Lines Matching +defs:ssl +defs:rsa
27 #include <openssl/ssl.h>
88 static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
91 if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
93 os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
98 static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
101 if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
103 os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
228 SSL_CTX *ssl;
243 SSL *ssl;
393 unsigned char *to, RSA *rsa, int padding)
401 unsigned char *to, RSA *rsa, int padding)
409 unsigned char *to, RSA *rsa, int padding)
412 (struct cryptoapi_rsa_data *) rsa->meth->app_data;
463 len = RSA_size(rsa);
488 unsigned char *to, RSA *rsa, int padding)
507 static int cryptoapi_finish(RSA *rsa)
509 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
510 os_free((void *) rsa->meth);
511 rsa->meth = NULL;
562 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
565 RSA *rsa = NULL, *pub_rsa;
623 rsa = RSA_new();
624 if (rsa == NULL) {
630 if (!SSL_use_certificate(ssl, cert)) {
631 RSA_free(rsa);
632 rsa = NULL;
635 pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
639 rsa->n = BN_dup(pub_rsa->n);
640 rsa->e = BN_dup(pub_rsa->e);
641 if (!RSA_set_method(rsa, rsa_meth))
644 if (!SSL_use_RSAPrivateKey(ssl, rsa))
646 RSA_free(rsa);
653 if (rsa)
654 RSA_free(rsa);
663 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
732 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
740 static void ssl_info_cb(const SSL *ssl, int where, int ret)
756 str, SSL_state_string_long(ssl));
758 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
783 SSL_state_string_long(ssl));
995 SSL_CTX *ssl;
1087 ssl = SSL_CTX_new(SSLv23_method());
1089 ssl = NULL;
1090 if (ssl == NULL) {
1101 data->ssl = ssl;
1107 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
1108 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
1110 SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
1117 SSL_CTX_clear_mode(ssl, SSL_MODE_NO_AUTO_CHAIN);
1120 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
1121 SSL_CTX_set_app_data(ssl, context);
1123 SSL_CTX_set_quiet_shutdown(ssl, 1);
1128 SSL_CTX_set_session_id_context(ssl, (u8 *) "hostapd", 7);
1129 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_SERVER);
1130 SSL_CTX_set_timeout(ssl, data->tls_session_lifetime);
1131 SSL_CTX_sess_set_remove_cb(ssl, remove_session_cb);
1136 SSL_CTX_set_num_tickets(ssl, 1);
1139 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
1143 SSL_CTX_set_num_tickets(ssl, 0);
1174 if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) {
1189 SSL_CTX *ssl = data->ssl;
1190 struct tls_context *context = SSL_CTX_get_app_data(ssl);
1195 SSL_CTX_flush_sessions(ssl, 0);
1210 SSL_CTX_free(ssl);
1530 static void check_server_key_exchange(SSL *ssl, struct tls_connection *conn,
1577 const void *buf, size_t len, SSL *ssl, void *arg)
1583 if ((SSL_version(ssl) == TLS1_VERSION ||
1584 SSL_version(ssl) == TLS1_1_VERSION) &&
1585 SSL_get_security_level(ssl) > 0) {
1588 SSL_set_security_level(ssl, 0);
1621 check_server_key_exchange(ssl, conn, pos + 1, pos + len);
1646 static void tls_keylog_cb(const SSL *ssl, const char *line)
1686 SSL_CTX *ssl = data->ssl;
1691 struct tls_context *context = SSL_CTX_get_app_data(ssl);
1706 SSL_CTX_set_cert_store(ssl, new_cert_store);
1715 conn->ssl_ctx = ssl;
1716 conn->ssl = SSL_new(ssl);
1717 if (conn->ssl == NULL) {
1725 SSL_set_app_data(conn->ssl, conn);
1726 SSL_set_msg_callback(conn->ssl, tls_msg_cb);
1727 SSL_set_msg_callback_arg(conn->ssl, conn);
1733 SSL_set_options(conn->ssl, options);
1737 SSL_clear_options(conn->ssl, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
1752 SSL_free(conn->ssl);
1761 SSL_free(conn->ssl);
1767 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1782 SSL_set_quiet_shutdown(conn->ssl, 1);
1783 SSL_shutdown(conn->ssl);
1785 SSL_free(conn->ssl);
1800 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1837 SSL_set_quiet_shutdown(conn->ssl, 1);
1838 SSL_shutdown(conn->ssl);
1839 return SSL_clear(conn->ssl) == 1 ? 0 : -1;
2499 SSL *ssl;
2512 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
2518 conn = SSL_get_app_data(ssl);
2714 res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert,
2751 SSL_CTX *ssl_ctx = data->ssl;
2786 SSL_CTX *ssl_ctx = data->ssl;
2801 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2895 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2924 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2930 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
2973 SSL_CTX *ssl_ctx = data->ssl;
3006 X509_STORE *cs = SSL_CTX_get_cert_store(data->ssl);
3078 static int suiteb_cert_cb(SSL *ssl, void *arg)
3110 SSL *ssl = conn->ssl;
3114 SSL_set_options(ssl, SSL_OP_NO_TICKET);
3116 SSL_clear_options(ssl, SSL_OP_NO_TICKET);
3121 SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
3126 SSL_set_options(ssl, SSL_OP_NO_TLSv1);
3128 SSL_clear_options(ssl, SSL_OP_NO_TLSv1);
3132 SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
3134 SSL_clear_options(ssl, SSL_OP_NO_TLSv1_1);
3138 SSL_set_options(ssl, SSL_OP_NO_TLSv1_2);
3140 SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2);
3144 SSL_set_options(ssl, SSL_OP_NO_TLSv1_3);
3146 SSL_clear_options(ssl, SSL_OP_NO_TLSv1_3);
3168 if (SSL_set_min_proto_version(ssl, version) != 1) {
3187 SSL_get_security_level(ssl) > need_level) {
3193 SSL_set_security_level(conn->ssl, need_level);
3215 if (SSL_set_cipher_list(ssl, ciphers) != 1) {
3234 if (SSL_set_cipher_list(ssl, ciphers) != 1) {
3241 if (SSL_set1_groups(ssl, nid, 1) != 1) {
3248 if (SSL_set1_curves(ssl, nid, 1) != 1) {
3255 if (!ecdh || SSL_set_tmp_ecdh(ssl, ecdh) != 1) {
3290 if (SSL_set1_sigalgs_list(ssl, algs) != 1) {
3297 SSL_set_options(ssl, SSL_OP_NO_TLSv1);
3298 SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
3299 SSL_set_cert_cb(ssl, suiteb_cert_cb, conn);
3307 if (SSL_set1_curves(ssl, nid, 1) != 1) {
3322 openssl_ciphers && SSL_set_cipher_list(ssl, openssl_ciphers) != 1) {
3330 if (openssl_ciphers && SSL_set_cipher_list(ssl, openssl_ciphers) != 1) {
3359 SSL_set_security_level(conn->ssl, 0);
3365 if (SSL_set_cipher_list(conn->ssl, cs) != 1) {
3388 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
3392 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
3397 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
3404 SSL_set_accept_state(conn->ssl);
3413 SSL_set_session_id_context(conn->ssl,
3417 SSL_set_session_id_context(conn->ssl, session_ctx,
3445 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
3465 if (!x509 || SSL_use_certificate(conn->ssl, x509) != 1) {
3476 SSL_add0_chain_cert(conn->ssl, x509);
3495 if (SSL_use_certificate(conn->ssl, x509) == 1)
3505 SSL_add0_chain_cert(conn->ssl, x509);
3516 if (SSL_use_certificate_file(conn->ssl, client_cert,
3525 if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
3532 if (SSL_use_certificate_file(conn->ssl, client_cert,
3555 SSL_CTX *ssl_ctx = data->ssl;
3580 static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
3607 if (ssl) {
3608 if (SSL_use_certificate(ssl, cert) != 1)
3611 if (SSL_CTX_use_certificate(data->ssl, cert) != 1)
3619 if (ssl) {
3620 if (SSL_use_PrivateKey(ssl, pkey) != 1)
3623 if (SSL_CTX_use_PrivateKey(data->ssl, pkey) != 1)
3631 if (ssl)
3632 SSL_clear_chain_certs(ssl);
3634 SSL_CTX_clear_chain_certs(data->ssl);
3640 if ((ssl && SSL_add1_chain_cert(ssl, cert) != 1) ||
3641 (!ssl && SSL_CTX_add1_chain_cert(data->ssl,
3656 if (ssl)
3658 ssl,
3663 data->ssl,
3680 SSL_CTX_clear_extra_chain_certs(data->ssl);
3690 if (SSL_CTX_add_extra_chain_cert(data->ssl, cert) != 1)
3711 static int tls_read_pkcs12(struct tls_data *data, SSL *ssl,
3731 return tls_parse_pkcs12(data, ssl, p12, passwd);
3741 static int tls_read_pkcs12_blob(struct tls_data *data, SSL *ssl,
3754 return tls_parse_pkcs12(data, ssl, p12, passwd);
3808 if (!SSL_use_certificate(conn->ssl, cert)) {
3831 SSL_CTX *ssl_ctx = data->ssl;
3864 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
3878 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
3883 if (!SSL_check_private_key(conn->ssl)) {
3908 static int tls_use_private_key_file(struct tls_data *data, SSL *ssl,
3941 if (ssl)
3942 ret = SSL_use_PrivateKey(ssl, pkey);
3944 ret = SSL_CTX_use_PrivateKey(data->ssl, pkey);
3970 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
3979 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
3989 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_EC, conn->ssl,
4000 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
4019 if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
4032 if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
4045 if (tls_use_private_key_file(data, conn->ssl, private_key,
4051 if (tls_read_pkcs12(data, conn->ssl, private_key,
4059 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
4076 if (!SSL_check_private_key(conn->ssl)) {
4091 SSL_CTX *ssl_ctx = data->ssl;
4165 SSL_CTX *ssl_ctx = data->ssl;
4236 SSL_CTX *ssl_ctx = data->ssl;
4309 SSL *ssl;
4313 ssl = conn->ssl;
4314 if (ssl == NULL)
4320 ssl, conn->client_random, sizeof(conn->client_random));
4323 ssl, conn->server_random, sizeof(conn->server_random));
4330 static int openssl_get_keyblock_size(SSL *ssl)
4337 if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL ||
4338 ssl->read_hash == NULL)
4341 c = ssl->enc_read_ctx->cipher;
4342 h = EVP_MD_CTX_md(ssl->read_hash);
4345 else if (ssl->s3)
4346 md_size = ssl->s3->tmp.new_mac_secret_size;
4363 ssl_cipher = SSL_get_current_cipher(ssl);
4409 SSL_export_keying_material(conn->ssl, out, out_len, label,
4421 SSL *ssl;
4442 ssl = conn->ssl;
4443 if (ssl == NULL)
4445 ver = SSL_get_version(ssl);
4446 sess = SSL_get_session(ssl);
4450 skip = openssl_get_keyblock_size(ssl);
4464 SSL_get_client_random(ssl, client_random, sizeof(client_random));
4465 SSL_get_server_random(ssl, server_random, sizeof(server_random));
4518 res = SSL_accept(conn->ssl);
4520 res = SSL_connect(conn->ssl);
4522 int err = SSL_get_error(conn->ssl, res);
4563 os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
4635 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
4638 int err = SSL_get_error(conn->ssl, res);
4679 if (SSL_is_init_finished(conn->ssl)) {
4689 if (SSL_get_shared_ciphers(conn->ssl, buf,
4753 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
4807 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
4809 int err = SSL_get_error(conn->ssl, res);
4836 return conn ? SSL_session_reused(conn->ssl) : 0;
4847 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
4903 SSL_set_security_level(conn->ssl, 0);
4904 } else if (SSL_get_security_level(conn->ssl) == 0) {
4906 SSL_set_security_level(conn->ssl, 1);
4911 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
4925 if (conn == NULL || conn->ssl == NULL)
4928 name = SSL_get_version(conn->ssl);
4941 if (conn == NULL || conn->ssl == NULL)
4944 name = SSL_get_cipher(conn->ssl);
4956 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
4970 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
4973 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
5394 if (SSL_set_ssl_method(conn->ssl, TLSv1_method()) != 1) {
5408 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
5481 if (ciphers && SSL_set_cipher_list(conn->ssl, ciphers) != 1) {
5492 if (SSL_set_ecdh_auto(conn->ssl, 1) != 1) {
5507 if (SSL_set1_curves_list(conn->ssl,
5523 SSL_enable_ocsp_stapling(conn->ssl);
5528 SSL_CTX *ssl_ctx = data->ssl;
5529 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
5556 SSL *ssl;
5559 ssl = SSL_new(ssl_ctx);
5560 if (!ssl)
5568 cipher = SSL_get_cipher_list(ssl, i);
5574 SSL_free(ssl);
5670 SSL_CTX *ssl_ctx = data->ssl;
5868 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
5871 SSL_set_session_ticket_ext_cb(conn->ssl,
5874 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
5876 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
5909 sess = SSL_get_session(conn->ssl);
5960 !(sess = SSL_get_session(conn->ssl)))
5970 sess = SSL_get_session(conn->ssl);
5988 reused = SSL_session_reused(conn->ssl);
5990 len = SSL_get_peer_finished(conn->ssl, buf, max_len);
5992 len = SSL_get_finished(conn->ssl, buf, max_len);
6005 cipher = SSL_get_current_cipher(conn->ssl);
6027 return SSL_get_certificate(conn->ssl) != NULL;