Lines Matching refs:ssl
19 #include <openssl/ssl.h>
78 static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
81 if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
83 os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
88 static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
91 if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
93 os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
222 SSL_CTX *ssl;
236 SSL *ssl;
553 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
621 if (!SSL_use_certificate(ssl, cert)) {
635 if (!SSL_use_RSAPrivateKey(ssl, rsa))
654 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
723 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
731 static void ssl_info_cb(const SSL *ssl, int where, int ret)
747 str, SSL_state_string_long(ssl));
749 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
774 SSL_state_string_long(ssl));
954 SSL_CTX *ssl;
1024 ssl = SSL_CTX_new(SSLv23_method());
1026 ssl = NULL;
1027 if (ssl == NULL) {
1038 data->ssl = ssl;
1044 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
1045 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
1052 SSL_CTX_clear_mode(ssl, SSL_MODE_NO_AUTO_CHAIN);
1055 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
1056 SSL_CTX_set_app_data(ssl, context);
1058 SSL_CTX_set_quiet_shutdown(ssl, 1);
1063 SSL_CTX_set_session_id_context(ssl, (u8 *) "hostapd", 7);
1064 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_SERVER);
1065 SSL_CTX_set_timeout(ssl, data->tls_session_lifetime);
1066 SSL_CTX_sess_set_remove_cb(ssl, remove_session_cb);
1068 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
1100 if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) {
1115 SSL_CTX *ssl = data->ssl;
1116 struct tls_context *context = SSL_CTX_get_app_data(ssl);
1120 SSL_CTX_flush_sessions(ssl, 0);
1122 SSL_CTX_free(ssl);
1443 static void check_server_key_exchange(SSL *ssl, struct tls_connection *conn,
1490 const void *buf, size_t len, SSL *ssl, void *arg)
1525 check_server_key_exchange(ssl, conn, pos + 1, pos + len);
1533 SSL_CTX *ssl = data->ssl;
1538 struct tls_context *context = SSL_CTX_get_app_data(ssl);
1553 SSL_CTX_set_cert_store(ssl, new_cert_store);
1562 conn->ssl_ctx = ssl;
1563 conn->ssl = SSL_new(ssl);
1564 if (conn->ssl == NULL) {
1572 SSL_set_app_data(conn->ssl, conn);
1573 SSL_set_msg_callback(conn->ssl, tls_msg_cb);
1574 SSL_set_msg_callback_arg(conn->ssl, conn);
1580 SSL_set_options(conn->ssl, options);
1584 SSL_clear_options(conn->ssl, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
1591 SSL_free(conn->ssl);
1600 SSL_free(conn->ssl);
1606 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1621 SSL_set_quiet_shutdown(conn->ssl, 1);
1622 SSL_shutdown(conn->ssl);
1624 SSL_free(conn->ssl);
1638 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1675 SSL_set_quiet_shutdown(conn->ssl, 1);
1676 SSL_shutdown(conn->ssl);
1677 return SSL_clear(conn->ssl) == 1 ? 0 : -1;
2302 SSL *ssl;
2315 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
2319 conn = SSL_get_app_data(ssl);
2520 res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert,
2552 SSL_CTX *ssl_ctx = data->ssl;
2587 SSL_CTX *ssl_ctx = data->ssl;
2602 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2696 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2725 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2731 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
2774 SSL_CTX *ssl_ctx = data->ssl;
2807 X509_STORE *cs = SSL_CTX_get_cert_store(data->ssl);
2880 static int suiteb_cert_cb(SSL *ssl, void *arg)
2913 SSL *ssl = conn->ssl;
2917 SSL_set_options(ssl, SSL_OP_NO_TICKET);
2919 SSL_clear_options(ssl, SSL_OP_NO_TICKET);
2924 SSL_set_options(ssl, SSL_OP_NO_TLSv1);
2926 SSL_clear_options(ssl, SSL_OP_NO_TLSv1);
2930 SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
2932 SSL_clear_options(ssl, SSL_OP_NO_TLSv1_1);
2936 SSL_set_options(ssl, SSL_OP_NO_TLSv1_2);
2938 SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2);
2942 SSL_set_options(ssl, SSL_OP_NO_TLSv1_3);
2944 SSL_clear_options(ssl, SSL_OP_NO_TLSv1_3);
2970 if (SSL_set_min_proto_version(ssl, version) != 1) {
2993 if (SSL_set_cipher_list(ssl, ciphers) != 1) {
3010 if (SSL_set_cipher_list(ssl, ciphers) != 1) {
3016 if (SSL_set1_curves(ssl, nid, 1) != 1) {
3023 if (!ecdh || SSL_set_tmp_ecdh(ssl, ecdh) != 1) {
3043 if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
3050 SSL_set_options(ssl, SSL_OP_NO_TLSv1);
3051 SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
3052 SSL_set_cert_cb(ssl, suiteb_cert_cb, conn);
3067 if (SSL_set1_curves(ssl, nid, 1) != 1) {
3082 openssl_ciphers && SSL_set_cipher_list(ssl, openssl_ciphers) != 1) {
3090 if (openssl_ciphers && SSL_set_cipher_list(ssl, openssl_ciphers) != 1) {
3119 SSL_set_security_level(conn->ssl, 0);
3125 if (SSL_set_cipher_list(conn->ssl, cs) != 1) {
3148 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
3153 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
3160 SSL_set_accept_state(conn->ssl);
3169 SSL_set_session_id_context(conn->ssl,
3173 SSL_set_session_id_context(conn->ssl, session_ctx,
3201 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
3223 if (SSL_use_certificate(conn->ssl, x509) == 1)
3233 SSL_add0_chain_cert(conn->ssl, x509);
3244 if (SSL_use_certificate_file(conn->ssl, client_cert,
3253 if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
3260 if (SSL_use_certificate_file(conn->ssl, client_cert,
3283 SSL_CTX *ssl_ctx = data->ssl;
3308 static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
3335 if (ssl) {
3336 if (SSL_use_certificate(ssl, cert) != 1)
3339 if (SSL_CTX_use_certificate(data->ssl, cert) != 1)
3347 if (ssl) {
3348 if (SSL_use_PrivateKey(ssl, pkey) != 1)
3351 if (SSL_CTX_use_PrivateKey(data->ssl, pkey) != 1)
3359 if (ssl)
3360 SSL_clear_chain_certs(ssl);
3362 SSL_CTX_clear_chain_certs(data->ssl);
3368 if ((ssl && SSL_add1_chain_cert(ssl, cert) != 1) ||
3369 (!ssl && SSL_CTX_add1_chain_cert(data->ssl,
3384 if (ssl)
3386 ssl,
3391 data->ssl,
3408 SSL_CTX_clear_extra_chain_certs(data->ssl);
3418 if (SSL_CTX_add_extra_chain_cert(data->ssl, cert) != 1)
3439 static int tls_read_pkcs12(struct tls_data *data, SSL *ssl,
3459 return tls_parse_pkcs12(data, ssl, p12, passwd);
3469 static int tls_read_pkcs12_blob(struct tls_data *data, SSL *ssl,
3482 return tls_parse_pkcs12(data, ssl, p12, passwd);
3536 if (!SSL_use_certificate(conn->ssl, cert)) {
3559 SSL_CTX *ssl_ctx = data->ssl;
3592 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
3606 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
3611 if (!SSL_check_private_key(conn->ssl)) {
3636 static int tls_use_private_key_file(struct tls_data *data, SSL *ssl,
3669 if (ssl)
3670 ret = SSL_use_PrivateKey(ssl, pkey);
3672 ret = SSL_CTX_use_PrivateKey(data->ssl, pkey);
3697 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
3706 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
3715 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
3724 if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
3737 if (tls_use_private_key_file(data, conn->ssl, private_key,
3743 if (tls_read_pkcs12(data, conn->ssl, private_key,
3751 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
3768 if (!SSL_check_private_key(conn->ssl)) {
3783 SSL_CTX *ssl_ctx = data->ssl;
3869 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
3891 SSL_CTX *ssl_ctx = data->ssl;
3960 SSL *ssl;
3964 ssl = conn->ssl;
3965 if (ssl == NULL)
3971 ssl, conn->client_random, sizeof(conn->client_random));
3974 ssl, conn->server_random, sizeof(conn->server_random));
3981 static int openssl_get_keyblock_size(SSL *ssl)
3990 if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL ||
3991 ssl->read_hash == NULL)
3994 c = ssl->enc_read_ctx->cipher;
3995 h = EVP_MD_CTX_md(ssl->read_hash);
3998 else if (ssl->s3)
3999 md_size = ssl->s3->tmp.new_mac_secret_size;
4015 ssl_cipher = SSL_get_current_cipher(ssl);
4045 SSL_export_keying_material(conn->ssl, out, out_len, label,
4057 SSL *ssl;
4078 ssl = conn->ssl;
4079 if (ssl == NULL)
4081 ver = SSL_get_version(ssl);
4082 sess = SSL_get_session(ssl);
4086 skip = openssl_get_keyblock_size(ssl);
4100 SSL_get_client_random(ssl, client_random, sizeof(client_random));
4101 SSL_get_server_random(ssl, server_random, sizeof(server_random));
4153 res = SSL_accept(conn->ssl);
4155 res = SSL_connect(conn->ssl);
4157 int err = SSL_get_error(conn->ssl, res);
4186 os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
4260 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
4263 int err = SSL_get_error(conn->ssl, res);
4304 if (SSL_is_init_finished(conn->ssl)) {
4314 if (SSL_get_shared_ciphers(conn->ssl, buf,
4378 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
4432 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
4453 return conn ? SSL_session_reused(conn->ssl) : 0;
4464 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
4520 SSL_set_security_level(conn->ssl, 0);
4521 } else if (SSL_get_security_level(conn->ssl) == 0) {
4523 SSL_set_security_level(conn->ssl, 1);
4528 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
4542 if (conn == NULL || conn->ssl == NULL)
4545 name = SSL_get_version(conn->ssl);
4558 if (conn == NULL || conn->ssl == NULL)
4561 name = SSL_get_cipher(conn->ssl);
4573 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
4587 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
4590 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
4950 if (SSL_set_ssl_method(conn->ssl, TLSv1_method()) != 1) {
4964 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
5038 if (ciphers && SSL_set_cipher_list(conn->ssl, ciphers) != 1) {
5050 if (SSL_set_ecdh_auto(conn->ssl, 1) != 1) {
5065 if (SSL_set1_curves_list(conn->ssl,
5085 SSL_enable_ocsp_stapling(conn->ssl);
5090 SSL_CTX *ssl_ctx = data->ssl;
5091 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
5118 SSL *ssl;
5121 ssl = SSL_new(ssl_ctx);
5122 if (!ssl)
5130 cipher = SSL_get_cipher_list(ssl, i);
5136 SSL_free(ssl);
5228 SSL_CTX *ssl_ctx = data->ssl;
5421 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
5424 SSL_set_session_ticket_ext_cb(conn->ssl,
5427 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
5429 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
5461 sess = SSL_get_session(conn->ssl);
5497 !(sess = SSL_get_session(conn->ssl)))
5507 sess = SSL_get_session(conn->ssl);
5525 reused = SSL_session_reused(conn->ssl);
5527 len = SSL_get_peer_finished(conn->ssl, buf, max_len);
5529 len = SSL_get_finished(conn->ssl, buf, max_len);
5542 cipher = SSL_get_current_cipher(conn->ssl);