Lines Matching defs:conn
523 struct tls_connection *conn =
526 conn->read_alerts++;
528 conn->write_alerts++;
788 static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
813 conn->engine = ENGINE_by_id(engine_id);
814 if (!conn->engine) {
819 if (ENGINE_init(conn->engine) != 1) {
828 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
835 conn->private_key = ENGINE_load_private_key(conn->engine,
837 if (!conn->private_key) {
850 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
862 if (conn->engine) {
863 ENGINE_free(conn->engine);
864 conn->engine = NULL;
867 if (conn->private_key) {
868 EVP_PKEY_free(conn->private_key);
869 conn->private_key = NULL;
879 static void tls_engine_deinit(struct tls_connection *conn)
883 if (conn->private_key) {
884 EVP_PKEY_free(conn->private_key);
885 conn->private_key = NULL;
887 if (conn->engine) {
888 ENGINE_finish(conn->engine);
889 conn->engine = NULL;
912 struct tls_connection *conn;
915 conn = os_zalloc(sizeof(*conn));
916 if (conn == NULL)
918 conn->ssl = SSL_new(ssl);
919 if (conn->ssl == NULL) {
922 os_free(conn);
926 SSL_set_app_data(conn->ssl, conn);
937 SSL_set_options(conn->ssl, options);
939 conn->ssl_in = BIO_new(BIO_s_mem());
940 if (!conn->ssl_in) {
943 SSL_free(conn->ssl);
944 os_free(conn);
948 conn->ssl_out = BIO_new(BIO_s_mem());
949 if (!conn->ssl_out) {
952 SSL_free(conn->ssl);
953 BIO_free(conn->ssl_in);
954 os_free(conn);
958 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
960 return conn;
964 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
966 if (conn == NULL)
968 SSL_free(conn->ssl);
969 tls_engine_deinit(conn);
970 os_free(conn->subject_match);
971 os_free(conn->altsubject_match);
972 os_free(conn->session_ticket);
973 os_free(conn);
977 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
979 return conn ? SSL_is_init_finished(conn->ssl) : 0;
983 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
985 if (conn == NULL)
991 SSL_set_quiet_shutdown(conn->ssl, 1);
992 SSL_shutdown(conn->ssl);
1119 static void openssl_tls_fail_event(struct tls_connection *conn,
1143 static void openssl_tls_cert_event(struct tls_connection *conn,
1157 if (conn->cert_probe || tls_global->cert_in_cb) {
1186 struct tls_connection *conn;
1197 conn = SSL_get_app_data(ssl);
1198 if (conn == NULL)
1200 match = conn->subject_match;
1201 altmatch = conn->altsubject_match;
1203 if (!preverify_ok && !conn->ca_cert_verify)
1205 if (!preverify_ok && depth > 0 && conn->server_cert_only)
1207 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
1218 if (preverify_ok && depth == 0 && conn->server_cert_only) {
1232 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1246 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1254 conn->ca_cert_verify, depth, buf);
1259 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1267 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1271 openssl_tls_cert_event(conn, err_cert, depth, buf);
1273 if (conn->cert_probe && preverify_ok && depth == 0) {
1277 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1332 static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
1350 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1351 conn->ca_cert_verify = 1;
1356 conn->cert_probe = 1;
1357 conn->ca_cert_verify = 0;
1375 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
1380 conn->server_cert_only = 1;
1447 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1453 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1487 conn->ca_cert_verify = 0;
1539 static int tls_connection_set_subject_match(struct tls_connection *conn,
1543 os_free(conn->subject_match);
1544 conn->subject_match = NULL;
1546 conn->subject_match = os_strdup(subject_match);
1547 if (conn->subject_match == NULL)
1551 os_free(conn->altsubject_match);
1552 conn->altsubject_match = NULL;
1554 conn->altsubject_match = os_strdup(altsubject_match);
1555 if (conn->altsubject_match == NULL)
1563 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1568 if (conn == NULL)
1572 conn->ca_cert_verify = 1;
1573 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1577 conn->ca_cert_verify = 0;
1578 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1581 SSL_set_accept_state(conn->ssl);
1592 SSL_set_session_id_context(conn->ssl,
1600 static int tls_connection_client_cert(struct tls_connection *conn,
1609 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1632 if (SSL_use_certificate(conn->ssl, x509) == 1)
1641 if (SSL_use_certificate_file(conn->ssl, client_cert,
1648 if (SSL_use_certificate_file(conn->ssl, client_cert,
1831 static int tls_engine_get_cert(struct tls_connection *conn,
1843 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
1861 static int tls_connection_engine_client_cert(struct tls_connection *conn,
1867 if (tls_engine_get_cert(conn, cert_id, &cert))
1870 if (!SSL_use_certificate(conn->ssl, cert)) {
1888 struct tls_connection *conn,
1895 if (tls_engine_get_cert(conn, ca_cert_id, &cert))
1925 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1934 static int tls_connection_engine_private_key(struct tls_connection *conn)
1937 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
1942 if (!SSL_check_private_key(conn->ssl)) {
1957 struct tls_connection *conn,
1982 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
1991 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2000 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2009 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2030 if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
2042 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2050 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2062 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2070 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2090 if (!SSL_check_private_key(conn->ssl)) {
2146 static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
2161 if (conn == NULL)
2207 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2294 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
2299 if (conn == NULL || keys == NULL)
2301 ssl = conn->ssl;
2317 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
2326 openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
2337 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
2346 res = SSL_accept(conn->ssl);
2348 res = SSL_connect(conn->ssl);
2350 int err = SSL_get_error(conn->ssl, res);
2359 conn->failed++;
2364 res = BIO_ctrl_pending(conn->ssl_out);
2370 if (BIO_reset(conn->ssl_out) < 0) {
2376 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
2381 if (BIO_reset(conn->ssl_out) < 0) {
2395 openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
2404 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2407 int err = SSL_get_error(conn->ssl, res);
2430 openssl_connection_handshake(struct tls_connection *conn,
2439 out_data = openssl_handshake(conn, in_data, server);
2443 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2444 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
2451 tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
2455 return openssl_connection_handshake(conn, in_data, appl_data, 0);
2460 struct tls_connection *conn,
2464 return openssl_connection_handshake(conn, in_data, appl_data, 1);
2469 struct tls_connection *conn,
2475 if (conn == NULL)
2479 if ((res = BIO_reset(conn->ssl_in)) < 0 ||
2480 (res = BIO_reset(conn->ssl_out)) < 0) {
2484 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
2495 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
2509 struct tls_connection *conn,
2516 res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
2523 if (BIO_reset(conn->ssl_out) < 0) {
2538 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
2551 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
2553 return conn ? conn->ssl->hit : 0;
2557 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
2564 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2603 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2613 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
2617 if (conn == NULL || conn->ssl == NULL)
2620 name = SSL_get_cipher(conn->ssl);
2630 struct tls_connection *conn)
2632 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
2642 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
2646 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
2650 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
2654 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
2664 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
2666 if (conn == NULL)
2668 return conn->failed;
2672 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
2674 if (conn == NULL)
2676 return conn->read_alerts;
2680 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
2682 if (conn == NULL)
2684 return conn->write_alerts;
2688 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
2694 if (conn == NULL)
2704 ret = tls_engine_init(conn, params->engine_id, params->pin,
2710 if (tls_connection_set_subject_match(conn,
2716 if (tls_connection_engine_ca_cert(tls_ctx, conn,
2719 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
2726 if (tls_connection_engine_client_cert(conn, params->cert_id))
2728 } else if (tls_connection_client_cert(conn, params->client_cert,
2735 if (tls_connection_engine_private_key(conn))
2737 } else if (tls_connection_private_key(tls_ctx, conn,
2747 if (tls_connection_dh(conn, params->dh_file)) {
2753 conn->flags = params->flags;
2793 struct tls_connection *conn)
2798 if (conn == NULL || conn->ssl == NULL ||
2799 conn->ssl->enc_read_ctx == NULL ||
2800 conn->ssl->enc_read_ctx->cipher == NULL ||
2801 conn->ssl->read_hash == NULL)
2804 c = conn->ssl->enc_read_ctx->cipher;
2806 h = EVP_MD_CTX_md(conn->ssl->read_hash);
2808 h = conn->ssl->read_hash;
2832 struct tls_connection *conn = arg;
2835 if (conn == NULL || conn->session_ticket_cb == NULL)
2838 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
2839 conn->session_ticket,
2840 conn->session_ticket_len,
2843 os_free(conn->session_ticket);
2844 conn->session_ticket = NULL;
2858 struct tls_connection *conn = arg;
2860 if (conn == NULL || conn->session_ticket_cb == NULL)
2865 os_free(conn->session_ticket);
2866 conn->session_ticket = NULL;
2871 conn->session_ticket = os_malloc(len);
2872 if (conn->session_ticket == NULL)
2875 os_memcpy(conn->session_ticket, data, len);
2876 conn->session_ticket_len = len;
2885 struct tls_connection *conn = arg;
2887 if (conn == NULL || conn->session_ticket_cb == NULL)
2894 os_free(conn->session_ticket);
2895 conn->session_ticket = NULL;
2899 conn->session_ticket = os_malloc(len);
2900 if (conn->session_ticket == NULL)
2903 os_memcpy(conn->session_ticket, data, len);
2904 conn->session_ticket_len = len;
2910 struct tls_connection *conn = arg;
2912 if (conn == NULL || conn->session_ticket_cb == NULL)
2918 os_free(conn->session_ticket);
2919 conn->session_ticket = NULL;
2924 conn->session_ticket = os_malloc(ext->length);
2925 if (conn->session_ticket == NULL)
2928 os_memcpy(conn->session_ticket, ext->data, ext->length);
2929 conn->session_ticket_len = ext->length;
2940 struct tls_connection *conn,
2945 conn->session_ticket_cb = cb;
2946 conn->session_ticket_cb_ctx = ctx;
2949 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
2950 conn) != 1)
2953 SSL_set_session_ticket_ext_cb(conn->ssl,
2954 tls_session_ticket_ext_cb, conn);
2957 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
2958 SSL_set_tlsext_debug_arg(conn->ssl, conn);
2960 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
2961 conn) != 1)
2966 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
2969 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
2972 SSL_set_tlsext_debug_callback(conn->ssl, NULL);
2973 SSL_set_tlsext_debug_arg(conn->ssl, conn);
2975 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)