Lines Matching refs:conn
535 struct tls_connection *conn =
538 conn->read_alerts++;
540 conn->write_alerts++;
813 static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
838 conn->engine = ENGINE_by_id(engine_id);
839 if (!conn->engine) {
844 if (ENGINE_init(conn->engine) != 1) {
853 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
860 conn->private_key = ENGINE_load_private_key(conn->engine,
862 if (!conn->private_key) {
875 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
887 if (conn->engine) {
888 ENGINE_free(conn->engine);
889 conn->engine = NULL;
892 if (conn->private_key) {
893 EVP_PKEY_free(conn->private_key);
894 conn->private_key = NULL;
904 static void tls_engine_deinit(struct tls_connection *conn)
908 if (conn->private_key) {
909 EVP_PKEY_free(conn->private_key);
910 conn->private_key = NULL;
912 if (conn->engine) {
913 ENGINE_finish(conn->engine);
914 conn->engine = NULL;
937 struct tls_connection *conn;
940 conn = os_zalloc(sizeof(*conn));
941 if (conn == NULL)
943 conn->ssl = SSL_new(ssl);
944 if (conn->ssl == NULL) {
947 os_free(conn);
951 SSL_set_app_data(conn->ssl, conn);
962 SSL_set_options(conn->ssl, options);
964 conn->ssl_in = BIO_new(BIO_s_mem());
965 if (!conn->ssl_in) {
968 SSL_free(conn->ssl);
969 os_free(conn);
973 conn->ssl_out = BIO_new(BIO_s_mem());
974 if (!conn->ssl_out) {
977 SSL_free(conn->ssl);
978 BIO_free(conn->ssl_in);
979 os_free(conn);
983 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
985 return conn;
989 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
991 if (conn == NULL)
993 SSL_free(conn->ssl);
994 tls_engine_deinit(conn);
995 os_free(conn->subject_match);
996 os_free(conn->altsubject_match);
997 os_free(conn->session_ticket);
998 os_free(conn);
1002 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
1004 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1008 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
1010 if (conn == NULL)
1016 SSL_set_quiet_shutdown(conn->ssl, 1);
1017 SSL_shutdown(conn->ssl);
1144 static void openssl_tls_fail_event(struct tls_connection *conn,
1168 static void openssl_tls_cert_event(struct tls_connection *conn,
1182 if (conn->cert_probe || tls_global->cert_in_cb) {
1211 struct tls_connection *conn;
1222 conn = SSL_get_app_data(ssl);
1223 if (conn == NULL)
1225 match = conn->subject_match;
1226 altmatch = conn->altsubject_match;
1228 if (!preverify_ok && !conn->ca_cert_verify)
1230 if (!preverify_ok && depth > 0 && conn->server_cert_only)
1232 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
1243 if (preverify_ok && depth == 0 && conn->server_cert_only) {
1257 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1271 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1279 conn->ca_cert_verify, depth, buf);
1284 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1292 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1296 openssl_tls_cert_event(conn, err_cert, depth, buf);
1298 if (conn->cert_probe && preverify_ok && depth == 0) {
1302 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1348 static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
1366 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1367 conn->ca_cert_verify = 1;
1372 conn->cert_probe = 1;
1373 conn->ca_cert_verify = 0;
1391 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
1396 conn->server_cert_only = 1;
1463 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1469 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1503 conn->ca_cert_verify = 0;
1555 static int tls_connection_set_subject_match(struct tls_connection *conn,
1559 os_free(conn->subject_match);
1560 conn->subject_match = NULL;
1562 conn->subject_match = os_strdup(subject_match);
1563 if (conn->subject_match == NULL)
1567 os_free(conn->altsubject_match);
1568 conn->altsubject_match = NULL;
1570 conn->altsubject_match = os_strdup(altsubject_match);
1571 if (conn->altsubject_match == NULL)
1579 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1584 if (conn == NULL)
1588 conn->ca_cert_verify = 1;
1589 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1593 conn->ca_cert_verify = 0;
1594 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1597 SSL_set_accept_state(conn->ssl);
1608 SSL_set_session_id_context(conn->ssl,
1616 static int tls_connection_client_cert(struct tls_connection *conn,
1625 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1648 if (SSL_use_certificate(conn->ssl, x509) == 1)
1657 if (SSL_use_certificate_file(conn->ssl, client_cert,
1664 if (SSL_use_certificate_file(conn->ssl, client_cert,
1847 static int tls_engine_get_cert(struct tls_connection *conn,
1859 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
1877 static int tls_connection_engine_client_cert(struct tls_connection *conn,
1883 if (tls_engine_get_cert(conn, cert_id, &cert))
1886 if (!SSL_use_certificate(conn->ssl, cert)) {
1904 struct tls_connection *conn,
1911 if (tls_engine_get_cert(conn, ca_cert_id, &cert))
1941 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1942 conn->ca_cert_verify = 1;
1952 static int tls_connection_engine_private_key(struct tls_connection *conn)
1955 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
1960 if (!SSL_check_private_key(conn->ssl)) {
1975 struct tls_connection *conn,
2000 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
2009 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2018 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2027 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2048 if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
2060 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2068 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2080 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2088 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2108 if (!SSL_check_private_key(conn->ssl)) {
2164 static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
2179 if (conn == NULL)
2225 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2312 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
2322 if (conn == NULL || keys == NULL)
2324 ssl = conn->ssl;
2341 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
2347 if (conn == NULL)
2351 ssl = conn->ssl;
2363 openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
2374 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
2383 res = SSL_accept(conn->ssl);
2385 res = SSL_connect(conn->ssl);
2387 int err = SSL_get_error(conn->ssl, res);
2396 conn->failed++;
2401 res = BIO_ctrl_pending(conn->ssl_out);
2407 if (BIO_reset(conn->ssl_out) < 0) {
2413 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
2418 if (BIO_reset(conn->ssl_out) < 0) {
2432 openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
2441 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2444 int err = SSL_get_error(conn->ssl, res);
2467 openssl_connection_handshake(struct tls_connection *conn,
2476 out_data = openssl_handshake(conn, in_data, server);
2480 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2481 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
2488 tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
2492 return openssl_connection_handshake(conn, in_data, appl_data, 0);
2497 struct tls_connection *conn,
2501 return openssl_connection_handshake(conn, in_data, appl_data, 1);
2506 struct tls_connection *conn,
2512 if (conn == NULL)
2516 if ((res = BIO_reset(conn->ssl_in)) < 0 ||
2517 (res = BIO_reset(conn->ssl_out)) < 0) {
2521 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
2532 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
2546 struct tls_connection *conn,
2553 res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
2560 if (BIO_reset(conn->ssl_out) < 0) {
2575 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
2588 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
2590 return conn ? conn->ssl->hit : 0;
2594 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
2601 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2640 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2650 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
2654 if (conn == NULL || conn->ssl == NULL)
2657 name = SSL_get_cipher(conn->ssl);
2667 struct tls_connection *conn)
2669 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
2679 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
2683 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
2687 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
2691 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
2701 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
2703 if (conn == NULL)
2705 return conn->failed;
2709 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
2711 if (conn == NULL)
2713 return conn->read_alerts;
2717 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
2719 if (conn == NULL)
2721 return conn->write_alerts;
2725 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
2731 if (conn == NULL)
2741 ret = tls_engine_init(conn, params->engine_id, params->pin,
2747 if (tls_connection_set_subject_match(conn,
2753 if (tls_connection_engine_ca_cert(tls_ctx, conn,
2756 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
2763 if (tls_connection_engine_client_cert(conn, params->cert_id))
2765 } else if (tls_connection_client_cert(conn, params->client_cert,
2772 if (tls_connection_engine_private_key(conn))
2774 } else if (tls_connection_private_key(tls_ctx, conn,
2784 if (tls_connection_dh(conn, params->dh_file)) {
2792 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
2794 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
2797 conn->flags = params->flags;
2844 struct tls_connection *conn)
2850 if (conn == NULL || conn->ssl == NULL ||
2851 conn->ssl->enc_read_ctx == NULL ||
2852 conn->ssl->enc_read_ctx->cipher == NULL ||
2853 conn->ssl->read_hash == NULL)
2856 c = conn->ssl->enc_read_ctx->cipher;
2858 h = EVP_MD_CTX_md(conn->ssl->read_hash);
2860 h = conn->ssl->read_hash;
2865 else if (conn->ssl->s3)
2866 md_size = conn->ssl->s3->tmp.new_mac_secret_size;
2895 struct tls_connection *conn = arg;
2898 if (conn == NULL || conn->session_ticket_cb == NULL)
2901 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
2902 conn->session_ticket,
2903 conn->session_ticket_len,
2906 os_free(conn->session_ticket);
2907 conn->session_ticket = NULL;
2921 struct tls_connection *conn = arg;
2923 if (conn == NULL || conn->session_ticket_cb == NULL)
2928 os_free(conn->session_ticket);
2929 conn->session_ticket = NULL;
2934 conn->session_ticket = os_malloc(len);
2935 if (conn->session_ticket == NULL)
2938 os_memcpy(conn->session_ticket, data, len);
2939 conn->session_ticket_len = len;
2948 struct tls_connection *conn = arg;
2950 if (conn == NULL || conn->session_ticket_cb == NULL)
2957 os_free(conn->session_ticket);
2958 conn->session_ticket = NULL;
2962 conn->session_ticket = os_malloc(len);
2963 if (conn->session_ticket == NULL)
2966 os_memcpy(conn->session_ticket, data, len);
2967 conn->session_ticket_len = len;
2973 struct tls_connection *conn = arg;
2975 if (conn == NULL || conn->session_ticket_cb == NULL)
2981 os_free(conn->session_ticket);
2982 conn->session_ticket = NULL;
2987 conn->session_ticket = os_malloc(ext->length);
2988 if (conn->session_ticket == NULL)
2991 os_memcpy(conn->session_ticket, ext->data, ext->length);
2992 conn->session_ticket_len = ext->length;
3003 struct tls_connection *conn,
3008 conn->session_ticket_cb = cb;
3009 conn->session_ticket_cb_ctx = ctx;
3012 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
3013 conn) != 1)
3016 SSL_set_session_ticket_ext_cb(conn->ssl,
3017 tls_session_ticket_ext_cb, conn);
3020 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
3021 SSL_set_tlsext_debug_arg(conn->ssl, conn);
3023 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
3024 conn) != 1)
3029 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
3032 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
3035 SSL_set_tlsext_debug_callback(conn->ssl, NULL);
3036 SSL_set_tlsext_debug_arg(conn->ssl, conn);
3038 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)