23 #include <openssl/ssl.h>
63 	SSL *ssl;
319 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
386 	if (!SSL_use_certificate(ssl, cert)) {
400 	if (!SSL_use_RSAPrivateKey(ssl, rsa))
419 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
486 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
494 static void ssl_info_cb(const SSL *ssl, int where, int ret)
510 			   str, SSL_state_string_long(ssl));
520 				SSL_get_app_data((SSL *) ssl);
529 			   SSL_state_string_long(ssl));
681 	SSL_CTX *ssl;
736 	ssl = SSL_CTX_new(TLSv1_method());
737 	if (ssl == NULL)
740 	SSL_CTX_set_info_callback(ssl, ssl_info_cb);
753 			tls_deinit(ssl);
759 	return ssl;
765 	SSL_CTX *ssl = ssl_ctx;
766 	SSL_CTX_free(ssl);
899 	SSL_CTX *ssl = ssl_ctx;
906 	conn->ssl = SSL_new(ssl);
907 	if (conn->ssl == NULL) {
914 	SSL_set_app_data(conn->ssl, conn);
920 	SSL_set_options(conn->ssl, options);
926 		SSL_free(conn->ssl);
935 		SSL_free(conn->ssl);
941 	SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
951 	SSL_free(conn->ssl);
962 	return conn ? SSL_is_init_finished(conn->ssl) : 0;
974 	SSL_set_quiet_shutdown(conn->ssl, 1);
975 	SSL_shutdown(conn->ssl);
1168 	SSL *ssl;
1176 	ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1180 	conn = SSL_get_app_data(ssl);
1311 	SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1384 	if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1504 		SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1509 		SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1512 	SSL_set_accept_state(conn->ssl);
1523 	SSL_set_session_id_context(conn->ssl,
1540 	    SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1554 	if (SSL_use_certificate_file(conn->ssl, client_cert,
1564 	if (SSL_use_certificate_file(conn->ssl, client_cert,
1616 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
1641 		if (ssl) {
1642 			if (SSL_use_certificate(ssl, cert) != 1)
1653 		if (ssl) {
1654 			if (SSL_use_PrivateKey(ssl, pkey) != 1)
1691 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
1711 	return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1721 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
1734 	return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1784 	if (!SSL_use_certificate(conn->ssl, cert)) {
1839 	SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1851 	if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
1856 	if (!SSL_check_private_key(conn->ssl)) {
1896 		if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
1909 		if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
1922 		if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
1934 		if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
1947 		if (SSL_use_PrivateKey_file(conn->ssl, private_key,
1959 		if (SSL_use_PrivateKey_file(conn->ssl, private_key,
1975 		if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
1983 		if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2003 	if (!SSL_check_private_key(conn->ssl)) {
2120 	if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2210 	SSL *ssl;
2214 	ssl = conn->ssl;
2215 	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
2219 	keys->master_key = ssl->session->master_key;
2220 	keys->master_key_len = ssl->session->master_key_length;
2221 	keys->client_random = ssl->s3->client_random;
2223 	keys->server_random = ssl->s3->server_random;
2259 		res = SSL_accept(conn->ssl);
2261 		res = SSL_connect(conn->ssl);
2263 		int err = SSL_get_error(conn->ssl, res);
2317 	res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2320 		int err = SSL_get_error(conn->ssl, res);
2356 	if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2397 	res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
2451 	res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
2466 	return conn ? conn->ssl->hit : 0;
2477 	if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2516 	if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2530 	if (conn == NULL || conn->ssl == NULL)
2533 	name = SSL_get_cipher(conn->ssl);
2545 	SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
2559 	if (conn == NULL || conn->ssl == NULL || ext_type != 35)
2563 	if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
2567 	if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
2709 	if (conn == NULL || conn->ssl == NULL ||
2710 	    conn->ssl->enc_read_ctx == NULL ||
2711 	    conn->ssl->enc_read_ctx->cipher == NULL ||
2712 	    conn->ssl->read_hash == NULL)
2715 	c = conn->ssl->enc_read_ctx->cipher;
2717 	h = EVP_MD_CTX_md(conn->ssl->read_hash);
2719 	h = conn->ssl->read_hash;
2889 		if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
2893 		SSL_set_session_ticket_ext_cb(conn->ssl,
2897 		SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
2898 		SSL_set_tlsext_debug_arg(conn->ssl, conn);
2900 		if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
2906 		if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
2909 		SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
2912 		SSL_set_tlsext_debug_callback(conn->ssl, NULL);
2913 		SSL_set_tlsext_debug_arg(conn->ssl, conn);
2915 		if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)

Indexes created Fri Jun 21 18:57:21 MDT 2024