Lines Matching defs:conn
339 struct tls_connection *conn;
343 conn = os_zalloc(sizeof(*conn));
344 if (!conn)
346 conn->ssl = wolfSSL_new(ssl_ctx);
347 if (!conn->ssl) {
348 os_free(conn);
352 wolfSSL_SetIOReadCtx(conn->ssl, &conn->input);
353 wolfSSL_SetIOWriteCtx(conn->ssl, &conn->output);
354 wolfSSL_set_ex_data(conn->ssl, 0, conn);
355 conn->context = wolfSSL_CTX_get_ex_data(ssl_ctx, 0);
359 wolfSSL_KeepArrays(conn->ssl);
360 wolfSSL_KeepHandshakeResources(conn->ssl);
361 wolfSSL_UseClientSuites(conn->ssl);
363 return conn;
367 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
369 if (!conn)
375 wolfSSL_free(conn->ssl);
376 os_free(conn->subject_match);
377 os_free(conn->alt_subject_match);
378 os_free(conn->suffix_match);
379 os_free(conn->domain_match);
380 os_free(conn->peer_subject);
383 os_free(conn);
387 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
389 return conn ? wolfSSL_is_init_finished(conn->ssl) : 0;
394 struct tls_connection *conn)
401 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
405 if (!conn)
411 wolfSSL_set_quiet_shutdown(conn->ssl, 1);
412 wolfSSL_shutdown(conn->ssl);
414 session = wolfSSL_get1_session(conn->ssl);
415 if (wolfSSL_clear(conn->ssl) != 1) {
419 wolfSSL_set_session(conn->ssl, session);
426 static int tls_connection_set_subject_match(struct tls_connection *conn,
432 os_free(conn->subject_match);
433 conn->subject_match = NULL;
435 conn->subject_match = os_strdup(subject_match);
436 if (!conn->subject_match)
440 os_free(conn->alt_subject_match);
441 conn->alt_subject_match = NULL;
443 conn->alt_subject_match = os_strdup(alt_subject_match);
444 if (!conn->alt_subject_match)
448 os_free(conn->suffix_match);
449 conn->suffix_match = NULL;
451 conn->suffix_match = os_strdup(suffix_match);
452 if (!conn->suffix_match)
456 os_free(conn->domain_match);
457 conn->domain_match = NULL;
459 conn->domain_match = os_strdup(domain_match);
460 if (!conn->domain_match)
468 static int tls_connection_client_cert(struct tls_connection *conn,
478 conn->ssl, client_cert_blob, blob_len,
483 conn->ssl, client_cert_blob, blob_len,
496 conn->ssl, client_cert) != SSL_SUCCESS) {
500 conn->ssl, client_cert,
525 struct tls_connection *conn,
548 if (wolfSSL_use_PrivateKey_buffer(conn->ssl,
555 conn->ssl,
571 if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key,
576 if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key,
855 static void wolfssl_tls_fail_event(struct tls_connection *conn,
862 struct tls_context *context = conn->context;
880 static void wolfssl_tls_cert_event(struct tls_connection *conn,
886 struct tls_context *context = conn->context;
900 if (conn->cert_probe || (conn->flags & TLS_CONN_EXT_CERT_CHECK) ||
981 struct tls_connection *conn;
999 conn = wolfSSL_get_ex_data(ssl, 0);
1000 if (!conn) {
1006 conn->peer_cert = err_cert;
1008 conn->peer_issuer = err_cert;
1010 conn->peer_issuer_issuer = err_cert;
1012 context = conn->context;
1013 match = conn->subject_match;
1014 altmatch = conn->alt_subject_match;
1015 suffix_match = conn->suffix_match;
1016 domain_match = conn->domain_match;
1018 if (!preverify_ok && !conn->ca_cert_verify)
1020 if (!preverify_ok && depth > 0 && conn->server_cert_only)
1022 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
1038 if (depth == 0 && conn->server_cert_only) {
1054 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1076 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf,
1084 conn->ca_cert_verify, depth, buf);
1090 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf,
1099 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf,
1108 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf,
1116 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf,
1120 wolfssl_tls_cert_event(conn, err_cert, depth, buf);
1123 if (conn->cert_probe && preverify_ok && depth == 0) {
1127 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf,
1133 if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) &&
1137 res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert,
1138 conn->peer_issuer,
1139 conn->peer_issuer_issuer);
1142 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf,
1149 (conn->flags & TLS_CONN_REQUIRE_OCSP)) {
1151 wolfssl_tls_fail_event(conn, err_cert, err, depth, buf,
1162 os_free(conn->peer_subject);
1163 conn->peer_subject = os_strdup(buf);
1170 static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn,
1177 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1178 conn->ca_cert_verify = 1;
1183 conn->cert_probe = 1;
1184 conn->ca_cert_verify = 0;
1205 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
1211 conn->server_cert_only = 1;
1268 conn->ca_cert_verify = 0;
1291 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
1296 if (tls_connection_set_subject_match(conn, params->subject_match,
1304 if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
1312 if (tls_connection_client_cert(conn, params->client_cert,
1319 if (tls_connection_private_key(tls_ctx, conn, params->private_key,
1330 wolfSSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
1337 tls_set_conn_flags(conn->ssl, params->flags);
1341 if (wolfSSL_UseOCSPStapling(conn->ssl, WOLFSSL_CSR_OCSP,
1345 if (wolfSSL_EnableOCSPStapling(conn->ssl) != SSL_SUCCESS)
1351 if (wolfSSL_UseOCSPStaplingV2(conn->ssl,
1355 if (wolfSSL_EnableOCSPStapling(conn->ssl) != SSL_SUCCESS)
1378 conn->flags = params->flags;
1608 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1615 if (!conn)
1621 conn->ca_cert_verify = 1;
1622 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1626 conn->ca_cert_verify = 0;
1627 wolfSSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1630 wolfSSL_set_accept_state(conn->ssl);
1640 wolfSSL_set_session_id_context(conn->ssl,
1644 wolfSSL_set_session_id_context(conn->ssl, session_ctx,
1654 static struct wpabuf * wolfssl_handshake(struct tls_connection *conn,
1660 wolfssl_reset_out_data(&conn->output);
1664 wolfSSL_set_accept_state(conn->ssl);
1665 res = wolfSSL_accept(conn->ssl);
1668 wolfSSL_set_connect_state(conn->ssl);
1669 res = wolfSSL_connect(conn->ssl);
1674 int err = wolfSSL_get_error(conn->ssl, res);
1699 conn->failed++;
1703 return conn->output.out_data;
1707 static struct wpabuf * wolfssl_get_appl_data(struct tls_connection *conn,
1716 res = wolfSSL_read(conn->ssl, wpabuf_mhead(appl_data),
1719 int err = wolfSSL_get_error(conn->ssl, res);
1745 wolfssl_connection_handshake(struct tls_connection *conn,
1751 wolfssl_reset_in_data(&conn->input, in_data);
1756 out_data = wolfssl_handshake(conn, in_data, server);
1760 if (wolfSSL_is_init_finished(conn->ssl)) {
1763 tls_connection_resumed(NULL, conn));
1765 *appl_data = wolfssl_get_appl_data(conn,
1774 struct tls_connection *conn,
1778 return wolfssl_connection_handshake(conn, in_data, appl_data, 0);
1783 struct tls_connection *conn,
1787 return wolfssl_connection_handshake(conn, in_data, appl_data, 1);
1792 struct tls_connection *conn,
1797 if (!conn)
1802 wolfssl_reset_out_data(&conn->output);
1804 res = wolfSSL_write(conn->ssl, wpabuf_head(in_data),
1807 int err = wolfSSL_get_error(conn->ssl, res);
1815 return conn->output.out_data;
1820 struct tls_connection *conn,
1826 if (!conn)
1831 wolfssl_reset_in_data(&conn->input, in_data);
1843 res = wolfSSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
1857 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
1859 return conn ? wolfSSL_session_reused(conn->ssl) : 0;
1863 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
1870 if (!conn || !conn->ssl || !ciphers)
1915 if (wolfSSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
1924 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
1930 if (!conn || !conn->ssl)
1933 cipher = wolfSSL_get_current_cipher(conn->ssl);
1961 struct tls_connection *conn)
1968 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
1970 if (!conn)
1973 return conn->failed;
1977 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
1979 if (!conn)
1983 return conn->read_alerts;
1988 struct tls_connection *conn)
1990 if (!conn)
1994 return conn->write_alerts;
2005 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
2010 if (!conn || !conn->ssl)
2013 name = wolfSSL_get_version(conn->ssl);
2022 int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
2027 if (!conn || !keys)
2029 ssl = conn->ssl;
2034 keys->client_random = conn->client_random;
2036 ssl, conn->client_random, sizeof(conn->client_random));
2037 keys->server_random = conn->server_random;
2039 ssl, conn->server_random, sizeof(conn->server_random));
2045 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
2049 if (!conn)
2052 if (wolfSSL_export_keying_material(conn->ssl, out, out_len,
2060 wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0)
2069 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
2085 if (!conn || !conn->ssl)
2087 ssl = conn->ssl;
2130 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
2136 if (!conn || !conn->ssl || ext_type != 35)
2139 if (wolfSSL_set_SessionTicket(conn->ssl, data,
2149 struct tls_connection *conn = arg;
2153 word32 ticket_len = sizeof(conn->session_ticket);
2155 if (!conn || !conn->session_ticket_cb)
2162 wolfSSL_get_SessionTicket(s, conn->session_ticket,
2169 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
2170 conn->session_ticket, ticket_len,
2183 struct tls_connection *conn,
2188 conn->session_ticket_cb = cb;
2189 conn->session_ticket_cb_ctx = ctx;
2192 if (wolfSSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
2193 conn) != 1)
2196 if (wolfSSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
2207 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
2214 void tls_connection_remove_session(struct tls_connection *conn)
2218 sess = wolfSSL_get_session(conn->ssl);
2228 int tls_get_tls_unique(struct tls_connection *conn, u8 *buf, size_t max_len)
2233 reused = wolfSSL_session_reused(conn->ssl);
2234 if ((wolfSSL_is_server(conn->ssl) && !reused) ||
2235 (!wolfSSL_is_server(conn->ssl) && reused))
2236 len = wolfSSL_get_peer_finished(conn->ssl, buf, max_len);
2238 len = wolfSSL_get_finished(conn->ssl, buf, max_len);
2247 u16 tls_connection_get_cipher_suite(struct tls_connection *conn)
2249 return (u16) wolfSSL_get_current_cipher_suite(conn->ssl);
2253 const char * tls_connection_get_peer_subject(struct tls_connection *conn)
2255 if (conn)
2256 return conn->peer_subject;
2261 void tls_connection_set_success_data(struct tls_connection *conn,
2269 sess = wolfSSL_get_session(conn->ssl);
2286 conn->success_data = 1;
2296 tls_connection_get_success_data(struct tls_connection *conn)
2302 sess = wolfSSL_get_session(conn->ssl);
2309 bool tls_connection_get_own_cert_used(struct tls_connection *conn)
2311 if (conn)
2312 return wolfSSL_get_certificate(conn->ssl) != NULL;