4 * Copyright (c) Beniamino Galvani 2005 All rights reserved.
5 * Jan Just Keijser 2006-2019 All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The name(s) of the authors of this software must not be used to
20 * endorse or promote products derived from this software without
21 * prior written permission.
23 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
24 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
25 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
26 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
28 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
29 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
40 #include <openssl/ssl.h>
41 #include <openssl/bio.h>
43 #define EAP_TLS_FLAGS_LI 128 /* length included flag */
44 #define EAP_TLS_FLAGS_MF 64 /* more fragments flag */
45 #define EAP_TLS_FLAGS_START 32 /* start flag */
47 #define EAP_TLS_MAX_LEN 65536 /* max eap tls packet size */
53 u_char *data; /* buffered data */
54 int datalen; /* buffered data len */
55 int offset; /* from where to send */
56 int tlslen; /* total length of tls data */
57 bool frag; /* packet is fragmented */
58 bool tls_v13; /* whether we've negotiated TLSv1.3 */
60 SSL *ssl; /* ssl connection */
63 char peercertfile[MAXWORDLEN];
65 u_char alert_sent_desc;
67 u_char alert_recv_desc;
68 char rtx[EAP_TLS_MAX_LEN]; /* retransmission buffer */
70 int mtu; /* unit mtu */
71 struct tls_info *info;
75 SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, char *capath,
76 char *certfile, char *privkeyfile, char *pkcs12);
77 int eaptls_init_ssl_server(eap_state * esp);
78 int eaptls_init_ssl_client(eap_state * esp);
79 void eaptls_free_session(struct eaptls_session *ets);
81 int eaptls_is_init_finished(struct eaptls_session *ets);
83 int eaptls_receive(struct eaptls_session *ets, u_char * inp, int len);
84 int eaptls_send(struct eaptls_session *ets, u_char ** outp);
85 void eaptls_retransmit(struct eaptls_session *ets, u_char ** outp);
87 int get_eaptls_secret(int unit, char *client, char *server,
88 char *clicertfile, char *servcertfile, char *cacertfile,
89 char *capath, char *pkfile, char *pkcs12, int am_server);
92 void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);