Lines Matching defs:ssl
2 * SSL/TLS interface functions for OpenSSL
19 #include <openssl/ssl.h>
86 SSL *ssl;
363 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
431 if (!SSL_use_certificate(ssl, cert)) {
445 if (!SSL_use_RSAPrivateKey(ssl, rsa))
464 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
532 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
540 static void ssl_info_cb(const SSL *ssl, int where, int ret)
545 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
555 wpa_printf(MSG_DEBUG, "SSL: %s:%s",
556 str, SSL_state_string_long(ssl));
558 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
559 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
581 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
583 SSL_state_string_long(ssl));
738 SSL_CTX *ssl;
798 ssl = SSL_CTX_new(SSLv23_method());
799 if (ssl == NULL) {
810 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
811 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
813 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
814 SSL_CTX_set_app_data(ssl, context);
827 tls_deinit(ssl);
837 if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) {
841 tls_deinit(ssl);
845 return ssl;
851 SSL_CTX *ssl = ssl_ctx;
852 struct tls_context *context = SSL_CTX_get_app_data(ssl);
855 SSL_CTX_free(ssl);
1038 wpa_printf(MSG_INFO, "TLS - SSL error: %s",
1048 const void *buf, size_t len, SSL *ssl, void *arg)
1068 SSL_CTX *ssl = ssl_ctx;
1071 struct tls_context *context = SSL_CTX_get_app_data(ssl);
1077 conn->ssl = SSL_new(ssl);
1078 if (conn->ssl == NULL) {
1080 "Failed to initialize new SSL connection");
1086 SSL_set_app_data(conn->ssl, conn);
1087 SSL_set_msg_callback(conn->ssl, tls_msg_cb);
1088 SSL_set_msg_callback_arg(conn->ssl, conn);
1094 SSL_set_options(conn->ssl, options);
1100 SSL_free(conn->ssl);
1109 SSL_free(conn->ssl);
1115 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1125 SSL_free(conn->ssl);
1138 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1150 SSL_set_quiet_shutdown(conn->ssl, 1);
1151 SSL_shutdown(conn->ssl);
1152 return SSL_clear(conn->ssl) == 1 ? 0 : -1;
1502 SSL *ssl;
1514 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1518 conn = SSL_get_app_data(ssl);
1702 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1801 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1807 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1945 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1950 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1953 SSL_set_accept_state(conn->ssl);
1964 SSL_set_session_id_context(conn->ssl,
1981 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
2004 if (SSL_use_certificate(conn->ssl, x509) == 1)
2013 if (SSL_use_certificate_file(conn->ssl, client_cert,
2020 if (SSL_use_certificate_file(conn->ssl, client_cert,
2074 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
2099 if (ssl) {
2100 if (SSL_use_certificate(ssl, cert) != 1)
2111 if (ssl) {
2112 if (SSL_use_PrivateKey(ssl, pkey) != 1)
2128 * There is no SSL equivalent for the chain cert - so
2149 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
2169 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
2179 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
2192 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
2246 if (!SSL_use_certificate(conn->ssl, cert)) {
2302 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2316 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
2321 if (!SSL_check_private_key(conn->ssl)) {
2328 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
2361 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
2370 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2379 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2388 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2401 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2409 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2421 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2429 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2449 if (!SSL_check_private_key(conn->ssl)) {
2455 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
2566 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2661 SSL *ssl;
2665 ssl = conn->ssl;
2666 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
2670 keys->client_random = ssl->s3->client_random;
2672 keys->server_random = ssl->s3->server_random;
2680 static int openssl_get_keyblock_size(SSL *ssl)
2686 if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL ||
2687 ssl->read_hash == NULL)
2690 c = ssl->enc_read_ctx->cipher;
2692 h = EVP_MD_CTX_md(ssl->read_hash);
2694 h = ssl->read_hash;
2699 else if (ssl->s3)
2700 md_size = ssl->s3->tmp.new_mac_secret_size;
2723 SSL *ssl;
2738 ssl = conn->ssl;
2739 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL ||
2740 ssl->session->master_key_length <= 0)
2744 skip = openssl_get_keyblock_size(ssl);
2760 os_memcpy(rnd, ssl->s3->server_random, SSL3_RANDOM_SIZE);
2761 os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->client_random,
2764 os_memcpy(rnd, ssl->s3->client_random, SSL3_RANDOM_SIZE);
2765 os_memcpy(rnd + SSL3_RANDOM_SIZE, ssl->s3->server_random,
2771 if (tls_prf_sha1_md5(ssl->session->master_key,
2772 ssl->session->master_key_length,
2791 SSL *ssl;
2798 ssl = conn->ssl;
2799 if (SSL_export_keying_material(ssl, out, out_len, label,
2831 res = SSL_accept(conn->ssl);
2833 res = SSL_connect(conn->ssl);
2835 int err = SSL_get_error(conn->ssl, res);
2837 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
2840 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
2850 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
2853 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
2889 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2892 int err = SSL_get_error(conn->ssl, res);
2895 wpa_printf(MSG_DEBUG, "SSL: No Application Data "
2907 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
2933 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2984 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
3038 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
3060 return conn ? SSL_cache_hit(conn->ssl) : 0;
3062 return conn ? conn->ssl->hit : 0;
3074 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
3113 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
3127 if (conn == NULL || conn->ssl == NULL)
3130 name = SSL_get_cipher(conn->ssl);
3142 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
3156 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
3159 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
3263 static int ocsp_resp_cb(SSL *s, void *arg)
3407 static int ocsp_status_cb(SSL *s, void *arg)
3489 if (SSL_set_ssl_method(conn->ssl, TLSv1_method()) != 1) {
3497 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3502 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
3554 SSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
3563 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
3566 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
3572 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1);
3574 SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1);
3578 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2);
3580 SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2);
3586 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
3607 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3671 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3675 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3702 static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
3740 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
3743 SSL_set_session_ticket_ext_cb(conn->ssl,
3746 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
3748 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
