Lines Matching defs:ssl
2 * SSL/TLS interface functions for OpenSSL
19 #include <openssl/ssl.h>
90 SSL *ssl;
365 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
432 if (!SSL_use_certificate(ssl, cert)) {
446 if (!SSL_use_RSAPrivateKey(ssl, rsa))
465 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
532 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
540 static void ssl_info_cb(const SSL *ssl, int where, int ret)
545 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
555 wpa_printf(MSG_DEBUG, "SSL: %s:%s",
556 str, SSL_state_string_long(ssl));
558 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
559 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
581 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
583 SSL_state_string_long(ssl));
735 SSL_CTX *ssl;
790 /* Newer OpenSSL can store app-data per-SSL */
798 ssl = SSL_CTX_new(TLSv1_method());
799 if (ssl == NULL) {
810 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
812 SSL_CTX_set_app_data(ssl, context);
826 tls_deinit(ssl);
832 return ssl;
838 SSL_CTX *ssl = ssl_ctx;
840 struct tls_context *context = SSL_CTX_get_app_data(ssl);
844 SSL_CTX_free(ssl);
976 wpa_printf(MSG_INFO, "TLS - SSL error: %s",
986 SSL_CTX *ssl = ssl_ctx;
991 context = SSL_CTX_get_app_data(ssl);
997 conn->ssl = SSL_new(ssl);
998 if (conn->ssl == NULL) {
1000 "Failed to initialize new SSL connection");
1006 SSL_set_app_data(conn->ssl, conn);
1017 SSL_set_options(conn->ssl, options);
1023 SSL_free(conn->ssl);
1032 SSL_free(conn->ssl);
1038 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1048 SSL_free(conn->ssl);
1059 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1071 SSL_set_quiet_shutdown(conn->ssl, 1);
1072 SSL_shutdown(conn->ssl);
1267 SSL *ssl;
1276 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1280 conn = SSL_get_app_data(ssl);
1431 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1528 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1534 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1654 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1659 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1662 SSL_set_accept_state(conn->ssl);
1673 SSL_set_session_id_context(conn->ssl,
1690 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1713 if (SSL_use_certificate(conn->ssl, x509) == 1)
1722 if (SSL_use_certificate_file(conn->ssl, client_cert,
1729 if (SSL_use_certificate_file(conn->ssl, client_cert,
1783 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
1808 if (ssl) {
1809 if (SSL_use_certificate(ssl, cert) != 1)
1820 if (ssl) {
1821 if (SSL_use_PrivateKey(ssl, pkey) != 1)
1837 * There is no SSL equivalent for the chain cert - so
1858 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
1878 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1888 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
1901 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1951 if (!SSL_use_certificate(conn->ssl, cert)) {
2006 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2020 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
2025 if (!SSL_check_private_key(conn->ssl)) {
2032 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
2065 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
2074 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2083 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2092 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2105 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2113 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2125 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2133 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2153 if (!SSL_check_private_key(conn->ssl)) {
2159 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
2270 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2365 SSL *ssl;
2369 ssl = conn->ssl;
2370 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
2374 keys->master_key = ssl->session->master_key;
2375 keys->master_key_len = ssl->session->master_key_length;
2376 keys->client_random = ssl->s3->client_random;
2378 keys->server_random = ssl->s3->server_random;
2391 SSL *ssl;
2396 ssl = conn->ssl;
2397 if (SSL_export_keying_material(ssl, out, out_len, label,
2428 res = SSL_accept(conn->ssl);
2430 res = SSL_connect(conn->ssl);
2432 int err = SSL_get_error(conn->ssl, res);
2434 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
2437 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
2447 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
2450 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
2486 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2489 int err = SSL_get_error(conn->ssl, res);
2492 wpa_printf(MSG_DEBUG, "SSL: No Application Data "
2504 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
2525 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2566 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
2620 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
2635 return conn ? conn->ssl->hit : 0;
2646 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2685 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2699 if (conn == NULL || conn->ssl == NULL)
2702 name = SSL_get_cipher(conn->ssl);
2714 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
2728 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
2732 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
2736 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
2807 static int ocsp_resp_cb(SSL *s, void *arg)
2910 static int ocsp_status_cb(SSL *s, void *arg)
2956 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
2961 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
3013 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
3016 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
3022 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
3043 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3094 if (conn == NULL || conn->ssl == NULL ||
3095 conn->ssl->enc_read_ctx == NULL ||
3096 conn->ssl->enc_read_ctx->cipher == NULL ||
3097 conn->ssl->read_hash == NULL)
3100 c = conn->ssl->enc_read_ctx->cipher;
3102 h = EVP_MD_CTX_md(conn->ssl->read_hash);
3104 h = conn->ssl->read_hash;
3109 else if (conn->ssl->s3)
3110 md_size = conn->ssl->s3->tmp.new_mac_secret_size;
3135 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3162 static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
3189 static void tls_hello_ext_cb(SSL *s, int client_server, int type,
3215 static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg)
3256 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
3260 SSL_set_session_ticket_ext_cb(conn->ssl,
3264 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
3265 SSL_set_tlsext_debug_arg(conn->ssl, conn);
3267 ssl, tls_hello_ext_cb,
3273 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
3276 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
3279 SSL_set_tlsext_debug_callback(conn->ssl, NULL);
3280 SSL_set_tlsext_debug_arg(conn->ssl, conn);
3282 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
