tls_openssl.c revision 13ca8d8ea51a1aa5e24c6c956473a11b0c7daed4
1/* 2 * SSL/TLS interface functions for OpenSSL 3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#ifndef CONFIG_SMARTCARD 12#ifndef OPENSSL_NO_ENGINE 13#ifndef ANDROID 14#define OPENSSL_NO_ENGINE 15#endif 16#endif 17#endif 18 19#include <openssl/ssl.h> 20#include <openssl/err.h> 21#include <openssl/pkcs12.h> 22#include <openssl/x509v3.h> 23#ifndef OPENSSL_NO_ENGINE 24#include <openssl/engine.h> 25#endif /* OPENSSL_NO_ENGINE */ 26 27#include "common.h" 28#include "crypto.h" 29#include "tls.h" 30 31#if OPENSSL_VERSION_NUMBER >= 0x0090800fL 32#define OPENSSL_d2i_TYPE const unsigned char ** 33#else 34#define OPENSSL_d2i_TYPE unsigned char ** 35#endif 36 37#if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data) 38#define OPENSSL_SUPPORTS_CTX_APP_DATA 39#endif 40 41#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT 42#ifdef SSL_OP_NO_TICKET 43/* 44 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on 45 * 2008-11-15. This version uses a bit different API compared to the old patch. 46 */ 47#define CONFIG_OPENSSL_TICKET_OVERRIDE 48#endif 49#endif 50 51#ifdef SSL_set_tlsext_status_type 52#ifndef OPENSSL_NO_TLSEXT 53#define HAVE_OCSP 54#include <openssl/ocsp.h> 55#endif /* OPENSSL_NO_TLSEXT */ 56#endif /* SSL_set_tlsext_status_type */ 57 58#ifdef ANDROID 59#include <openssl/pem.h> 60#include <keystore/keystore_get.h> 61 62static BIO * BIO_from_keystore(const char *key) 63{ 64 BIO *bio = NULL; 65 uint8_t *value = NULL; 66 int length = keystore_get(key, strlen(key), &value); 67 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) 68 BIO_write(bio, value, length); 69 free(value); 70 return bio; 71} 72#endif /* ANDROID */ 73 74static int tls_openssl_ref_count = 0; 75 76struct tls_context { 77 void (*event_cb)(void *ctx, enum tls_event ev, 78 union tls_event_data *data); 79 void *cb_ctx; 80 int cert_in_cb; 81 char *ocsp_stapling_response; 82}; 83 84static struct tls_context *tls_global = NULL; 85 86 87struct tls_connection { 88 struct tls_context *context; 89 SSL *ssl; 90 BIO *ssl_in, *ssl_out; 91#ifndef OPENSSL_NO_ENGINE 92 ENGINE *engine; /* functional reference to the engine */ 93 EVP_PKEY *private_key; /* the private key if using engine */ 94#endif /* OPENSSL_NO_ENGINE */ 95 char *subject_match, *altsubject_match, *suffix_match; 96 int read_alerts, write_alerts, failed; 97 98 tls_session_ticket_cb session_ticket_cb; 99 void *session_ticket_cb_ctx; 100 101 /* SessionTicket received from OpenSSL hello_extension_cb (server) */ 102 u8 *session_ticket; 103 size_t session_ticket_len; 104 105 unsigned int ca_cert_verify:1; 106 unsigned int cert_probe:1; 107 unsigned int server_cert_only:1; 108 109 u8 srv_cert_hash[32]; 110 111 unsigned int flags; 112 113 X509 *peer_cert; 114 X509 *peer_issuer; 115 X509 *peer_issuer_issuer; 116}; 117 118 119static struct tls_context * tls_context_new(const struct tls_config *conf) 120{ 121 struct tls_context *context = os_zalloc(sizeof(*context)); 122 if (context == NULL) 123 return NULL; 124 if (conf) { 125 context->event_cb = conf->event_cb; 126 context->cb_ctx = conf->cb_ctx; 127 context->cert_in_cb = conf->cert_in_cb; 128 } 129 return context; 130} 131 132 133#ifdef CONFIG_NO_STDOUT_DEBUG 134 135static void _tls_show_errors(void) 136{ 137 unsigned long err; 138 139 while ((err = ERR_get_error())) { 140 /* Just ignore the errors, since stdout is disabled */ 141 } 142} 143#define tls_show_errors(l, f, t) _tls_show_errors() 144 145#else /* CONFIG_NO_STDOUT_DEBUG */ 146 147static void tls_show_errors(int level, const char *func, const char *txt) 148{ 149 unsigned long err; 150 151 wpa_printf(level, "OpenSSL: %s - %s %s", 152 func, txt, ERR_error_string(ERR_get_error(), NULL)); 153 154 while ((err = ERR_get_error())) { 155 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 156 ERR_error_string(err, NULL)); 157 } 158} 159 160#endif /* CONFIG_NO_STDOUT_DEBUG */ 161 162 163#ifdef CONFIG_NATIVE_WINDOWS 164 165/* Windows CryptoAPI and access to certificate stores */ 166#include <wincrypt.h> 167 168#ifdef __MINGW32_VERSION 169/* 170 * MinGW does not yet include all the needed definitions for CryptoAPI, so 171 * define here whatever extra is needed. 172 */ 173#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16) 174#define CERT_STORE_READONLY_FLAG 0x00008000 175#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 176 177#endif /* __MINGW32_VERSION */ 178 179 180struct cryptoapi_rsa_data { 181 const CERT_CONTEXT *cert; 182 HCRYPTPROV crypt_prov; 183 DWORD key_spec; 184 BOOL free_crypt_prov; 185}; 186 187 188static void cryptoapi_error(const char *msg) 189{ 190 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u", 191 msg, (unsigned int) GetLastError()); 192} 193 194 195static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from, 196 unsigned char *to, RSA *rsa, int padding) 197{ 198 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 199 return 0; 200} 201 202 203static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from, 204 unsigned char *to, RSA *rsa, int padding) 205{ 206 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 207 return 0; 208} 209 210 211static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from, 212 unsigned char *to, RSA *rsa, int padding) 213{ 214 struct cryptoapi_rsa_data *priv = 215 (struct cryptoapi_rsa_data *) rsa->meth->app_data; 216 HCRYPTHASH hash; 217 DWORD hash_size, len, i; 218 unsigned char *buf = NULL; 219 int ret = 0; 220 221 if (priv == NULL) { 222 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 223 ERR_R_PASSED_NULL_PARAMETER); 224 return 0; 225 } 226 227 if (padding != RSA_PKCS1_PADDING) { 228 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 229 RSA_R_UNKNOWN_PADDING_TYPE); 230 return 0; 231 } 232 233 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) { 234 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported", 235 __func__); 236 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 237 RSA_R_INVALID_MESSAGE_LENGTH); 238 return 0; 239 } 240 241 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash)) 242 { 243 cryptoapi_error("CryptCreateHash failed"); 244 return 0; 245 } 246 247 len = sizeof(hash_size); 248 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len, 249 0)) { 250 cryptoapi_error("CryptGetHashParam failed"); 251 goto err; 252 } 253 254 if ((int) hash_size != flen) { 255 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)", 256 (unsigned) hash_size, flen); 257 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 258 RSA_R_INVALID_MESSAGE_LENGTH); 259 goto err; 260 } 261 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) { 262 cryptoapi_error("CryptSetHashParam failed"); 263 goto err; 264 } 265 266 len = RSA_size(rsa); 267 buf = os_malloc(len); 268 if (buf == NULL) { 269 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 270 goto err; 271 } 272 273 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) { 274 cryptoapi_error("CryptSignHash failed"); 275 goto err; 276 } 277 278 for (i = 0; i < len; i++) 279 to[i] = buf[len - i - 1]; 280 ret = len; 281 282err: 283 os_free(buf); 284 CryptDestroyHash(hash); 285 286 return ret; 287} 288 289 290static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from, 291 unsigned char *to, RSA *rsa, int padding) 292{ 293 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 294 return 0; 295} 296 297 298static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv) 299{ 300 if (priv == NULL) 301 return; 302 if (priv->crypt_prov && priv->free_crypt_prov) 303 CryptReleaseContext(priv->crypt_prov, 0); 304 if (priv->cert) 305 CertFreeCertificateContext(priv->cert); 306 os_free(priv); 307} 308 309 310static int cryptoapi_finish(RSA *rsa) 311{ 312 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data); 313 os_free((void *) rsa->meth); 314 rsa->meth = NULL; 315 return 1; 316} 317 318 319static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store) 320{ 321 HCERTSTORE cs; 322 const CERT_CONTEXT *ret = NULL; 323 324 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0, 325 store | CERT_STORE_OPEN_EXISTING_FLAG | 326 CERT_STORE_READONLY_FLAG, L"MY"); 327 if (cs == NULL) { 328 cryptoapi_error("Failed to open 'My system store'"); 329 return NULL; 330 } 331 332 if (strncmp(name, "cert://", 7) == 0) { 333 unsigned short wbuf[255]; 334 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255); 335 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING | 336 PKCS_7_ASN_ENCODING, 337 0, CERT_FIND_SUBJECT_STR, 338 wbuf, NULL); 339 } else if (strncmp(name, "hash://", 7) == 0) { 340 CRYPT_HASH_BLOB blob; 341 int len; 342 const char *hash = name + 7; 343 unsigned char *buf; 344 345 len = os_strlen(hash) / 2; 346 buf = os_malloc(len); 347 if (buf && hexstr2bin(hash, buf, len) == 0) { 348 blob.cbData = len; 349 blob.pbData = buf; 350 ret = CertFindCertificateInStore(cs, 351 X509_ASN_ENCODING | 352 PKCS_7_ASN_ENCODING, 353 0, CERT_FIND_HASH, 354 &blob, NULL); 355 } 356 os_free(buf); 357 } 358 359 CertCloseStore(cs, 0); 360 361 return ret; 362} 363 364 365static int tls_cryptoapi_cert(SSL *ssl, const char *name) 366{ 367 X509 *cert = NULL; 368 RSA *rsa = NULL, *pub_rsa; 369 struct cryptoapi_rsa_data *priv; 370 RSA_METHOD *rsa_meth; 371 372 if (name == NULL || 373 (strncmp(name, "cert://", 7) != 0 && 374 strncmp(name, "hash://", 7) != 0)) 375 return -1; 376 377 priv = os_zalloc(sizeof(*priv)); 378 rsa_meth = os_zalloc(sizeof(*rsa_meth)); 379 if (priv == NULL || rsa_meth == NULL) { 380 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory " 381 "for CryptoAPI RSA method"); 382 os_free(priv); 383 os_free(rsa_meth); 384 return -1; 385 } 386 387 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER); 388 if (priv->cert == NULL) { 389 priv->cert = cryptoapi_find_cert( 390 name, CERT_SYSTEM_STORE_LOCAL_MACHINE); 391 } 392 if (priv->cert == NULL) { 393 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate " 394 "'%s'", name); 395 goto err; 396 } 397 398 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded, 399 priv->cert->cbCertEncoded); 400 if (cert == NULL) { 401 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER " 402 "encoding"); 403 goto err; 404 } 405 406 if (!CryptAcquireCertificatePrivateKey(priv->cert, 407 CRYPT_ACQUIRE_COMPARE_KEY_FLAG, 408 NULL, &priv->crypt_prov, 409 &priv->key_spec, 410 &priv->free_crypt_prov)) { 411 cryptoapi_error("Failed to acquire a private key for the " 412 "certificate"); 413 goto err; 414 } 415 416 rsa_meth->name = "Microsoft CryptoAPI RSA Method"; 417 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc; 418 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec; 419 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc; 420 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec; 421 rsa_meth->finish = cryptoapi_finish; 422 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; 423 rsa_meth->app_data = (char *) priv; 424 425 rsa = RSA_new(); 426 if (rsa == NULL) { 427 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 428 ERR_R_MALLOC_FAILURE); 429 goto err; 430 } 431 432 if (!SSL_use_certificate(ssl, cert)) { 433 RSA_free(rsa); 434 rsa = NULL; 435 goto err; 436 } 437 pub_rsa = cert->cert_info->key->pkey->pkey.rsa; 438 X509_free(cert); 439 cert = NULL; 440 441 rsa->n = BN_dup(pub_rsa->n); 442 rsa->e = BN_dup(pub_rsa->e); 443 if (!RSA_set_method(rsa, rsa_meth)) 444 goto err; 445 446 if (!SSL_use_RSAPrivateKey(ssl, rsa)) 447 goto err; 448 RSA_free(rsa); 449 450 return 0; 451 452err: 453 if (cert) 454 X509_free(cert); 455 if (rsa) 456 RSA_free(rsa); 457 else { 458 os_free(rsa_meth); 459 cryptoapi_free_data(priv); 460 } 461 return -1; 462} 463 464 465static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name) 466{ 467 HCERTSTORE cs; 468 PCCERT_CONTEXT ctx = NULL; 469 X509 *cert; 470 char buf[128]; 471 const char *store; 472#ifdef UNICODE 473 WCHAR *wstore; 474#endif /* UNICODE */ 475 476 if (name == NULL || strncmp(name, "cert_store://", 13) != 0) 477 return -1; 478 479 store = name + 13; 480#ifdef UNICODE 481 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR)); 482 if (wstore == NULL) 483 return -1; 484 wsprintf(wstore, L"%S", store); 485 cs = CertOpenSystemStore(0, wstore); 486 os_free(wstore); 487#else /* UNICODE */ 488 cs = CertOpenSystemStore(0, store); 489#endif /* UNICODE */ 490 if (cs == NULL) { 491 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store " 492 "'%s': error=%d", __func__, store, 493 (int) GetLastError()); 494 return -1; 495 } 496 497 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) { 498 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded, 499 ctx->cbCertEncoded); 500 if (cert == NULL) { 501 wpa_printf(MSG_INFO, "CryptoAPI: Could not process " 502 "X509 DER encoding for CA cert"); 503 continue; 504 } 505 506 X509_NAME_oneline(X509_get_subject_name(cert), buf, 507 sizeof(buf)); 508 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for " 509 "system certificate store: subject='%s'", buf); 510 511 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 512 tls_show_errors(MSG_WARNING, __func__, 513 "Failed to add ca_cert to OpenSSL " 514 "certificate store"); 515 } 516 517 X509_free(cert); 518 } 519 520 if (!CertCloseStore(cs, 0)) { 521 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store " 522 "'%s': error=%d", __func__, name + 13, 523 (int) GetLastError()); 524 } 525 526 return 0; 527} 528 529 530#else /* CONFIG_NATIVE_WINDOWS */ 531 532static int tls_cryptoapi_cert(SSL *ssl, const char *name) 533{ 534 return -1; 535} 536 537#endif /* CONFIG_NATIVE_WINDOWS */ 538 539 540static void ssl_info_cb(const SSL *ssl, int where, int ret) 541{ 542 const char *str; 543 int w; 544 545 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret); 546 w = where & ~SSL_ST_MASK; 547 if (w & SSL_ST_CONNECT) 548 str = "SSL_connect"; 549 else if (w & SSL_ST_ACCEPT) 550 str = "SSL_accept"; 551 else 552 str = "undefined"; 553 554 if (where & SSL_CB_LOOP) { 555 wpa_printf(MSG_DEBUG, "SSL: %s:%s", 556 str, SSL_state_string_long(ssl)); 557 } else if (where & SSL_CB_ALERT) { 558 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl); 559 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s", 560 where & SSL_CB_READ ? 561 "read (remote end reported an error)" : 562 "write (local SSL3 detected an error)", 563 SSL_alert_type_string_long(ret), 564 SSL_alert_desc_string_long(ret)); 565 if ((ret >> 8) == SSL3_AL_FATAL) { 566 if (where & SSL_CB_READ) 567 conn->read_alerts++; 568 else 569 conn->write_alerts++; 570 } 571 if (conn->context->event_cb != NULL) { 572 union tls_event_data ev; 573 struct tls_context *context = conn->context; 574 os_memset(&ev, 0, sizeof(ev)); 575 ev.alert.is_local = !(where & SSL_CB_READ); 576 ev.alert.type = SSL_alert_type_string_long(ret); 577 ev.alert.description = SSL_alert_desc_string_long(ret); 578 context->event_cb(context->cb_ctx, TLS_ALERT, &ev); 579 } 580 } else if (where & SSL_CB_EXIT && ret <= 0) { 581 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", 582 str, ret == 0 ? "failed" : "error", 583 SSL_state_string_long(ssl)); 584 } 585} 586 587 588#ifndef OPENSSL_NO_ENGINE 589/** 590 * tls_engine_load_dynamic_generic - load any openssl engine 591 * @pre: an array of commands and values that load an engine initialized 592 * in the engine specific function 593 * @post: an array of commands and values that initialize an already loaded 594 * engine (or %NULL if not required) 595 * @id: the engine id of the engine to load (only required if post is not %NULL 596 * 597 * This function is a generic function that loads any openssl engine. 598 * 599 * Returns: 0 on success, -1 on failure 600 */ 601static int tls_engine_load_dynamic_generic(const char *pre[], 602 const char *post[], const char *id) 603{ 604 ENGINE *engine; 605 const char *dynamic_id = "dynamic"; 606 607 engine = ENGINE_by_id(id); 608 if (engine) { 609 ENGINE_free(engine); 610 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " 611 "available", id); 612 return 0; 613 } 614 ERR_clear_error(); 615 616 engine = ENGINE_by_id(dynamic_id); 617 if (engine == NULL) { 618 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 619 dynamic_id, 620 ERR_error_string(ERR_get_error(), NULL)); 621 return -1; 622 } 623 624 /* Perform the pre commands. This will load the engine. */ 625 while (pre && pre[0]) { 626 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]); 627 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) { 628 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: " 629 "%s %s [%s]", pre[0], pre[1], 630 ERR_error_string(ERR_get_error(), NULL)); 631 ENGINE_free(engine); 632 return -1; 633 } 634 pre += 2; 635 } 636 637 /* 638 * Free the reference to the "dynamic" engine. The loaded engine can 639 * now be looked up using ENGINE_by_id(). 640 */ 641 ENGINE_free(engine); 642 643 engine = ENGINE_by_id(id); 644 if (engine == NULL) { 645 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 646 id, ERR_error_string(ERR_get_error(), NULL)); 647 return -1; 648 } 649 650 while (post && post[0]) { 651 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]); 652 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) { 653 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:" 654 " %s %s [%s]", post[0], post[1], 655 ERR_error_string(ERR_get_error(), NULL)); 656 ENGINE_remove(engine); 657 ENGINE_free(engine); 658 return -1; 659 } 660 post += 2; 661 } 662 ENGINE_free(engine); 663 664 return 0; 665} 666 667 668/** 669 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc 670 * @pkcs11_so_path: pksc11_so_path from the configuration 671 * @pcks11_module_path: pkcs11_module_path from the configuration 672 */ 673static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, 674 const char *pkcs11_module_path) 675{ 676 char *engine_id = "pkcs11"; 677 const char *pre_cmd[] = { 678 "SO_PATH", NULL /* pkcs11_so_path */, 679 "ID", NULL /* engine_id */, 680 "LIST_ADD", "1", 681 /* "NO_VCHECK", "1", */ 682 "LOAD", NULL, 683 NULL, NULL 684 }; 685 const char *post_cmd[] = { 686 "MODULE_PATH", NULL /* pkcs11_module_path */, 687 NULL, NULL 688 }; 689 690 if (!pkcs11_so_path || !pkcs11_module_path) 691 return 0; 692 693 pre_cmd[1] = pkcs11_so_path; 694 pre_cmd[3] = engine_id; 695 post_cmd[1] = pkcs11_module_path; 696 697 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", 698 pkcs11_so_path); 699 700 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id); 701} 702 703 704/** 705 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc 706 * @opensc_so_path: opensc_so_path from the configuration 707 */ 708static int tls_engine_load_dynamic_opensc(const char *opensc_so_path) 709{ 710 char *engine_id = "opensc"; 711 const char *pre_cmd[] = { 712 "SO_PATH", NULL /* opensc_so_path */, 713 "ID", NULL /* engine_id */, 714 "LIST_ADD", "1", 715 "LOAD", NULL, 716 NULL, NULL 717 }; 718 719 if (!opensc_so_path) 720 return 0; 721 722 pre_cmd[1] = opensc_so_path; 723 pre_cmd[3] = engine_id; 724 725 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s", 726 opensc_so_path); 727 728 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); 729} 730#endif /* OPENSSL_NO_ENGINE */ 731 732 733void * tls_init(const struct tls_config *conf) 734{ 735 SSL_CTX *ssl; 736 struct tls_context *context; 737 738 if (tls_openssl_ref_count == 0) { 739 tls_global = context = tls_context_new(conf); 740 if (context == NULL) 741 return NULL; 742#ifdef CONFIG_FIPS 743#ifdef OPENSSL_FIPS 744 if (conf && conf->fips_mode) { 745 if (!FIPS_mode_set(1)) { 746 wpa_printf(MSG_ERROR, "Failed to enable FIPS " 747 "mode"); 748 ERR_load_crypto_strings(); 749 ERR_print_errors_fp(stderr); 750 os_free(tls_global); 751 tls_global = NULL; 752 return NULL; 753 } else 754 wpa_printf(MSG_INFO, "Running in FIPS mode"); 755 } 756#else /* OPENSSL_FIPS */ 757 if (conf && conf->fips_mode) { 758 wpa_printf(MSG_ERROR, "FIPS mode requested, but not " 759 "supported"); 760 os_free(tls_global); 761 tls_global = NULL; 762 return NULL; 763 } 764#endif /* OPENSSL_FIPS */ 765#endif /* CONFIG_FIPS */ 766 SSL_load_error_strings(); 767 SSL_library_init(); 768#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) 769 EVP_add_digest(EVP_sha256()); 770#endif /* OPENSSL_NO_SHA256 */ 771 /* TODO: if /dev/urandom is available, PRNG is seeded 772 * automatically. If this is not the case, random data should 773 * be added here. */ 774 775#ifdef PKCS12_FUNCS 776#ifndef OPENSSL_NO_RC2 777 /* 778 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it. 779 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8 780 * versions, but it looks like OpenSSL 1.0.0 does not do that 781 * anymore. 782 */ 783 EVP_add_cipher(EVP_rc2_40_cbc()); 784#endif /* OPENSSL_NO_RC2 */ 785 PKCS12_PBE_add(); 786#endif /* PKCS12_FUNCS */ 787 } else { 788 context = tls_global; 789#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 790 /* Newer OpenSSL can store app-data per-SSL */ 791 context = tls_context_new(conf); 792 if (context == NULL) 793 return NULL; 794#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 795 } 796 tls_openssl_ref_count++; 797 798 ssl = SSL_CTX_new(TLSv1_method()); 799 if (ssl == NULL) { 800 tls_openssl_ref_count--; 801#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 802 if (context != tls_global) 803 os_free(context); 804#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 805 if (tls_openssl_ref_count == 0) { 806 os_free(tls_global); 807 tls_global = NULL; 808 } 809 return NULL; 810 } 811 812 SSL_CTX_set_info_callback(ssl, ssl_info_cb); 813#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 814 SSL_CTX_set_app_data(ssl, context); 815#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 816 817#ifndef OPENSSL_NO_ENGINE 818 if (conf && 819 (conf->opensc_engine_path || conf->pkcs11_engine_path || 820 conf->pkcs11_module_path)) { 821 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); 822 ERR_load_ENGINE_strings(); 823 ENGINE_load_dynamic(); 824 825 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || 826 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, 827 conf->pkcs11_module_path)) { 828 tls_deinit(ssl); 829 return NULL; 830 } 831 } 832#endif /* OPENSSL_NO_ENGINE */ 833 834 return ssl; 835} 836 837 838void tls_deinit(void *ssl_ctx) 839{ 840 SSL_CTX *ssl = ssl_ctx; 841#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 842 struct tls_context *context = SSL_CTX_get_app_data(ssl); 843 if (context != tls_global) 844 os_free(context); 845#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 846 SSL_CTX_free(ssl); 847 848 tls_openssl_ref_count--; 849 if (tls_openssl_ref_count == 0) { 850#ifndef OPENSSL_NO_ENGINE 851 ENGINE_cleanup(); 852#endif /* OPENSSL_NO_ENGINE */ 853 CRYPTO_cleanup_all_ex_data(); 854 ERR_remove_state(0); 855 ERR_free_strings(); 856 EVP_cleanup(); 857 os_free(tls_global->ocsp_stapling_response); 858 tls_global->ocsp_stapling_response = NULL; 859 os_free(tls_global); 860 tls_global = NULL; 861 } 862} 863 864 865static int tls_engine_init(struct tls_connection *conn, const char *engine_id, 866 const char *pin, const char *key_id, 867 const char *cert_id, const char *ca_cert_id) 868{ 869#ifndef OPENSSL_NO_ENGINE 870 int ret = -1; 871 if (engine_id == NULL) { 872 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); 873 return -1; 874 } 875#ifndef ANDROID 876 if (pin == NULL) { 877 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set"); 878 return -1; 879 } 880#endif 881 if (key_id == NULL) { 882 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set"); 883 return -1; 884 } 885 886 ERR_clear_error(); 887#ifdef ANDROID 888 ENGINE_load_dynamic(); 889#endif 890 conn->engine = ENGINE_by_id(engine_id); 891 if (!conn->engine) { 892 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", 893 engine_id, ERR_error_string(ERR_get_error(), NULL)); 894 goto err; 895 } 896 if (ENGINE_init(conn->engine) != 1) { 897 wpa_printf(MSG_ERROR, "ENGINE: engine init failed " 898 "(engine: %s) [%s]", engine_id, 899 ERR_error_string(ERR_get_error(), NULL)); 900 goto err; 901 } 902 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); 903 904#ifndef ANDROID 905 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { 906 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", 907 ERR_error_string(ERR_get_error(), NULL)); 908 goto err; 909 } 910#endif 911 /* load private key first in-case PIN is required for cert */ 912 conn->private_key = ENGINE_load_private_key(conn->engine, 913 key_id, NULL, NULL); 914 if (!conn->private_key) { 915 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id" 916 " '%s' [%s]", key_id, 917 ERR_error_string(ERR_get_error(), NULL)); 918 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 919 goto err; 920 } 921 922 /* handle a certificate and/or CA certificate */ 923 if (cert_id || ca_cert_id) { 924 const char *cmd_name = "LOAD_CERT_CTRL"; 925 926 /* test if the engine supports a LOAD_CERT_CTRL */ 927 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME, 928 0, (void *)cmd_name, NULL)) { 929 wpa_printf(MSG_ERROR, "ENGINE: engine does not support" 930 " loading certificates"); 931 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 932 goto err; 933 } 934 } 935 936 return 0; 937 938err: 939 if (conn->engine) { 940 ENGINE_free(conn->engine); 941 conn->engine = NULL; 942 } 943 944 if (conn->private_key) { 945 EVP_PKEY_free(conn->private_key); 946 conn->private_key = NULL; 947 } 948 949 return ret; 950#else /* OPENSSL_NO_ENGINE */ 951 return 0; 952#endif /* OPENSSL_NO_ENGINE */ 953} 954 955 956static void tls_engine_deinit(struct tls_connection *conn) 957{ 958#ifndef OPENSSL_NO_ENGINE 959 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit"); 960 if (conn->private_key) { 961 EVP_PKEY_free(conn->private_key); 962 conn->private_key = NULL; 963 } 964 if (conn->engine) { 965 ENGINE_finish(conn->engine); 966 conn->engine = NULL; 967 } 968#endif /* OPENSSL_NO_ENGINE */ 969} 970 971 972int tls_get_errors(void *ssl_ctx) 973{ 974 int count = 0; 975 unsigned long err; 976 977 while ((err = ERR_get_error())) { 978 wpa_printf(MSG_INFO, "TLS - SSL error: %s", 979 ERR_error_string(err, NULL)); 980 count++; 981 } 982 983 return count; 984} 985 986struct tls_connection * tls_connection_init(void *ssl_ctx) 987{ 988 SSL_CTX *ssl = ssl_ctx; 989 struct tls_connection *conn; 990 long options; 991 struct tls_context *context = tls_global; 992#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 993 context = SSL_CTX_get_app_data(ssl); 994#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 995 996 conn = os_zalloc(sizeof(*conn)); 997 if (conn == NULL) 998 return NULL; 999 conn->ssl = SSL_new(ssl); 1000 if (conn->ssl == NULL) { 1001 tls_show_errors(MSG_INFO, __func__, 1002 "Failed to initialize new SSL connection"); 1003 os_free(conn); 1004 return NULL; 1005 } 1006 1007 conn->context = context; 1008 SSL_set_app_data(conn->ssl, conn); 1009 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 1010 SSL_OP_SINGLE_DH_USE; 1011#ifdef SSL_OP_NO_COMPRESSION 1012 options |= SSL_OP_NO_COMPRESSION; 1013#endif /* SSL_OP_NO_COMPRESSION */ 1014#ifdef ANDROID 1015 options |= SSL_OP_NO_TLSv1_1; 1016 options |= SSL_OP_NO_TLSv1_2; 1017 options |= SSL_OP_NO_TICKET; 1018#endif /* ANDROID */ 1019 SSL_set_options(conn->ssl, options); 1020 1021 conn->ssl_in = BIO_new(BIO_s_mem()); 1022 if (!conn->ssl_in) { 1023 tls_show_errors(MSG_INFO, __func__, 1024 "Failed to create a new BIO for ssl_in"); 1025 SSL_free(conn->ssl); 1026 os_free(conn); 1027 return NULL; 1028 } 1029 1030 conn->ssl_out = BIO_new(BIO_s_mem()); 1031 if (!conn->ssl_out) { 1032 tls_show_errors(MSG_INFO, __func__, 1033 "Failed to create a new BIO for ssl_out"); 1034 SSL_free(conn->ssl); 1035 BIO_free(conn->ssl_in); 1036 os_free(conn); 1037 return NULL; 1038 } 1039 1040 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out); 1041 1042 return conn; 1043} 1044 1045 1046void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) 1047{ 1048 if (conn == NULL) 1049 return; 1050 SSL_free(conn->ssl); 1051 tls_engine_deinit(conn); 1052 os_free(conn->subject_match); 1053 os_free(conn->altsubject_match); 1054 os_free(conn->suffix_match); 1055 os_free(conn->session_ticket); 1056 os_free(conn); 1057} 1058 1059 1060int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) 1061{ 1062 return conn ? SSL_is_init_finished(conn->ssl) : 0; 1063} 1064 1065 1066int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) 1067{ 1068 if (conn == NULL) 1069 return -1; 1070 1071 /* Shutdown previous TLS connection without notifying the peer 1072 * because the connection was already terminated in practice 1073 * and "close notify" shutdown alert would confuse AS. */ 1074 SSL_set_quiet_shutdown(conn->ssl, 1); 1075 SSL_shutdown(conn->ssl); 1076 return 0; 1077} 1078 1079 1080static int tls_match_altsubject_component(X509 *cert, int type, 1081 const char *value, size_t len) 1082{ 1083 GENERAL_NAME *gen; 1084 void *ext; 1085 int i, found = 0; 1086 1087 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 1088 1089 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 1090 gen = sk_GENERAL_NAME_value(ext, i); 1091 if (gen->type != type) 1092 continue; 1093 if (os_strlen((char *) gen->d.ia5->data) == len && 1094 os_memcmp(value, gen->d.ia5->data, len) == 0) 1095 found++; 1096 } 1097 1098 return found; 1099} 1100 1101 1102static int tls_match_altsubject(X509 *cert, const char *match) 1103{ 1104 int type; 1105 const char *pos, *end; 1106 size_t len; 1107 1108 pos = match; 1109 do { 1110 if (os_strncmp(pos, "EMAIL:", 6) == 0) { 1111 type = GEN_EMAIL; 1112 pos += 6; 1113 } else if (os_strncmp(pos, "DNS:", 4) == 0) { 1114 type = GEN_DNS; 1115 pos += 4; 1116 } else if (os_strncmp(pos, "URI:", 4) == 0) { 1117 type = GEN_URI; 1118 pos += 4; 1119 } else { 1120 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " 1121 "match '%s'", pos); 1122 return 0; 1123 } 1124 end = os_strchr(pos, ';'); 1125 while (end) { 1126 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || 1127 os_strncmp(end + 1, "DNS:", 4) == 0 || 1128 os_strncmp(end + 1, "URI:", 4) == 0) 1129 break; 1130 end = os_strchr(end + 1, ';'); 1131 } 1132 if (end) 1133 len = end - pos; 1134 else 1135 len = os_strlen(pos); 1136 if (tls_match_altsubject_component(cert, type, pos, len) > 0) 1137 return 1; 1138 pos = end + 1; 1139 } while (end); 1140 1141 return 0; 1142} 1143 1144 1145#ifndef CONFIG_NATIVE_WINDOWS 1146static int domain_suffix_match(const u8 *val, size_t len, const char *match) 1147{ 1148 size_t i, match_len; 1149 1150 /* Check for embedded nuls that could mess up suffix matching */ 1151 for (i = 0; i < len; i++) { 1152 if (val[i] == '\0') { 1153 wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject"); 1154 return 0; 1155 } 1156 } 1157 1158 match_len = os_strlen(match); 1159 if (match_len > len) 1160 return 0; 1161 1162 if (os_strncasecmp((const char *) val + len - match_len, match, 1163 match_len) != 0) 1164 return 0; /* no match */ 1165 1166 if (match_len == len) 1167 return 1; /* exact match */ 1168 1169 if (val[len - match_len - 1] == '.') 1170 return 1; /* full label match completes suffix match */ 1171 1172 wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match"); 1173 return 0; 1174} 1175#endif /* CONFIG_NATIVE_WINDOWS */ 1176 1177 1178static int tls_match_suffix(X509 *cert, const char *match) 1179{ 1180#ifdef CONFIG_NATIVE_WINDOWS 1181 /* wincrypt.h has conflicting X509_NAME definition */ 1182 return -1; 1183#else /* CONFIG_NATIVE_WINDOWS */ 1184 GENERAL_NAME *gen; 1185 void *ext; 1186 int i; 1187 int dns_name = 0; 1188 X509_NAME *name; 1189 1190 wpa_printf(MSG_DEBUG, "TLS: Match domain against suffix %s", match); 1191 1192 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 1193 1194 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 1195 gen = sk_GENERAL_NAME_value(ext, i); 1196 if (gen->type != GEN_DNS) 1197 continue; 1198 dns_name++; 1199 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName", 1200 gen->d.dNSName->data, 1201 gen->d.dNSName->length); 1202 if (domain_suffix_match(gen->d.dNSName->data, 1203 gen->d.dNSName->length, match) == 1) { 1204 wpa_printf(MSG_DEBUG, "TLS: Suffix match in dNSName found"); 1205 return 1; 1206 } 1207 } 1208 1209 if (dns_name) { 1210 wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched"); 1211 return 0; 1212 } 1213 1214 name = X509_get_subject_name(cert); 1215 i = -1; 1216 for (;;) { 1217 X509_NAME_ENTRY *e; 1218 ASN1_STRING *cn; 1219 1220 i = X509_NAME_get_index_by_NID(name, NID_commonName, i); 1221 if (i == -1) 1222 break; 1223 e = X509_NAME_get_entry(name, i); 1224 if (e == NULL) 1225 continue; 1226 cn = X509_NAME_ENTRY_get_data(e); 1227 if (cn == NULL) 1228 continue; 1229 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName", 1230 cn->data, cn->length); 1231 if (domain_suffix_match(cn->data, cn->length, match) == 1) { 1232 wpa_printf(MSG_DEBUG, "TLS: Suffix match in commonName found"); 1233 return 1; 1234 } 1235 } 1236 1237 wpa_printf(MSG_DEBUG, "TLS: No CommonName suffix match found"); 1238 return 0; 1239#endif /* CONFIG_NATIVE_WINDOWS */ 1240} 1241 1242 1243static enum tls_fail_reason openssl_tls_fail_reason(int err) 1244{ 1245 switch (err) { 1246 case X509_V_ERR_CERT_REVOKED: 1247 return TLS_FAIL_REVOKED; 1248 case X509_V_ERR_CERT_NOT_YET_VALID: 1249 case X509_V_ERR_CRL_NOT_YET_VALID: 1250 return TLS_FAIL_NOT_YET_VALID; 1251 case X509_V_ERR_CERT_HAS_EXPIRED: 1252 case X509_V_ERR_CRL_HAS_EXPIRED: 1253 return TLS_FAIL_EXPIRED; 1254 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 1255 case X509_V_ERR_UNABLE_TO_GET_CRL: 1256 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 1257 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 1258 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 1259 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1260 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 1261 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 1262 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 1263 case X509_V_ERR_INVALID_CA: 1264 return TLS_FAIL_UNTRUSTED; 1265 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 1266 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 1267 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 1268 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 1269 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 1270 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 1271 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 1272 case X509_V_ERR_CERT_UNTRUSTED: 1273 case X509_V_ERR_CERT_REJECTED: 1274 return TLS_FAIL_BAD_CERTIFICATE; 1275 default: 1276 return TLS_FAIL_UNSPECIFIED; 1277 } 1278} 1279 1280 1281static struct wpabuf * get_x509_cert(X509 *cert) 1282{ 1283 struct wpabuf *buf; 1284 u8 *tmp; 1285 1286 int cert_len = i2d_X509(cert, NULL); 1287 if (cert_len <= 0) 1288 return NULL; 1289 1290 buf = wpabuf_alloc(cert_len); 1291 if (buf == NULL) 1292 return NULL; 1293 1294 tmp = wpabuf_put(buf, cert_len); 1295 i2d_X509(cert, &tmp); 1296 return buf; 1297} 1298 1299 1300static void openssl_tls_fail_event(struct tls_connection *conn, 1301 X509 *err_cert, int err, int depth, 1302 const char *subject, const char *err_str, 1303 enum tls_fail_reason reason) 1304{ 1305 union tls_event_data ev; 1306 struct wpabuf *cert = NULL; 1307 struct tls_context *context = conn->context; 1308 1309 if (context->event_cb == NULL) 1310 return; 1311 1312 cert = get_x509_cert(err_cert); 1313 os_memset(&ev, 0, sizeof(ev)); 1314 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ? 1315 reason : openssl_tls_fail_reason(err); 1316 ev.cert_fail.depth = depth; 1317 ev.cert_fail.subject = subject; 1318 ev.cert_fail.reason_txt = err_str; 1319 ev.cert_fail.cert = cert; 1320 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev); 1321 wpabuf_free(cert); 1322} 1323 1324 1325static void openssl_tls_cert_event(struct tls_connection *conn, 1326 X509 *err_cert, int depth, 1327 const char *subject) 1328{ 1329 struct wpabuf *cert = NULL; 1330 union tls_event_data ev; 1331 struct tls_context *context = conn->context; 1332#ifdef CONFIG_SHA256 1333 u8 hash[32]; 1334#endif /* CONFIG_SHA256 */ 1335 1336 if (context->event_cb == NULL) 1337 return; 1338 1339 os_memset(&ev, 0, sizeof(ev)); 1340 if (conn->cert_probe || context->cert_in_cb) { 1341 cert = get_x509_cert(err_cert); 1342 ev.peer_cert.cert = cert; 1343 } 1344#ifdef CONFIG_SHA256 1345 if (cert) { 1346 const u8 *addr[1]; 1347 size_t len[1]; 1348 addr[0] = wpabuf_head(cert); 1349 len[0] = wpabuf_len(cert); 1350 if (sha256_vector(1, addr, len, hash) == 0) { 1351 ev.peer_cert.hash = hash; 1352 ev.peer_cert.hash_len = sizeof(hash); 1353 } 1354 } 1355#endif /* CONFIG_SHA256 */ 1356 ev.peer_cert.depth = depth; 1357 ev.peer_cert.subject = subject; 1358 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev); 1359 wpabuf_free(cert); 1360} 1361 1362 1363static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) 1364{ 1365 char buf[256]; 1366 X509 *err_cert; 1367 int err, depth; 1368 SSL *ssl; 1369 struct tls_connection *conn; 1370 struct tls_context *context; 1371 char *match, *altmatch, *suffix_match; 1372 const char *err_str; 1373 1374 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); 1375 if (!err_cert) 1376 return 0; 1377 1378 err = X509_STORE_CTX_get_error(x509_ctx); 1379 depth = X509_STORE_CTX_get_error_depth(x509_ctx); 1380 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 1381 SSL_get_ex_data_X509_STORE_CTX_idx()); 1382 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); 1383 1384 conn = SSL_get_app_data(ssl); 1385 if (conn == NULL) 1386 return 0; 1387 1388 if (depth == 0) 1389 conn->peer_cert = err_cert; 1390 else if (depth == 1) 1391 conn->peer_issuer = err_cert; 1392 else if (depth == 2) 1393 conn->peer_issuer_issuer = err_cert; 1394 1395 context = conn->context; 1396 match = conn->subject_match; 1397 altmatch = conn->altsubject_match; 1398 suffix_match = conn->suffix_match; 1399 1400 if (!preverify_ok && !conn->ca_cert_verify) 1401 preverify_ok = 1; 1402 if (!preverify_ok && depth > 0 && conn->server_cert_only) 1403 preverify_ok = 1; 1404 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) && 1405 (err == X509_V_ERR_CERT_HAS_EXPIRED || 1406 err == X509_V_ERR_CERT_NOT_YET_VALID)) { 1407 wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity " 1408 "time mismatch"); 1409 preverify_ok = 1; 1410 } 1411 1412 err_str = X509_verify_cert_error_string(err); 1413 1414#ifdef CONFIG_SHA256 1415 if (preverify_ok && depth == 0 && conn->server_cert_only) { 1416 struct wpabuf *cert; 1417 cert = get_x509_cert(err_cert); 1418 if (!cert) { 1419 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch " 1420 "server certificate data"); 1421 preverify_ok = 0; 1422 } else { 1423 u8 hash[32]; 1424 const u8 *addr[1]; 1425 size_t len[1]; 1426 addr[0] = wpabuf_head(cert); 1427 len[0] = wpabuf_len(cert); 1428 if (sha256_vector(1, addr, len, hash) < 0 || 1429 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { 1430 err_str = "Server certificate mismatch"; 1431 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 1432 preverify_ok = 0; 1433 } 1434 wpabuf_free(cert); 1435 } 1436 } 1437#endif /* CONFIG_SHA256 */ 1438 1439 if (!preverify_ok) { 1440 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," 1441 " error %d (%s) depth %d for '%s'", err, err_str, 1442 depth, buf); 1443 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1444 err_str, TLS_FAIL_UNSPECIFIED); 1445 return preverify_ok; 1446 } 1447 1448 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d " 1449 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", 1450 preverify_ok, err, err_str, 1451 conn->ca_cert_verify, depth, buf); 1452 if (depth == 0 && match && os_strstr(buf, match) == NULL) { 1453 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " 1454 "match with '%s'", buf, match); 1455 preverify_ok = 0; 1456 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1457 "Subject mismatch", 1458 TLS_FAIL_SUBJECT_MISMATCH); 1459 } else if (depth == 0 && altmatch && 1460 !tls_match_altsubject(err_cert, altmatch)) { 1461 wpa_printf(MSG_WARNING, "TLS: altSubjectName match " 1462 "'%s' not found", altmatch); 1463 preverify_ok = 0; 1464 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1465 "AltSubject mismatch", 1466 TLS_FAIL_ALTSUBJECT_MISMATCH); 1467 } else if (depth == 0 && suffix_match && 1468 !tls_match_suffix(err_cert, suffix_match)) { 1469 wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found", 1470 suffix_match); 1471 preverify_ok = 0; 1472 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1473 "Domain suffix mismatch", 1474 TLS_FAIL_DOMAIN_SUFFIX_MISMATCH); 1475 } else 1476 openssl_tls_cert_event(conn, err_cert, depth, buf); 1477 1478 if (conn->cert_probe && preverify_ok && depth == 0) { 1479 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate " 1480 "on probe-only run"); 1481 preverify_ok = 0; 1482 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1483 "Server certificate chain probe", 1484 TLS_FAIL_SERVER_CHAIN_PROBE); 1485 } 1486 1487 if (preverify_ok && context->event_cb != NULL) 1488 context->event_cb(context->cb_ctx, 1489 TLS_CERT_CHAIN_SUCCESS, NULL); 1490 1491 return preverify_ok; 1492} 1493 1494 1495#ifndef OPENSSL_NO_STDIO 1496static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert) 1497{ 1498 SSL_CTX *ssl_ctx = _ssl_ctx; 1499 X509_LOOKUP *lookup; 1500 int ret = 0; 1501 1502 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store, 1503 X509_LOOKUP_file()); 1504 if (lookup == NULL) { 1505 tls_show_errors(MSG_WARNING, __func__, 1506 "Failed add lookup for X509 store"); 1507 return -1; 1508 } 1509 1510 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) { 1511 unsigned long err = ERR_peek_error(); 1512 tls_show_errors(MSG_WARNING, __func__, 1513 "Failed load CA in DER format"); 1514 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1515 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1516 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1517 "cert already in hash table error", 1518 __func__); 1519 } else 1520 ret = -1; 1521 } 1522 1523 return ret; 1524} 1525#endif /* OPENSSL_NO_STDIO */ 1526 1527 1528static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn, 1529 const char *ca_cert, const u8 *ca_cert_blob, 1530 size_t ca_cert_blob_len, const char *ca_path) 1531{ 1532 SSL_CTX *ssl_ctx = _ssl_ctx; 1533 1534 /* 1535 * Remove previously configured trusted CA certificates before adding 1536 * new ones. 1537 */ 1538 X509_STORE_free(ssl_ctx->cert_store); 1539 ssl_ctx->cert_store = X509_STORE_new(); 1540 if (ssl_ctx->cert_store == NULL) { 1541 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1542 "certificate store", __func__); 1543 return -1; 1544 } 1545 1546 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1547 conn->ca_cert_verify = 1; 1548 1549 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) { 1550 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate " 1551 "chain"); 1552 conn->cert_probe = 1; 1553 conn->ca_cert_verify = 0; 1554 return 0; 1555 } 1556 1557 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) { 1558#ifdef CONFIG_SHA256 1559 const char *pos = ca_cert + 7; 1560 if (os_strncmp(pos, "server/sha256/", 14) != 0) { 1561 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert " 1562 "hash value '%s'", ca_cert); 1563 return -1; 1564 } 1565 pos += 14; 1566 if (os_strlen(pos) != 32 * 2) { 1567 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 " 1568 "hash length in ca_cert '%s'", ca_cert); 1569 return -1; 1570 } 1571 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { 1572 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash " 1573 "value in ca_cert '%s'", ca_cert); 1574 return -1; 1575 } 1576 conn->server_cert_only = 1; 1577 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server " 1578 "certificate match"); 1579 return 0; 1580#else /* CONFIG_SHA256 */ 1581 wpa_printf(MSG_INFO, "No SHA256 included in the build - " 1582 "cannot validate server certificate hash"); 1583 return -1; 1584#endif /* CONFIG_SHA256 */ 1585 } 1586 1587 if (ca_cert_blob) { 1588 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob, 1589 ca_cert_blob_len); 1590 if (cert == NULL) { 1591 tls_show_errors(MSG_WARNING, __func__, 1592 "Failed to parse ca_cert_blob"); 1593 return -1; 1594 } 1595 1596 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1597 unsigned long err = ERR_peek_error(); 1598 tls_show_errors(MSG_WARNING, __func__, 1599 "Failed to add ca_cert_blob to " 1600 "certificate store"); 1601 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1602 ERR_GET_REASON(err) == 1603 X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1604 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1605 "cert already in hash table error", 1606 __func__); 1607 } else { 1608 X509_free(cert); 1609 return -1; 1610 } 1611 } 1612 X509_free(cert); 1613 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob " 1614 "to certificate store", __func__); 1615 return 0; 1616 } 1617 1618#ifdef ANDROID 1619 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) { 1620 BIO *bio = BIO_from_keystore(&ca_cert[11]); 1621 STACK_OF(X509_INFO) *stack = NULL; 1622 int i; 1623 1624 if (bio) { 1625 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 1626 BIO_free(bio); 1627 } 1628 if (!stack) 1629 return -1; 1630 1631 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 1632 X509_INFO *info = sk_X509_INFO_value(stack, i); 1633 if (info->x509) { 1634 X509_STORE_add_cert(ssl_ctx->cert_store, 1635 info->x509); 1636 } 1637 if (info->crl) { 1638 X509_STORE_add_crl(ssl_ctx->cert_store, 1639 info->crl); 1640 } 1641 } 1642 sk_X509_INFO_pop_free(stack, X509_INFO_free); 1643 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1644 return 0; 1645 } 1646#endif /* ANDROID */ 1647 1648#ifdef CONFIG_NATIVE_WINDOWS 1649 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) == 1650 0) { 1651 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from " 1652 "system certificate store"); 1653 return 0; 1654 } 1655#endif /* CONFIG_NATIVE_WINDOWS */ 1656 1657 if (ca_cert || ca_path) { 1658#ifndef OPENSSL_NO_STDIO 1659 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) != 1660 1) { 1661 tls_show_errors(MSG_WARNING, __func__, 1662 "Failed to load root certificates"); 1663 if (ca_cert && 1664 tls_load_ca_der(ssl_ctx, ca_cert) == 0) { 1665 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded " 1666 "DER format CA certificate", 1667 __func__); 1668 } else 1669 return -1; 1670 } else { 1671 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1672 "certificate(s) loaded"); 1673 tls_get_errors(ssl_ctx); 1674 } 1675#else /* OPENSSL_NO_STDIO */ 1676 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1677 __func__); 1678 return -1; 1679#endif /* OPENSSL_NO_STDIO */ 1680 } else { 1681 /* No ca_cert configured - do not try to verify server 1682 * certificate */ 1683 conn->ca_cert_verify = 0; 1684 } 1685 1686 return 0; 1687} 1688 1689 1690static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert) 1691{ 1692 if (ca_cert) { 1693 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1) 1694 { 1695 tls_show_errors(MSG_WARNING, __func__, 1696 "Failed to load root certificates"); 1697 return -1; 1698 } 1699 1700 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1701 "certificate(s) loaded"); 1702 1703#ifndef OPENSSL_NO_STDIO 1704 /* Add the same CAs to the client certificate requests */ 1705 SSL_CTX_set_client_CA_list(ssl_ctx, 1706 SSL_load_client_CA_file(ca_cert)); 1707#endif /* OPENSSL_NO_STDIO */ 1708 } 1709 1710 return 0; 1711} 1712 1713 1714int tls_global_set_verify(void *ssl_ctx, int check_crl) 1715{ 1716 int flags; 1717 1718 if (check_crl) { 1719 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx); 1720 if (cs == NULL) { 1721 tls_show_errors(MSG_INFO, __func__, "Failed to get " 1722 "certificate store when enabling " 1723 "check_crl"); 1724 return -1; 1725 } 1726 flags = X509_V_FLAG_CRL_CHECK; 1727 if (check_crl == 2) 1728 flags |= X509_V_FLAG_CRL_CHECK_ALL; 1729 X509_STORE_set_flags(cs, flags); 1730 } 1731 return 0; 1732} 1733 1734 1735static int tls_connection_set_subject_match(struct tls_connection *conn, 1736 const char *subject_match, 1737 const char *altsubject_match, 1738 const char *suffix_match) 1739{ 1740 os_free(conn->subject_match); 1741 conn->subject_match = NULL; 1742 if (subject_match) { 1743 conn->subject_match = os_strdup(subject_match); 1744 if (conn->subject_match == NULL) 1745 return -1; 1746 } 1747 1748 os_free(conn->altsubject_match); 1749 conn->altsubject_match = NULL; 1750 if (altsubject_match) { 1751 conn->altsubject_match = os_strdup(altsubject_match); 1752 if (conn->altsubject_match == NULL) 1753 return -1; 1754 } 1755 1756 os_free(conn->suffix_match); 1757 conn->suffix_match = NULL; 1758 if (suffix_match) { 1759 conn->suffix_match = os_strdup(suffix_match); 1760 if (conn->suffix_match == NULL) 1761 return -1; 1762 } 1763 1764 return 0; 1765} 1766 1767 1768int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, 1769 int verify_peer) 1770{ 1771 static int counter = 0; 1772 1773 if (conn == NULL) 1774 return -1; 1775 1776 if (verify_peer) { 1777 conn->ca_cert_verify = 1; 1778 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER | 1779 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1780 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb); 1781 } else { 1782 conn->ca_cert_verify = 0; 1783 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1784 } 1785 1786 SSL_set_accept_state(conn->ssl); 1787 1788 /* 1789 * Set session id context in order to avoid fatal errors when client 1790 * tries to resume a session. However, set the context to a unique 1791 * value in order to effectively disable session resumption for now 1792 * since not all areas of the server code are ready for it (e.g., 1793 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS 1794 * handshake). 1795 */ 1796 counter++; 1797 SSL_set_session_id_context(conn->ssl, 1798 (const unsigned char *) &counter, 1799 sizeof(counter)); 1800 1801 return 0; 1802} 1803 1804 1805static int tls_connection_client_cert(struct tls_connection *conn, 1806 const char *client_cert, 1807 const u8 *client_cert_blob, 1808 size_t client_cert_blob_len) 1809{ 1810 if (client_cert == NULL && client_cert_blob == NULL) 1811 return 0; 1812 1813 if (client_cert_blob && 1814 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob, 1815 client_cert_blob_len) == 1) { 1816 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> " 1817 "OK"); 1818 return 0; 1819 } else if (client_cert_blob) { 1820 tls_show_errors(MSG_DEBUG, __func__, 1821 "SSL_use_certificate_ASN1 failed"); 1822 } 1823 1824 if (client_cert == NULL) 1825 return -1; 1826 1827#ifdef ANDROID 1828 if (os_strncmp("keystore://", client_cert, 11) == 0) { 1829 BIO *bio = BIO_from_keystore(&client_cert[11]); 1830 X509 *x509 = NULL; 1831 int ret = -1; 1832 if (bio) { 1833 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 1834 BIO_free(bio); 1835 } 1836 if (x509) { 1837 if (SSL_use_certificate(conn->ssl, x509) == 1) 1838 ret = 0; 1839 X509_free(x509); 1840 } 1841 return ret; 1842 } 1843#endif /* ANDROID */ 1844 1845#ifndef OPENSSL_NO_STDIO 1846 if (SSL_use_certificate_file(conn->ssl, client_cert, 1847 SSL_FILETYPE_ASN1) == 1) { 1848 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" 1849 " --> OK"); 1850 return 0; 1851 } 1852 1853 if (SSL_use_certificate_file(conn->ssl, client_cert, 1854 SSL_FILETYPE_PEM) == 1) { 1855 ERR_clear_error(); 1856 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" 1857 " --> OK"); 1858 return 0; 1859 } 1860 1861 tls_show_errors(MSG_DEBUG, __func__, 1862 "SSL_use_certificate_file failed"); 1863#else /* OPENSSL_NO_STDIO */ 1864 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1865#endif /* OPENSSL_NO_STDIO */ 1866 1867 return -1; 1868} 1869 1870 1871static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) 1872{ 1873#ifndef OPENSSL_NO_STDIO 1874 if (client_cert == NULL) 1875 return 0; 1876 1877 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1878 SSL_FILETYPE_ASN1) != 1 && 1879 SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 && 1880 SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1881 SSL_FILETYPE_PEM) != 1) { 1882 tls_show_errors(MSG_INFO, __func__, 1883 "Failed to load client certificate"); 1884 return -1; 1885 } 1886 return 0; 1887#else /* OPENSSL_NO_STDIO */ 1888 if (client_cert == NULL) 1889 return 0; 1890 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1891 return -1; 1892#endif /* OPENSSL_NO_STDIO */ 1893} 1894 1895 1896static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) 1897{ 1898 if (password == NULL) { 1899 return 0; 1900 } 1901 os_strlcpy(buf, (char *) password, size); 1902 return os_strlen(buf); 1903} 1904 1905 1906#ifdef PKCS12_FUNCS 1907static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, 1908 const char *passwd) 1909{ 1910 EVP_PKEY *pkey; 1911 X509 *cert; 1912 STACK_OF(X509) *certs; 1913 int res = 0; 1914 char buf[256]; 1915 1916 pkey = NULL; 1917 cert = NULL; 1918 certs = NULL; 1919 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { 1920 tls_show_errors(MSG_DEBUG, __func__, 1921 "Failed to parse PKCS12 file"); 1922 PKCS12_free(p12); 1923 return -1; 1924 } 1925 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data"); 1926 1927 if (cert) { 1928 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1929 sizeof(buf)); 1930 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: " 1931 "subject='%s'", buf); 1932 if (ssl) { 1933 if (SSL_use_certificate(ssl, cert) != 1) 1934 res = -1; 1935 } else { 1936 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1) 1937 res = -1; 1938 } 1939 X509_free(cert); 1940 } 1941 1942 if (pkey) { 1943 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12"); 1944 if (ssl) { 1945 if (SSL_use_PrivateKey(ssl, pkey) != 1) 1946 res = -1; 1947 } else { 1948 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) 1949 res = -1; 1950 } 1951 EVP_PKEY_free(pkey); 1952 } 1953 1954 if (certs) { 1955 while ((cert = sk_X509_pop(certs)) != NULL) { 1956 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1957 sizeof(buf)); 1958 wpa_printf(MSG_DEBUG, "TLS: additional certificate" 1959 " from PKCS12: subject='%s'", buf); 1960 /* 1961 * There is no SSL equivalent for the chain cert - so 1962 * always add it to the context... 1963 */ 1964 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) { 1965 res = -1; 1966 break; 1967 } 1968 } 1969 sk_X509_free(certs); 1970 } 1971 1972 PKCS12_free(p12); 1973 1974 if (res < 0) 1975 tls_get_errors(ssl_ctx); 1976 1977 return res; 1978} 1979#endif /* PKCS12_FUNCS */ 1980 1981 1982static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key, 1983 const char *passwd) 1984{ 1985#ifdef PKCS12_FUNCS 1986 FILE *f; 1987 PKCS12 *p12; 1988 1989 f = fopen(private_key, "rb"); 1990 if (f == NULL) 1991 return -1; 1992 1993 p12 = d2i_PKCS12_fp(f, NULL); 1994 fclose(f); 1995 1996 if (p12 == NULL) { 1997 tls_show_errors(MSG_INFO, __func__, 1998 "Failed to use PKCS#12 file"); 1999 return -1; 2000 } 2001 2002 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 2003 2004#else /* PKCS12_FUNCS */ 2005 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read " 2006 "p12/pfx files"); 2007 return -1; 2008#endif /* PKCS12_FUNCS */ 2009} 2010 2011 2012static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl, 2013 const u8 *blob, size_t len, const char *passwd) 2014{ 2015#ifdef PKCS12_FUNCS 2016 PKCS12 *p12; 2017 2018 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len); 2019 if (p12 == NULL) { 2020 tls_show_errors(MSG_INFO, __func__, 2021 "Failed to use PKCS#12 blob"); 2022 return -1; 2023 } 2024 2025 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 2026 2027#else /* PKCS12_FUNCS */ 2028 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse " 2029 "p12/pfx blobs"); 2030 return -1; 2031#endif /* PKCS12_FUNCS */ 2032} 2033 2034 2035#ifndef OPENSSL_NO_ENGINE 2036static int tls_engine_get_cert(struct tls_connection *conn, 2037 const char *cert_id, 2038 X509 **cert) 2039{ 2040 /* this runs after the private key is loaded so no PIN is required */ 2041 struct { 2042 const char *cert_id; 2043 X509 *cert; 2044 } params; 2045 params.cert_id = cert_id; 2046 params.cert = NULL; 2047 2048 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL", 2049 0, ¶ms, NULL, 1)) { 2050 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id" 2051 " '%s' [%s]", cert_id, 2052 ERR_error_string(ERR_get_error(), NULL)); 2053 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 2054 } 2055 if (!params.cert) { 2056 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id" 2057 " '%s'", cert_id); 2058 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 2059 } 2060 *cert = params.cert; 2061 return 0; 2062} 2063#endif /* OPENSSL_NO_ENGINE */ 2064 2065 2066static int tls_connection_engine_client_cert(struct tls_connection *conn, 2067 const char *cert_id) 2068{ 2069#ifndef OPENSSL_NO_ENGINE 2070 X509 *cert; 2071 2072 if (tls_engine_get_cert(conn, cert_id, &cert)) 2073 return -1; 2074 2075 if (!SSL_use_certificate(conn->ssl, cert)) { 2076 tls_show_errors(MSG_ERROR, __func__, 2077 "SSL_use_certificate failed"); 2078 X509_free(cert); 2079 return -1; 2080 } 2081 X509_free(cert); 2082 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> " 2083 "OK"); 2084 return 0; 2085 2086#else /* OPENSSL_NO_ENGINE */ 2087 return -1; 2088#endif /* OPENSSL_NO_ENGINE */ 2089} 2090 2091 2092static int tls_connection_engine_ca_cert(void *_ssl_ctx, 2093 struct tls_connection *conn, 2094 const char *ca_cert_id) 2095{ 2096#ifndef OPENSSL_NO_ENGINE 2097 X509 *cert; 2098 SSL_CTX *ssl_ctx = _ssl_ctx; 2099 2100 if (tls_engine_get_cert(conn, ca_cert_id, &cert)) 2101 return -1; 2102 2103 /* start off the same as tls_connection_ca_cert */ 2104 X509_STORE_free(ssl_ctx->cert_store); 2105 ssl_ctx->cert_store = X509_STORE_new(); 2106 if (ssl_ctx->cert_store == NULL) { 2107 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 2108 "certificate store", __func__); 2109 X509_free(cert); 2110 return -1; 2111 } 2112 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 2113 unsigned long err = ERR_peek_error(); 2114 tls_show_errors(MSG_WARNING, __func__, 2115 "Failed to add CA certificate from engine " 2116 "to certificate store"); 2117 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 2118 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 2119 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert" 2120 " already in hash table error", 2121 __func__); 2122 } else { 2123 X509_free(cert); 2124 return -1; 2125 } 2126 } 2127 X509_free(cert); 2128 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine " 2129 "to certificate store", __func__); 2130 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 2131 conn->ca_cert_verify = 1; 2132 2133 return 0; 2134 2135#else /* OPENSSL_NO_ENGINE */ 2136 return -1; 2137#endif /* OPENSSL_NO_ENGINE */ 2138} 2139 2140 2141static int tls_connection_engine_private_key(struct tls_connection *conn) 2142{ 2143#ifndef OPENSSL_NO_ENGINE 2144 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) { 2145 tls_show_errors(MSG_ERROR, __func__, 2146 "ENGINE: cannot use private key for TLS"); 2147 return -1; 2148 } 2149 if (!SSL_check_private_key(conn->ssl)) { 2150 tls_show_errors(MSG_INFO, __func__, 2151 "Private key failed verification"); 2152 return -1; 2153 } 2154 return 0; 2155#else /* OPENSSL_NO_ENGINE */ 2156 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but " 2157 "engine support was not compiled in"); 2158 return -1; 2159#endif /* OPENSSL_NO_ENGINE */ 2160} 2161 2162 2163static int tls_connection_private_key(void *_ssl_ctx, 2164 struct tls_connection *conn, 2165 const char *private_key, 2166 const char *private_key_passwd, 2167 const u8 *private_key_blob, 2168 size_t private_key_blob_len) 2169{ 2170 SSL_CTX *ssl_ctx = _ssl_ctx; 2171 char *passwd; 2172 int ok; 2173 2174 if (private_key == NULL && private_key_blob == NULL) 2175 return 0; 2176 2177 if (private_key_passwd) { 2178 passwd = os_strdup(private_key_passwd); 2179 if (passwd == NULL) 2180 return -1; 2181 } else 2182 passwd = NULL; 2183 2184 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2185 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2186 2187 ok = 0; 2188 while (private_key_blob) { 2189 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl, 2190 (u8 *) private_key_blob, 2191 private_key_blob_len) == 1) { 2192 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 2193 "ASN1(EVP_PKEY_RSA) --> OK"); 2194 ok = 1; 2195 break; 2196 } 2197 2198 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, 2199 (u8 *) private_key_blob, 2200 private_key_blob_len) == 1) { 2201 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 2202 "ASN1(EVP_PKEY_DSA) --> OK"); 2203 ok = 1; 2204 break; 2205 } 2206 2207 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, 2208 (u8 *) private_key_blob, 2209 private_key_blob_len) == 1) { 2210 wpa_printf(MSG_DEBUG, "OpenSSL: " 2211 "SSL_use_RSAPrivateKey_ASN1 --> OK"); 2212 ok = 1; 2213 break; 2214 } 2215 2216 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, 2217 private_key_blob_len, passwd) == 0) { 2218 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> " 2219 "OK"); 2220 ok = 1; 2221 break; 2222 } 2223 2224 break; 2225 } 2226 2227 while (!ok && private_key) { 2228#ifndef OPENSSL_NO_STDIO 2229 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2230 SSL_FILETYPE_ASN1) == 1) { 2231 wpa_printf(MSG_DEBUG, "OpenSSL: " 2232 "SSL_use_PrivateKey_File (DER) --> OK"); 2233 ok = 1; 2234 break; 2235 } 2236 2237 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2238 SSL_FILETYPE_PEM) == 1) { 2239 wpa_printf(MSG_DEBUG, "OpenSSL: " 2240 "SSL_use_PrivateKey_File (PEM) --> OK"); 2241 ok = 1; 2242 break; 2243 } 2244#else /* OPENSSL_NO_STDIO */ 2245 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 2246 __func__); 2247#endif /* OPENSSL_NO_STDIO */ 2248 2249 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd) 2250 == 0) { 2251 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file " 2252 "--> OK"); 2253 ok = 1; 2254 break; 2255 } 2256 2257 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) { 2258 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to " 2259 "access certificate store --> OK"); 2260 ok = 1; 2261 break; 2262 } 2263 2264 break; 2265 } 2266 2267 if (!ok) { 2268 tls_show_errors(MSG_INFO, __func__, 2269 "Failed to load private key"); 2270 os_free(passwd); 2271 return -1; 2272 } 2273 ERR_clear_error(); 2274 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2275 os_free(passwd); 2276 2277 if (!SSL_check_private_key(conn->ssl)) { 2278 tls_show_errors(MSG_INFO, __func__, "Private key failed " 2279 "verification"); 2280 return -1; 2281 } 2282 2283 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully"); 2284 return 0; 2285} 2286 2287 2288static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key, 2289 const char *private_key_passwd) 2290{ 2291 char *passwd; 2292 2293 if (private_key == NULL) 2294 return 0; 2295 2296 if (private_key_passwd) { 2297 passwd = os_strdup(private_key_passwd); 2298 if (passwd == NULL) 2299 return -1; 2300 } else 2301 passwd = NULL; 2302 2303 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2304 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2305 if ( 2306#ifndef OPENSSL_NO_STDIO 2307 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2308 SSL_FILETYPE_ASN1) != 1 && 2309 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2310 SSL_FILETYPE_PEM) != 1 && 2311#endif /* OPENSSL_NO_STDIO */ 2312 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) { 2313 tls_show_errors(MSG_INFO, __func__, 2314 "Failed to load private key"); 2315 os_free(passwd); 2316 ERR_clear_error(); 2317 return -1; 2318 } 2319 os_free(passwd); 2320 ERR_clear_error(); 2321 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2322 2323 if (!SSL_CTX_check_private_key(ssl_ctx)) { 2324 tls_show_errors(MSG_INFO, __func__, 2325 "Private key failed verification"); 2326 return -1; 2327 } 2328 2329 return 0; 2330} 2331 2332 2333static int tls_connection_dh(struct tls_connection *conn, const char *dh_file) 2334{ 2335#ifdef OPENSSL_NO_DH 2336 if (dh_file == NULL) 2337 return 0; 2338 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2339 "dh_file specified"); 2340 return -1; 2341#else /* OPENSSL_NO_DH */ 2342 DH *dh; 2343 BIO *bio; 2344 2345 /* TODO: add support for dh_blob */ 2346 if (dh_file == NULL) 2347 return 0; 2348 if (conn == NULL) 2349 return -1; 2350 2351 bio = BIO_new_file(dh_file, "r"); 2352 if (bio == NULL) { 2353 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2354 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2355 return -1; 2356 } 2357 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2358 BIO_free(bio); 2359#ifndef OPENSSL_NO_DSA 2360 while (dh == NULL) { 2361 DSA *dsa; 2362 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2363 " trying to parse as DSA params", dh_file, 2364 ERR_error_string(ERR_get_error(), NULL)); 2365 bio = BIO_new_file(dh_file, "r"); 2366 if (bio == NULL) 2367 break; 2368 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2369 BIO_free(bio); 2370 if (!dsa) { 2371 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2372 "'%s': %s", dh_file, 2373 ERR_error_string(ERR_get_error(), NULL)); 2374 break; 2375 } 2376 2377 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2378 dh = DSA_dup_DH(dsa); 2379 DSA_free(dsa); 2380 if (dh == NULL) { 2381 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2382 "params into DH params"); 2383 break; 2384 } 2385 break; 2386 } 2387#endif /* !OPENSSL_NO_DSA */ 2388 if (dh == NULL) { 2389 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2390 "'%s'", dh_file); 2391 return -1; 2392 } 2393 2394 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) { 2395 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2396 "%s", dh_file, 2397 ERR_error_string(ERR_get_error(), NULL)); 2398 DH_free(dh); 2399 return -1; 2400 } 2401 DH_free(dh); 2402 return 0; 2403#endif /* OPENSSL_NO_DH */ 2404} 2405 2406 2407static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file) 2408{ 2409#ifdef OPENSSL_NO_DH 2410 if (dh_file == NULL) 2411 return 0; 2412 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2413 "dh_file specified"); 2414 return -1; 2415#else /* OPENSSL_NO_DH */ 2416 DH *dh; 2417 BIO *bio; 2418 2419 /* TODO: add support for dh_blob */ 2420 if (dh_file == NULL) 2421 return 0; 2422 if (ssl_ctx == NULL) 2423 return -1; 2424 2425 bio = BIO_new_file(dh_file, "r"); 2426 if (bio == NULL) { 2427 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2428 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2429 return -1; 2430 } 2431 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2432 BIO_free(bio); 2433#ifndef OPENSSL_NO_DSA 2434 while (dh == NULL) { 2435 DSA *dsa; 2436 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2437 " trying to parse as DSA params", dh_file, 2438 ERR_error_string(ERR_get_error(), NULL)); 2439 bio = BIO_new_file(dh_file, "r"); 2440 if (bio == NULL) 2441 break; 2442 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2443 BIO_free(bio); 2444 if (!dsa) { 2445 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2446 "'%s': %s", dh_file, 2447 ERR_error_string(ERR_get_error(), NULL)); 2448 break; 2449 } 2450 2451 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2452 dh = DSA_dup_DH(dsa); 2453 DSA_free(dsa); 2454 if (dh == NULL) { 2455 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2456 "params into DH params"); 2457 break; 2458 } 2459 break; 2460 } 2461#endif /* !OPENSSL_NO_DSA */ 2462 if (dh == NULL) { 2463 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2464 "'%s'", dh_file); 2465 return -1; 2466 } 2467 2468 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) { 2469 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2470 "%s", dh_file, 2471 ERR_error_string(ERR_get_error(), NULL)); 2472 DH_free(dh); 2473 return -1; 2474 } 2475 DH_free(dh); 2476 return 0; 2477#endif /* OPENSSL_NO_DH */ 2478} 2479 2480 2481int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, 2482 struct tls_keys *keys) 2483{ 2484#ifdef CONFIG_FIPS 2485 wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS " 2486 "mode"); 2487 return -1; 2488#else /* CONFIG_FIPS */ 2489 SSL *ssl; 2490 2491 if (conn == NULL || keys == NULL) 2492 return -1; 2493 ssl = conn->ssl; 2494 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) 2495 return -1; 2496 2497 os_memset(keys, 0, sizeof(*keys)); 2498 keys->master_key = ssl->session->master_key; 2499 keys->master_key_len = ssl->session->master_key_length; 2500 keys->client_random = ssl->s3->client_random; 2501 keys->client_random_len = SSL3_RANDOM_SIZE; 2502 keys->server_random = ssl->s3->server_random; 2503 keys->server_random_len = SSL3_RANDOM_SIZE; 2504 2505 return 0; 2506#endif /* CONFIG_FIPS */ 2507} 2508 2509 2510int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 2511 const char *label, int server_random_first, 2512 u8 *out, size_t out_len) 2513{ 2514#if OPENSSL_VERSION_NUMBER >= 0x10001000L 2515 SSL *ssl; 2516 if (conn == NULL) 2517 return -1; 2518 if (server_random_first) 2519 return -1; 2520 ssl = conn->ssl; 2521 if (SSL_export_keying_material(ssl, out, out_len, label, 2522 os_strlen(label), NULL, 0, 0) == 1) { 2523 wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF"); 2524 return 0; 2525 } 2526#endif 2527 return -1; 2528} 2529 2530 2531static struct wpabuf * 2532openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, 2533 int server) 2534{ 2535 int res; 2536 struct wpabuf *out_data; 2537 2538 /* 2539 * Give TLS handshake data from the server (if available) to OpenSSL 2540 * for processing. 2541 */ 2542 if (in_data && 2543 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data)) 2544 < 0) { 2545 tls_show_errors(MSG_INFO, __func__, 2546 "Handshake failed - BIO_write"); 2547 return NULL; 2548 } 2549 2550 /* Initiate TLS handshake or continue the existing handshake */ 2551 if (server) 2552 res = SSL_accept(conn->ssl); 2553 else 2554 res = SSL_connect(conn->ssl); 2555 if (res != 1) { 2556 int err = SSL_get_error(conn->ssl, res); 2557 if (err == SSL_ERROR_WANT_READ) 2558 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want " 2559 "more data"); 2560 else if (err == SSL_ERROR_WANT_WRITE) 2561 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " 2562 "write"); 2563 else { 2564 tls_show_errors(MSG_INFO, __func__, "SSL_connect"); 2565 conn->failed++; 2566 } 2567 } 2568 2569 /* Get the TLS handshake data to be sent to the server */ 2570 res = BIO_ctrl_pending(conn->ssl_out); 2571 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2572 out_data = wpabuf_alloc(res); 2573 if (out_data == NULL) { 2574 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2575 "handshake output (%d bytes)", res); 2576 if (BIO_reset(conn->ssl_out) < 0) { 2577 tls_show_errors(MSG_INFO, __func__, 2578 "BIO_reset failed"); 2579 } 2580 return NULL; 2581 } 2582 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data), 2583 res); 2584 if (res < 0) { 2585 tls_show_errors(MSG_INFO, __func__, 2586 "Handshake failed - BIO_read"); 2587 if (BIO_reset(conn->ssl_out) < 0) { 2588 tls_show_errors(MSG_INFO, __func__, 2589 "BIO_reset failed"); 2590 } 2591 wpabuf_free(out_data); 2592 return NULL; 2593 } 2594 wpabuf_put(out_data, res); 2595 2596 return out_data; 2597} 2598 2599 2600static struct wpabuf * 2601openssl_get_appl_data(struct tls_connection *conn, size_t max_len) 2602{ 2603 struct wpabuf *appl_data; 2604 int res; 2605 2606 appl_data = wpabuf_alloc(max_len + 100); 2607 if (appl_data == NULL) 2608 return NULL; 2609 2610 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data), 2611 wpabuf_size(appl_data)); 2612 if (res < 0) { 2613 int err = SSL_get_error(conn->ssl, res); 2614 if (err == SSL_ERROR_WANT_READ || 2615 err == SSL_ERROR_WANT_WRITE) { 2616 wpa_printf(MSG_DEBUG, "SSL: No Application Data " 2617 "included"); 2618 } else { 2619 tls_show_errors(MSG_INFO, __func__, 2620 "Failed to read possible " 2621 "Application Data"); 2622 } 2623 wpabuf_free(appl_data); 2624 return NULL; 2625 } 2626 2627 wpabuf_put(appl_data, res); 2628 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished " 2629 "message", appl_data); 2630 2631 return appl_data; 2632} 2633 2634 2635static struct wpabuf * 2636openssl_connection_handshake(struct tls_connection *conn, 2637 const struct wpabuf *in_data, 2638 struct wpabuf **appl_data, int server) 2639{ 2640 struct wpabuf *out_data; 2641 2642 if (appl_data) 2643 *appl_data = NULL; 2644 2645 out_data = openssl_handshake(conn, in_data, server); 2646 if (out_data == NULL) 2647 return NULL; 2648 2649 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data) 2650 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data)); 2651 2652 return out_data; 2653} 2654 2655 2656struct wpabuf * 2657tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, 2658 const struct wpabuf *in_data, 2659 struct wpabuf **appl_data) 2660{ 2661 return openssl_connection_handshake(conn, in_data, appl_data, 0); 2662} 2663 2664 2665struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 2666 struct tls_connection *conn, 2667 const struct wpabuf *in_data, 2668 struct wpabuf **appl_data) 2669{ 2670 return openssl_connection_handshake(conn, in_data, appl_data, 1); 2671} 2672 2673 2674struct wpabuf * tls_connection_encrypt(void *tls_ctx, 2675 struct tls_connection *conn, 2676 const struct wpabuf *in_data) 2677{ 2678 int res; 2679 struct wpabuf *buf; 2680 2681 if (conn == NULL) 2682 return NULL; 2683 2684 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */ 2685 if ((res = BIO_reset(conn->ssl_in)) < 0 || 2686 (res = BIO_reset(conn->ssl_out)) < 0) { 2687 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2688 return NULL; 2689 } 2690 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data)); 2691 if (res < 0) { 2692 tls_show_errors(MSG_INFO, __func__, 2693 "Encryption failed - SSL_write"); 2694 return NULL; 2695 } 2696 2697 /* Read encrypted data to be sent to the server */ 2698 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 2699 if (buf == NULL) 2700 return NULL; 2701 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf)); 2702 if (res < 0) { 2703 tls_show_errors(MSG_INFO, __func__, 2704 "Encryption failed - BIO_read"); 2705 wpabuf_free(buf); 2706 return NULL; 2707 } 2708 wpabuf_put(buf, res); 2709 2710 return buf; 2711} 2712 2713 2714struct wpabuf * tls_connection_decrypt(void *tls_ctx, 2715 struct tls_connection *conn, 2716 const struct wpabuf *in_data) 2717{ 2718 int res; 2719 struct wpabuf *buf; 2720 2721 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */ 2722 res = BIO_write(conn->ssl_in, wpabuf_head(in_data), 2723 wpabuf_len(in_data)); 2724 if (res < 0) { 2725 tls_show_errors(MSG_INFO, __func__, 2726 "Decryption failed - BIO_write"); 2727 return NULL; 2728 } 2729 if (BIO_reset(conn->ssl_out) < 0) { 2730 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2731 return NULL; 2732 } 2733 2734 /* Read decrypted data for further processing */ 2735 /* 2736 * Even though we try to disable TLS compression, it is possible that 2737 * this cannot be done with all TLS libraries. Add extra buffer space 2738 * to handle the possibility of the decrypted data being longer than 2739 * input data. 2740 */ 2741 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 2742 if (buf == NULL) 2743 return NULL; 2744 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); 2745 if (res < 0) { 2746 tls_show_errors(MSG_INFO, __func__, 2747 "Decryption failed - SSL_read"); 2748 wpabuf_free(buf); 2749 return NULL; 2750 } 2751 wpabuf_put(buf, res); 2752 2753 return buf; 2754} 2755 2756 2757int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 2758{ 2759 return conn ? conn->ssl->hit : 0; 2760} 2761 2762 2763int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 2764 u8 *ciphers) 2765{ 2766 char buf[100], *pos, *end; 2767 u8 *c; 2768 int ret; 2769 2770 if (conn == NULL || conn->ssl == NULL || ciphers == NULL) 2771 return -1; 2772 2773 buf[0] = '\0'; 2774 pos = buf; 2775 end = pos + sizeof(buf); 2776 2777 c = ciphers; 2778 while (*c != TLS_CIPHER_NONE) { 2779 const char *suite; 2780 2781 switch (*c) { 2782 case TLS_CIPHER_RC4_SHA: 2783 suite = "RC4-SHA"; 2784 break; 2785 case TLS_CIPHER_AES128_SHA: 2786 suite = "AES128-SHA"; 2787 break; 2788 case TLS_CIPHER_RSA_DHE_AES128_SHA: 2789 suite = "DHE-RSA-AES128-SHA"; 2790 break; 2791 case TLS_CIPHER_ANON_DH_AES128_SHA: 2792 suite = "ADH-AES128-SHA"; 2793 break; 2794 default: 2795 wpa_printf(MSG_DEBUG, "TLS: Unsupported " 2796 "cipher selection: %d", *c); 2797 return -1; 2798 } 2799 ret = os_snprintf(pos, end - pos, ":%s", suite); 2800 if (ret < 0 || ret >= end - pos) 2801 break; 2802 pos += ret; 2803 2804 c++; 2805 } 2806 2807 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); 2808 2809 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) { 2810 tls_show_errors(MSG_INFO, __func__, 2811 "Cipher suite configuration failed"); 2812 return -1; 2813 } 2814 2815 return 0; 2816} 2817 2818 2819int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, 2820 char *buf, size_t buflen) 2821{ 2822 const char *name; 2823 if (conn == NULL || conn->ssl == NULL) 2824 return -1; 2825 2826 name = SSL_get_cipher(conn->ssl); 2827 if (name == NULL) 2828 return -1; 2829 2830 os_strlcpy(buf, name, buflen); 2831 return 0; 2832} 2833 2834 2835int tls_connection_enable_workaround(void *ssl_ctx, 2836 struct tls_connection *conn) 2837{ 2838 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 2839 2840 return 0; 2841} 2842 2843 2844#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 2845/* ClientHello TLS extensions require a patch to openssl, so this function is 2846 * commented out unless explicitly needed for EAP-FAST in order to be able to 2847 * build this file with unmodified openssl. */ 2848int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, 2849 int ext_type, const u8 *data, 2850 size_t data_len) 2851{ 2852 if (conn == NULL || conn->ssl == NULL || ext_type != 35) 2853 return -1; 2854 2855#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2856 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data, 2857 data_len) != 1) 2858 return -1; 2859#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2860 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data, 2861 data_len) != 1) 2862 return -1; 2863#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2864 2865 return 0; 2866} 2867#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 2868 2869 2870int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) 2871{ 2872 if (conn == NULL) 2873 return -1; 2874 return conn->failed; 2875} 2876 2877 2878int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) 2879{ 2880 if (conn == NULL) 2881 return -1; 2882 return conn->read_alerts; 2883} 2884 2885 2886int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) 2887{ 2888 if (conn == NULL) 2889 return -1; 2890 return conn->write_alerts; 2891} 2892 2893 2894#ifdef HAVE_OCSP 2895 2896static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp) 2897{ 2898#ifndef CONFIG_NO_STDOUT_DEBUG 2899 BIO *out; 2900 size_t rlen; 2901 char *txt; 2902 int res; 2903 2904 if (wpa_debug_level > MSG_DEBUG) 2905 return; 2906 2907 out = BIO_new(BIO_s_mem()); 2908 if (!out) 2909 return; 2910 2911 OCSP_RESPONSE_print(out, rsp, 0); 2912 rlen = BIO_ctrl_pending(out); 2913 txt = os_malloc(rlen + 1); 2914 if (!txt) { 2915 BIO_free(out); 2916 return; 2917 } 2918 2919 res = BIO_read(out, txt, rlen); 2920 if (res > 0) { 2921 txt[res] = '\0'; 2922 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt); 2923 } 2924 os_free(txt); 2925 BIO_free(out); 2926#endif /* CONFIG_NO_STDOUT_DEBUG */ 2927} 2928 2929 2930static int ocsp_resp_cb(SSL *s, void *arg) 2931{ 2932 struct tls_connection *conn = arg; 2933 const unsigned char *p; 2934 int len, status, reason; 2935 OCSP_RESPONSE *rsp; 2936 OCSP_BASICRESP *basic; 2937 OCSP_CERTID *id; 2938 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update; 2939 X509_STORE *store; 2940 STACK_OF(X509) *certs = NULL; 2941 2942 len = SSL_get_tlsext_status_ocsp_resp(s, &p); 2943 if (!p) { 2944 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received"); 2945 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1; 2946 } 2947 2948 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len); 2949 2950 rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 2951 if (!rsp) { 2952 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response"); 2953 return 0; 2954 } 2955 2956 ocsp_debug_print_resp(rsp); 2957 2958 status = OCSP_response_status(rsp); 2959 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { 2960 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)", 2961 status, OCSP_response_status_str(status)); 2962 return 0; 2963 } 2964 2965 basic = OCSP_response_get1_basic(rsp); 2966 if (!basic) { 2967 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse"); 2968 return 0; 2969 } 2970 2971 store = SSL_CTX_get_cert_store(s->ctx); 2972 if (conn->peer_issuer) { 2973 wpa_printf(MSG_DEBUG, "OpenSSL: Add issuer"); 2974 X509_print_fp(stdout, conn->peer_issuer); 2975 2976 if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) { 2977 tls_show_errors(MSG_INFO, __func__, 2978 "OpenSSL: Could not add issuer to certificate store\n"); 2979 } 2980 certs = sk_X509_new_null(); 2981 if (certs) { 2982 X509 *cert; 2983 cert = X509_dup(conn->peer_issuer); 2984 if (cert && !sk_X509_push(certs, cert)) { 2985 tls_show_errors( 2986 MSG_INFO, __func__, 2987 "OpenSSL: Could not add issuer to OCSP responder trust store\n"); 2988 X509_free(cert); 2989 sk_X509_free(certs); 2990 certs = NULL; 2991 } 2992 if (conn->peer_issuer_issuer) { 2993 cert = X509_dup(conn->peer_issuer_issuer); 2994 if (cert && !sk_X509_push(certs, cert)) { 2995 tls_show_errors( 2996 MSG_INFO, __func__, 2997 "OpenSSL: Could not add issuer to OCSP responder trust store\n"); 2998 X509_free(cert); 2999 } 3000 } 3001 } 3002 } 3003 3004 status = OCSP_basic_verify(basic, certs, store, OCSP_TRUSTOTHER); 3005 sk_X509_pop_free(certs, X509_free); 3006 if (status <= 0) { 3007 tls_show_errors(MSG_INFO, __func__, 3008 "OpenSSL: OCSP response failed verification"); 3009 OCSP_BASICRESP_free(basic); 3010 OCSP_RESPONSE_free(rsp); 3011 return 0; 3012 } 3013 3014 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded"); 3015 3016 if (!conn->peer_cert) { 3017 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check"); 3018 OCSP_BASICRESP_free(basic); 3019 OCSP_RESPONSE_free(rsp); 3020 return 0; 3021 } 3022 3023 if (!conn->peer_issuer) { 3024 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check"); 3025 OCSP_BASICRESP_free(basic); 3026 OCSP_RESPONSE_free(rsp); 3027 return 0; 3028 } 3029 3030 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer); 3031 if (!id) { 3032 wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier"); 3033 OCSP_BASICRESP_free(basic); 3034 OCSP_RESPONSE_free(rsp); 3035 return 0; 3036 } 3037 3038 if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at, 3039 &this_update, &next_update)) { 3040 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s", 3041 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" : 3042 " (OCSP not required)"); 3043 OCSP_BASICRESP_free(basic); 3044 OCSP_RESPONSE_free(rsp); 3045 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1; 3046 } 3047 3048 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) { 3049 tls_show_errors(MSG_INFO, __func__, 3050 "OpenSSL: OCSP status times invalid"); 3051 OCSP_BASICRESP_free(basic); 3052 OCSP_RESPONSE_free(rsp); 3053 return 0; 3054 } 3055 3056 OCSP_BASICRESP_free(basic); 3057 OCSP_RESPONSE_free(rsp); 3058 3059 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s", 3060 OCSP_cert_status_str(status)); 3061 3062 if (status == V_OCSP_CERTSTATUS_GOOD) 3063 return 1; 3064 if (status == V_OCSP_CERTSTATUS_REVOKED) 3065 return 0; 3066 if (conn->flags & TLS_CONN_REQUIRE_OCSP) { 3067 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required"); 3068 return 0; 3069 } 3070 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue"); 3071 return 1; 3072} 3073 3074 3075static int ocsp_status_cb(SSL *s, void *arg) 3076{ 3077 char *tmp; 3078 char *resp; 3079 size_t len; 3080 3081 if (tls_global->ocsp_stapling_response == NULL) { 3082 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured"); 3083 return SSL_TLSEXT_ERR_OK; 3084 } 3085 3086 resp = os_readfile(tls_global->ocsp_stapling_response, &len); 3087 if (resp == NULL) { 3088 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file"); 3089 /* TODO: Build OCSPResponse with responseStatus = internalError 3090 */ 3091 return SSL_TLSEXT_ERR_OK; 3092 } 3093 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response"); 3094 tmp = OPENSSL_malloc(len); 3095 if (tmp == NULL) { 3096 os_free(resp); 3097 return SSL_TLSEXT_ERR_ALERT_FATAL; 3098 } 3099 3100 os_memcpy(tmp, resp, len); 3101 os_free(resp); 3102 SSL_set_tlsext_status_ocsp_resp(s, tmp, len); 3103 3104 return SSL_TLSEXT_ERR_OK; 3105} 3106 3107#endif /* HAVE_OCSP */ 3108 3109 3110int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 3111 const struct tls_connection_params *params) 3112{ 3113 int ret; 3114 unsigned long err; 3115 3116 if (conn == NULL) 3117 return -1; 3118 3119 while ((err = ERR_get_error())) { 3120 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 3121 __func__, ERR_error_string(err, NULL)); 3122 } 3123 3124 if (params->engine) { 3125 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine"); 3126 ret = tls_engine_init(conn, params->engine_id, params->pin, 3127 params->key_id, params->cert_id, 3128 params->ca_cert_id); 3129 if (ret) 3130 return ret; 3131 } 3132 if (tls_connection_set_subject_match(conn, 3133 params->subject_match, 3134 params->altsubject_match, 3135 params->suffix_match)) 3136 return -1; 3137 3138 if (params->engine && params->ca_cert_id) { 3139 if (tls_connection_engine_ca_cert(tls_ctx, conn, 3140 params->ca_cert_id)) 3141 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3142 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, 3143 params->ca_cert_blob, 3144 params->ca_cert_blob_len, 3145 params->ca_path)) 3146 return -1; 3147 3148 if (params->engine && params->cert_id) { 3149 if (tls_connection_engine_client_cert(conn, params->cert_id)) 3150 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3151 } else if (tls_connection_client_cert(conn, params->client_cert, 3152 params->client_cert_blob, 3153 params->client_cert_blob_len)) 3154 return -1; 3155 3156 if (params->engine && params->key_id) { 3157 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine"); 3158 if (tls_connection_engine_private_key(conn)) 3159 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3160 } else if (tls_connection_private_key(tls_ctx, conn, 3161 params->private_key, 3162 params->private_key_passwd, 3163 params->private_key_blob, 3164 params->private_key_blob_len)) { 3165 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'", 3166 params->private_key); 3167 return -1; 3168 } 3169 3170 if (tls_connection_dh(conn, params->dh_file)) { 3171 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 3172 params->dh_file); 3173 return -1; 3174 } 3175 3176#ifdef SSL_OP_NO_TICKET 3177 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET) 3178 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET); 3179#ifdef SSL_clear_options 3180 else 3181 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET); 3182#endif /* SSL_clear_options */ 3183#endif /* SSL_OP_NO_TICKET */ 3184 3185#ifdef SSL_OP_NO_TLSv1_1 3186 if (params->flags & TLS_CONN_DISABLE_TLSv1_1) 3187 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1); 3188 else 3189 SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1); 3190#endif /* SSL_OP_NO_TLSv1_1 */ 3191#ifdef SSL_OP_NO_TLSv1_2 3192 if (params->flags & TLS_CONN_DISABLE_TLSv1_2) 3193 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2); 3194 else 3195 SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2); 3196#endif /* SSL_OP_NO_TLSv1_2 */ 3197 3198#ifdef HAVE_OCSP 3199 if (params->flags & TLS_CONN_REQUEST_OCSP) { 3200 SSL_CTX *ssl_ctx = tls_ctx; 3201 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp); 3202 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb); 3203 SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn); 3204 } 3205#endif /* HAVE_OCSP */ 3206 3207 conn->flags = params->flags; 3208 3209 tls_get_errors(tls_ctx); 3210 3211 return 0; 3212} 3213 3214 3215int tls_global_set_params(void *tls_ctx, 3216 const struct tls_connection_params *params) 3217{ 3218 SSL_CTX *ssl_ctx = tls_ctx; 3219 unsigned long err; 3220 3221 while ((err = ERR_get_error())) { 3222 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 3223 __func__, ERR_error_string(err, NULL)); 3224 } 3225 3226 if (tls_global_ca_cert(ssl_ctx, params->ca_cert)) 3227 return -1; 3228 3229 if (tls_global_client_cert(ssl_ctx, params->client_cert)) 3230 return -1; 3231 3232 if (tls_global_private_key(ssl_ctx, params->private_key, 3233 params->private_key_passwd)) 3234 return -1; 3235 3236 if (tls_global_dh(ssl_ctx, params->dh_file)) { 3237 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 3238 params->dh_file); 3239 return -1; 3240 } 3241 3242#ifdef SSL_OP_NO_TICKET 3243 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET) 3244 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET); 3245#ifdef SSL_CTX_clear_options 3246 else 3247 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET); 3248#endif /* SSL_clear_options */ 3249#endif /* SSL_OP_NO_TICKET */ 3250 3251#ifdef HAVE_OCSP 3252 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb); 3253 SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx); 3254 os_free(tls_global->ocsp_stapling_response); 3255 if (params->ocsp_stapling_response) 3256 tls_global->ocsp_stapling_response = 3257 os_strdup(params->ocsp_stapling_response); 3258 else 3259 tls_global->ocsp_stapling_response = NULL; 3260#endif /* HAVE_OCSP */ 3261 3262 return 0; 3263} 3264 3265 3266int tls_connection_get_keyblock_size(void *tls_ctx, 3267 struct tls_connection *conn) 3268{ 3269 const EVP_CIPHER *c; 3270 const EVP_MD *h; 3271 int md_size; 3272 3273 if (conn == NULL || conn->ssl == NULL || 3274 conn->ssl->enc_read_ctx == NULL || 3275 conn->ssl->enc_read_ctx->cipher == NULL || 3276 conn->ssl->read_hash == NULL) 3277 return -1; 3278 3279 c = conn->ssl->enc_read_ctx->cipher; 3280#if OPENSSL_VERSION_NUMBER >= 0x00909000L 3281 h = EVP_MD_CTX_md(conn->ssl->read_hash); 3282#else 3283 h = conn->ssl->read_hash; 3284#endif 3285 if (h) 3286 md_size = EVP_MD_size(h); 3287#if OPENSSL_VERSION_NUMBER >= 0x10000000L 3288 else if (conn->ssl->s3) 3289 md_size = conn->ssl->s3->tmp.new_mac_secret_size; 3290#endif 3291 else 3292 return -1; 3293 3294 wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d " 3295 "IV_len=%d", EVP_CIPHER_key_length(c), md_size, 3296 EVP_CIPHER_iv_length(c)); 3297 return 2 * (EVP_CIPHER_key_length(c) + 3298 md_size + 3299 EVP_CIPHER_iv_length(c)); 3300} 3301 3302 3303unsigned int tls_capabilities(void *tls_ctx) 3304{ 3305 return 0; 3306} 3307 3308 3309#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3310/* Pre-shared secred requires a patch to openssl, so this function is 3311 * commented out unless explicitly needed for EAP-FAST in order to be able to 3312 * build this file with unmodified openssl. */ 3313 3314static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, 3315 STACK_OF(SSL_CIPHER) *peer_ciphers, 3316 SSL_CIPHER **cipher, void *arg) 3317{ 3318 struct tls_connection *conn = arg; 3319 int ret; 3320 3321 if (conn == NULL || conn->session_ticket_cb == NULL) 3322 return 0; 3323 3324 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, 3325 conn->session_ticket, 3326 conn->session_ticket_len, 3327 s->s3->client_random, 3328 s->s3->server_random, secret); 3329 os_free(conn->session_ticket); 3330 conn->session_ticket = NULL; 3331 3332 if (ret <= 0) 3333 return 0; 3334 3335 *secret_len = SSL_MAX_MASTER_KEY_LENGTH; 3336 return 1; 3337} 3338 3339 3340#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3341static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data, 3342 int len, void *arg) 3343{ 3344 struct tls_connection *conn = arg; 3345 3346 if (conn == NULL || conn->session_ticket_cb == NULL) 3347 return 0; 3348 3349 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len); 3350 3351 os_free(conn->session_ticket); 3352 conn->session_ticket = NULL; 3353 3354 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3355 "extension", data, len); 3356 3357 conn->session_ticket = os_malloc(len); 3358 if (conn->session_ticket == NULL) 3359 return 0; 3360 3361 os_memcpy(conn->session_ticket, data, len); 3362 conn->session_ticket_len = len; 3363 3364 return 1; 3365} 3366#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3367#ifdef SSL_OP_NO_TICKET 3368static void tls_hello_ext_cb(SSL *s, int client_server, int type, 3369 unsigned char *data, int len, void *arg) 3370{ 3371 struct tls_connection *conn = arg; 3372 3373 if (conn == NULL || conn->session_ticket_cb == NULL) 3374 return; 3375 3376 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 3377 type, len); 3378 3379 if (type == TLSEXT_TYPE_session_ticket && !client_server) { 3380 os_free(conn->session_ticket); 3381 conn->session_ticket = NULL; 3382 3383 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3384 "extension", data, len); 3385 conn->session_ticket = os_malloc(len); 3386 if (conn->session_ticket == NULL) 3387 return; 3388 3389 os_memcpy(conn->session_ticket, data, len); 3390 conn->session_ticket_len = len; 3391 } 3392} 3393#else /* SSL_OP_NO_TICKET */ 3394static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg) 3395{ 3396 struct tls_connection *conn = arg; 3397 3398 if (conn == NULL || conn->session_ticket_cb == NULL) 3399 return 0; 3400 3401 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 3402 ext->type, ext->length); 3403 3404 os_free(conn->session_ticket); 3405 conn->session_ticket = NULL; 3406 3407 if (ext->type == 35) { 3408 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3409 "extension", ext->data, ext->length); 3410 conn->session_ticket = os_malloc(ext->length); 3411 if (conn->session_ticket == NULL) 3412 return SSL_AD_INTERNAL_ERROR; 3413 3414 os_memcpy(conn->session_ticket, ext->data, ext->length); 3415 conn->session_ticket_len = ext->length; 3416 } 3417 3418 return 0; 3419} 3420#endif /* SSL_OP_NO_TICKET */ 3421#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3422#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3423 3424 3425int tls_connection_set_session_ticket_cb(void *tls_ctx, 3426 struct tls_connection *conn, 3427 tls_session_ticket_cb cb, 3428 void *ctx) 3429{ 3430#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3431 conn->session_ticket_cb = cb; 3432 conn->session_ticket_cb_ctx = ctx; 3433 3434 if (cb) { 3435 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, 3436 conn) != 1) 3437 return -1; 3438#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3439 SSL_set_session_ticket_ext_cb(conn->ssl, 3440 tls_session_ticket_ext_cb, conn); 3441#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3442#ifdef SSL_OP_NO_TICKET 3443 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb); 3444 SSL_set_tlsext_debug_arg(conn->ssl, conn); 3445#else /* SSL_OP_NO_TICKET */ 3446 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb, 3447 conn) != 1) 3448 return -1; 3449#endif /* SSL_OP_NO_TICKET */ 3450#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3451 } else { 3452 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) 3453 return -1; 3454#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3455 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL); 3456#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3457#ifdef SSL_OP_NO_TICKET 3458 SSL_set_tlsext_debug_callback(conn->ssl, NULL); 3459 SSL_set_tlsext_debug_arg(conn->ssl, conn); 3460#else /* SSL_OP_NO_TICKET */ 3461 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1) 3462 return -1; 3463#endif /* SSL_OP_NO_TICKET */ 3464#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3465 } 3466 3467 return 0; 3468#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3469 return -1; 3470#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3471} 3472