tls_internal.c (302408) | tls_internal.c (337817) |
---|---|
1/* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the --- 9 unchanged lines hidden (view full) --- 18 19 20static int tls_ref_count = 0; 21 22struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl; | 1/* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the --- 9 unchanged lines hidden (view full) --- 18 19 20static int tls_ref_count = 0; 21 22struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl; |
26 27 void (*event_cb)(void *ctx, enum tls_event ev, 28 union tls_event_data *data); 29 void *cb_ctx; 30 int cert_in_cb; |
|
26}; 27 28struct tls_connection { 29 struct tlsv1_client *client; 30 struct tlsv1_server *server; 31 struct tls_global *global; 32}; 33 --- 12 unchanged lines hidden (view full) --- 46 return NULL; 47#endif /* CONFIG_TLS_INTERNAL_SERVER */ 48 } 49 tls_ref_count++; 50 51 global = os_zalloc(sizeof(*global)); 52 if (global == NULL) 53 return NULL; | 31}; 32 33struct tls_connection { 34 struct tlsv1_client *client; 35 struct tlsv1_server *server; 36 struct tls_global *global; 37}; 38 --- 12 unchanged lines hidden (view full) --- 51 return NULL; 52#endif /* CONFIG_TLS_INTERNAL_SERVER */ 53 } 54 tls_ref_count++; 55 56 global = os_zalloc(sizeof(*global)); 57 if (global == NULL) 58 return NULL; |
59 if (conf) { 60 global->event_cb = conf->event_cb; 61 global->cb_ctx = conf->cb_ctx; 62 global->cert_in_cb = conf->cert_in_cb; 63 } |
|
54 55 return global; 56} 57 58void tls_deinit(void *ssl_ctx) 59{ 60 struct tls_global *global = ssl_ctx; 61 tls_ref_count--; 62 if (tls_ref_count == 0) { 63#ifdef CONFIG_TLS_INTERNAL_CLIENT 64 tlsv1_client_global_deinit(); 65#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 66#ifdef CONFIG_TLS_INTERNAL_SERVER | 64 65 return global; 66} 67 68void tls_deinit(void *ssl_ctx) 69{ 70 struct tls_global *global = ssl_ctx; 71 tls_ref_count--; 72 if (tls_ref_count == 0) { 73#ifdef CONFIG_TLS_INTERNAL_CLIENT 74 tlsv1_client_global_deinit(); 75#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76#ifdef CONFIG_TLS_INTERNAL_SERVER |
67 tlsv1_cred_free(global->server_cred); | |
68 tlsv1_server_global_deinit(); 69#endif /* CONFIG_TLS_INTERNAL_SERVER */ 70 } | 77 tlsv1_server_global_deinit(); 78#endif /* CONFIG_TLS_INTERNAL_SERVER */ 79 } |
80#ifdef CONFIG_TLS_INTERNAL_SERVER 81 tlsv1_cred_free(global->server_cred); 82#endif /* CONFIG_TLS_INTERNAL_SERVER */ |
|
71 os_free(global); 72} 73 74 75int tls_get_errors(void *tls_ctx) 76{ 77 return 0; 78} --- 11 unchanged lines hidden (view full) --- 90 91#ifdef CONFIG_TLS_INTERNAL_CLIENT 92 if (!global->server) { 93 conn->client = tlsv1_client_init(); 94 if (conn->client == NULL) { 95 os_free(conn); 96 return NULL; 97 } | 83 os_free(global); 84} 85 86 87int tls_get_errors(void *tls_ctx) 88{ 89 return 0; 90} --- 11 unchanged lines hidden (view full) --- 102 103#ifdef CONFIG_TLS_INTERNAL_CLIENT 104 if (!global->server) { 105 conn->client = tlsv1_client_init(); 106 if (conn->client == NULL) { 107 os_free(conn); 108 return NULL; 109 } |
110 tlsv1_client_set_cb(conn->client, global->event_cb, 111 global->cb_ctx, global->cert_in_cb); |
|
98 } 99#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 100#ifdef CONFIG_TLS_INTERNAL_SERVER 101 if (global->server) { 102 conn->server = tlsv1_server_init(global->server_cred); 103 if (conn->server == NULL) { 104 os_free(conn); 105 return NULL; --- 75 unchanged lines hidden (view full) --- 181 const struct tls_connection_params *params) 182{ 183#ifdef CONFIG_TLS_INTERNAL_CLIENT 184 struct tlsv1_credentials *cred; 185 186 if (conn->client == NULL) 187 return -1; 188 | 112 } 113#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 114#ifdef CONFIG_TLS_INTERNAL_SERVER 115 if (global->server) { 116 conn->server = tlsv1_server_init(global->server_cred); 117 if (conn->server == NULL) { 118 os_free(conn); 119 return NULL; --- 75 unchanged lines hidden (view full) --- 195 const struct tls_connection_params *params) 196{ 197#ifdef CONFIG_TLS_INTERNAL_CLIENT 198 struct tlsv1_credentials *cred; 199 200 if (conn->client == NULL) 201 return -1; 202 |
203 if (params->flags & TLS_CONN_EXT_CERT_CHECK) { 204 wpa_printf(MSG_INFO, 205 "TLS: tls_ext_cert_check=1 not supported"); 206 return -1; 207 } 208 |
|
189 cred = tlsv1_cred_alloc(); 190 if (cred == NULL) 191 return -1; 192 193 if (params->subject_match) { 194 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 195 tlsv1_cred_free(cred); 196 return -1; --- 57 unchanged lines hidden (view full) --- 254 return -1; 255 } 256 257 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 258 tlsv1_cred_free(cred); 259 return -1; 260 } 261 | 209 cred = tlsv1_cred_alloc(); 210 if (cred == NULL) 211 return -1; 212 213 if (params->subject_match) { 214 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 215 tlsv1_cred_free(cred); 216 return -1; --- 57 unchanged lines hidden (view full) --- 274 return -1; 275 } 276 277 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 278 tlsv1_cred_free(cred); 279 return -1; 280 } 281 |
262 tlsv1_client_set_time_checks( 263 conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS)); | 282 tlsv1_client_set_flags(conn->client, params->flags); |
264 265 return 0; 266#else /* CONFIG_TLS_INTERNAL_CLIENT */ 267 return -1; 268#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 269} 270 271 --- 35 unchanged lines hidden (view full) --- 307 } 308 309 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 310 params->dh_blob_len)) { 311 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 312 return -1; 313 } 314 | 283 284 return 0; 285#else /* CONFIG_TLS_INTERNAL_CLIENT */ 286 return -1; 287#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 288} 289 290 --- 35 unchanged lines hidden (view full) --- 326 } 327 328 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 329 params->dh_blob_len)) { 330 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 331 return -1; 332 } 333 |
334 if (params->ocsp_stapling_response) 335 cred->ocsp_stapling_response = 336 os_strdup(params->ocsp_stapling_response); 337 if (params->ocsp_stapling_response_multi) 338 cred->ocsp_stapling_response_multi = 339 os_strdup(params->ocsp_stapling_response_multi); 340 |
|
315 return 0; 316#else /* CONFIG_TLS_INTERNAL_SERVER */ 317 return -1; 318#endif /* CONFIG_TLS_INTERNAL_SERVER */ 319} 320 321 322int tls_global_set_verify(void *tls_ctx, int check_crl) --- 40 unchanged lines hidden (view full) --- 363#ifdef CONFIG_TLS_INTERNAL_SERVER 364 if (conn->server) 365 return tlsv1_server_get_keyblock_size(conn->server); 366#endif /* CONFIG_TLS_INTERNAL_SERVER */ 367 return -1; 368} 369 370 | 341 return 0; 342#else /* CONFIG_TLS_INTERNAL_SERVER */ 343 return -1; 344#endif /* CONFIG_TLS_INTERNAL_SERVER */ 345} 346 347 348int tls_global_set_verify(void *tls_ctx, int check_crl) --- 40 unchanged lines hidden (view full) --- 389#ifdef CONFIG_TLS_INTERNAL_SERVER 390 if (conn->server) 391 return tlsv1_server_get_keyblock_size(conn->server); 392#endif /* CONFIG_TLS_INTERNAL_SERVER */ 393 return -1; 394} 395 396 |
371int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 372 const char *label, int server_random_first, 373 int skip_keyblock, u8 *out, size_t out_len) | 397static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 398 const char *label, int server_random_first, 399 int skip_keyblock, u8 *out, size_t out_len) |
374{ 375 int ret = -1, skip = 0; 376 u8 *tmp_out = NULL; 377 u8 *_out = out; 378 379 if (skip_keyblock) { 380 skip = tls_get_keyblock_size(conn); 381 if (skip < 0) 382 return -1; 383 tmp_out = os_malloc(skip + out_len); 384 if (!tmp_out) 385 return -1; 386 _out = tmp_out; 387 } 388 389#ifdef CONFIG_TLS_INTERNAL_CLIENT 390 if (conn->client) { 391 ret = tlsv1_client_prf(conn->client, label, 392 server_random_first, | 400{ 401 int ret = -1, skip = 0; 402 u8 *tmp_out = NULL; 403 u8 *_out = out; 404 405 if (skip_keyblock) { 406 skip = tls_get_keyblock_size(conn); 407 if (skip < 0) 408 return -1; 409 tmp_out = os_malloc(skip + out_len); 410 if (!tmp_out) 411 return -1; 412 _out = tmp_out; 413 } 414 415#ifdef CONFIG_TLS_INTERNAL_CLIENT 416 if (conn->client) { 417 ret = tlsv1_client_prf(conn->client, label, 418 server_random_first, |
393 _out, out_len); | 419 _out, skip + out_len); |
394 } 395#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 396#ifdef CONFIG_TLS_INTERNAL_SERVER 397 if (conn->server) { 398 ret = tlsv1_server_prf(conn->server, label, 399 server_random_first, | 420 } 421#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 422#ifdef CONFIG_TLS_INTERNAL_SERVER 423 if (conn->server) { 424 ret = tlsv1_server_prf(conn->server, label, 425 server_random_first, |
400 _out, out_len); | 426 _out, skip + out_len); |
401 } 402#endif /* CONFIG_TLS_INTERNAL_SERVER */ 403 if (ret == 0 && skip_keyblock) 404 os_memcpy(out, _out + skip, out_len); 405 bin_clear_free(tmp_out, skip); 406 407 return ret; 408} 409 410 | 427 } 428#endif /* CONFIG_TLS_INTERNAL_SERVER */ 429 if (ret == 0 && skip_keyblock) 430 os_memcpy(out, _out + skip, out_len); 431 bin_clear_free(tmp_out, skip); 432 433 return ret; 434} 435 436 |
437int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, 438 const char *label, u8 *out, size_t out_len) 439{ 440 return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len); 441} 442 443 444int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, 445 u8 *out, size_t out_len) 446{ 447 return tls_connection_prf(tls_ctx, conn, "key expansion", 1, 1, out, 448 out_len); 449} 450 451 |
|
411struct wpabuf * tls_connection_handshake(void *tls_ctx, 412 struct tls_connection *conn, 413 const struct wpabuf *in_data, 414 struct wpabuf **appl_data) 415{ 416 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 417 NULL); 418} --- 197 unchanged lines hidden (view full) --- 616#endif /* CONFIG_TLS_INTERNAL_SERVER */ 617 return -1; 618} 619 620 621int tls_get_version(void *ssl_ctx, struct tls_connection *conn, 622 char *buf, size_t buflen) 623{ | 452struct wpabuf * tls_connection_handshake(void *tls_ctx, 453 struct tls_connection *conn, 454 const struct wpabuf *in_data, 455 struct wpabuf **appl_data) 456{ 457 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 458 NULL); 459} --- 197 unchanged lines hidden (view full) --- 657#endif /* CONFIG_TLS_INTERNAL_SERVER */ 658 return -1; 659} 660 661 662int tls_get_version(void *ssl_ctx, struct tls_connection *conn, 663 char *buf, size_t buflen) 664{ |
624 /* TODO */ | 665 if (conn == NULL) 666 return -1; 667#ifdef CONFIG_TLS_INTERNAL_CLIENT 668 if (conn->client) 669 return tlsv1_client_get_version(conn->client, buf, buflen); 670#endif /* CONFIG_TLS_INTERNAL_CLIENT */ |
625 return -1; 626} 627 628 629int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 630 char *buf, size_t buflen) 631{ 632 if (conn == NULL) --- 101 unchanged lines hidden --- | 671 return -1; 672} 673 674 675int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 676 char *buf, size_t buflen) 677{ 678 if (conn == NULL) --- 101 unchanged lines hidden --- |