1 /*
2 * TLS interface functions and an internal TLS implementation
3 * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file interface functions for hostapd/wpa_supplicant to use the
9 * integrated TLSv1 implementation.
10 */
11
12 #include "utils/includes.h"
13
14 #include "utils/common.h"
15 #include "crypto/sha1.h"
16 #include "crypto/md5.h"
17 #include "tls/tls.h"
18 #include "tls/tlsv1_client.h"
19 #include "tls/tlsv1_server.h"
20
21 static int tls_ref_count = 0;
22
23 struct tls_global {
24 int server;
25 struct tlsv1_credentials *server_cred;
26 int check_crl;
27 };
28
29 struct tls_connection {
30 struct tlsv1_client *client;
31 struct tlsv1_server *server;
32 };
33
34
tls_init(void)35 void * tls_init(void)
36 {
37 struct tls_global *global;
38
39 if (tls_ref_count == 0) {
40 #ifdef CONFIG_TLS_INTERNAL_CLIENT
41 if (tlsv1_client_global_init())
42 return NULL;
43 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
44 #ifdef CONFIG_TLS_INTERNAL_SERVER
45 if (tlsv1_server_global_init())
46 return NULL;
47 #endif /* CONFIG_TLS_INTERNAL_SERVER */
48 }
49 tls_ref_count++;
50
51 global = (struct tls_global *)os_zalloc(sizeof(*global));
52 if (global == NULL)
53 return NULL;
54
55 return global;
56 }
57
tls_deinit(void * ssl_ctx)58 void tls_deinit(void *ssl_ctx)
59 {
60 struct tls_global *global = ssl_ctx;
61 tls_ref_count--;
62 if (tls_ref_count == 0) {
63 #ifdef CONFIG_TLS_INTERNAL_CLIENT
64 tlsv1_client_global_deinit();
65 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
66 #ifdef CONFIG_TLS_INTERNAL_SERVER
67 tlsv1_cred_free(global->server_cred);
68 tlsv1_server_global_deinit();
69 #endif /* CONFIG_TLS_INTERNAL_SERVER */
70 }
71 os_free(global);
72 }
73
74
tls_get_errors(void * tls_ctx)75 int tls_get_errors(void *tls_ctx)
76 {
77 return 0;
78 }
79
80
tls_connection_init(void * tls_ctx)81 struct tls_connection * tls_connection_init(void *tls_ctx)
82 {
83 struct tls_connection *conn;
84 struct tls_global *global = tls_ctx;
85
86 conn = (struct tls_connection *)os_zalloc(sizeof(*conn));
87 if (conn == NULL)
88 return NULL;
89 #ifdef CONFIG_TLS_INTERNAL_CLIENT
90 if (!global->server) {
91 conn->client = tlsv1_client_init();
92 if (conn->client == NULL) {
93 os_free(conn);
94 return NULL;
95 }
96 }
97 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
98 #ifdef CONFIG_TLS_INTERNAL_SERVER
99 if (global->server) {
100 conn->server = tlsv1_server_init(global->server_cred);
101 if (conn->server == NULL) {
102 os_free(conn);
103 return NULL;
104 }
105 }
106 #endif /* CONFIG_TLS_INTERNAL_SERVER */
107
108 return conn;
109 }
110
111
tls_connection_deinit(void * tls_ctx,struct tls_connection * conn)112 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
113 {
114 if (conn == NULL)
115 return;
116 #ifdef CONFIG_TLS_INTERNAL_CLIENT
117 if (conn->client)
118 tlsv1_client_deinit(conn->client);
119 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
120 #ifdef CONFIG_TLS_INTERNAL_SERVER
121 if (conn->server)
122 tlsv1_server_deinit(conn->server);
123 #endif /* CONFIG_TLS_INTERNAL_SERVER */
124 os_free(conn);
125 }
126
127
tls_connection_established(void * tls_ctx,struct tls_connection * conn)128 int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
129 {
130 #ifdef CONFIG_TLS_INTERNAL_CLIENT
131 if (conn->client)
132 return tlsv1_client_established(conn->client);
133 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
134 #ifdef CONFIG_TLS_INTERNAL_SERVER
135 if (conn->server)
136 return tlsv1_server_established(conn->server);
137 #endif /* CONFIG_TLS_INTERNAL_SERVER */
138 return 0;
139 }
140
141
tls_connection_shutdown(void * tls_ctx,struct tls_connection * conn)142 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
143 {
144 #ifdef CONFIG_TLS_INTERNAL_CLIENT
145 if (conn->client)
146 return tlsv1_client_shutdown(conn->client);
147 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
148 #ifdef CONFIG_TLS_INTERNAL_SERVER
149 if (conn->server)
150 return tlsv1_server_shutdown(conn->server);
151 #endif /* CONFIG_TLS_INTERNAL_SERVER */
152 return -1;
153 }
154
155
tls_connection_set_params(void * tls_ctx,struct tls_connection * conn,const struct tls_connection_params * params)156 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
157 const struct tls_connection_params *params)
158 {
159 #ifdef CONFIG_TLS_INTERNAL_CLIENT
160 struct tlsv1_credentials *cred;
161
162 if (conn->client == NULL)
163 return -1;
164
165 cred = tlsv1_cred_alloc();
166 if (cred == NULL)
167 return -1;
168
169 if (tlsv1_set_ca_cert(cred, params->ca_cert,
170 params->ca_cert_blob, params->ca_cert_blob_len,
171 params->ca_path)) {
172 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
173 "certificates");
174 tlsv1_cred_free(cred);
175 return -1;
176 }
177
178 if (tlsv1_set_cert(cred, params->client_cert,
179 params->client_cert_blob,
180 params->client_cert_blob_len)) {
181 wpa_printf(MSG_INFO, "TLS: Failed to configure client "
182 "certificate");
183 tlsv1_cred_free(cred);
184 return -1;
185 }
186
187 if (tlsv1_set_private_key(cred, params->private_key,
188 params->private_key_passwd,
189 params->private_key_blob,
190 params->private_key_blob_len)) {
191 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
192 tlsv1_cred_free(cred);
193 return -1;
194 }
195
196 if (tlsv1_client_set_cred(conn->client, cred) < 0) {
197 tlsv1_cred_free(cred);
198 return -1;
199 }
200
201 tlsv1_client_set_time_checks(
202 conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));
203
204 return 0;
205 #else /* CONFIG_TLS_INTERNAL_CLIENT */
206 return -1;
207 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
208 }
209
210
tls_global_set_params(void * tls_ctx,const struct tls_connection_params * params)211 int tls_global_set_params(void *tls_ctx,
212 const struct tls_connection_params *params)
213 {
214 #ifdef CONFIG_TLS_INTERNAL_SERVER
215 struct tls_global *global = tls_ctx;
216 struct tlsv1_credentials *cred;
217
218 /* Currently, global parameters are only set when running in server
219 * mode. */
220 global->server = 1;
221 tlsv1_cred_free(global->server_cred);
222 global->server_cred = cred = tlsv1_cred_alloc();
223 if (cred == NULL)
224 return -1;
225
226 if (tlsv1_set_ca_cert(cred, params->ca_cert, params->ca_cert_blob,
227 params->ca_cert_blob_len, params->ca_path)) {
228 wpa_printf(MSG_INFO, "TLS: Failed to configure trusted CA "
229 "certificates");
230 return -1;
231 }
232
233 if (tlsv1_set_cert(cred, params->client_cert, params->client_cert_blob,
234 params->client_cert_blob_len)) {
235 wpa_printf(MSG_INFO, "TLS: Failed to configure server "
236 "certificate");
237 return -1;
238 }
239
240 if (tlsv1_set_private_key(cred, params->private_key,
241 params->private_key_passwd,
242 params->private_key_blob,
243 params->private_key_blob_len)) {
244 wpa_printf(MSG_INFO, "TLS: Failed to load private key");
245 return -1;
246 }
247
248 if (tlsv1_set_dhparams(cred, params->dh_file, params->dh_blob,
249 params->dh_blob_len)) {
250 wpa_printf(MSG_INFO, "TLS: Failed to load DH parameters");
251 return -1;
252 }
253
254 return 0;
255 #else /* CONFIG_TLS_INTERNAL_SERVER */
256 return -1;
257 #endif /* CONFIG_TLS_INTERNAL_SERVER */
258 }
259
260
tls_global_set_verify(void * tls_ctx,int check_crl)261 int tls_global_set_verify(void *tls_ctx, int check_crl)
262 {
263 struct tls_global *global = tls_ctx;
264 global->check_crl = check_crl;
265 return 0;
266 }
267
268
tls_connection_set_verify(void * tls_ctx,struct tls_connection * conn,int verify_peer,unsigned int flags,const u8 * session_ctx,size_t session_ctx_len)269 int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
270 int verify_peer, unsigned int flags,
271 const u8 *session_ctx, size_t session_ctx_len)
272 {
273 #ifdef CONFIG_TLS_INTERNAL_SERVER
274 if (conn->server)
275 return tlsv1_server_set_verify(conn->server, verify_peer);
276 #endif /* CONFIG_TLS_INTERNAL_SERVER */
277 return -1;
278 }
279
280
tls_connection_get_random(void * tls_ctx,struct tls_connection * conn,struct tls_random * data)281 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,
282 struct tls_random *data)
283 {
284 #ifdef CONFIG_TLS_INTERNAL_CLIENT
285 if (conn->client)
286 return tlsv1_client_get_random(conn->client, data);
287 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
288 #ifdef CONFIG_TLS_INTERNAL_SERVER
289 if (conn->server)
290 return tlsv1_server_get_random(conn->server, data);
291 #endif /* CONFIG_TLS_INTERNAL_SERVER */
292 return -1;
293 }
294
295
tls_get_keyblock_size(struct tls_connection * conn)296 static int tls_get_keyblock_size(struct tls_connection *conn)
297 {
298 #ifdef CONFIG_TLS_INTERNAL_CLIENT
299 if (conn->client)
300 return tlsv1_client_get_keyblock_size(conn->client);
301 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
302 #ifdef CONFIG_TLS_INTERNAL_SERVER
303 if (conn->server)
304 return tlsv1_server_get_keyblock_size(conn->server);
305 #endif /* CONFIG_TLS_INTERNAL_SERVER */
306 return -1;
307 }
308
309
tls_connection_prf(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,int server_random_first,int skip_keyblock,u8 * out,size_t out_len)310 static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
311 const char *label, const u8 *context,
312 size_t context_len, int server_random_first,
313 int skip_keyblock, u8 *out, size_t out_len)
314 {
315 int ret = -1, skip = 0;
316 u8 *tmp_out = NULL;
317 u8 *_out = out;
318
319 if (skip_keyblock) {
320 skip = tls_get_keyblock_size(conn);
321 if (skip < 0)
322 return -1;
323 tmp_out = os_malloc(skip + out_len);
324 if (!tmp_out)
325 return -1;
326 _out = tmp_out;
327 }
328
329 #ifdef CONFIG_TLS_INTERNAL_CLIENT
330 if (conn->client) {
331 ret = tlsv1_client_prf(conn->client, label,
332 server_random_first,
333 _out, skip + out_len);
334 }
335 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
336 #ifdef CONFIG_TLS_INTERNAL_SERVER
337 if (conn->server) {
338 ret = tlsv1_server_prf(conn->server, label,
339 server_random_first,
340 _out, skip + out_len);
341 }
342 #endif /* CONFIG_TLS_INTERNAL_SERVER */
343 if (ret == 0 && skip_keyblock)
344 os_memcpy(out, _out + skip, out_len);
345 bin_clear_free(tmp_out, skip);
346
347 return ret;
348 }
349
350
tls_connection_export_key(void * tls_ctx,struct tls_connection * conn,const char * label,const u8 * context,size_t context_len,u8 * out,size_t out_len)351 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
352 const char *label, const u8 *context,
353 size_t context_len, u8 *out, size_t out_len)
354 {
355 return tls_connection_prf(tls_ctx, conn, label, context, context_len,
356 0, 0, out, out_len);
357 }
358
359
tls_connection_get_eap_fast_key(void * tls_ctx,struct tls_connection * conn,u8 * out,size_t out_len)360 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
361 u8 *out, size_t out_len)
362 {
363 return tls_connection_prf(tls_ctx, conn, "key expansion", NULL, 0,
364 1, 1, out, out_len);
365 }
366
367
tls_connection_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)368 struct wpabuf * tls_connection_handshake(void *tls_ctx,
369 struct tls_connection *conn,
370 const struct wpabuf *in_data,
371 struct wpabuf **appl_data)
372 {
373 return tls_connection_handshake2(tls_ctx, conn, in_data, appl_data,
374 NULL);
375 }
376
377
tls_connection_handshake2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data,int * need_more_data)378 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
379 struct tls_connection *conn,
380 const struct wpabuf *in_data,
381 struct wpabuf **appl_data,
382 int *need_more_data)
383 {
384 #ifdef CONFIG_TLS_INTERNAL_CLIENT
385 u8 *res, *ad;
386 size_t res_len, ad_len;
387 struct wpabuf *out;
388
389 if (conn->client == NULL)
390 return NULL;
391
392 ad = NULL;
393 res = tlsv1_client_handshake(conn->client,
394 in_data ? wpabuf_head(in_data) : NULL,
395 in_data ? wpabuf_len(in_data) : 0,
396 &res_len, &ad, &ad_len, need_more_data);
397 if (res == NULL) {
398 return NULL;
399 }
400 out = wpabuf_alloc_ext_data(res, res_len);
401 if (out == NULL) {
402 os_free(res);
403 os_free(ad);
404 return NULL;
405 }
406 if (appl_data) {
407 if (ad) {
408 *appl_data = wpabuf_alloc_ext_data(ad, ad_len);
409 if (*appl_data == NULL)
410 os_free(ad);
411 } else
412 *appl_data = NULL;
413 } else
414 os_free(ad);
415
416 return out;
417 #else /* CONFIG_TLS_INTERNAL_CLIENT */
418 return NULL;
419 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
420 }
421
422
tls_connection_server_handshake(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,struct wpabuf ** appl_data)423 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
424 struct tls_connection *conn,
425 const struct wpabuf *in_data,
426 struct wpabuf **appl_data)
427 {
428 #ifdef CONFIG_TLS_INTERNAL_SERVER
429 u8 *res;
430 size_t res_len;
431 struct wpabuf *out;
432
433 if (conn->server == NULL)
434 return NULL;
435
436 if (appl_data)
437 *appl_data = NULL;
438
439 res = tlsv1_server_handshake(conn->server, wpabuf_head(in_data),
440 wpabuf_len(in_data), &res_len);
441 if (res == NULL && tlsv1_server_established(conn->server))
442 return wpabuf_alloc(0);
443 if (res == NULL)
444 return NULL;
445 out = wpabuf_alloc_ext_data(res, res_len);
446 if (out == NULL) {
447 os_free(res);
448 return NULL;
449 }
450
451 return out;
452 #else /* CONFIG_TLS_INTERNAL_SERVER */
453 return NULL;
454 #endif /* CONFIG_TLS_INTERNAL_SERVER */
455 }
456
457
tls_connection_encrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)458 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
459 struct tls_connection *conn,
460 const struct wpabuf *in_data)
461 {
462 #ifdef CONFIG_TLS_INTERNAL_CLIENT
463 if (conn->client) {
464 struct wpabuf *buf;
465 int res;
466 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
467 if (buf == NULL)
468 return NULL;
469 res = tlsv1_client_encrypt(conn->client, wpabuf_head(in_data),
470 wpabuf_len(in_data),
471 wpabuf_mhead(buf),
472 wpabuf_size(buf));
473 if (res < 0) {
474 wpabuf_free(buf);
475 return NULL;
476 }
477 wpabuf_put(buf, res);
478 return buf;
479 }
480 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
481 #ifdef CONFIG_TLS_INTERNAL_SERVER
482 if (conn->server) {
483 struct wpabuf *buf;
484 int res;
485 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
486 if (buf == NULL)
487 return NULL;
488 res = tlsv1_server_encrypt(conn->server, wpabuf_head(in_data),
489 wpabuf_len(in_data),
490 wpabuf_mhead(buf),
491 wpabuf_size(buf));
492 if (res < 0) {
493 wpabuf_free(buf);
494 return NULL;
495 }
496 wpabuf_put(buf, res);
497 return buf;
498 }
499 #endif /* CONFIG_TLS_INTERNAL_SERVER */
500 return NULL;
501 }
502
503
tls_connection_decrypt(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data)504 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
505 struct tls_connection *conn,
506 const struct wpabuf *in_data)
507 {
508 return tls_connection_decrypt2(tls_ctx, conn, in_data, NULL);
509 }
510
511
tls_connection_decrypt2(void * tls_ctx,struct tls_connection * conn,const struct wpabuf * in_data,int * need_more_data)512 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
513 struct tls_connection *conn,
514 const struct wpabuf *in_data,
515 int *need_more_data)
516 {
517 if (need_more_data)
518 *need_more_data = 0;
519
520 #ifdef CONFIG_TLS_INTERNAL_CLIENT
521 if (conn->client) {
522 return tlsv1_client_decrypt(conn->client, wpabuf_head(in_data),
523 wpabuf_len(in_data),
524 need_more_data);
525 }
526 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
527 #ifdef CONFIG_TLS_INTERNAL_SERVER
528 if (conn->server) {
529 struct wpabuf *buf;
530 int res;
531 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
532 if (buf == NULL)
533 return NULL;
534 res = tlsv1_server_decrypt(conn->server, wpabuf_head(in_data),
535 wpabuf_len(in_data),
536 wpabuf_mhead(buf),
537 wpabuf_size(buf));
538 if (res < 0) {
539 wpabuf_free(buf);
540 return NULL;
541 }
542 wpabuf_put(buf, res);
543 return buf;
544 }
545 #endif /* CONFIG_TLS_INTERNAL_SERVER */
546 return NULL;
547 }
548
549
tls_connection_resumed(void * tls_ctx,struct tls_connection * conn)550 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn)
551 {
552 #ifdef CONFIG_TLS_INTERNAL_CLIENT
553 if (conn->client)
554 return tlsv1_client_resumed(conn->client);
555 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
556 #ifdef CONFIG_TLS_INTERNAL_SERVER
557 if (conn->server)
558 return tlsv1_server_resumed(conn->server);
559 #endif /* CONFIG_TLS_INTERNAL_SERVER */
560 return -1;
561 }
562
563
tls_connection_set_cipher_list(void * tls_ctx,struct tls_connection * conn,u8 * ciphers)564 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
565 u8 *ciphers)
566 {
567 #ifdef CONFIG_TLS_INTERNAL_CLIENT
568 if (conn->client)
569 return tlsv1_client_set_cipher_list(conn->client, ciphers);
570 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
571 #ifdef CONFIG_TLS_INTERNAL_SERVER
572 if (conn->server)
573 return tlsv1_server_set_cipher_list(conn->server, ciphers);
574 #endif /* CONFIG_TLS_INTERNAL_SERVER */
575 return -1;
576 }
577
578
tls_get_cipher(void * tls_ctx,struct tls_connection * conn,char * buf,size_t buflen)579 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
580 char *buf, size_t buflen)
581 {
582 if (conn == NULL)
583 return -1;
584 #ifdef CONFIG_TLS_INTERNAL_CLIENT
585 if (conn->client)
586 return tlsv1_client_get_cipher(conn->client, buf, buflen);
587 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
588 #ifdef CONFIG_TLS_INTERNAL_SERVER
589 if (conn->server)
590 return tlsv1_server_get_cipher(conn->server, buf, buflen);
591 #endif /* CONFIG_TLS_INTERNAL_SERVER */
592 return -1;
593 }
594
595
tls_connection_enable_workaround(void * tls_ctx,struct tls_connection * conn)596 int tls_connection_enable_workaround(void *tls_ctx,
597 struct tls_connection *conn)
598 {
599 return -1;
600 }
601
602
tls_connection_client_hello_ext(void * tls_ctx,struct tls_connection * conn,int ext_type,const u8 * data,size_t data_len)603 int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,
604 int ext_type, const u8 *data,
605 size_t data_len)
606 {
607 #ifdef CONFIG_TLS_INTERNAL_CLIENT
608 if (conn->client) {
609 return tlsv1_client_hello_ext(conn->client, ext_type,
610 data, data_len);
611 }
612 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
613 return -1;
614 }
615
616
tls_connection_get_failed(void * tls_ctx,struct tls_connection * conn)617 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
618 {
619 return 0;
620 }
621
622
tls_connection_get_read_alerts(void * tls_ctx,struct tls_connection * conn)623 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
624 {
625 return 0;
626 }
627
628
tls_connection_get_write_alerts(void * tls_ctx,struct tls_connection * conn)629 int tls_connection_get_write_alerts(void *tls_ctx,
630 struct tls_connection *conn)
631 {
632 return 0;
633 }
634
tls_capabilities(void * tls_ctx)635 unsigned int tls_capabilities(void *tls_ctx)
636 {
637 return 0;
638 }
639
tls_connection_set_session_ticket_cb(void * tls_ctx,struct tls_connection * conn,tls_session_ticket_cb cb,void * ctx)640 int tls_connection_set_session_ticket_cb(void *tls_ctx,
641 struct tls_connection *conn,
642 tls_session_ticket_cb cb,
643 void *ctx)
644 {
645 #ifdef CONFIG_TLS_INTERNAL_CLIENT
646 if (conn->client) {
647 tlsv1_client_set_session_ticket_cb(conn->client, cb, ctx);
648 return 0;
649 }
650 #endif /* CONFIG_TLS_INTERNAL_CLIENT */
651 #ifdef CONFIG_TLS_INTERNAL_SERVER
652 if (conn->server) {
653 tlsv1_server_set_session_ticket_cb(conn->server, cb, ctx);
654 return 0;
655 }
656 #endif /* CONFIG_TLS_INTERNAL_SERVER */
657 return -1;
658 }
659
