Lines Matching refs:conn
243 struct tls_connection *conn = (struct tls_connection *) ptr;
245 if (conn->pull_buf == NULL) {
250 end = conn->pull_buf + conn->pull_buf_len;
251 if ((size_t) (end - conn->pull_buf_offset) < len)
252 len = end - conn->pull_buf_offset;
253 os_memcpy(buf, conn->pull_buf_offset, len);
254 conn->pull_buf_offset += len;
255 if (conn->pull_buf_offset == end) {
257 os_free(conn->pull_buf);
258 conn->pull_buf = conn->pull_buf_offset = NULL;
259 conn->pull_buf_len = 0;
263 (unsigned long) (end - conn->pull_buf_offset));
272 struct tls_connection *conn = (struct tls_connection *) ptr;
275 nbuf = os_realloc(conn->push_buf, conn->push_buf_len + len);
280 os_memcpy(nbuf + conn->push_buf_len, buf, len);
281 conn->push_buf = nbuf;
282 conn->push_buf_len += len;
289 struct tls_connection *conn)
295 ret = gnutls_init(&conn->session,
303 ret = gnutls_set_default_priority(conn->session);
307 ret = gnutls_certificate_type_set_priority(conn->session, cert_types);
311 ret = gnutls_protocol_set_priority(conn->session, protos);
315 gnutls_transport_set_pull_function(conn->session, tls_pull_func);
316 gnutls_transport_set_push_function(conn->session, tls_push_func);
317 gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr) conn);
324 gnutls_deinit(conn->session);
332 struct tls_connection *conn;
335 conn = os_zalloc(sizeof(*conn));
336 if (conn == NULL)
339 if (tls_gnutls_init_session(global, conn)) {
340 os_free(conn);
345 ret = gnutls_credentials_set(conn->session,
351 os_free(conn);
356 if (gnutls_certificate_allocate_credentials(&conn->xcred)) {
357 os_free(conn);
361 return conn;
365 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
367 if (conn == NULL)
371 if (conn->iacred_srv)
372 gnutls_ia_free_server_credentials(conn->iacred_srv);
373 if (conn->iacred_cli)
374 gnutls_ia_free_client_credentials(conn->iacred_cli);
375 if (conn->session_keys) {
376 os_memset(conn->session_keys, 0, conn->session_keys_len);
377 os_free(conn->session_keys);
381 gnutls_certificate_free_credentials(conn->xcred);
382 gnutls_deinit(conn->session);
383 os_free(conn->pre_shared_secret);
384 os_free(conn->subject_match);
385 os_free(conn->altsubject_match);
386 os_free(conn->push_buf);
387 os_free(conn->pull_buf);
388 os_free(conn);
392 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
394 return conn ? conn->established : 0;
398 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
403 if (conn == NULL)
409 gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
410 os_free(conn->push_buf);
411 conn->push_buf = NULL;
412 conn->push_buf_len = 0;
413 conn->established = 0;
414 conn->final_phase_finished = 0;
416 if (conn->session_keys) {
417 os_memset(conn->session_keys, 0, conn->session_keys_len);
418 os_free(conn->session_keys);
420 conn->session_keys_len = 0;
423 gnutls_deinit(conn->session);
424 if (tls_gnutls_init_session(global, conn)) {
430 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
431 conn->params_set ? conn->xcred :
440 ret = gnutls_session_set_data(conn->session,
512 struct tls_connection *conn;
522 conn = SSL_get_app_data(ssl);
523 match = conn ? conn->subject_match : NULL;
524 altmatch = conn ? conn->altsubject_match : NULL;
552 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
557 if (conn == NULL || params == NULL)
560 os_free(conn->subject_match);
561 conn->subject_match = NULL;
563 conn->subject_match = os_strdup(params->subject_match);
564 if (conn->subject_match == NULL)
568 os_free(conn->altsubject_match);
569 conn->altsubject_match = NULL;
571 conn->altsubject_match = os_strdup(params->altsubject_match);
572 if (conn->altsubject_match == NULL)
580 conn->verify_peer = 1;
582 conn->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM);
588 conn->xcred, params->ca_cert,
601 conn->xcred, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5);
606 conn->xcred,
614 conn->xcred, params->client_cert, params->private_key,
620 conn->xcred, params->client_cert,
635 conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
653 conn->tls_ia = params->tls_ia;
654 conn->params_set = 1;
656 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE,
657 conn->xcred);
664 if (conn->iacred_cli)
665 gnutls_ia_free_client_credentials(conn->iacred_cli);
667 ret = gnutls_ia_allocate_client_credentials(&conn->iacred_cli);
674 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA,
675 conn->iacred_cli);
679 gnutls_ia_free_client_credentials(conn->iacred_cli);
680 conn->iacred_cli = NULL;
802 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
805 if (conn == NULL || conn->session == NULL)
808 conn->verify_peer = verify_peer;
809 gnutls_certificate_server_set_request(conn->session,
817 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
824 if (conn == NULL || conn->session == NULL || keys == NULL)
830 sec = &conn->session->security_parameters;
837 (u8 *) gnutls_session_get_client_random(conn->session);
839 (u8 *) gnutls_session_get_server_random(conn->session);
844 gnutls_ia_extract_inner_secret(conn->session,
845 (char *) conn->inner_secret);
846 keys->inner_secret = conn->inner_secret;
857 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
862 if (conn == NULL || conn->session == NULL)
865 return gnutls_prf(conn->session, os_strlen(label), label,
873 static int tls_connection_verify_peer(struct tls_connection *conn,
881 if (gnutls_certificate_verify_peers2(conn->session, &status) < 0) {
888 if (conn->verify_peer && (status & GNUTLS_CERT_INVALID)) {
922 certs = gnutls_certificate_get_peers(conn->session, &num_certs);
982 u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
995 if (conn->pull_buf) {
998 (unsigned long) conn->pull_buf_len);
999 os_free(conn->pull_buf);
1001 conn->pull_buf = os_malloc(in_len);
1002 if (conn->pull_buf == NULL)
1004 os_memcpy(conn->pull_buf, in_data, in_len);
1005 conn->pull_buf_offset = conn->pull_buf;
1006 conn->pull_buf_len = in_len;
1009 ret = gnutls_handshake(conn->session);
1013 if (global->server && conn->established &&
1014 conn->push_buf == NULL) {
1017 conn->push_buf = os_malloc(1);
1023 gnutls_alert_get(conn->session)));
1024 conn->read_alerts++;
1029 conn->failed++;
1035 if (conn->verify_peer &&
1036 tls_connection_verify_peer(conn, &err)) {
1039 conn->failed++;
1040 gnutls_alert_send(conn->session, GNUTLS_AL_FATAL, err);
1045 if (conn->tls_ia && !gnutls_ia_handshake_p(conn->session)) {
1047 conn->failed++;
1052 if (conn->tls_ia)
1058 conn->established = 1;
1059 if (conn->push_buf == NULL) {
1061 conn->push_buf = os_malloc(1);
1064 gnutls_session_get_data(conn->session, NULL, &size);
1072 gnutls_session_get_data(conn->session,
1079 out_data = conn->push_buf;
1080 *out_len = conn->push_buf_len;
1081 conn->push_buf = NULL;
1082 conn->push_buf_len = 0;
1088 struct tls_connection *conn,
1092 return tls_connection_handshake(ssl_ctx, conn, in_data, in_len,
1097 int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn,
1104 if (conn->tls_ia)
1105 res = gnutls_ia_send(conn->session, (char *) in_data, in_len);
1108 res = gnutls_record_send(conn->session, in_data, in_len);
1114 if (conn->push_buf == NULL)
1116 if (conn->push_buf_len < out_len)
1117 out_len = conn->push_buf_len;
1118 else if (conn->push_buf_len > out_len) {
1123 (unsigned long) conn->push_buf_len,
1126 os_memcpy(out_data, conn->push_buf, out_len);
1127 os_free(conn->push_buf);
1128 conn->push_buf = NULL;
1129 conn->push_buf_len = 0;
1134 int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn,
1140 if (conn->pull_buf) {
1143 (unsigned long) conn->pull_buf_len);
1144 os_free(conn->pull_buf);
1146 conn->pull_buf = os_malloc(in_len);
1147 if (conn->pull_buf == NULL)
1149 os_memcpy(conn->pull_buf, in_data, in_len);
1150 conn->pull_buf_offset = conn->pull_buf;
1151 conn->pull_buf_len = in_len;
1154 if (conn->tls_ia) {
1155 res = gnutls_ia_recv(conn->session, (char *) out_data,
1165 conn->session, conn->session_keys_len,
1166 (char *) conn->session_keys);
1167 if (conn->session_keys) {
1168 os_memset(conn->session_keys, 0,
1169 conn->session_keys_len);
1170 os_free(conn->session_keys);
1172 conn->session_keys = NULL;
1173 conn->session_keys_len = 0;
1181 res = gnutls_ia_verify_endphase(conn->session,
1194 conn->final_phase_finished = 1;
1208 res = gnutls_record_recv(conn->session, out_data, out_len);
1218 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
1220 if (conn == NULL)
1222 return gnutls_session_is_resumed(conn->session);
1226 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
1234 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
1244 struct tls_connection *conn)
1251 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
1260 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
1262 if (conn == NULL)
1264 return conn->failed;
1268 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
1270 if (conn == NULL)
1272 return conn->read_alerts;
1276 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
1278 if (conn == NULL)
1280 return conn->write_alerts;
1285 struct tls_connection *conn)
1304 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
1310 if (conn == NULL)
1313 conn->tls_ia = tls_ia;
1317 ret = gnutls_ia_allocate_server_credentials(&conn->iacred_srv);
1324 ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA,
1325 conn->iacred_srv);
1329 gnutls_ia_free_server_credentials(conn->iacred_srv);
1330 conn->iacred_srv = NULL;
1342 struct tls_connection *conn,
1349 if (conn == NULL || conn->session == NULL || !conn->tls_ia)
1352 ret = gnutls_ia_permute_inner_secret(conn->session,
1353 conn->session_keys_len,
1354 (char *) conn->session_keys);
1355 if (conn->session_keys) {
1356 os_memset(conn->session_keys, 0, conn->session_keys_len);
1357 os_free(conn->session_keys);
1359 conn->session_keys = NULL;
1360 conn->session_keys_len = 0;
1367 ret = gnutls_ia_endphase_send(conn->session, final);
1374 if (conn->push_buf == NULL)
1376 if (conn->push_buf_len < out_len)
1377 out_len = conn->push_buf_len;
1378 os_memcpy(out_data, conn->push_buf, out_len);
1379 os_free(conn->push_buf);
1380 conn->push_buf = NULL;
1381 conn->push_buf_len = 0;
1390 struct tls_connection *conn)
1392 if (conn == NULL)
1395 return conn->final_phase_finished;
1400 struct tls_connection *conn,
1404 if (conn == NULL || !conn->tls_ia)
1407 if (conn->session_keys) {
1408 os_memset(conn->session_keys, 0, conn->session_keys_len);
1409 os_free(conn->session_keys);
1411 conn->session_keys_len = 0;
1414 conn->session_keys = os_malloc(key_len);
1415 if (conn->session_keys == NULL)
1417 os_memcpy(conn->session_keys, key, key_len);
1418 conn->session_keys_len = key_len;
1420 conn->session_keys = NULL;
1421 conn->session_keys_len = 0;
