1/* 2 * TLS interface functions and an internal TLS implementation 3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file interface functions for hostapd/wpa_supplicant to use the 9 * integrated TLSv1 implementation. 10 */ 11 12#include "includes.h" 13 14#include "common.h" 15#include "tls.h" 16#include "tls/tlsv1_client.h" 17#include "tls/tlsv1_server.h" 18 19 20static int tls_ref_count = 0; 21 22struct tls_global { 23 int server; 24 struct tlsv1_credentials *server_cred; 25 int check_crl; 26 27 void (*event_cb)(void *ctx, enum tls_event ev, 28 union tls_event_data *data); 29 void *cb_ctx; 30 int cert_in_cb; 31}; 32 33struct tls_connection { 34 struct tlsv1_client *client; 35 struct tlsv1_server *server; 36 struct tls_global *global; 37}; 38 39 40void * tls_init(const struct tls_config *conf) 41{ 42 struct tls_global *global; 43 44 if (tls_ref_count == 0) { 45#ifdef CONFIG_TLS_INTERNAL_CLIENT 46 if (tlsv1_client_global_init()) 47 return NULL; 48#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 49#ifdef CONFIG_TLS_INTERNAL_SERVER 50 if (tlsv1_server_global_init()) 51 return NULL; 52#endif /* CONFIG_TLS_INTERNAL_SERVER */ 53 } 54 tls_ref_count++; 55 56 global = os_zalloc(sizeof(*global)); 57 if (global == NULL) 58 return NULL; 59 if (conf) { 60 global->event_cb = conf->event_cb; 61 global->cb_ctx = conf->cb_ctx; 62 global->cert_in_cb = conf->cert_in_cb; 63 } 64 65 return global; 66} 67 68void tls_deinit(void *ssl_ctx) 69{ 70 struct tls_global *global = ssl_ctx; 71 tls_ref_count--; 72 if (tls_ref_count == 0) { 73#ifdef CONFIG_TLS_INTERNAL_CLIENT 74 tlsv1_client_global_deinit(); 75#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 76#ifdef CONFIG_TLS_INTERNAL_SERVER 77 tlsv1_server_global_deinit(); 78#endif /* CONFIG_TLS_INTERNAL_SERVER */ 79 } 80#ifdef CONFIG_TLS_INTERNAL_SERVER 81 tlsv1_cred_free(global->server_cred); 82#endif /* CONFIG_TLS_INTERNAL_SERVER */ 83 os_free(global); 84} 85 86 87int tls_get_errors(void *tls_ctx) 88{ 89 return 0; 90} 91 92 93struct tls_connection * tls_connection_init(void *tls_ctx) 94{ 95 struct tls_connection *conn; 96 struct tls_global *global = tls_ctx; 97 98 conn = os_zalloc(sizeof(*conn)); 99 if (conn == NULL) 100 return NULL; 101 conn->global = global; 102 103#ifdef CONFIG_TLS_INTERNAL_CLIENT 104 if (!global->server) { 105 conn->client = tlsv1_client_init(); 106 if (conn->client == NULL) { 107 os_free(conn); 108 return NULL; 109 } 110 tlsv1_client_set_cb(conn->client, global->event_cb, 111 global->cb_ctx, global->cert_in_cb); 112 } 113#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 114#ifdef CONFIG_TLS_INTERNAL_SERVER 115 if (global->server) { 116 conn->server = tlsv1_server_init(global->server_cred); 117 if (conn->server == NULL) { 118 os_free(conn); 119 return NULL; 120 } 121 } 122#endif /* CONFIG_TLS_INTERNAL_SERVER */ 123 124 return conn; 125} 126 127 128#ifdef CONFIG_TESTING_OPTIONS 129#ifdef CONFIG_TLS_INTERNAL_SERVER 130void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags) 131{ 132 if (conn->server) 133 tlsv1_server_set_test_flags(conn->server, flags); 134} 135#endif /* CONFIG_TLS_INTERNAL_SERVER */ 136#endif /* CONFIG_TESTING_OPTIONS */ 137 138 139void tls_connection_set_log_cb(struct tls_connection *conn, 140 void (*log_cb)(void *ctx, const char *msg), 141 void *ctx) 142{ 143#ifdef CONFIG_TLS_INTERNAL_SERVER 144 if (conn->server) 145 tlsv1_server_set_log_cb(conn->server, log_cb, ctx); 146#endif /* CONFIG_TLS_INTERNAL_SERVER */ 147} 148 149 150void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) 151{ 152 if (conn == NULL) 153 return; 154#ifdef CONFIG_TLS_INTERNAL_CLIENT 155 if (conn->client) 156 tlsv1_client_deinit(conn->client); 157#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 158#ifdef CONFIG_TLS_INTERNAL_SERVER 159 if (conn->server) 160 tlsv1_server_deinit(conn->server); 161#endif /* CONFIG_TLS_INTERNAL_SERVER */ 162 os_free(conn); 163} 164 165 166int tls_connection_established(void *tls_ctx, struct tls_connection *conn) 167{ 168#ifdef CONFIG_TLS_INTERNAL_CLIENT 169 if (conn->client) 170 return tlsv1_client_established(conn->client); 171#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 172#ifdef CONFIG_TLS_INTERNAL_SERVER 173 if (conn->server) 174 return tlsv1_server_established(conn->server); 175#endif /* CONFIG_TLS_INTERNAL_SERVER */ 176 return 0; 177} 178 179 180int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) 181{ 182#ifdef CONFIG_TLS_INTERNAL_CLIENT 183 if (conn->client) 184 return tlsv1_client_shutdown(conn->client); 185#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 186#ifdef CONFIG_TLS_INTERNAL_SERVER 187 if (conn->server) 188 return tlsv1_server_shutdown(conn->server); 189#endif /* CONFIG_TLS_INTERNAL_SERVER */ 190 return -1; 191} 192 193 194int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 195 const struct tls_connection_params *params) 196{ 197#ifdef CONFIG_TLS_INTERNAL_CLIENT 198 struct tlsv1_credentials *cred; 199 200 if (conn->client == NULL) 201 return -1; 202 203 if (params->flags & TLS_CONN_EXT_CERT_CHECK) { 204 wpa_printf(MSG_INFO, 205 "TLS: tls_ext_cert_check=1 not supported"); 206 return -1; 207 } 208 209 cred = tlsv1_cred_alloc(); 210 if (cred == NULL) 211 return -1; 212 213 if (params->subject_match) { 214 wpa_printf(MSG_INFO, "TLS: subject_match not supported"); 215 tlsv1_cred_free(cred); 216 return -1; 217 } 218 219 if (params->altsubject_match) { 220 wpa_printf(MSG_INFO, "TLS: altsubject_match not supported"); 221 tlsv1_cred_free(cred); 222 return -1; 223 } 224 225 if (params->suffix_match) { 226 wpa_printf(MSG_INFO, "TLS: suffix_match not supported"); 227 tlsv1_cred_free(cred); 228 return -1; 229 } 230 231 if (params->domain_match) { 232 wpa_printf(MSG_INFO, "TLS: domain_match not supported"); 233 tlsv1_cred_free(cred); 234 return -1; 235 } 236 237 if (params->openssl_ciphers) { 238 wpa_printf(MSG_INFO, "TLS: openssl_ciphers not supported"); 239 tlsv1_cred_free(cred); 240 return -1; 241 } 242 243 if (tlsv1_set_ca_cert(cred, params->ca_cert, 244 params->ca_cert_blob, params->ca_cert_blob_len, 245 params->ca_path)) { 246 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 247 "certificates"); 248 tlsv1_cred_free(cred); 249 return -1; 250 } 251 252 if (tlsv1_set_cert(cred, params->client_cert, 253 params->client_cert_blob, 254 params->client_cert_blob_len)) { 255 wpa_printf(MSG_INFO, "TLS: Failed to configure client " 256 "certificate"); 257 tlsv1_cred_free(cred); 258 return -1; 259 } 260 261 if (tlsv1_set_private_key(cred, params->private_key, 262 params->private_key_passwd, 263 params->private_key_blob, 264 params->private_key_blob_len)) { 265 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 266 tlsv1_cred_free(cred); 267 return -1; 268 } 269 270 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 271 params->dh_blob_len)) { 272 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 273 tlsv1_cred_free(cred); 274 return -1; 275 } 276 277 if (tlsv1_client_set_cred(conn->client, cred) < 0) { 278 tlsv1_cred_free(cred); 279 return -1; 280 } 281 282 tlsv1_client_set_flags(conn->client, params->flags); 283 284 return 0; 285#else /* CONFIG_TLS_INTERNAL_CLIENT */ 286 return -1; 287#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 288} 289 290 291int tls_global_set_params(void *tls_ctx, 292 const struct tls_connection_params *params) 293{ 294#ifdef CONFIG_TLS_INTERNAL_SERVER 295 struct tls_global *global = tls_ctx; 296 struct tlsv1_credentials *cred; 297 298 /* Currently, global parameters are only set when running in server 299 * mode. */ 300 global->server = 1; 301 tlsv1_cred_free(global->server_cred); 302 global->server_cred = cred = tlsv1_cred_alloc(); 303 if (cred == NULL) 304 return -1; 305 306 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob, 307 params->ca_cert_blob_len, params->ca_path)) { 308 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA " 309 "certificates"); 310 return -1; 311 } 312 313 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob, 314 params->client_cert_blob_len)) { 315 wpa_printf(MSG_INFO, "TLS: Failed to configure server " 316 "certificate"); 317 return -1; 318 } 319 320 if (tlsv1_set_private_key(cred, params->private_key, 321 params->private_key_passwd, 322 params->private_key_blob, 323 params->private_key_blob_len)) { 324 wpa_printf(MSG_INFO, "TLS: Failed to load private key"); 325 return -1; 326 } 327 328 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob, 329 params->dh_blob_len)) { 330 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters"); 331 return -1; 332 } 333 334 if (params->ocsp_stapling_response) 335 cred->ocsp_stapling_response = 336 os_strdup(params->ocsp_stapling_response); 337 if (params->ocsp_stapling_response_multi) 338 cred->ocsp_stapling_response_multi = 339 os_strdup(params->ocsp_stapling_response_multi); 340 341 return 0; 342#else /* CONFIG_TLS_INTERNAL_SERVER */ 343 return -1; 344#endif /* CONFIG_TLS_INTERNAL_SERVER */ 345} 346 347 348int tls_global_set_verify(void *tls_ctx, int check_crl) 349{ 350 struct tls_global *global = tls_ctx; 351 global->check_crl = check_crl; 352 return 0; 353} 354 355 356int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, 357 int verify_peer, unsigned int flags, 358 const u8 *session_ctx, size_t session_ctx_len) 359{ 360#ifdef CONFIG_TLS_INTERNAL_SERVER 361 if (conn->server) 362 return tlsv1_server_set_verify(conn->server, verify_peer); 363#endif /* CONFIG_TLS_INTERNAL_SERVER */ 364 return -1; 365} 366 367 368int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, 369 struct tls_random *data) 370{ 371#ifdef CONFIG_TLS_INTERNAL_CLIENT 372 if (conn->client) 373 return tlsv1_client_get_random(conn->client, data); 374#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 375#ifdef CONFIG_TLS_INTERNAL_SERVER 376 if (conn->server) 377 return tlsv1_server_get_random(conn->server, data); 378#endif /* CONFIG_TLS_INTERNAL_SERVER */ 379 return -1; 380} 381 382 383static int tls_get_keyblock_size(struct tls_connection *conn) 384{ 385#ifdef CONFIG_TLS_INTERNAL_CLIENT 386 if (conn->client) 387 return tlsv1_client_get_keyblock_size(conn->client); 388#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 389#ifdef CONFIG_TLS_INTERNAL_SERVER 390 if (conn->server) 391 return tlsv1_server_get_keyblock_size(conn->server); 392#endif /* CONFIG_TLS_INTERNAL_SERVER */ 393 return -1; 394} 395 396 397static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 398 const char *label, int server_random_first, 399 int skip_keyblock, u8 *out, size_t out_len) 400{ 401 int ret = -1, skip = 0; 402 u8 *tmp_out = NULL; 403 u8 *_out = out; 404 405 if (skip_keyblock) { 406 skip = tls_get_keyblock_size(conn); 407 if (skip < 0) 408 return -1; 409 tmp_out = os_malloc(skip + out_len); 410 if (!tmp_out) 411 return -1; 412 _out = tmp_out; 413 } 414 415#ifdef CONFIG_TLS_INTERNAL_CLIENT 416 if (conn->client) { 417 ret = tlsv1_client_prf(conn->client, label, 418 server_random_first, 419 _out, skip + out_len); 420 } 421#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 422#ifdef CONFIG_TLS_INTERNAL_SERVER 423 if (conn->server) { 424 ret = tlsv1_server_prf(conn->server, label, 425 server_random_first, 426 _out, skip + out_len); 427 } 428#endif /* CONFIG_TLS_INTERNAL_SERVER */ 429 if (ret == 0 && skip_keyblock) 430 os_memcpy(out, _out + skip, out_len); 431 bin_clear_free(tmp_out, skip); 432 433 return ret; 434} 435 436 437int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, 438 const char *label, u8 *out, size_t out_len) 439{ 440 return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len); 441} 442 443 444int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, 445 u8 *out, size_t out_len) 446{ 447 return tls_connection_prf(tls_ctx, conn, "key expansion", 1, 1, out, 448 out_len); 449} 450 451 452struct wpabuf * tls_connection_handshake(void *tls_ctx, 453 struct tls_connection *conn, 454 const struct wpabuf *in_data, 455 struct wpabuf **appl_data) 456{ 457 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data, 458 NULL); 459} 460 461 462struct wpabuf * tls_connection_handshake2(void *tls_ctx, 463 struct tls_connection *conn, 464 const struct wpabuf *in_data, 465 struct wpabuf **appl_data, 466 int *need_more_data) 467{ 468#ifdef CONFIG_TLS_INTERNAL_CLIENT 469 u8 *res, *ad; 470 size_t res_len, ad_len; 471 struct wpabuf *out; 472 473 if (conn->client == NULL) 474 return NULL; 475 476 ad = NULL; 477 res = tlsv1_client_handshake(conn->client, 478 in_data ? wpabuf_head(in_data) : NULL, 479 in_data ? wpabuf_len(in_data) : 0, 480 &res_len, &ad, &ad_len, need_more_data); 481 if (res == NULL) 482 return NULL; 483 out = wpabuf_alloc_ext_data(res, res_len); 484 if (out == NULL) { 485 os_free(res); 486 os_free(ad); 487 return NULL; 488 } 489 if (appl_data) { 490 if (ad) { 491 *appl_data = wpabuf_alloc_ext_data(ad, ad_len); 492 if (*appl_data == NULL) 493 os_free(ad); 494 } else 495 *appl_data = NULL; 496 } else 497 os_free(ad); 498 499 return out; 500#else /* CONFIG_TLS_INTERNAL_CLIENT */ 501 return NULL; 502#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 503} 504 505 506struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 507 struct tls_connection *conn, 508 const struct wpabuf *in_data, 509 struct wpabuf **appl_data) 510{ 511#ifdef CONFIG_TLS_INTERNAL_SERVER 512 u8 *res; 513 size_t res_len; 514 struct wpabuf *out; 515 516 if (conn->server == NULL) 517 return NULL; 518 519 if (appl_data) 520 *appl_data = NULL; 521 522 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data), 523 wpabuf_len(in_data), &res_len); 524 if (res == NULL && tlsv1_server_established(conn->server)) 525 return wpabuf_alloc(0); 526 if (res == NULL) 527 return NULL; 528 out = wpabuf_alloc_ext_data(res, res_len); 529 if (out == NULL) { 530 os_free(res); 531 return NULL; 532 } 533 534 return out; 535#else /* CONFIG_TLS_INTERNAL_SERVER */ 536 return NULL; 537#endif /* CONFIG_TLS_INTERNAL_SERVER */ 538} 539 540 541struct wpabuf * tls_connection_encrypt(void *tls_ctx, 542 struct tls_connection *conn, 543 const struct wpabuf *in_data) 544{ 545#ifdef CONFIG_TLS_INTERNAL_CLIENT 546 if (conn->client) { 547 struct wpabuf *buf; 548 int res; 549 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 550 if (buf == NULL) 551 return NULL; 552 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data), 553 wpabuf_len(in_data), 554 wpabuf_mhead(buf), 555 wpabuf_size(buf)); 556 if (res < 0) { 557 wpabuf_free(buf); 558 return NULL; 559 } 560 wpabuf_put(buf, res); 561 return buf; 562 } 563#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 564#ifdef CONFIG_TLS_INTERNAL_SERVER 565 if (conn->server) { 566 struct wpabuf *buf; 567 int res; 568 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 569 if (buf == NULL) 570 return NULL; 571 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data), 572 wpabuf_len(in_data), 573 wpabuf_mhead(buf), 574 wpabuf_size(buf)); 575 if (res < 0) { 576 wpabuf_free(buf); 577 return NULL; 578 } 579 wpabuf_put(buf, res); 580 return buf; 581 } 582#endif /* CONFIG_TLS_INTERNAL_SERVER */ 583 return NULL; 584} 585 586 587struct wpabuf * tls_connection_decrypt(void *tls_ctx, 588 struct tls_connection *conn, 589 const struct wpabuf *in_data) 590{ 591 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL); 592} 593 594 595struct wpabuf * tls_connection_decrypt2(void *tls_ctx, 596 struct tls_connection *conn, 597 const struct wpabuf *in_data, 598 int *need_more_data) 599{ 600 if (need_more_data) 601 *need_more_data = 0; 602 603#ifdef CONFIG_TLS_INTERNAL_CLIENT 604 if (conn->client) { 605 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data), 606 wpabuf_len(in_data), 607 need_more_data); 608 } 609#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 610#ifdef CONFIG_TLS_INTERNAL_SERVER 611 if (conn->server) { 612 struct wpabuf *buf; 613 int res; 614 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 615 if (buf == NULL) 616 return NULL; 617 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data), 618 wpabuf_len(in_data), 619 wpabuf_mhead(buf), 620 wpabuf_size(buf)); 621 if (res < 0) { 622 wpabuf_free(buf); 623 return NULL; 624 } 625 wpabuf_put(buf, res); 626 return buf; 627 } 628#endif /* CONFIG_TLS_INTERNAL_SERVER */ 629 return NULL; 630} 631 632 633int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) 634{ 635#ifdef CONFIG_TLS_INTERNAL_CLIENT 636 if (conn->client) 637 return tlsv1_client_resumed(conn->client); 638#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 639#ifdef CONFIG_TLS_INTERNAL_SERVER 640 if (conn->server) 641 return tlsv1_server_resumed(conn->server); 642#endif /* CONFIG_TLS_INTERNAL_SERVER */ 643 return -1; 644} 645 646 647int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 648 u8 *ciphers) 649{ 650#ifdef CONFIG_TLS_INTERNAL_CLIENT 651 if (conn->client) 652 return tlsv1_client_set_cipher_list(conn->client, ciphers); 653#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 654#ifdef CONFIG_TLS_INTERNAL_SERVER 655 if (conn->server) 656 return tlsv1_server_set_cipher_list(conn->server, ciphers); 657#endif /* CONFIG_TLS_INTERNAL_SERVER */ 658 return -1; 659} 660 661 662int tls_get_version(void *ssl_ctx, struct tls_connection *conn, 663 char *buf, size_t buflen) 664{ 665 if (conn == NULL) 666 return -1; 667#ifdef CONFIG_TLS_INTERNAL_CLIENT 668 if (conn->client) 669 return tlsv1_client_get_version(conn->client, buf, buflen); 670#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 671 return -1; 672} 673 674 675int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, 676 char *buf, size_t buflen) 677{ 678 if (conn == NULL) 679 return -1; 680#ifdef CONFIG_TLS_INTERNAL_CLIENT 681 if (conn->client) 682 return tlsv1_client_get_cipher(conn->client, buf, buflen); 683#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 684#ifdef CONFIG_TLS_INTERNAL_SERVER 685 if (conn->server) 686 return tlsv1_server_get_cipher(conn->server, buf, buflen); 687#endif /* CONFIG_TLS_INTERNAL_SERVER */ 688 return -1; 689} 690 691 692int tls_connection_enable_workaround(void *tls_ctx, 693 struct tls_connection *conn) 694{ 695 return -1; 696} 697 698 699int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, 700 int ext_type, const u8 *data, 701 size_t data_len) 702{ 703#ifdef CONFIG_TLS_INTERNAL_CLIENT 704 if (conn->client) { 705 return tlsv1_client_hello_ext(conn->client, ext_type, 706 data, data_len); 707 } 708#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 709 return -1; 710} 711 712 713int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) 714{ 715 return 0; 716} 717 718 719int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) 720{ 721 return 0; 722} 723 724 725int tls_connection_get_write_alerts(void *tls_ctx, 726 struct tls_connection *conn) 727{ 728 return 0; 729} 730 731 732int tls_connection_set_session_ticket_cb(void *tls_ctx, 733 struct tls_connection *conn, 734 tls_session_ticket_cb cb, 735 void *ctx) 736{ 737#ifdef CONFIG_TLS_INTERNAL_CLIENT 738 if (conn->client) { 739 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx); 740 return 0; 741 } 742#endif /* CONFIG_TLS_INTERNAL_CLIENT */ 743#ifdef CONFIG_TLS_INTERNAL_SERVER 744 if (conn->server) { 745 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx); 746 return 0; 747 } 748#endif /* CONFIG_TLS_INTERNAL_SERVER */ 749 return -1; 750} 751 752 753int tls_get_library_version(char *buf, size_t buf_len) 754{ 755 return os_snprintf(buf, buf_len, "internal"); 756} 757 758 759void tls_connection_set_success_data(struct tls_connection *conn, 760 struct wpabuf *data) 761{ 762} 763 764 765void tls_connection_set_success_data_resumed(struct tls_connection *conn) 766{ 767} 768 769 770const struct wpabuf * 771tls_connection_get_success_data(struct tls_connection *conn) 772{ 773 return NULL; 774} 775 776 777void tls_connection_remove_session(struct tls_connection *conn) 778{ 779} 780