Lines Matching full:conn
239 struct tls_connection *conn = (struct tls_connection *) ptr;
241 if (conn->pull_buf == NULL) {
246 end = conn->pull_buf + conn->pull_buf_len;
247 if ((size_t) (end - conn->pull_buf_offset) < len)
248 len = end - conn->pull_buf_offset;
249 os_memcpy(buf, conn->pull_buf_offset, len);
250 conn->pull_buf_offset += len;
251 if (conn->pull_buf_offset == end) {
253 os_free(conn->pull_buf);
254 conn->pull_buf = conn->pull_buf_offset = NULL;
255 conn->pull_buf_len = 0;
258 __func__, end - conn->pull_buf_offset);
267 struct tls_connection *conn = (struct tls_connection *) ptr;
270 nbuf = os_realloc(conn->push_buf, conn->push_buf_len + len);
275 os_memcpy(nbuf + conn->push_buf_len, buf, len);
276 conn->push_buf = nbuf;
277 conn->push_buf_len += len;
284 struct tls_connection *conn)
290 ret = gnutls_init(&conn->session,
298 ret = gnutls_set_default_priority(conn->session);
302 ret = gnutls_certificate_type_set_priority(conn->session, cert_types);
306 ret = gnutls_protocol_set_priority(conn->session, protos);
310 gnutls_transport_set_pull_function(conn->session, tls_pull_func);
311 gnutls_transport_set_push_function(conn->session, tls_push_func);
312 gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr) conn);
319 gnutls_deinit(conn->session);
327 struct tls_connection *conn;
330 conn = os_zalloc(sizeof(*conn));
331 if (conn == NULL)
334 if (tls_gnutls_init_session(global, conn)) {
335 os_free(conn);
340 ret = gnutls_credentials_set(conn->session,
346 os_free(conn);
351 if (gnutls_certificate_allocate_credentials(&conn->xcred)) {
352 os_free(conn);
356 return conn;
360 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
362 if (conn == NULL)
366 if (conn->iacred_srv)
367 gnutls_ia_free_server_credentials(conn->iacred_srv);
368 if (conn->iacred_cli)
369 gnutls_ia_free_client_credentials(conn->iacred_cli);
370 if (conn->session_keys) {
371 os_memset(conn->session_keys, 0, conn->session_keys_len);
372 os_free(conn->session_keys);
376 gnutls_certificate_free_credentials(conn->xcred);
377 gnutls_deinit(conn->session);
378 os_free(conn->pre_shared_secret);
379 os_free(conn->subject_match);
380 os_free(conn->altsubject_match);
381 os_free(conn->push_buf);
382 os_free(conn->pull_buf);
383 os_free(conn);
387 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
389 return conn ? conn->established : 0;
393 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
398 if (conn == NULL)
404 gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
405 os_free(conn->push_buf);
406 conn->push_buf = NULL;
407 conn->push_buf_len = 0;
408 conn->established = 0;
409 conn->final_phase_finished = 0;
411 if (conn->session_keys) {
412 os_memset(conn->session_keys, 0, conn->session_keys_len);
413 os_free(conn->session_keys);
415 conn->session_keys_len = 0;
418 gnutls_deinit(conn->session);
419 if (tls_gnutls_init_session(global, conn)) {
425 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
426 conn->params_set ? conn->xcred :
435 ret = gnutls_session_set_data(conn->session,
507 struct tls_connection *conn;
517 conn = SSL_get_app_data(ssl);
518 match = conn ? conn->subject_match : NULL;
519 altmatch = conn ? conn->altsubject_match : NULL;
547 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
552 if (conn == NULL || params == NULL)
555 os_free(conn->subject_match);
556 conn->subject_match = NULL;
558 conn->subject_match = os_strdup(params->subject_match);
559 if (conn->subject_match == NULL)
563 os_free(conn->altsubject_match);
564 conn->altsubject_match = NULL;
566 conn->altsubject_match = os_strdup(params->altsubject_match);
567 if (conn->altsubject_match == NULL)
575 conn->verify_peer = 1;
577 conn->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM);
583 conn->xcred, params->ca_cert,
598 conn->xcred, params->client_cert, params->private_key,
604 conn->xcred, params->client_cert,
619 conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
637 conn->tls_ia = params->tls_ia;
638 conn->params_set = 1;
640 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
641 conn->xcred);
648 if (conn->iacred_cli)
649 gnutls_ia_free_client_credentials(conn->iacred_cli);
651 ret = gnutls_ia_allocate_client_credentials(&conn->iacred_cli);
658 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA,
659 conn->iacred_cli);
663 gnutls_ia_free_client_credentials(conn->iacred_cli);
664 conn->iacred_cli = NULL;
774 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
777 if (conn == NULL || conn->session == NULL)
780 conn->verify_peer = verify_peer;
781 gnutls_certificate_server_set_request(conn->session,
789 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
796 if (conn == NULL || conn->session == NULL || keys == NULL)
802 sec = &conn->session->security_parameters;
809 (u8 *) gnutls_session_get_client_random(conn->session);
811 (u8 *) gnutls_session_get_server_random(conn->session);
816 gnutls_ia_extract_inner_secret(conn->session,
817 (char *) conn->inner_secret);
818 keys->inner_secret = conn->inner_secret;
829 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
834 if (conn == NULL || conn->session == NULL)
837 return gnutls_prf(conn->session, os_strlen(label), label,
845 static int tls_connection_verify_peer(struct tls_connection *conn)
852 if (gnutls_certificate_verify_peers2(conn->session, &status) < 0) {
858 if (conn->verify_peer && (status & GNUTLS_CERT_INVALID)) {
876 certs = gnutls_certificate_get_peers(conn->session, &num_certs);
932 u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
945 if (conn->pull_buf) {
947 "pull_buf", __func__, conn->pull_buf_len);
948 os_free(conn->pull_buf);
950 conn->pull_buf = os_malloc(in_len);
951 if (conn->pull_buf == NULL)
953 os_memcpy(conn->pull_buf, in_data, in_len);
954 conn->pull_buf_offset = conn->pull_buf;
955 conn->pull_buf_len = in_len;
958 ret = gnutls_handshake(conn->session);
962 if (global->server && conn->established &&
963 conn->push_buf == NULL) {
966 conn->push_buf = os_malloc(1);
972 gnutls_alert_get(conn->session)));
973 conn->read_alerts++;
978 conn->failed++;
983 if (conn->verify_peer && tls_connection_verify_peer(conn)) {
986 conn->failed++;
990 if (conn->tls_ia && !gnutls_ia_handshake_p(conn->session)) {
992 conn->failed++;
996 if (conn->tls_ia)
1002 conn->established = 1;
1003 if (conn->push_buf == NULL) {
1005 conn->push_buf = os_malloc(1);
1008 gnutls_session_get_data(conn->session, NULL, &size);
1016 gnutls_session_get_data(conn->session,
1022 out_data = conn->push_buf;
1023 *out_len = conn->push_buf_len;
1024 conn->push_buf = NULL;
1025 conn->push_buf_len = 0;
1031 struct tls_connection *conn,
1035 return tls_connection_handshake(ssl_ctx, conn, in_data, in_len,
1040 int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
1047 if (conn->tls_ia)
1048 res = gnutls_ia_send(conn->session, (char *) in_data, in_len);
1051 res = gnutls_record_send(conn->session, in_data, in_len);
1057 if (conn->push_buf == NULL)
1059 if (conn->push_buf_len < out_len)
1060 out_len = conn->push_buf_len;
1061 os_memcpy(out_data, conn->push_buf, out_len);
1062 os_free(conn->push_buf);
1063 conn->push_buf = NULL;
1064 conn->push_buf_len = 0;
1069 int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn,
1075 if (conn->pull_buf) {
1077 "pull_buf", __func__, conn->pull_buf_len);
1078 os_free(conn->pull_buf);
1080 conn->pull_buf = os_malloc(in_len);
1081 if (conn->pull_buf == NULL)
1083 os_memcpy(conn->pull_buf, in_data, in_len);
1084 conn->pull_buf_offset = conn->pull_buf;
1085 conn->pull_buf_len = in_len;
1088 if (conn->tls_ia) {
1089 res = gnutls_ia_recv(conn->session, (char *) out_data,
1099 conn->session, conn->session_keys_len,
1100 (char *) conn->session_keys);
1101 if (conn->session_keys) {
1102 os_memset(conn->session_keys, 0,
1103 conn->session_keys_len);
1104 os_free(conn->session_keys);
1106 conn->session_keys = NULL;
1107 conn->session_keys_len = 0;
1115 res = gnutls_ia_verify_endphase(conn->session,
1128 conn->final_phase_finished = 1;
1142 res = gnutls_record_recv(conn->session, out_data, out_len);
1152 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
1154 if (conn == NULL)
1156 return gnutls_session_is_resumed(conn->session);
1160 int tls_connection_set_master_key(void *ssl_ctx, struct tls_connection *conn,
1168 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
1176 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
1186 struct tls_connection *conn)
1193 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
1202 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
1204 if (conn == NULL)
1206 return conn->failed;
1210 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
1212 if (conn == NULL)
1214 return conn->read_alerts;
1218 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
1220 if (conn == NULL)
1222 return conn->write_alerts;
1227 struct tls_connection *conn)
1246 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
1252 if (conn == NULL)
1255 conn->tls_ia = tls_ia;
1259 ret = gnutls_ia_allocate_server_credentials(&conn->iacred_srv);
1266 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA,
1267 conn->iacred_srv);
1271 gnutls_ia_free_server_credentials(conn->iacred_srv);
1272 conn->iacred_srv = NULL;
1284 struct tls_connection *conn,
1291 if (conn == NULL || conn->session == NULL || !conn->tls_ia)
1294 ret = gnutls_ia_permute_inner_secret(conn->session,
1295 conn->session_keys_len,
1296 (char *) conn->session_keys);
1297 if (conn->session_keys) {
1298 os_memset(conn->session_keys, 0, conn->session_keys_len);
1299 os_free(conn->session_keys);
1301 conn->session_keys = NULL;
1302 conn->session_keys_len = 0;
1309 ret = gnutls_ia_endphase_send(conn->session, final);
1316 if (conn->push_buf == NULL)
1318 if (conn->push_buf_len < out_len)
1319 out_len = conn->push_buf_len;
1320 os_memcpy(out_data, conn->push_buf, out_len);
1321 os_free(conn->push_buf);
1322 conn->push_buf = NULL;
1323 conn->push_buf_len = 0;
1332 struct tls_connection *conn)
1334 if (conn == NULL)
1337 return conn->final_phase_finished;
1342 struct tls_connection *conn,
1346 if (conn == NULL || !conn->tls_ia)
1349 if (conn->session_keys) {
1350 os_memset(conn->session_keys, 0, conn->session_keys_len);
1351 os_free(conn->session_keys);
1353 conn->session_keys_len = 0;
1356 conn->session_keys = os_malloc(key_len);
1357 if (conn->session_keys == NULL)
1359 os_memcpy(conn->session_keys, key, key_len);
1360 conn->session_keys_len = key_len;
1362 conn->session_keys = NULL;
1363 conn->session_keys_len = 0;
