tls_openssl.c revision 051af73b8f8014eff33330aead0f36944b3403e6
1/* 2 * SSL/TLS interface functions for OpenSSL 3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#ifndef CONFIG_SMARTCARD 12#ifndef OPENSSL_NO_ENGINE 13#ifndef ANDROID 14#define OPENSSL_NO_ENGINE 15#endif 16#endif 17#endif 18 19#include <openssl/ssl.h> 20#include <openssl/err.h> 21#include <openssl/pkcs12.h> 22#include <openssl/x509v3.h> 23#ifndef OPENSSL_NO_ENGINE 24#include <openssl/engine.h> 25#endif /* OPENSSL_NO_ENGINE */ 26 27#include "common.h" 28#include "crypto.h" 29#include "tls.h" 30 31#if OPENSSL_VERSION_NUMBER >= 0x0090800fL 32#define OPENSSL_d2i_TYPE const unsigned char ** 33#else 34#define OPENSSL_d2i_TYPE unsigned char ** 35#endif 36 37#if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data) 38#define OPENSSL_SUPPORTS_CTX_APP_DATA 39#endif 40 41#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT 42#ifdef SSL_OP_NO_TICKET 43/* 44 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on 45 * 2008-11-15. This version uses a bit different API compared to the old patch. 46 */ 47#define CONFIG_OPENSSL_TICKET_OVERRIDE 48#endif 49#endif 50 51#ifdef ANDROID 52#include <openssl/pem.h> 53#include <keystore/keystore_get.h> 54 55static BIO * BIO_from_keystore(const char *key) 56{ 57 BIO *bio = NULL; 58 uint8_t *value = NULL; 59 int length = keystore_get(key, strlen(key), &value); 60 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) { 61 BIO_write(bio, value, length); 62 } 63 free(value); 64 return bio; 65} 66#endif /* ANDROID */ 67 68#ifdef SSL_set_tlsext_status_type 69#ifndef OPENSSL_NO_TLSEXT 70#define HAVE_OCSP 71#include <openssl/ocsp.h> 72#endif /* OPENSSL_NO_TLSEXT */ 73#endif /* SSL_set_tlsext_status_type */ 74 75static int tls_openssl_ref_count = 0; 76 77struct tls_context { 78 void (*event_cb)(void *ctx, enum tls_event ev, 79 union tls_event_data *data); 80 void *cb_ctx; 81 int cert_in_cb; 82 char *ocsp_stapling_response; 83}; 84 85static struct tls_context *tls_global = NULL; 86 87 88struct tls_connection { 89 struct tls_context *context; 90 SSL *ssl; 91 BIO *ssl_in, *ssl_out; 92#ifndef OPENSSL_NO_ENGINE 93 ENGINE *engine; /* functional reference to the engine */ 94 EVP_PKEY *private_key; /* the private key if using engine */ 95#endif /* OPENSSL_NO_ENGINE */ 96 char *subject_match, *altsubject_match, *suffix_match; 97 int read_alerts, write_alerts, failed; 98 99 tls_session_ticket_cb session_ticket_cb; 100 void *session_ticket_cb_ctx; 101 102 /* SessionTicket received from OpenSSL hello_extension_cb (server) */ 103 u8 *session_ticket; 104 size_t session_ticket_len; 105 106 unsigned int ca_cert_verify:1; 107 unsigned int cert_probe:1; 108 unsigned int server_cert_only:1; 109 110 u8 srv_cert_hash[32]; 111 112 unsigned int flags; 113 114 X509 *peer_cert; 115 X509 *peer_issuer; 116}; 117 118 119static struct tls_context * tls_context_new(const struct tls_config *conf) 120{ 121 struct tls_context *context = os_zalloc(sizeof(*context)); 122 if (context == NULL) 123 return NULL; 124 if (conf) { 125 context->event_cb = conf->event_cb; 126 context->cb_ctx = conf->cb_ctx; 127 context->cert_in_cb = conf->cert_in_cb; 128 } 129 return context; 130} 131 132 133#ifdef CONFIG_NO_STDOUT_DEBUG 134 135static void _tls_show_errors(void) 136{ 137 unsigned long err; 138 139 while ((err = ERR_get_error())) { 140 /* Just ignore the errors, since stdout is disabled */ 141 } 142} 143#define tls_show_errors(l, f, t) _tls_show_errors() 144 145#else /* CONFIG_NO_STDOUT_DEBUG */ 146 147static void tls_show_errors(int level, const char *func, const char *txt) 148{ 149 unsigned long err; 150 151 wpa_printf(level, "OpenSSL: %s - %s %s", 152 func, txt, ERR_error_string(ERR_get_error(), NULL)); 153 154 while ((err = ERR_get_error())) { 155 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 156 ERR_error_string(err, NULL)); 157 } 158} 159 160#endif /* CONFIG_NO_STDOUT_DEBUG */ 161 162 163#ifdef CONFIG_NATIVE_WINDOWS 164 165/* Windows CryptoAPI and access to certificate stores */ 166#include <wincrypt.h> 167 168#ifdef __MINGW32_VERSION 169/* 170 * MinGW does not yet include all the needed definitions for CryptoAPI, so 171 * define here whatever extra is needed. 172 */ 173#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16) 174#define CERT_STORE_READONLY_FLAG 0x00008000 175#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 176 177#endif /* __MINGW32_VERSION */ 178 179 180struct cryptoapi_rsa_data { 181 const CERT_CONTEXT *cert; 182 HCRYPTPROV crypt_prov; 183 DWORD key_spec; 184 BOOL free_crypt_prov; 185}; 186 187 188static void cryptoapi_error(const char *msg) 189{ 190 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u", 191 msg, (unsigned int) GetLastError()); 192} 193 194 195static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from, 196 unsigned char *to, RSA *rsa, int padding) 197{ 198 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 199 return 0; 200} 201 202 203static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from, 204 unsigned char *to, RSA *rsa, int padding) 205{ 206 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 207 return 0; 208} 209 210 211static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from, 212 unsigned char *to, RSA *rsa, int padding) 213{ 214 struct cryptoapi_rsa_data *priv = 215 (struct cryptoapi_rsa_data *) rsa->meth->app_data; 216 HCRYPTHASH hash; 217 DWORD hash_size, len, i; 218 unsigned char *buf = NULL; 219 int ret = 0; 220 221 if (priv == NULL) { 222 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 223 ERR_R_PASSED_NULL_PARAMETER); 224 return 0; 225 } 226 227 if (padding != RSA_PKCS1_PADDING) { 228 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 229 RSA_R_UNKNOWN_PADDING_TYPE); 230 return 0; 231 } 232 233 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) { 234 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported", 235 __func__); 236 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 237 RSA_R_INVALID_MESSAGE_LENGTH); 238 return 0; 239 } 240 241 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash)) 242 { 243 cryptoapi_error("CryptCreateHash failed"); 244 return 0; 245 } 246 247 len = sizeof(hash_size); 248 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len, 249 0)) { 250 cryptoapi_error("CryptGetHashParam failed"); 251 goto err; 252 } 253 254 if ((int) hash_size != flen) { 255 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)", 256 (unsigned) hash_size, flen); 257 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 258 RSA_R_INVALID_MESSAGE_LENGTH); 259 goto err; 260 } 261 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) { 262 cryptoapi_error("CryptSetHashParam failed"); 263 goto err; 264 } 265 266 len = RSA_size(rsa); 267 buf = os_malloc(len); 268 if (buf == NULL) { 269 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 270 goto err; 271 } 272 273 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) { 274 cryptoapi_error("CryptSignHash failed"); 275 goto err; 276 } 277 278 for (i = 0; i < len; i++) 279 to[i] = buf[len - i - 1]; 280 ret = len; 281 282err: 283 os_free(buf); 284 CryptDestroyHash(hash); 285 286 return ret; 287} 288 289 290static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from, 291 unsigned char *to, RSA *rsa, int padding) 292{ 293 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 294 return 0; 295} 296 297 298static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv) 299{ 300 if (priv == NULL) 301 return; 302 if (priv->crypt_prov && priv->free_crypt_prov) 303 CryptReleaseContext(priv->crypt_prov, 0); 304 if (priv->cert) 305 CertFreeCertificateContext(priv->cert); 306 os_free(priv); 307} 308 309 310static int cryptoapi_finish(RSA *rsa) 311{ 312 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data); 313 os_free((void *) rsa->meth); 314 rsa->meth = NULL; 315 return 1; 316} 317 318 319static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store) 320{ 321 HCERTSTORE cs; 322 const CERT_CONTEXT *ret = NULL; 323 324 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0, 325 store | CERT_STORE_OPEN_EXISTING_FLAG | 326 CERT_STORE_READONLY_FLAG, L"MY"); 327 if (cs == NULL) { 328 cryptoapi_error("Failed to open 'My system store'"); 329 return NULL; 330 } 331 332 if (strncmp(name, "cert://", 7) == 0) { 333 unsigned short wbuf[255]; 334 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255); 335 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING | 336 PKCS_7_ASN_ENCODING, 337 0, CERT_FIND_SUBJECT_STR, 338 wbuf, NULL); 339 } else if (strncmp(name, "hash://", 7) == 0) { 340 CRYPT_HASH_BLOB blob; 341 int len; 342 const char *hash = name + 7; 343 unsigned char *buf; 344 345 len = os_strlen(hash) / 2; 346 buf = os_malloc(len); 347 if (buf && hexstr2bin(hash, buf, len) == 0) { 348 blob.cbData = len; 349 blob.pbData = buf; 350 ret = CertFindCertificateInStore(cs, 351 X509_ASN_ENCODING | 352 PKCS_7_ASN_ENCODING, 353 0, CERT_FIND_HASH, 354 &blob, NULL); 355 } 356 os_free(buf); 357 } 358 359 CertCloseStore(cs, 0); 360 361 return ret; 362} 363 364 365static int tls_cryptoapi_cert(SSL *ssl, const char *name) 366{ 367 X509 *cert = NULL; 368 RSA *rsa = NULL, *pub_rsa; 369 struct cryptoapi_rsa_data *priv; 370 RSA_METHOD *rsa_meth; 371 372 if (name == NULL || 373 (strncmp(name, "cert://", 7) != 0 && 374 strncmp(name, "hash://", 7) != 0)) 375 return -1; 376 377 priv = os_zalloc(sizeof(*priv)); 378 rsa_meth = os_zalloc(sizeof(*rsa_meth)); 379 if (priv == NULL || rsa_meth == NULL) { 380 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory " 381 "for CryptoAPI RSA method"); 382 os_free(priv); 383 os_free(rsa_meth); 384 return -1; 385 } 386 387 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER); 388 if (priv->cert == NULL) { 389 priv->cert = cryptoapi_find_cert( 390 name, CERT_SYSTEM_STORE_LOCAL_MACHINE); 391 } 392 if (priv->cert == NULL) { 393 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate " 394 "'%s'", name); 395 goto err; 396 } 397 398 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded, 399 priv->cert->cbCertEncoded); 400 if (cert == NULL) { 401 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER " 402 "encoding"); 403 goto err; 404 } 405 406 if (!CryptAcquireCertificatePrivateKey(priv->cert, 407 CRYPT_ACQUIRE_COMPARE_KEY_FLAG, 408 NULL, &priv->crypt_prov, 409 &priv->key_spec, 410 &priv->free_crypt_prov)) { 411 cryptoapi_error("Failed to acquire a private key for the " 412 "certificate"); 413 goto err; 414 } 415 416 rsa_meth->name = "Microsoft CryptoAPI RSA Method"; 417 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc; 418 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec; 419 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc; 420 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec; 421 rsa_meth->finish = cryptoapi_finish; 422 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; 423 rsa_meth->app_data = (char *) priv; 424 425 rsa = RSA_new(); 426 if (rsa == NULL) { 427 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 428 ERR_R_MALLOC_FAILURE); 429 goto err; 430 } 431 432 if (!SSL_use_certificate(ssl, cert)) { 433 RSA_free(rsa); 434 rsa = NULL; 435 goto err; 436 } 437 pub_rsa = cert->cert_info->key->pkey->pkey.rsa; 438 X509_free(cert); 439 cert = NULL; 440 441 rsa->n = BN_dup(pub_rsa->n); 442 rsa->e = BN_dup(pub_rsa->e); 443 if (!RSA_set_method(rsa, rsa_meth)) 444 goto err; 445 446 if (!SSL_use_RSAPrivateKey(ssl, rsa)) 447 goto err; 448 RSA_free(rsa); 449 450 return 0; 451 452err: 453 if (cert) 454 X509_free(cert); 455 if (rsa) 456 RSA_free(rsa); 457 else { 458 os_free(rsa_meth); 459 cryptoapi_free_data(priv); 460 } 461 return -1; 462} 463 464 465static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name) 466{ 467 HCERTSTORE cs; 468 PCCERT_CONTEXT ctx = NULL; 469 X509 *cert; 470 char buf[128]; 471 const char *store; 472#ifdef UNICODE 473 WCHAR *wstore; 474#endif /* UNICODE */ 475 476 if (name == NULL || strncmp(name, "cert_store://", 13) != 0) 477 return -1; 478 479 store = name + 13; 480#ifdef UNICODE 481 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR)); 482 if (wstore == NULL) 483 return -1; 484 wsprintf(wstore, L"%S", store); 485 cs = CertOpenSystemStore(0, wstore); 486 os_free(wstore); 487#else /* UNICODE */ 488 cs = CertOpenSystemStore(0, store); 489#endif /* UNICODE */ 490 if (cs == NULL) { 491 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store " 492 "'%s': error=%d", __func__, store, 493 (int) GetLastError()); 494 return -1; 495 } 496 497 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) { 498 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded, 499 ctx->cbCertEncoded); 500 if (cert == NULL) { 501 wpa_printf(MSG_INFO, "CryptoAPI: Could not process " 502 "X509 DER encoding for CA cert"); 503 continue; 504 } 505 506 X509_NAME_oneline(X509_get_subject_name(cert), buf, 507 sizeof(buf)); 508 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for " 509 "system certificate store: subject='%s'", buf); 510 511 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 512 tls_show_errors(MSG_WARNING, __func__, 513 "Failed to add ca_cert to OpenSSL " 514 "certificate store"); 515 } 516 517 X509_free(cert); 518 } 519 520 if (!CertCloseStore(cs, 0)) { 521 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store " 522 "'%s': error=%d", __func__, name + 13, 523 (int) GetLastError()); 524 } 525 526 return 0; 527} 528 529 530#else /* CONFIG_NATIVE_WINDOWS */ 531 532static int tls_cryptoapi_cert(SSL *ssl, const char *name) 533{ 534 return -1; 535} 536 537#endif /* CONFIG_NATIVE_WINDOWS */ 538 539 540static void ssl_info_cb(const SSL *ssl, int where, int ret) 541{ 542 const char *str; 543 int w; 544 545 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret); 546 w = where & ~SSL_ST_MASK; 547 if (w & SSL_ST_CONNECT) 548 str = "SSL_connect"; 549 else if (w & SSL_ST_ACCEPT) 550 str = "SSL_accept"; 551 else 552 str = "undefined"; 553 554 if (where & SSL_CB_LOOP) { 555 wpa_printf(MSG_DEBUG, "SSL: %s:%s", 556 str, SSL_state_string_long(ssl)); 557 } else if (where & SSL_CB_ALERT) { 558 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl); 559 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s", 560 where & SSL_CB_READ ? 561 "read (remote end reported an error)" : 562 "write (local SSL3 detected an error)", 563 SSL_alert_type_string_long(ret), 564 SSL_alert_desc_string_long(ret)); 565 if ((ret >> 8) == SSL3_AL_FATAL) { 566 if (where & SSL_CB_READ) 567 conn->read_alerts++; 568 else 569 conn->write_alerts++; 570 } 571 if (conn->context->event_cb != NULL) { 572 union tls_event_data ev; 573 struct tls_context *context = conn->context; 574 os_memset(&ev, 0, sizeof(ev)); 575 ev.alert.is_local = !(where & SSL_CB_READ); 576 ev.alert.type = SSL_alert_type_string_long(ret); 577 ev.alert.description = SSL_alert_desc_string_long(ret); 578 context->event_cb(context->cb_ctx, TLS_ALERT, &ev); 579 } 580 } else if (where & SSL_CB_EXIT && ret <= 0) { 581 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", 582 str, ret == 0 ? "failed" : "error", 583 SSL_state_string_long(ssl)); 584 } 585} 586 587 588#ifndef OPENSSL_NO_ENGINE 589/** 590 * tls_engine_load_dynamic_generic - load any openssl engine 591 * @pre: an array of commands and values that load an engine initialized 592 * in the engine specific function 593 * @post: an array of commands and values that initialize an already loaded 594 * engine (or %NULL if not required) 595 * @id: the engine id of the engine to load (only required if post is not %NULL 596 * 597 * This function is a generic function that loads any openssl engine. 598 * 599 * Returns: 0 on success, -1 on failure 600 */ 601static int tls_engine_load_dynamic_generic(const char *pre[], 602 const char *post[], const char *id) 603{ 604 ENGINE *engine; 605 const char *dynamic_id = "dynamic"; 606 607 engine = ENGINE_by_id(id); 608 if (engine) { 609 ENGINE_free(engine); 610 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " 611 "available", id); 612 return 0; 613 } 614 ERR_clear_error(); 615 616 engine = ENGINE_by_id(dynamic_id); 617 if (engine == NULL) { 618 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 619 dynamic_id, 620 ERR_error_string(ERR_get_error(), NULL)); 621 return -1; 622 } 623 624 /* Perform the pre commands. This will load the engine. */ 625 while (pre && pre[0]) { 626 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]); 627 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) { 628 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: " 629 "%s %s [%s]", pre[0], pre[1], 630 ERR_error_string(ERR_get_error(), NULL)); 631 ENGINE_free(engine); 632 return -1; 633 } 634 pre += 2; 635 } 636 637 /* 638 * Free the reference to the "dynamic" engine. The loaded engine can 639 * now be looked up using ENGINE_by_id(). 640 */ 641 ENGINE_free(engine); 642 643 engine = ENGINE_by_id(id); 644 if (engine == NULL) { 645 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 646 id, ERR_error_string(ERR_get_error(), NULL)); 647 return -1; 648 } 649 650 while (post && post[0]) { 651 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]); 652 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) { 653 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:" 654 " %s %s [%s]", post[0], post[1], 655 ERR_error_string(ERR_get_error(), NULL)); 656 ENGINE_remove(engine); 657 ENGINE_free(engine); 658 return -1; 659 } 660 post += 2; 661 } 662 ENGINE_free(engine); 663 664 return 0; 665} 666 667 668/** 669 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc 670 * @pkcs11_so_path: pksc11_so_path from the configuration 671 * @pcks11_module_path: pkcs11_module_path from the configuration 672 */ 673static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, 674 const char *pkcs11_module_path) 675{ 676 char *engine_id = "pkcs11"; 677 const char *pre_cmd[] = { 678 "SO_PATH", NULL /* pkcs11_so_path */, 679 "ID", NULL /* engine_id */, 680 "LIST_ADD", "1", 681 /* "NO_VCHECK", "1", */ 682 "LOAD", NULL, 683 NULL, NULL 684 }; 685 const char *post_cmd[] = { 686 "MODULE_PATH", NULL /* pkcs11_module_path */, 687 NULL, NULL 688 }; 689 690 if (!pkcs11_so_path || !pkcs11_module_path) 691 return 0; 692 693 pre_cmd[1] = pkcs11_so_path; 694 pre_cmd[3] = engine_id; 695 post_cmd[1] = pkcs11_module_path; 696 697 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", 698 pkcs11_so_path); 699 700 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id); 701} 702 703 704/** 705 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc 706 * @opensc_so_path: opensc_so_path from the configuration 707 */ 708static int tls_engine_load_dynamic_opensc(const char *opensc_so_path) 709{ 710 char *engine_id = "opensc"; 711 const char *pre_cmd[] = { 712 "SO_PATH", NULL /* opensc_so_path */, 713 "ID", NULL /* engine_id */, 714 "LIST_ADD", "1", 715 "LOAD", NULL, 716 NULL, NULL 717 }; 718 719 if (!opensc_so_path) 720 return 0; 721 722 pre_cmd[1] = opensc_so_path; 723 pre_cmd[3] = engine_id; 724 725 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s", 726 opensc_so_path); 727 728 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); 729} 730#endif /* OPENSSL_NO_ENGINE */ 731 732 733void * tls_init(const struct tls_config *conf) 734{ 735 SSL_CTX *ssl; 736 struct tls_context *context; 737 738 if (tls_openssl_ref_count == 0) { 739 tls_global = context = tls_context_new(conf); 740 if (context == NULL) 741 return NULL; 742#ifdef CONFIG_FIPS 743#ifdef OPENSSL_FIPS 744 if (conf && conf->fips_mode) { 745 if (!FIPS_mode_set(1)) { 746 wpa_printf(MSG_ERROR, "Failed to enable FIPS " 747 "mode"); 748 ERR_load_crypto_strings(); 749 ERR_print_errors_fp(stderr); 750 os_free(tls_global); 751 tls_global = NULL; 752 return NULL; 753 } else 754 wpa_printf(MSG_INFO, "Running in FIPS mode"); 755 } 756#else /* OPENSSL_FIPS */ 757 if (conf && conf->fips_mode) { 758 wpa_printf(MSG_ERROR, "FIPS mode requested, but not " 759 "supported"); 760 os_free(tls_global); 761 tls_global = NULL; 762 return NULL; 763 } 764#endif /* OPENSSL_FIPS */ 765#endif /* CONFIG_FIPS */ 766 SSL_load_error_strings(); 767 SSL_library_init(); 768#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) 769 EVP_add_digest(EVP_sha256()); 770#endif /* OPENSSL_NO_SHA256 */ 771 /* TODO: if /dev/urandom is available, PRNG is seeded 772 * automatically. If this is not the case, random data should 773 * be added here. */ 774 775#ifdef PKCS12_FUNCS 776#ifndef OPENSSL_NO_RC2 777 /* 778 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it. 779 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8 780 * versions, but it looks like OpenSSL 1.0.0 does not do that 781 * anymore. 782 */ 783 EVP_add_cipher(EVP_rc2_40_cbc()); 784#endif /* OPENSSL_NO_RC2 */ 785 PKCS12_PBE_add(); 786#endif /* PKCS12_FUNCS */ 787 } else { 788 context = tls_global; 789#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 790 /* Newer OpenSSL can store app-data per-SSL */ 791 context = tls_context_new(conf); 792 if (context == NULL) 793 return NULL; 794#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 795 } 796 tls_openssl_ref_count++; 797 798 ssl = SSL_CTX_new(TLSv1_method()); 799 if (ssl == NULL) { 800 tls_openssl_ref_count--; 801 if (tls_openssl_ref_count == 0) { 802 os_free(tls_global); 803 tls_global = NULL; 804 } else if (context != tls_global) { 805 os_free(context); 806 } 807 return NULL; 808 } 809 810 SSL_CTX_set_info_callback(ssl, ssl_info_cb); 811#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 812 SSL_CTX_set_app_data(ssl, context); 813#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 814 815#ifndef OPENSSL_NO_ENGINE 816 if (conf && 817 (conf->opensc_engine_path || conf->pkcs11_engine_path || 818 conf->pkcs11_module_path)) { 819 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); 820 ERR_load_ENGINE_strings(); 821 ENGINE_load_dynamic(); 822 823 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || 824 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, 825 conf->pkcs11_module_path)) { 826 tls_deinit(ssl); 827 return NULL; 828 } 829 } 830#endif /* OPENSSL_NO_ENGINE */ 831 832 return ssl; 833} 834 835 836void tls_deinit(void *ssl_ctx) 837{ 838 SSL_CTX *ssl = ssl_ctx; 839#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 840 struct tls_context *context = SSL_CTX_get_app_data(ssl); 841 if (context != tls_global) 842 os_free(context); 843#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 844 SSL_CTX_free(ssl); 845 846 tls_openssl_ref_count--; 847 if (tls_openssl_ref_count == 0) { 848#ifndef OPENSSL_NO_ENGINE 849 ENGINE_cleanup(); 850#endif /* OPENSSL_NO_ENGINE */ 851 CRYPTO_cleanup_all_ex_data(); 852 ERR_remove_state(0); 853 ERR_free_strings(); 854 EVP_cleanup(); 855 os_free(tls_global->ocsp_stapling_response); 856 tls_global->ocsp_stapling_response = NULL; 857 os_free(tls_global); 858 tls_global = NULL; 859 } 860} 861 862 863static int tls_engine_init(struct tls_connection *conn, const char *engine_id, 864 const char *pin, const char *key_id, 865 const char *cert_id, const char *ca_cert_id) 866{ 867#ifndef OPENSSL_NO_ENGINE 868 int ret = -1; 869 if (engine_id == NULL) { 870 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); 871 return -1; 872 } 873#ifndef ANDROID 874 if (pin == NULL) { 875 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set"); 876 return -1; 877 } 878#endif 879 if (key_id == NULL) { 880 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set"); 881 return -1; 882 } 883 884 ERR_clear_error(); 885#ifdef ANDROID 886 ENGINE_load_dynamic(); 887#endif 888 conn->engine = ENGINE_by_id(engine_id); 889 if (!conn->engine) { 890 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", 891 engine_id, ERR_error_string(ERR_get_error(), NULL)); 892 goto err; 893 } 894 if (ENGINE_init(conn->engine) != 1) { 895 wpa_printf(MSG_ERROR, "ENGINE: engine init failed " 896 "(engine: %s) [%s]", engine_id, 897 ERR_error_string(ERR_get_error(), NULL)); 898 goto err; 899 } 900 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); 901 902#ifndef ANDROID 903 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { 904 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", 905 ERR_error_string(ERR_get_error(), NULL)); 906 goto err; 907 } 908#endif 909 /* load private key first in-case PIN is required for cert */ 910 conn->private_key = ENGINE_load_private_key(conn->engine, 911 key_id, NULL, NULL); 912 if (!conn->private_key) { 913 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id" 914 " '%s' [%s]", key_id, 915 ERR_error_string(ERR_get_error(), NULL)); 916 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 917 goto err; 918 } 919 920 /* handle a certificate and/or CA certificate */ 921 if (cert_id || ca_cert_id) { 922 const char *cmd_name = "LOAD_CERT_CTRL"; 923 924 /* test if the engine supports a LOAD_CERT_CTRL */ 925 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME, 926 0, (void *)cmd_name, NULL)) { 927 wpa_printf(MSG_ERROR, "ENGINE: engine does not support" 928 " loading certificates"); 929 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 930 goto err; 931 } 932 } 933 934 return 0; 935 936err: 937 if (conn->engine) { 938 ENGINE_free(conn->engine); 939 conn->engine = NULL; 940 } 941 942 if (conn->private_key) { 943 EVP_PKEY_free(conn->private_key); 944 conn->private_key = NULL; 945 } 946 947 return ret; 948#else /* OPENSSL_NO_ENGINE */ 949 return 0; 950#endif /* OPENSSL_NO_ENGINE */ 951} 952 953 954static void tls_engine_deinit(struct tls_connection *conn) 955{ 956#ifndef OPENSSL_NO_ENGINE 957 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit"); 958 if (conn->private_key) { 959 EVP_PKEY_free(conn->private_key); 960 conn->private_key = NULL; 961 } 962 if (conn->engine) { 963 ENGINE_finish(conn->engine); 964 conn->engine = NULL; 965 } 966#endif /* OPENSSL_NO_ENGINE */ 967} 968 969 970int tls_get_errors(void *ssl_ctx) 971{ 972 int count = 0; 973 unsigned long err; 974 975 while ((err = ERR_get_error())) { 976 wpa_printf(MSG_INFO, "TLS - SSL error: %s", 977 ERR_error_string(err, NULL)); 978 count++; 979 } 980 981 return count; 982} 983 984struct tls_connection * tls_connection_init(void *ssl_ctx) 985{ 986 SSL_CTX *ssl = ssl_ctx; 987 struct tls_connection *conn; 988 long options; 989 struct tls_context *context = tls_global; 990#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 991 context = SSL_CTX_get_app_data(ssl); 992#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 993 994 conn = os_zalloc(sizeof(*conn)); 995 if (conn == NULL) 996 return NULL; 997 conn->ssl = SSL_new(ssl); 998 if (conn->ssl == NULL) { 999 tls_show_errors(MSG_INFO, __func__, 1000 "Failed to initialize new SSL connection"); 1001 os_free(conn); 1002 return NULL; 1003 } 1004 1005 conn->context = context; 1006 SSL_set_app_data(conn->ssl, conn); 1007 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 1008 SSL_OP_SINGLE_DH_USE; 1009#ifdef SSL_OP_NO_COMPRESSION 1010 options |= SSL_OP_NO_COMPRESSION; 1011#endif /* SSL_OP_NO_COMPRESSION */ 1012#ifdef ANDROID 1013 options |= SSL_OP_NO_TLSv1_1; 1014 options |= SSL_OP_NO_TLSv1_2; 1015 options |= SSL_OP_NO_TICKET; 1016#endif /* ANDROID */ 1017 SSL_set_options(conn->ssl, options); 1018 1019 conn->ssl_in = BIO_new(BIO_s_mem()); 1020 if (!conn->ssl_in) { 1021 tls_show_errors(MSG_INFO, __func__, 1022 "Failed to create a new BIO for ssl_in"); 1023 SSL_free(conn->ssl); 1024 os_free(conn); 1025 return NULL; 1026 } 1027 1028 conn->ssl_out = BIO_new(BIO_s_mem()); 1029 if (!conn->ssl_out) { 1030 tls_show_errors(MSG_INFO, __func__, 1031 "Failed to create a new BIO for ssl_out"); 1032 SSL_free(conn->ssl); 1033 BIO_free(conn->ssl_in); 1034 os_free(conn); 1035 return NULL; 1036 } 1037 1038 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out); 1039 1040 return conn; 1041} 1042 1043 1044void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) 1045{ 1046 if (conn == NULL) 1047 return; 1048 SSL_free(conn->ssl); 1049 tls_engine_deinit(conn); 1050 os_free(conn->subject_match); 1051 os_free(conn->altsubject_match); 1052 os_free(conn->suffix_match); 1053 os_free(conn->session_ticket); 1054 os_free(conn); 1055} 1056 1057 1058int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) 1059{ 1060 return conn ? SSL_is_init_finished(conn->ssl) : 0; 1061} 1062 1063 1064int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) 1065{ 1066 if (conn == NULL) 1067 return -1; 1068 1069 /* Shutdown previous TLS connection without notifying the peer 1070 * because the connection was already terminated in practice 1071 * and "close notify" shutdown alert would confuse AS. */ 1072 SSL_set_quiet_shutdown(conn->ssl, 1); 1073 SSL_shutdown(conn->ssl); 1074 return 0; 1075} 1076 1077 1078static int tls_match_altsubject_component(X509 *cert, int type, 1079 const char *value, size_t len) 1080{ 1081 GENERAL_NAME *gen; 1082 void *ext; 1083 int i, found = 0; 1084 1085 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 1086 1087 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 1088 gen = sk_GENERAL_NAME_value(ext, i); 1089 if (gen->type != type) 1090 continue; 1091 if (os_strlen((char *) gen->d.ia5->data) == len && 1092 os_memcmp(value, gen->d.ia5->data, len) == 0) 1093 found++; 1094 } 1095 1096 return found; 1097} 1098 1099 1100static int tls_match_altsubject(X509 *cert, const char *match) 1101{ 1102 int type; 1103 const char *pos, *end; 1104 size_t len; 1105 1106 pos = match; 1107 do { 1108 if (os_strncmp(pos, "EMAIL:", 6) == 0) { 1109 type = GEN_EMAIL; 1110 pos += 6; 1111 } else if (os_strncmp(pos, "DNS:", 4) == 0) { 1112 type = GEN_DNS; 1113 pos += 4; 1114 } else if (os_strncmp(pos, "URI:", 4) == 0) { 1115 type = GEN_URI; 1116 pos += 4; 1117 } else { 1118 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " 1119 "match '%s'", pos); 1120 return 0; 1121 } 1122 end = os_strchr(pos, ';'); 1123 while (end) { 1124 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || 1125 os_strncmp(end + 1, "DNS:", 4) == 0 || 1126 os_strncmp(end + 1, "URI:", 4) == 0) 1127 break; 1128 end = os_strchr(end + 1, ';'); 1129 } 1130 if (end) 1131 len = end - pos; 1132 else 1133 len = os_strlen(pos); 1134 if (tls_match_altsubject_component(cert, type, pos, len) > 0) 1135 return 1; 1136 pos = end + 1; 1137 } while (end); 1138 1139 return 0; 1140} 1141 1142 1143static int domain_suffix_match(const u8 *val, size_t len, const char *match) 1144{ 1145 size_t i, match_len; 1146 1147 /* Check for embedded nuls that could mess up suffix matching */ 1148 for (i = 0; i < len; i++) { 1149 if (val[i] == '\0') { 1150 wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject"); 1151 return 0; 1152 } 1153 } 1154 1155 match_len = os_strlen(match); 1156 if (match_len > len) 1157 return 0; 1158 1159 if (os_strncasecmp((const char *) val + len - match_len, match, 1160 match_len) != 0) 1161 return 0; /* no match */ 1162 1163 if (match_len == len) 1164 return 1; /* exact match */ 1165 1166 if (val[len - match_len - 1] == '.') 1167 return 1; /* full label match completes suffix match */ 1168 1169 wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match"); 1170 return 0; 1171} 1172 1173 1174static int tls_match_suffix(X509 *cert, const char *match) 1175{ 1176 GENERAL_NAME *gen; 1177 void *ext; 1178 int i; 1179 int dns_name = 0; 1180 X509_NAME *name; 1181 1182 wpa_printf(MSG_DEBUG, "TLS: Match domain against suffix %s", match); 1183 1184 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 1185 1186 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 1187 gen = sk_GENERAL_NAME_value(ext, i); 1188 if (gen->type != GEN_DNS) 1189 continue; 1190 dns_name++; 1191 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName", 1192 gen->d.dNSName->data, 1193 gen->d.dNSName->length); 1194 if (domain_suffix_match(gen->d.dNSName->data, 1195 gen->d.dNSName->length, match) == 1) { 1196 wpa_printf(MSG_DEBUG, "TLS: Suffix match in dNSName found"); 1197 return 1; 1198 } 1199 } 1200 1201 if (dns_name) { 1202 wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched"); 1203 return 0; 1204 } 1205 1206 name = X509_get_subject_name(cert); 1207 i = -1; 1208 for (;;) { 1209 X509_NAME_ENTRY *e; 1210 ASN1_STRING *cn; 1211 1212 i = X509_NAME_get_index_by_NID(name, NID_commonName, i); 1213 if (i == -1) 1214 break; 1215 e = X509_NAME_get_entry(name, i); 1216 if (e == NULL) 1217 continue; 1218 cn = X509_NAME_ENTRY_get_data(e); 1219 if (cn == NULL) 1220 continue; 1221 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName", 1222 cn->data, cn->length); 1223 if (domain_suffix_match(cn->data, cn->length, match) == 1) { 1224 wpa_printf(MSG_DEBUG, "TLS: Suffix match in commonName found"); 1225 return 1; 1226 } 1227 } 1228 1229 wpa_printf(MSG_DEBUG, "TLS: No CommonName suffix match found"); 1230 return 0; 1231} 1232 1233 1234static enum tls_fail_reason openssl_tls_fail_reason(int err) 1235{ 1236 switch (err) { 1237 case X509_V_ERR_CERT_REVOKED: 1238 return TLS_FAIL_REVOKED; 1239 case X509_V_ERR_CERT_NOT_YET_VALID: 1240 case X509_V_ERR_CRL_NOT_YET_VALID: 1241 return TLS_FAIL_NOT_YET_VALID; 1242 case X509_V_ERR_CERT_HAS_EXPIRED: 1243 case X509_V_ERR_CRL_HAS_EXPIRED: 1244 return TLS_FAIL_EXPIRED; 1245 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 1246 case X509_V_ERR_UNABLE_TO_GET_CRL: 1247 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 1248 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 1249 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 1250 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1251 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 1252 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 1253 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 1254 case X509_V_ERR_INVALID_CA: 1255 return TLS_FAIL_UNTRUSTED; 1256 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 1257 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 1258 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 1259 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 1260 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 1261 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 1262 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 1263 case X509_V_ERR_CERT_UNTRUSTED: 1264 case X509_V_ERR_CERT_REJECTED: 1265 return TLS_FAIL_BAD_CERTIFICATE; 1266 default: 1267 return TLS_FAIL_UNSPECIFIED; 1268 } 1269} 1270 1271 1272static struct wpabuf * get_x509_cert(X509 *cert) 1273{ 1274 struct wpabuf *buf; 1275 u8 *tmp; 1276 1277 int cert_len = i2d_X509(cert, NULL); 1278 if (cert_len <= 0) 1279 return NULL; 1280 1281 buf = wpabuf_alloc(cert_len); 1282 if (buf == NULL) 1283 return NULL; 1284 1285 tmp = wpabuf_put(buf, cert_len); 1286 i2d_X509(cert, &tmp); 1287 return buf; 1288} 1289 1290 1291static void openssl_tls_fail_event(struct tls_connection *conn, 1292 X509 *err_cert, int err, int depth, 1293 const char *subject, const char *err_str, 1294 enum tls_fail_reason reason) 1295{ 1296 union tls_event_data ev; 1297 struct wpabuf *cert = NULL; 1298 struct tls_context *context = conn->context; 1299 1300 if (context->event_cb == NULL) 1301 return; 1302 1303 cert = get_x509_cert(err_cert); 1304 os_memset(&ev, 0, sizeof(ev)); 1305 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ? 1306 reason : openssl_tls_fail_reason(err); 1307 ev.cert_fail.depth = depth; 1308 ev.cert_fail.subject = subject; 1309 ev.cert_fail.reason_txt = err_str; 1310 ev.cert_fail.cert = cert; 1311 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev); 1312 wpabuf_free(cert); 1313} 1314 1315 1316static void openssl_tls_cert_event(struct tls_connection *conn, 1317 X509 *err_cert, int depth, 1318 const char *subject) 1319{ 1320 struct wpabuf *cert = NULL; 1321 union tls_event_data ev; 1322 struct tls_context *context = conn->context; 1323#ifdef CONFIG_SHA256 1324 u8 hash[32]; 1325#endif /* CONFIG_SHA256 */ 1326 1327 if (context->event_cb == NULL) 1328 return; 1329 1330 os_memset(&ev, 0, sizeof(ev)); 1331 if (conn->cert_probe || context->cert_in_cb) { 1332 cert = get_x509_cert(err_cert); 1333 ev.peer_cert.cert = cert; 1334 } 1335#ifdef CONFIG_SHA256 1336 if (cert) { 1337 const u8 *addr[1]; 1338 size_t len[1]; 1339 addr[0] = wpabuf_head(cert); 1340 len[0] = wpabuf_len(cert); 1341 if (sha256_vector(1, addr, len, hash) == 0) { 1342 ev.peer_cert.hash = hash; 1343 ev.peer_cert.hash_len = sizeof(hash); 1344 } 1345 } 1346#endif /* CONFIG_SHA256 */ 1347 ev.peer_cert.depth = depth; 1348 ev.peer_cert.subject = subject; 1349 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev); 1350 wpabuf_free(cert); 1351} 1352 1353 1354static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) 1355{ 1356 char buf[256]; 1357 X509 *err_cert; 1358 int err, depth; 1359 SSL *ssl; 1360 struct tls_connection *conn; 1361 struct tls_context *context; 1362 char *match, *altmatch, *suffix_match; 1363 const char *err_str; 1364 1365 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); 1366 err = X509_STORE_CTX_get_error(x509_ctx); 1367 depth = X509_STORE_CTX_get_error_depth(x509_ctx); 1368 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 1369 SSL_get_ex_data_X509_STORE_CTX_idx()); 1370 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); 1371 1372 conn = SSL_get_app_data(ssl); 1373 if (conn == NULL) 1374 return 0; 1375 1376 if (depth == 0) 1377 conn->peer_cert = err_cert; 1378 else if (depth == 1) 1379 conn->peer_issuer = err_cert; 1380 1381 context = conn->context; 1382 match = conn->subject_match; 1383 altmatch = conn->altsubject_match; 1384 suffix_match = conn->suffix_match; 1385 1386 if (!preverify_ok && !conn->ca_cert_verify) 1387 preverify_ok = 1; 1388 if (!preverify_ok && depth > 0 && conn->server_cert_only) 1389 preverify_ok = 1; 1390 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) && 1391 (err == X509_V_ERR_CERT_HAS_EXPIRED || 1392 err == X509_V_ERR_CERT_NOT_YET_VALID)) { 1393 wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity " 1394 "time mismatch"); 1395 preverify_ok = 1; 1396 } 1397 1398 err_str = X509_verify_cert_error_string(err); 1399 1400#ifdef CONFIG_SHA256 1401 if (preverify_ok && depth == 0 && conn->server_cert_only) { 1402 struct wpabuf *cert; 1403 cert = get_x509_cert(err_cert); 1404 if (!cert) { 1405 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch " 1406 "server certificate data"); 1407 preverify_ok = 0; 1408 } else { 1409 u8 hash[32]; 1410 const u8 *addr[1]; 1411 size_t len[1]; 1412 addr[0] = wpabuf_head(cert); 1413 len[0] = wpabuf_len(cert); 1414 if (sha256_vector(1, addr, len, hash) < 0 || 1415 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { 1416 err_str = "Server certificate mismatch"; 1417 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 1418 preverify_ok = 0; 1419 } 1420 wpabuf_free(cert); 1421 } 1422 } 1423#endif /* CONFIG_SHA256 */ 1424 1425 if (!preverify_ok) { 1426 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," 1427 " error %d (%s) depth %d for '%s'", err, err_str, 1428 depth, buf); 1429 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1430 err_str, TLS_FAIL_UNSPECIFIED); 1431 return preverify_ok; 1432 } 1433 1434 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d " 1435 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", 1436 preverify_ok, err, err_str, 1437 conn->ca_cert_verify, depth, buf); 1438 if (depth == 0 && match && os_strstr(buf, match) == NULL) { 1439 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " 1440 "match with '%s'", buf, match); 1441 preverify_ok = 0; 1442 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1443 "Subject mismatch", 1444 TLS_FAIL_SUBJECT_MISMATCH); 1445 } else if (depth == 0 && altmatch && 1446 !tls_match_altsubject(err_cert, altmatch)) { 1447 wpa_printf(MSG_WARNING, "TLS: altSubjectName match " 1448 "'%s' not found", altmatch); 1449 preverify_ok = 0; 1450 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1451 "AltSubject mismatch", 1452 TLS_FAIL_ALTSUBJECT_MISMATCH); 1453 } else if (depth == 0 && suffix_match && 1454 !tls_match_suffix(err_cert, suffix_match)) { 1455 wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found", 1456 suffix_match); 1457 preverify_ok = 0; 1458 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1459 "Domain suffix mismatch", 1460 TLS_FAIL_DOMAIN_SUFFIX_MISMATCH); 1461 } else 1462 openssl_tls_cert_event(conn, err_cert, depth, buf); 1463 1464 if (conn->cert_probe && preverify_ok && depth == 0) { 1465 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate " 1466 "on probe-only run"); 1467 preverify_ok = 0; 1468 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1469 "Server certificate chain probe", 1470 TLS_FAIL_SERVER_CHAIN_PROBE); 1471 } 1472 1473 if (preverify_ok && context->event_cb != NULL) 1474 context->event_cb(context->cb_ctx, 1475 TLS_CERT_CHAIN_SUCCESS, NULL); 1476 1477 return preverify_ok; 1478} 1479 1480 1481#ifndef OPENSSL_NO_STDIO 1482static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert) 1483{ 1484 SSL_CTX *ssl_ctx = _ssl_ctx; 1485 X509_LOOKUP *lookup; 1486 int ret = 0; 1487 1488 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store, 1489 X509_LOOKUP_file()); 1490 if (lookup == NULL) { 1491 tls_show_errors(MSG_WARNING, __func__, 1492 "Failed add lookup for X509 store"); 1493 return -1; 1494 } 1495 1496 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) { 1497 unsigned long err = ERR_peek_error(); 1498 tls_show_errors(MSG_WARNING, __func__, 1499 "Failed load CA in DER format"); 1500 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1501 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1502 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1503 "cert already in hash table error", 1504 __func__); 1505 } else 1506 ret = -1; 1507 } 1508 1509 return ret; 1510} 1511#endif /* OPENSSL_NO_STDIO */ 1512 1513 1514static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn, 1515 const char *ca_cert, const u8 *ca_cert_blob, 1516 size_t ca_cert_blob_len, const char *ca_path) 1517{ 1518 SSL_CTX *ssl_ctx = _ssl_ctx; 1519 1520 /* 1521 * Remove previously configured trusted CA certificates before adding 1522 * new ones. 1523 */ 1524 X509_STORE_free(ssl_ctx->cert_store); 1525 ssl_ctx->cert_store = X509_STORE_new(); 1526 if (ssl_ctx->cert_store == NULL) { 1527 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1528 "certificate store", __func__); 1529 return -1; 1530 } 1531 1532 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1533 conn->ca_cert_verify = 1; 1534 1535 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) { 1536 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate " 1537 "chain"); 1538 conn->cert_probe = 1; 1539 conn->ca_cert_verify = 0; 1540 return 0; 1541 } 1542 1543 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) { 1544#ifdef CONFIG_SHA256 1545 const char *pos = ca_cert + 7; 1546 if (os_strncmp(pos, "server/sha256/", 14) != 0) { 1547 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert " 1548 "hash value '%s'", ca_cert); 1549 return -1; 1550 } 1551 pos += 14; 1552 if (os_strlen(pos) != 32 * 2) { 1553 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 " 1554 "hash length in ca_cert '%s'", ca_cert); 1555 return -1; 1556 } 1557 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { 1558 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash " 1559 "value in ca_cert '%s'", ca_cert); 1560 return -1; 1561 } 1562 conn->server_cert_only = 1; 1563 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server " 1564 "certificate match"); 1565 return 0; 1566#else /* CONFIG_SHA256 */ 1567 wpa_printf(MSG_INFO, "No SHA256 included in the build - " 1568 "cannot validate server certificate hash"); 1569 return -1; 1570#endif /* CONFIG_SHA256 */ 1571 } 1572 1573 if (ca_cert_blob) { 1574 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob, 1575 ca_cert_blob_len); 1576 if (cert == NULL) { 1577 tls_show_errors(MSG_WARNING, __func__, 1578 "Failed to parse ca_cert_blob"); 1579 return -1; 1580 } 1581 1582 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1583 unsigned long err = ERR_peek_error(); 1584 tls_show_errors(MSG_WARNING, __func__, 1585 "Failed to add ca_cert_blob to " 1586 "certificate store"); 1587 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1588 ERR_GET_REASON(err) == 1589 X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1590 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1591 "cert already in hash table error", 1592 __func__); 1593 } else { 1594 X509_free(cert); 1595 return -1; 1596 } 1597 } 1598 X509_free(cert); 1599 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob " 1600 "to certificate store", __func__); 1601 return 0; 1602 } 1603 1604#ifdef ANDROID 1605 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) { 1606 BIO *bio = BIO_from_keystore(&ca_cert[11]); 1607 STACK_OF(X509_INFO) *stack = NULL; 1608 int i; 1609 1610 if (bio) { 1611 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 1612 BIO_free(bio); 1613 } 1614 if (!stack) 1615 return -1; 1616 1617 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 1618 X509_INFO *info = sk_X509_INFO_value(stack, i); 1619 if (info->x509) { 1620 X509_STORE_add_cert(ssl_ctx->cert_store, 1621 info->x509); 1622 } 1623 if (info->crl) { 1624 X509_STORE_add_crl(ssl_ctx->cert_store, 1625 info->crl); 1626 } 1627 } 1628 sk_X509_INFO_pop_free(stack, X509_INFO_free); 1629 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1630 return 0; 1631 } 1632#endif /* ANDROID */ 1633 1634#ifdef CONFIG_NATIVE_WINDOWS 1635 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) == 1636 0) { 1637 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from " 1638 "system certificate store"); 1639 return 0; 1640 } 1641#endif /* CONFIG_NATIVE_WINDOWS */ 1642 1643 if (ca_cert || ca_path) { 1644#ifndef OPENSSL_NO_STDIO 1645 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) != 1646 1) { 1647 tls_show_errors(MSG_WARNING, __func__, 1648 "Failed to load root certificates"); 1649 if (ca_cert && 1650 tls_load_ca_der(ssl_ctx, ca_cert) == 0) { 1651 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded " 1652 "DER format CA certificate", 1653 __func__); 1654 } else 1655 return -1; 1656 } else { 1657 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1658 "certificate(s) loaded"); 1659 tls_get_errors(ssl_ctx); 1660 } 1661#else /* OPENSSL_NO_STDIO */ 1662 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1663 __func__); 1664 return -1; 1665#endif /* OPENSSL_NO_STDIO */ 1666 } else { 1667 /* No ca_cert configured - do not try to verify server 1668 * certificate */ 1669 conn->ca_cert_verify = 0; 1670 } 1671 1672 return 0; 1673} 1674 1675 1676static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert) 1677{ 1678 if (ca_cert) { 1679 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1) 1680 { 1681 tls_show_errors(MSG_WARNING, __func__, 1682 "Failed to load root certificates"); 1683 return -1; 1684 } 1685 1686 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1687 "certificate(s) loaded"); 1688 1689#ifndef OPENSSL_NO_STDIO 1690 /* Add the same CAs to the client certificate requests */ 1691 SSL_CTX_set_client_CA_list(ssl_ctx, 1692 SSL_load_client_CA_file(ca_cert)); 1693#endif /* OPENSSL_NO_STDIO */ 1694 } 1695 1696 return 0; 1697} 1698 1699 1700int tls_global_set_verify(void *ssl_ctx, int check_crl) 1701{ 1702 int flags; 1703 1704 if (check_crl) { 1705 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx); 1706 if (cs == NULL) { 1707 tls_show_errors(MSG_INFO, __func__, "Failed to get " 1708 "certificate store when enabling " 1709 "check_crl"); 1710 return -1; 1711 } 1712 flags = X509_V_FLAG_CRL_CHECK; 1713 if (check_crl == 2) 1714 flags |= X509_V_FLAG_CRL_CHECK_ALL; 1715 X509_STORE_set_flags(cs, flags); 1716 } 1717 return 0; 1718} 1719 1720 1721static int tls_connection_set_subject_match(struct tls_connection *conn, 1722 const char *subject_match, 1723 const char *altsubject_match, 1724 const char *suffix_match) 1725{ 1726 os_free(conn->subject_match); 1727 conn->subject_match = NULL; 1728 if (subject_match) { 1729 conn->subject_match = os_strdup(subject_match); 1730 if (conn->subject_match == NULL) 1731 return -1; 1732 } 1733 1734 os_free(conn->altsubject_match); 1735 conn->altsubject_match = NULL; 1736 if (altsubject_match) { 1737 conn->altsubject_match = os_strdup(altsubject_match); 1738 if (conn->altsubject_match == NULL) 1739 return -1; 1740 } 1741 1742 os_free(conn->suffix_match); 1743 conn->suffix_match = NULL; 1744 if (suffix_match) { 1745 conn->suffix_match = os_strdup(suffix_match); 1746 if (conn->suffix_match == NULL) 1747 return -1; 1748 } 1749 1750 return 0; 1751} 1752 1753 1754int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, 1755 int verify_peer) 1756{ 1757 static int counter = 0; 1758 1759 if (conn == NULL) 1760 return -1; 1761 1762 if (verify_peer) { 1763 conn->ca_cert_verify = 1; 1764 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER | 1765 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1766 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb); 1767 } else { 1768 conn->ca_cert_verify = 0; 1769 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1770 } 1771 1772 SSL_set_accept_state(conn->ssl); 1773 1774 /* 1775 * Set session id context in order to avoid fatal errors when client 1776 * tries to resume a session. However, set the context to a unique 1777 * value in order to effectively disable session resumption for now 1778 * since not all areas of the server code are ready for it (e.g., 1779 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS 1780 * handshake). 1781 */ 1782 counter++; 1783 SSL_set_session_id_context(conn->ssl, 1784 (const unsigned char *) &counter, 1785 sizeof(counter)); 1786 1787 return 0; 1788} 1789 1790 1791static int tls_connection_client_cert(struct tls_connection *conn, 1792 const char *client_cert, 1793 const u8 *client_cert_blob, 1794 size_t client_cert_blob_len) 1795{ 1796 if (client_cert == NULL && client_cert_blob == NULL) 1797 return 0; 1798 1799 if (client_cert_blob && 1800 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob, 1801 client_cert_blob_len) == 1) { 1802 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> " 1803 "OK"); 1804 return 0; 1805 } else if (client_cert_blob) { 1806 tls_show_errors(MSG_DEBUG, __func__, 1807 "SSL_use_certificate_ASN1 failed"); 1808 } 1809 1810 if (client_cert == NULL) 1811 return -1; 1812 1813#ifdef ANDROID 1814 if (os_strncmp("keystore://", client_cert, 11) == 0) { 1815 BIO *bio = BIO_from_keystore(&client_cert[11]); 1816 X509 *x509 = NULL; 1817 int ret = -1; 1818 if (bio) { 1819 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 1820 BIO_free(bio); 1821 } 1822 if (x509) { 1823 if (SSL_use_certificate(conn->ssl, x509) == 1) 1824 ret = 0; 1825 X509_free(x509); 1826 } 1827 return ret; 1828 } 1829#endif /* ANDROID */ 1830 1831#ifndef OPENSSL_NO_STDIO 1832 if (SSL_use_certificate_file(conn->ssl, client_cert, 1833 SSL_FILETYPE_ASN1) == 1) { 1834 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" 1835 " --> OK"); 1836 return 0; 1837 } 1838 1839 if (SSL_use_certificate_file(conn->ssl, client_cert, 1840 SSL_FILETYPE_PEM) == 1) { 1841 ERR_clear_error(); 1842 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" 1843 " --> OK"); 1844 return 0; 1845 } 1846 1847 tls_show_errors(MSG_DEBUG, __func__, 1848 "SSL_use_certificate_file failed"); 1849#else /* OPENSSL_NO_STDIO */ 1850 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1851#endif /* OPENSSL_NO_STDIO */ 1852 1853 return -1; 1854} 1855 1856 1857static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) 1858{ 1859#ifndef OPENSSL_NO_STDIO 1860 if (client_cert == NULL) 1861 return 0; 1862 1863 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1864 SSL_FILETYPE_ASN1) != 1 && 1865 SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 && 1866 SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1867 SSL_FILETYPE_PEM) != 1) { 1868 tls_show_errors(MSG_INFO, __func__, 1869 "Failed to load client certificate"); 1870 return -1; 1871 } 1872 return 0; 1873#else /* OPENSSL_NO_STDIO */ 1874 if (client_cert == NULL) 1875 return 0; 1876 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1877 return -1; 1878#endif /* OPENSSL_NO_STDIO */ 1879} 1880 1881 1882static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) 1883{ 1884 if (password == NULL) { 1885 return 0; 1886 } 1887 os_strlcpy(buf, (char *) password, size); 1888 return os_strlen(buf); 1889} 1890 1891 1892#ifdef PKCS12_FUNCS 1893static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, 1894 const char *passwd) 1895{ 1896 EVP_PKEY *pkey; 1897 X509 *cert; 1898 STACK_OF(X509) *certs; 1899 int res = 0; 1900 char buf[256]; 1901 1902 pkey = NULL; 1903 cert = NULL; 1904 certs = NULL; 1905 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { 1906 tls_show_errors(MSG_DEBUG, __func__, 1907 "Failed to parse PKCS12 file"); 1908 PKCS12_free(p12); 1909 return -1; 1910 } 1911 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data"); 1912 1913 if (cert) { 1914 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1915 sizeof(buf)); 1916 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: " 1917 "subject='%s'", buf); 1918 if (ssl) { 1919 if (SSL_use_certificate(ssl, cert) != 1) 1920 res = -1; 1921 } else { 1922 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1) 1923 res = -1; 1924 } 1925 X509_free(cert); 1926 } 1927 1928 if (pkey) { 1929 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12"); 1930 if (ssl) { 1931 if (SSL_use_PrivateKey(ssl, pkey) != 1) 1932 res = -1; 1933 } else { 1934 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) 1935 res = -1; 1936 } 1937 EVP_PKEY_free(pkey); 1938 } 1939 1940 if (certs) { 1941 while ((cert = sk_X509_pop(certs)) != NULL) { 1942 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1943 sizeof(buf)); 1944 wpa_printf(MSG_DEBUG, "TLS: additional certificate" 1945 " from PKCS12: subject='%s'", buf); 1946 /* 1947 * There is no SSL equivalent for the chain cert - so 1948 * always add it to the context... 1949 */ 1950 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) { 1951 res = -1; 1952 break; 1953 } 1954 } 1955 sk_X509_free(certs); 1956 } 1957 1958 PKCS12_free(p12); 1959 1960 if (res < 0) 1961 tls_get_errors(ssl_ctx); 1962 1963 return res; 1964} 1965#endif /* PKCS12_FUNCS */ 1966 1967 1968static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key, 1969 const char *passwd) 1970{ 1971#ifdef PKCS12_FUNCS 1972 FILE *f; 1973 PKCS12 *p12; 1974 1975 f = fopen(private_key, "rb"); 1976 if (f == NULL) 1977 return -1; 1978 1979 p12 = d2i_PKCS12_fp(f, NULL); 1980 fclose(f); 1981 1982 if (p12 == NULL) { 1983 tls_show_errors(MSG_INFO, __func__, 1984 "Failed to use PKCS#12 file"); 1985 return -1; 1986 } 1987 1988 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 1989 1990#else /* PKCS12_FUNCS */ 1991 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read " 1992 "p12/pfx files"); 1993 return -1; 1994#endif /* PKCS12_FUNCS */ 1995} 1996 1997 1998static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl, 1999 const u8 *blob, size_t len, const char *passwd) 2000{ 2001#ifdef PKCS12_FUNCS 2002 PKCS12 *p12; 2003 2004 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len); 2005 if (p12 == NULL) { 2006 tls_show_errors(MSG_INFO, __func__, 2007 "Failed to use PKCS#12 blob"); 2008 return -1; 2009 } 2010 2011 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 2012 2013#else /* PKCS12_FUNCS */ 2014 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse " 2015 "p12/pfx blobs"); 2016 return -1; 2017#endif /* PKCS12_FUNCS */ 2018} 2019 2020 2021#ifndef OPENSSL_NO_ENGINE 2022static int tls_engine_get_cert(struct tls_connection *conn, 2023 const char *cert_id, 2024 X509 **cert) 2025{ 2026 /* this runs after the private key is loaded so no PIN is required */ 2027 struct { 2028 const char *cert_id; 2029 X509 *cert; 2030 } params; 2031 params.cert_id = cert_id; 2032 params.cert = NULL; 2033 2034 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL", 2035 0, ¶ms, NULL, 1)) { 2036 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id" 2037 " '%s' [%s]", cert_id, 2038 ERR_error_string(ERR_get_error(), NULL)); 2039 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 2040 } 2041 if (!params.cert) { 2042 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id" 2043 " '%s'", cert_id); 2044 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 2045 } 2046 *cert = params.cert; 2047 return 0; 2048} 2049#endif /* OPENSSL_NO_ENGINE */ 2050 2051 2052static int tls_connection_engine_client_cert(struct tls_connection *conn, 2053 const char *cert_id) 2054{ 2055#ifndef OPENSSL_NO_ENGINE 2056 X509 *cert; 2057 2058 if (tls_engine_get_cert(conn, cert_id, &cert)) 2059 return -1; 2060 2061 if (!SSL_use_certificate(conn->ssl, cert)) { 2062 tls_show_errors(MSG_ERROR, __func__, 2063 "SSL_use_certificate failed"); 2064 X509_free(cert); 2065 return -1; 2066 } 2067 X509_free(cert); 2068 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> " 2069 "OK"); 2070 return 0; 2071 2072#else /* OPENSSL_NO_ENGINE */ 2073 return -1; 2074#endif /* OPENSSL_NO_ENGINE */ 2075} 2076 2077 2078static int tls_connection_engine_ca_cert(void *_ssl_ctx, 2079 struct tls_connection *conn, 2080 const char *ca_cert_id) 2081{ 2082#ifndef OPENSSL_NO_ENGINE 2083 X509 *cert; 2084 SSL_CTX *ssl_ctx = _ssl_ctx; 2085 2086 if (tls_engine_get_cert(conn, ca_cert_id, &cert)) 2087 return -1; 2088 2089 /* start off the same as tls_connection_ca_cert */ 2090 X509_STORE_free(ssl_ctx->cert_store); 2091 ssl_ctx->cert_store = X509_STORE_new(); 2092 if (ssl_ctx->cert_store == NULL) { 2093 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 2094 "certificate store", __func__); 2095 X509_free(cert); 2096 return -1; 2097 } 2098 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 2099 unsigned long err = ERR_peek_error(); 2100 tls_show_errors(MSG_WARNING, __func__, 2101 "Failed to add CA certificate from engine " 2102 "to certificate store"); 2103 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 2104 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 2105 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert" 2106 " already in hash table error", 2107 __func__); 2108 } else { 2109 X509_free(cert); 2110 return -1; 2111 } 2112 } 2113 X509_free(cert); 2114 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine " 2115 "to certificate store", __func__); 2116 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 2117 conn->ca_cert_verify = 1; 2118 2119 return 0; 2120 2121#else /* OPENSSL_NO_ENGINE */ 2122 return -1; 2123#endif /* OPENSSL_NO_ENGINE */ 2124} 2125 2126 2127static int tls_connection_engine_private_key(struct tls_connection *conn) 2128{ 2129#ifndef OPENSSL_NO_ENGINE 2130 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) { 2131 tls_show_errors(MSG_ERROR, __func__, 2132 "ENGINE: cannot use private key for TLS"); 2133 return -1; 2134 } 2135 if (!SSL_check_private_key(conn->ssl)) { 2136 tls_show_errors(MSG_INFO, __func__, 2137 "Private key failed verification"); 2138 return -1; 2139 } 2140 return 0; 2141#else /* OPENSSL_NO_ENGINE */ 2142 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but " 2143 "engine support was not compiled in"); 2144 return -1; 2145#endif /* OPENSSL_NO_ENGINE */ 2146} 2147 2148 2149static int tls_connection_private_key(void *_ssl_ctx, 2150 struct tls_connection *conn, 2151 const char *private_key, 2152 const char *private_key_passwd, 2153 const u8 *private_key_blob, 2154 size_t private_key_blob_len) 2155{ 2156 SSL_CTX *ssl_ctx = _ssl_ctx; 2157 char *passwd; 2158 int ok; 2159 2160 if (private_key == NULL && private_key_blob == NULL) 2161 return 0; 2162 2163 if (private_key_passwd) { 2164 passwd = os_strdup(private_key_passwd); 2165 if (passwd == NULL) 2166 return -1; 2167 } else 2168 passwd = NULL; 2169 2170 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2171 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2172 2173 ok = 0; 2174 while (private_key_blob) { 2175 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl, 2176 (u8 *) private_key_blob, 2177 private_key_blob_len) == 1) { 2178 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 2179 "ASN1(EVP_PKEY_RSA) --> OK"); 2180 ok = 1; 2181 break; 2182 } 2183 2184 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, 2185 (u8 *) private_key_blob, 2186 private_key_blob_len) == 1) { 2187 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 2188 "ASN1(EVP_PKEY_DSA) --> OK"); 2189 ok = 1; 2190 break; 2191 } 2192 2193 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, 2194 (u8 *) private_key_blob, 2195 private_key_blob_len) == 1) { 2196 wpa_printf(MSG_DEBUG, "OpenSSL: " 2197 "SSL_use_RSAPrivateKey_ASN1 --> OK"); 2198 ok = 1; 2199 break; 2200 } 2201 2202 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, 2203 private_key_blob_len, passwd) == 0) { 2204 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> " 2205 "OK"); 2206 ok = 1; 2207 break; 2208 } 2209 2210 break; 2211 } 2212 2213 while (!ok && private_key) { 2214#ifndef OPENSSL_NO_STDIO 2215 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2216 SSL_FILETYPE_ASN1) == 1) { 2217 wpa_printf(MSG_DEBUG, "OpenSSL: " 2218 "SSL_use_PrivateKey_File (DER) --> OK"); 2219 ok = 1; 2220 break; 2221 } 2222 2223 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2224 SSL_FILETYPE_PEM) == 1) { 2225 wpa_printf(MSG_DEBUG, "OpenSSL: " 2226 "SSL_use_PrivateKey_File (PEM) --> OK"); 2227 ok = 1; 2228 break; 2229 } 2230#else /* OPENSSL_NO_STDIO */ 2231 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 2232 __func__); 2233#endif /* OPENSSL_NO_STDIO */ 2234 2235 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd) 2236 == 0) { 2237 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file " 2238 "--> OK"); 2239 ok = 1; 2240 break; 2241 } 2242 2243 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) { 2244 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to " 2245 "access certificate store --> OK"); 2246 ok = 1; 2247 break; 2248 } 2249 2250 break; 2251 } 2252 2253 if (!ok) { 2254 tls_show_errors(MSG_INFO, __func__, 2255 "Failed to load private key"); 2256 os_free(passwd); 2257 return -1; 2258 } 2259 ERR_clear_error(); 2260 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2261 os_free(passwd); 2262 2263 if (!SSL_check_private_key(conn->ssl)) { 2264 tls_show_errors(MSG_INFO, __func__, "Private key failed " 2265 "verification"); 2266 return -1; 2267 } 2268 2269 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully"); 2270 return 0; 2271} 2272 2273 2274static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key, 2275 const char *private_key_passwd) 2276{ 2277 char *passwd; 2278 2279 if (private_key == NULL) 2280 return 0; 2281 2282 if (private_key_passwd) { 2283 passwd = os_strdup(private_key_passwd); 2284 if (passwd == NULL) 2285 return -1; 2286 } else 2287 passwd = NULL; 2288 2289 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2290 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2291 if ( 2292#ifndef OPENSSL_NO_STDIO 2293 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2294 SSL_FILETYPE_ASN1) != 1 && 2295 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2296 SSL_FILETYPE_PEM) != 1 && 2297#endif /* OPENSSL_NO_STDIO */ 2298 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) { 2299 tls_show_errors(MSG_INFO, __func__, 2300 "Failed to load private key"); 2301 os_free(passwd); 2302 ERR_clear_error(); 2303 return -1; 2304 } 2305 os_free(passwd); 2306 ERR_clear_error(); 2307 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2308 2309 if (!SSL_CTX_check_private_key(ssl_ctx)) { 2310 tls_show_errors(MSG_INFO, __func__, 2311 "Private key failed verification"); 2312 return -1; 2313 } 2314 2315 return 0; 2316} 2317 2318 2319static int tls_connection_dh(struct tls_connection *conn, const char *dh_file) 2320{ 2321#ifdef OPENSSL_NO_DH 2322 if (dh_file == NULL) 2323 return 0; 2324 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2325 "dh_file specified"); 2326 return -1; 2327#else /* OPENSSL_NO_DH */ 2328 DH *dh; 2329 BIO *bio; 2330 2331 /* TODO: add support for dh_blob */ 2332 if (dh_file == NULL) 2333 return 0; 2334 if (conn == NULL) 2335 return -1; 2336 2337 bio = BIO_new_file(dh_file, "r"); 2338 if (bio == NULL) { 2339 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2340 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2341 return -1; 2342 } 2343 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2344 BIO_free(bio); 2345#ifndef OPENSSL_NO_DSA 2346 while (dh == NULL) { 2347 DSA *dsa; 2348 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2349 " trying to parse as DSA params", dh_file, 2350 ERR_error_string(ERR_get_error(), NULL)); 2351 bio = BIO_new_file(dh_file, "r"); 2352 if (bio == NULL) 2353 break; 2354 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2355 BIO_free(bio); 2356 if (!dsa) { 2357 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2358 "'%s': %s", dh_file, 2359 ERR_error_string(ERR_get_error(), NULL)); 2360 break; 2361 } 2362 2363 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2364 dh = DSA_dup_DH(dsa); 2365 DSA_free(dsa); 2366 if (dh == NULL) { 2367 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2368 "params into DH params"); 2369 break; 2370 } 2371 break; 2372 } 2373#endif /* !OPENSSL_NO_DSA */ 2374 if (dh == NULL) { 2375 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2376 "'%s'", dh_file); 2377 return -1; 2378 } 2379 2380 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) { 2381 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2382 "%s", dh_file, 2383 ERR_error_string(ERR_get_error(), NULL)); 2384 DH_free(dh); 2385 return -1; 2386 } 2387 DH_free(dh); 2388 return 0; 2389#endif /* OPENSSL_NO_DH */ 2390} 2391 2392 2393static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file) 2394{ 2395#ifdef OPENSSL_NO_DH 2396 if (dh_file == NULL) 2397 return 0; 2398 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2399 "dh_file specified"); 2400 return -1; 2401#else /* OPENSSL_NO_DH */ 2402 DH *dh; 2403 BIO *bio; 2404 2405 /* TODO: add support for dh_blob */ 2406 if (dh_file == NULL) 2407 return 0; 2408 if (ssl_ctx == NULL) 2409 return -1; 2410 2411 bio = BIO_new_file(dh_file, "r"); 2412 if (bio == NULL) { 2413 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2414 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2415 return -1; 2416 } 2417 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2418 BIO_free(bio); 2419#ifndef OPENSSL_NO_DSA 2420 while (dh == NULL) { 2421 DSA *dsa; 2422 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2423 " trying to parse as DSA params", dh_file, 2424 ERR_error_string(ERR_get_error(), NULL)); 2425 bio = BIO_new_file(dh_file, "r"); 2426 if (bio == NULL) 2427 break; 2428 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2429 BIO_free(bio); 2430 if (!dsa) { 2431 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2432 "'%s': %s", dh_file, 2433 ERR_error_string(ERR_get_error(), NULL)); 2434 break; 2435 } 2436 2437 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2438 dh = DSA_dup_DH(dsa); 2439 DSA_free(dsa); 2440 if (dh == NULL) { 2441 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2442 "params into DH params"); 2443 break; 2444 } 2445 break; 2446 } 2447#endif /* !OPENSSL_NO_DSA */ 2448 if (dh == NULL) { 2449 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2450 "'%s'", dh_file); 2451 return -1; 2452 } 2453 2454 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) { 2455 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2456 "%s", dh_file, 2457 ERR_error_string(ERR_get_error(), NULL)); 2458 DH_free(dh); 2459 return -1; 2460 } 2461 DH_free(dh); 2462 return 0; 2463#endif /* OPENSSL_NO_DH */ 2464} 2465 2466 2467int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, 2468 struct tls_keys *keys) 2469{ 2470#ifdef CONFIG_FIPS 2471 wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS " 2472 "mode"); 2473 return -1; 2474#else /* CONFIG_FIPS */ 2475 SSL *ssl; 2476 2477 if (conn == NULL || keys == NULL) 2478 return -1; 2479 ssl = conn->ssl; 2480 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) 2481 return -1; 2482 2483 os_memset(keys, 0, sizeof(*keys)); 2484 keys->master_key = ssl->session->master_key; 2485 keys->master_key_len = ssl->session->master_key_length; 2486 keys->client_random = ssl->s3->client_random; 2487 keys->client_random_len = SSL3_RANDOM_SIZE; 2488 keys->server_random = ssl->s3->server_random; 2489 keys->server_random_len = SSL3_RANDOM_SIZE; 2490 2491 return 0; 2492#endif /* CONFIG_FIPS */ 2493} 2494 2495 2496int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 2497 const char *label, int server_random_first, 2498 u8 *out, size_t out_len) 2499{ 2500#if OPENSSL_VERSION_NUMBER >= 0x10001000L 2501 SSL *ssl; 2502 if (conn == NULL) 2503 return -1; 2504 if (server_random_first) 2505 return -1; 2506 ssl = conn->ssl; 2507 if (SSL_export_keying_material(ssl, out, out_len, label, 2508 os_strlen(label), NULL, 0, 0) == 1) { 2509 wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF"); 2510 return 0; 2511 } 2512#endif 2513 return -1; 2514} 2515 2516 2517static struct wpabuf * 2518openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, 2519 int server) 2520{ 2521 int res; 2522 struct wpabuf *out_data; 2523 2524 /* 2525 * Give TLS handshake data from the server (if available) to OpenSSL 2526 * for processing. 2527 */ 2528 if (in_data && 2529 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data)) 2530 < 0) { 2531 tls_show_errors(MSG_INFO, __func__, 2532 "Handshake failed - BIO_write"); 2533 return NULL; 2534 } 2535 2536 /* Initiate TLS handshake or continue the existing handshake */ 2537 if (server) 2538 res = SSL_accept(conn->ssl); 2539 else 2540 res = SSL_connect(conn->ssl); 2541 if (res != 1) { 2542 int err = SSL_get_error(conn->ssl, res); 2543 if (err == SSL_ERROR_WANT_READ) 2544 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want " 2545 "more data"); 2546 else if (err == SSL_ERROR_WANT_WRITE) 2547 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " 2548 "write"); 2549 else { 2550 tls_show_errors(MSG_INFO, __func__, "SSL_connect"); 2551 conn->failed++; 2552 } 2553 } 2554 2555 /* Get the TLS handshake data to be sent to the server */ 2556 res = BIO_ctrl_pending(conn->ssl_out); 2557 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2558 out_data = wpabuf_alloc(res); 2559 if (out_data == NULL) { 2560 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2561 "handshake output (%d bytes)", res); 2562 if (BIO_reset(conn->ssl_out) < 0) { 2563 tls_show_errors(MSG_INFO, __func__, 2564 "BIO_reset failed"); 2565 } 2566 return NULL; 2567 } 2568 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data), 2569 res); 2570 if (res < 0) { 2571 tls_show_errors(MSG_INFO, __func__, 2572 "Handshake failed - BIO_read"); 2573 if (BIO_reset(conn->ssl_out) < 0) { 2574 tls_show_errors(MSG_INFO, __func__, 2575 "BIO_reset failed"); 2576 } 2577 wpabuf_free(out_data); 2578 return NULL; 2579 } 2580 wpabuf_put(out_data, res); 2581 2582 return out_data; 2583} 2584 2585 2586static struct wpabuf * 2587openssl_get_appl_data(struct tls_connection *conn, size_t max_len) 2588{ 2589 struct wpabuf *appl_data; 2590 int res; 2591 2592 appl_data = wpabuf_alloc(max_len + 100); 2593 if (appl_data == NULL) 2594 return NULL; 2595 2596 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data), 2597 wpabuf_size(appl_data)); 2598 if (res < 0) { 2599 int err = SSL_get_error(conn->ssl, res); 2600 if (err == SSL_ERROR_WANT_READ || 2601 err == SSL_ERROR_WANT_WRITE) { 2602 wpa_printf(MSG_DEBUG, "SSL: No Application Data " 2603 "included"); 2604 } else { 2605 tls_show_errors(MSG_INFO, __func__, 2606 "Failed to read possible " 2607 "Application Data"); 2608 } 2609 wpabuf_free(appl_data); 2610 return NULL; 2611 } 2612 2613 wpabuf_put(appl_data, res); 2614 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished " 2615 "message", appl_data); 2616 2617 return appl_data; 2618} 2619 2620 2621static struct wpabuf * 2622openssl_connection_handshake(struct tls_connection *conn, 2623 const struct wpabuf *in_data, 2624 struct wpabuf **appl_data, int server) 2625{ 2626 struct wpabuf *out_data; 2627 2628 if (appl_data) 2629 *appl_data = NULL; 2630 2631 out_data = openssl_handshake(conn, in_data, server); 2632 if (out_data == NULL) 2633 return NULL; 2634 2635 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data) 2636 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data)); 2637 2638 return out_data; 2639} 2640 2641 2642struct wpabuf * 2643tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, 2644 const struct wpabuf *in_data, 2645 struct wpabuf **appl_data) 2646{ 2647 return openssl_connection_handshake(conn, in_data, appl_data, 0); 2648} 2649 2650 2651struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 2652 struct tls_connection *conn, 2653 const struct wpabuf *in_data, 2654 struct wpabuf **appl_data) 2655{ 2656 return openssl_connection_handshake(conn, in_data, appl_data, 1); 2657} 2658 2659 2660struct wpabuf * tls_connection_encrypt(void *tls_ctx, 2661 struct tls_connection *conn, 2662 const struct wpabuf *in_data) 2663{ 2664 int res; 2665 struct wpabuf *buf; 2666 2667 if (conn == NULL) 2668 return NULL; 2669 2670 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */ 2671 if ((res = BIO_reset(conn->ssl_in)) < 0 || 2672 (res = BIO_reset(conn->ssl_out)) < 0) { 2673 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2674 return NULL; 2675 } 2676 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data)); 2677 if (res < 0) { 2678 tls_show_errors(MSG_INFO, __func__, 2679 "Encryption failed - SSL_write"); 2680 return NULL; 2681 } 2682 2683 /* Read encrypted data to be sent to the server */ 2684 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 2685 if (buf == NULL) 2686 return NULL; 2687 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf)); 2688 if (res < 0) { 2689 tls_show_errors(MSG_INFO, __func__, 2690 "Encryption failed - BIO_read"); 2691 wpabuf_free(buf); 2692 return NULL; 2693 } 2694 wpabuf_put(buf, res); 2695 2696 return buf; 2697} 2698 2699 2700struct wpabuf * tls_connection_decrypt(void *tls_ctx, 2701 struct tls_connection *conn, 2702 const struct wpabuf *in_data) 2703{ 2704 int res; 2705 struct wpabuf *buf; 2706 2707 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */ 2708 res = BIO_write(conn->ssl_in, wpabuf_head(in_data), 2709 wpabuf_len(in_data)); 2710 if (res < 0) { 2711 tls_show_errors(MSG_INFO, __func__, 2712 "Decryption failed - BIO_write"); 2713 return NULL; 2714 } 2715 if (BIO_reset(conn->ssl_out) < 0) { 2716 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2717 return NULL; 2718 } 2719 2720 /* Read decrypted data for further processing */ 2721 /* 2722 * Even though we try to disable TLS compression, it is possible that 2723 * this cannot be done with all TLS libraries. Add extra buffer space 2724 * to handle the possibility of the decrypted data being longer than 2725 * input data. 2726 */ 2727 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 2728 if (buf == NULL) 2729 return NULL; 2730 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); 2731 if (res < 0) { 2732 tls_show_errors(MSG_INFO, __func__, 2733 "Decryption failed - SSL_read"); 2734 wpabuf_free(buf); 2735 return NULL; 2736 } 2737 wpabuf_put(buf, res); 2738 2739 return buf; 2740} 2741 2742 2743int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 2744{ 2745 return conn ? conn->ssl->hit : 0; 2746} 2747 2748 2749int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 2750 u8 *ciphers) 2751{ 2752 char buf[100], *pos, *end; 2753 u8 *c; 2754 int ret; 2755 2756 if (conn == NULL || conn->ssl == NULL || ciphers == NULL) 2757 return -1; 2758 2759 buf[0] = '\0'; 2760 pos = buf; 2761 end = pos + sizeof(buf); 2762 2763 c = ciphers; 2764 while (*c != TLS_CIPHER_NONE) { 2765 const char *suite; 2766 2767 switch (*c) { 2768 case TLS_CIPHER_RC4_SHA: 2769 suite = "RC4-SHA"; 2770 break; 2771 case TLS_CIPHER_AES128_SHA: 2772 suite = "AES128-SHA"; 2773 break; 2774 case TLS_CIPHER_RSA_DHE_AES128_SHA: 2775 suite = "DHE-RSA-AES128-SHA"; 2776 break; 2777 case TLS_CIPHER_ANON_DH_AES128_SHA: 2778 suite = "ADH-AES128-SHA"; 2779 break; 2780 default: 2781 wpa_printf(MSG_DEBUG, "TLS: Unsupported " 2782 "cipher selection: %d", *c); 2783 return -1; 2784 } 2785 ret = os_snprintf(pos, end - pos, ":%s", suite); 2786 if (ret < 0 || ret >= end - pos) 2787 break; 2788 pos += ret; 2789 2790 c++; 2791 } 2792 2793 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); 2794 2795 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) { 2796 tls_show_errors(MSG_INFO, __func__, 2797 "Cipher suite configuration failed"); 2798 return -1; 2799 } 2800 2801 return 0; 2802} 2803 2804 2805int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, 2806 char *buf, size_t buflen) 2807{ 2808 const char *name; 2809 if (conn == NULL || conn->ssl == NULL) 2810 return -1; 2811 2812 name = SSL_get_cipher(conn->ssl); 2813 if (name == NULL) 2814 return -1; 2815 2816 os_strlcpy(buf, name, buflen); 2817 return 0; 2818} 2819 2820 2821int tls_connection_enable_workaround(void *ssl_ctx, 2822 struct tls_connection *conn) 2823{ 2824 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 2825 2826 return 0; 2827} 2828 2829 2830#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 2831/* ClientHello TLS extensions require a patch to openssl, so this function is 2832 * commented out unless explicitly needed for EAP-FAST in order to be able to 2833 * build this file with unmodified openssl. */ 2834int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, 2835 int ext_type, const u8 *data, 2836 size_t data_len) 2837{ 2838 if (conn == NULL || conn->ssl == NULL || ext_type != 35) 2839 return -1; 2840 2841#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2842 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data, 2843 data_len) != 1) 2844 return -1; 2845#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2846 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data, 2847 data_len) != 1) 2848 return -1; 2849#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2850 2851 return 0; 2852} 2853#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 2854 2855 2856int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) 2857{ 2858 if (conn == NULL) 2859 return -1; 2860 return conn->failed; 2861} 2862 2863 2864int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) 2865{ 2866 if (conn == NULL) 2867 return -1; 2868 return conn->read_alerts; 2869} 2870 2871 2872int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) 2873{ 2874 if (conn == NULL) 2875 return -1; 2876 return conn->write_alerts; 2877} 2878 2879 2880#ifdef HAVE_OCSP 2881 2882static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp) 2883{ 2884#ifndef CONFIG_NO_STDOUT_DEBUG 2885 extern int wpa_debug_level; 2886 BIO *out; 2887 size_t rlen; 2888 char *txt; 2889 int res; 2890 2891 if (wpa_debug_level > MSG_DEBUG) 2892 return; 2893 2894 out = BIO_new(BIO_s_mem()); 2895 if (!out) 2896 return; 2897 2898 OCSP_RESPONSE_print(out, rsp, 0); 2899 rlen = BIO_ctrl_pending(out); 2900 txt = os_malloc(rlen + 1); 2901 if (!txt) { 2902 BIO_free(out); 2903 return; 2904 } 2905 2906 res = BIO_read(out, txt, rlen); 2907 if (res > 0) { 2908 txt[res] = '\0'; 2909 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt); 2910 } 2911 os_free(txt); 2912 BIO_free(out); 2913#endif /* CONFIG_NO_STDOUT_DEBUG */ 2914} 2915 2916 2917static int ocsp_resp_cb(SSL *s, void *arg) 2918{ 2919 struct tls_connection *conn = arg; 2920 const unsigned char *p; 2921 int len, status, reason; 2922 OCSP_RESPONSE *rsp; 2923 OCSP_BASICRESP *basic; 2924 OCSP_CERTID *id; 2925 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update; 2926 2927 len = SSL_get_tlsext_status_ocsp_resp(s, &p); 2928 if (!p) { 2929 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received"); 2930 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1; 2931 } 2932 2933 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len); 2934 2935 rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 2936 if (!rsp) { 2937 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response"); 2938 return 0; 2939 } 2940 2941 ocsp_debug_print_resp(rsp); 2942 2943 status = OCSP_response_status(rsp); 2944 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { 2945 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)", 2946 status, OCSP_response_status_str(status)); 2947 return 0; 2948 } 2949 2950 basic = OCSP_response_get1_basic(rsp); 2951 if (!basic) { 2952 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse"); 2953 return 0; 2954 } 2955 2956 status = OCSP_basic_verify(basic, NULL, SSL_CTX_get_cert_store(s->ctx), 2957 0); 2958 if (status <= 0) { 2959 tls_show_errors(MSG_INFO, __func__, 2960 "OpenSSL: OCSP response failed verification"); 2961 OCSP_BASICRESP_free(basic); 2962 OCSP_RESPONSE_free(rsp); 2963 return 0; 2964 } 2965 2966 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded"); 2967 2968 if (!conn->peer_cert) { 2969 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check"); 2970 OCSP_BASICRESP_free(basic); 2971 OCSP_RESPONSE_free(rsp); 2972 return 0; 2973 } 2974 2975 if (!conn->peer_issuer) { 2976 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check"); 2977 OCSP_BASICRESP_free(basic); 2978 OCSP_RESPONSE_free(rsp); 2979 return 0; 2980 } 2981 2982 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer); 2983 if (!id) { 2984 wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier"); 2985 OCSP_BASICRESP_free(basic); 2986 OCSP_RESPONSE_free(rsp); 2987 return 0; 2988 } 2989 2990 if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at, 2991 &this_update, &next_update)) { 2992 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s", 2993 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" : 2994 " (OCSP not required)"); 2995 OCSP_BASICRESP_free(basic); 2996 OCSP_RESPONSE_free(rsp); 2997 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1; 2998 } 2999 3000 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) { 3001 tls_show_errors(MSG_INFO, __func__, 3002 "OpenSSL: OCSP status times invalid"); 3003 OCSP_BASICRESP_free(basic); 3004 OCSP_RESPONSE_free(rsp); 3005 return 0; 3006 } 3007 3008 OCSP_BASICRESP_free(basic); 3009 OCSP_RESPONSE_free(rsp); 3010 3011 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s", 3012 OCSP_cert_status_str(status)); 3013 3014 if (status == V_OCSP_CERTSTATUS_GOOD) 3015 return 1; 3016 if (status == V_OCSP_CERTSTATUS_REVOKED) 3017 return 0; 3018 if (conn->flags & TLS_CONN_REQUIRE_OCSP) { 3019 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required"); 3020 return 0; 3021 } 3022 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue"); 3023 return 1; 3024} 3025 3026 3027static int ocsp_status_cb(SSL *s, void *arg) 3028{ 3029 char *tmp; 3030 char *resp; 3031 size_t len; 3032 3033 if (tls_global->ocsp_stapling_response == NULL) { 3034 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured"); 3035 return SSL_TLSEXT_ERR_OK; 3036 } 3037 3038 resp = os_readfile(tls_global->ocsp_stapling_response, &len); 3039 if (resp == NULL) { 3040 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file"); 3041 /* TODO: Build OCSPResponse with responseStatus = internalError 3042 */ 3043 return SSL_TLSEXT_ERR_OK; 3044 } 3045 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response"); 3046 tmp = OPENSSL_malloc(len); 3047 if (tmp == NULL) { 3048 os_free(resp); 3049 return SSL_TLSEXT_ERR_ALERT_FATAL; 3050 } 3051 3052 os_memcpy(tmp, resp, len); 3053 os_free(resp); 3054 SSL_set_tlsext_status_ocsp_resp(s, tmp, len); 3055 3056 return SSL_TLSEXT_ERR_OK; 3057} 3058 3059#endif /* HAVE_OCSP */ 3060 3061 3062int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 3063 const struct tls_connection_params *params) 3064{ 3065 int ret; 3066 unsigned long err; 3067 SSL_CTX *ssl_ctx = tls_ctx; 3068 3069 if (conn == NULL) 3070 return -1; 3071 3072 while ((err = ERR_get_error())) { 3073 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 3074 __func__, ERR_error_string(err, NULL)); 3075 } 3076 3077 if (params->engine) { 3078 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine"); 3079 ret = tls_engine_init(conn, params->engine_id, params->pin, 3080 params->key_id, params->cert_id, 3081 params->ca_cert_id); 3082 if (ret) 3083 return ret; 3084 } 3085 if (tls_connection_set_subject_match(conn, 3086 params->subject_match, 3087 params->altsubject_match, 3088 params->suffix_match)) 3089 return -1; 3090 3091 if (params->engine && params->ca_cert_id) { 3092 if (tls_connection_engine_ca_cert(tls_ctx, conn, 3093 params->ca_cert_id)) 3094 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3095 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, 3096 params->ca_cert_blob, 3097 params->ca_cert_blob_len, 3098 params->ca_path)) 3099 return -1; 3100 3101 if (params->engine && params->cert_id) { 3102 if (tls_connection_engine_client_cert(conn, params->cert_id)) 3103 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3104 } else if (tls_connection_client_cert(conn, params->client_cert, 3105 params->client_cert_blob, 3106 params->client_cert_blob_len)) 3107 return -1; 3108 3109 if (params->engine && params->key_id) { 3110 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine"); 3111 if (tls_connection_engine_private_key(conn)) 3112 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3113 } else if (tls_connection_private_key(tls_ctx, conn, 3114 params->private_key, 3115 params->private_key_passwd, 3116 params->private_key_blob, 3117 params->private_key_blob_len)) { 3118 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'", 3119 params->private_key); 3120 return -1; 3121 } 3122 3123 if (tls_connection_dh(conn, params->dh_file)) { 3124 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 3125 params->dh_file); 3126 return -1; 3127 } 3128 3129#ifdef SSL_OP_NO_TICKET 3130 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET) 3131 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET); 3132#ifdef SSL_clear_options 3133 else 3134 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET); 3135#endif /* SSL_clear_options */ 3136#endif /* SSL_OP_NO_TICKET */ 3137 3138#ifdef HAVE_OCSP 3139 if (params->flags & TLS_CONN_REQUEST_OCSP) { 3140 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp); 3141 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb); 3142 SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn); 3143 } 3144#endif /* HAVE_OCSP */ 3145 3146 conn->flags = params->flags; 3147 3148 tls_get_errors(tls_ctx); 3149 3150 return 0; 3151} 3152 3153 3154int tls_global_set_params(void *tls_ctx, 3155 const struct tls_connection_params *params) 3156{ 3157 SSL_CTX *ssl_ctx = tls_ctx; 3158 unsigned long err; 3159 3160 while ((err = ERR_get_error())) { 3161 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 3162 __func__, ERR_error_string(err, NULL)); 3163 } 3164 3165 if (tls_global_ca_cert(ssl_ctx, params->ca_cert)) 3166 return -1; 3167 3168 if (tls_global_client_cert(ssl_ctx, params->client_cert)) 3169 return -1; 3170 3171 if (tls_global_private_key(ssl_ctx, params->private_key, 3172 params->private_key_passwd)) 3173 return -1; 3174 3175 if (tls_global_dh(ssl_ctx, params->dh_file)) { 3176 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 3177 params->dh_file); 3178 return -1; 3179 } 3180 3181#ifdef SSL_OP_NO_TICKET 3182 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET) 3183 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET); 3184#ifdef SSL_CTX_clear_options 3185 else 3186 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET); 3187#endif /* SSL_clear_options */ 3188#endif /* SSL_OP_NO_TICKET */ 3189 3190#ifdef HAVE_OCSP 3191 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb); 3192 SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx); 3193 os_free(tls_global->ocsp_stapling_response); 3194 if (params->ocsp_stapling_response) 3195 tls_global->ocsp_stapling_response = 3196 os_strdup(params->ocsp_stapling_response); 3197 else 3198 tls_global->ocsp_stapling_response = NULL; 3199#endif /* HAVE_OCSP */ 3200 3201 return 0; 3202} 3203 3204 3205int tls_connection_get_keyblock_size(void *tls_ctx, 3206 struct tls_connection *conn) 3207{ 3208 const EVP_CIPHER *c; 3209 const EVP_MD *h; 3210 int md_size; 3211 3212 if (conn == NULL || conn->ssl == NULL || 3213 conn->ssl->enc_read_ctx == NULL || 3214 conn->ssl->enc_read_ctx->cipher == NULL || 3215 conn->ssl->read_hash == NULL) 3216 return -1; 3217 3218 c = conn->ssl->enc_read_ctx->cipher; 3219#if OPENSSL_VERSION_NUMBER >= 0x00909000L 3220 h = EVP_MD_CTX_md(conn->ssl->read_hash); 3221#else 3222 h = conn->ssl->read_hash; 3223#endif 3224 if (h) 3225 md_size = EVP_MD_size(h); 3226#if OPENSSL_VERSION_NUMBER >= 0x10000000L 3227 else if (conn->ssl->s3) 3228 md_size = conn->ssl->s3->tmp.new_mac_secret_size; 3229#endif 3230 else 3231 return -1; 3232 3233 wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d " 3234 "IV_len=%d", EVP_CIPHER_key_length(c), md_size, 3235 EVP_CIPHER_iv_length(c)); 3236 return 2 * (EVP_CIPHER_key_length(c) + 3237 md_size + 3238 EVP_CIPHER_iv_length(c)); 3239} 3240 3241 3242unsigned int tls_capabilities(void *tls_ctx) 3243{ 3244 return 0; 3245} 3246 3247 3248#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3249/* Pre-shared secred requires a patch to openssl, so this function is 3250 * commented out unless explicitly needed for EAP-FAST in order to be able to 3251 * build this file with unmodified openssl. */ 3252 3253static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, 3254 STACK_OF(SSL_CIPHER) *peer_ciphers, 3255 SSL_CIPHER **cipher, void *arg) 3256{ 3257 struct tls_connection *conn = arg; 3258 int ret; 3259 3260 if (conn == NULL || conn->session_ticket_cb == NULL) 3261 return 0; 3262 3263 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, 3264 conn->session_ticket, 3265 conn->session_ticket_len, 3266 s->s3->client_random, 3267 s->s3->server_random, secret); 3268 os_free(conn->session_ticket); 3269 conn->session_ticket = NULL; 3270 3271 if (ret <= 0) 3272 return 0; 3273 3274 *secret_len = SSL_MAX_MASTER_KEY_LENGTH; 3275 return 1; 3276} 3277 3278 3279#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3280static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data, 3281 int len, void *arg) 3282{ 3283 struct tls_connection *conn = arg; 3284 3285 if (conn == NULL || conn->session_ticket_cb == NULL) 3286 return 0; 3287 3288 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len); 3289 3290 os_free(conn->session_ticket); 3291 conn->session_ticket = NULL; 3292 3293 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3294 "extension", data, len); 3295 3296 conn->session_ticket = os_malloc(len); 3297 if (conn->session_ticket == NULL) 3298 return 0; 3299 3300 os_memcpy(conn->session_ticket, data, len); 3301 conn->session_ticket_len = len; 3302 3303 return 1; 3304} 3305#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3306#ifdef SSL_OP_NO_TICKET 3307static void tls_hello_ext_cb(SSL *s, int client_server, int type, 3308 unsigned char *data, int len, void *arg) 3309{ 3310 struct tls_connection *conn = arg; 3311 3312 if (conn == NULL || conn->session_ticket_cb == NULL) 3313 return; 3314 3315 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 3316 type, len); 3317 3318 if (type == TLSEXT_TYPE_session_ticket && !client_server) { 3319 os_free(conn->session_ticket); 3320 conn->session_ticket = NULL; 3321 3322 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3323 "extension", data, len); 3324 conn->session_ticket = os_malloc(len); 3325 if (conn->session_ticket == NULL) 3326 return; 3327 3328 os_memcpy(conn->session_ticket, data, len); 3329 conn->session_ticket_len = len; 3330 } 3331} 3332#else /* SSL_OP_NO_TICKET */ 3333static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg) 3334{ 3335 struct tls_connection *conn = arg; 3336 3337 if (conn == NULL || conn->session_ticket_cb == NULL) 3338 return 0; 3339 3340 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 3341 ext->type, ext->length); 3342 3343 os_free(conn->session_ticket); 3344 conn->session_ticket = NULL; 3345 3346 if (ext->type == 35) { 3347 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3348 "extension", ext->data, ext->length); 3349 conn->session_ticket = os_malloc(ext->length); 3350 if (conn->session_ticket == NULL) 3351 return SSL_AD_INTERNAL_ERROR; 3352 3353 os_memcpy(conn->session_ticket, ext->data, ext->length); 3354 conn->session_ticket_len = ext->length; 3355 } 3356 3357 return 0; 3358} 3359#endif /* SSL_OP_NO_TICKET */ 3360#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3361#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3362 3363 3364int tls_connection_set_session_ticket_cb(void *tls_ctx, 3365 struct tls_connection *conn, 3366 tls_session_ticket_cb cb, 3367 void *ctx) 3368{ 3369#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3370 conn->session_ticket_cb = cb; 3371 conn->session_ticket_cb_ctx = ctx; 3372 3373 if (cb) { 3374 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, 3375 conn) != 1) 3376 return -1; 3377#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3378 SSL_set_session_ticket_ext_cb(conn->ssl, 3379 tls_session_ticket_ext_cb, conn); 3380#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3381#ifdef SSL_OP_NO_TICKET 3382 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb); 3383 SSL_set_tlsext_debug_arg(conn->ssl, conn); 3384#else /* SSL_OP_NO_TICKET */ 3385 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb, 3386 conn) != 1) 3387 return -1; 3388#endif /* SSL_OP_NO_TICKET */ 3389#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3390 } else { 3391 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) 3392 return -1; 3393#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3394 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL); 3395#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3396#ifdef SSL_OP_NO_TICKET 3397 SSL_set_tlsext_debug_callback(conn->ssl, NULL); 3398 SSL_set_tlsext_debug_arg(conn->ssl, conn); 3399#else /* SSL_OP_NO_TICKET */ 3400 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1) 3401 return -1; 3402#endif /* SSL_OP_NO_TICKET */ 3403#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3404 } 3405 3406 return 0; 3407#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3408 return -1; 3409#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3410} 3411