 449} 450 451
411struct wpabuf * tls_connection_handshake(void tls_ctx, 412* struct tls_connection conn, 413* const struct wpabuf in_data, 414* struct wpabuf *appl_data) 415{ 416* return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 417 NULL); 418} --- 197 unchanged lines hidden (view full) --- 616#endif /* CONFIG_TLS_INTERNAL_SERVER / 617* return -1; 618} 619 620 621int tls_get_version(void ssl_ctx, struct tls_connection conn, 622 char buf, size_t buflen) 623*{	452struct wpabuf * tls_connection_handshake(void tls_ctx, 453* struct tls_connection conn, 454* const struct wpabuf in_data, 455* struct wpabuf *appl_data) 456{ 457* return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 458 NULL); 459} --- 197 unchanged lines hidden (view full) --- 657#endif /* CONFIG_TLS_INTERNAL_SERVER / 658* return -1; 659} 660 661 662int tls_get_version(void ssl_ctx, struct tls_connection conn, 663 char buf, size_t buflen) 664*{
624 /* TODO */	665 if (conn == NULL) 666 return -1; 667#ifdef CONFIG_TLS_INTERNAL_CLIENT 668 if (conn->client) 669 return tlsv1_client_get_version(conn->client, buf, buflen); 670#endif /* CONFIG_TLS_INTERNAL_CLIENT */
625 return -1; 626} 627 628 629int tls_get_cipher(void tls_ctx, struct tls_connection conn, 630 char buf, size_t buflen) 631{ 632* if (conn == NULL) --- 101 unchanged lines hidden ---	671 return -1; 672} 673 674 675int tls_get_cipher(void tls_ctx, struct tls_connection conn, 676 char buf, size_t buflen) 677{ 678* if (conn == NULL) --- 101 unchanged lines hidden ---