tls_openssl.c revision 8d520ff1dc2da35cdca849e982051b86468016d8
1/* 2 * SSL/TLS interface functions for OpenSSL 3 * Copyright (c) 2004-2010, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15#include "includes.h" 16 17#ifndef CONFIG_SMARTCARD 18#ifndef OPENSSL_NO_ENGINE 19#define OPENSSL_NO_ENGINE 20#endif 21#endif 22 23#include <openssl/ssl.h> 24#include <openssl/err.h> 25#include <openssl/pkcs12.h> 26#include <openssl/x509v3.h> 27#ifndef OPENSSL_NO_ENGINE 28#include <openssl/engine.h> 29#endif /* OPENSSL_NO_ENGINE */ 30 31#ifdef ANDROID 32#include <openssl/pem.h> 33#include "keystore_get.h" 34#endif /* ANDROID */ 35 36#include "common.h" 37#include "crypto.h" 38#include "tls.h" 39 40#if OPENSSL_VERSION_NUMBER >= 0x0090800fL 41#define OPENSSL_d2i_TYPE const unsigned char ** 42#else 43#define OPENSSL_d2i_TYPE unsigned char ** 44#endif 45 46#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT 47#ifdef SSL_OP_NO_TICKET 48/* 49 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on 50 * 2008-11-15. This version uses a bit different API compared to the old patch. 51 */ 52#define CONFIG_OPENSSL_TICKET_OVERRIDE 53#endif 54#endif 55 56static int tls_openssl_ref_count = 0; 57 58struct tls_global { 59 void (*event_cb)(void *ctx, enum tls_event ev, 60 union tls_event_data *data); 61 void *cb_ctx; 62}; 63 64static struct tls_global *tls_global = NULL; 65 66 67struct tls_connection { 68 SSL *ssl; 69 BIO *ssl_in, *ssl_out; 70#ifndef OPENSSL_NO_ENGINE 71 ENGINE *engine; /* functional reference to the engine */ 72 EVP_PKEY *private_key; /* the private key if using engine */ 73#endif /* OPENSSL_NO_ENGINE */ 74 char *subject_match, *altsubject_match; 75 int read_alerts, write_alerts, failed; 76 77 tls_session_ticket_cb session_ticket_cb; 78 void *session_ticket_cb_ctx; 79 80 /* SessionTicket received from OpenSSL hello_extension_cb (server) */ 81 u8 *session_ticket; 82 size_t session_ticket_len; 83 84 unsigned int ca_cert_verify:1; 85 unsigned int cert_probe:1; 86 unsigned int server_cert_only:1; 87 88 u8 srv_cert_hash[32]; 89}; 90 91 92#ifdef CONFIG_NO_STDOUT_DEBUG 93 94static void _tls_show_errors(void) 95{ 96 unsigned long err; 97 98 while ((err = ERR_get_error())) { 99 /* Just ignore the errors, since stdout is disabled */ 100 } 101} 102#define tls_show_errors(l, f, t) _tls_show_errors() 103 104#else /* CONFIG_NO_STDOUT_DEBUG */ 105 106static void tls_show_errors(int level, const char *func, const char *txt) 107{ 108 unsigned long err; 109 110 wpa_printf(level, "OpenSSL: %s - %s %s", 111 func, txt, ERR_error_string(ERR_get_error(), NULL)); 112 113 while ((err = ERR_get_error())) { 114 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 115 ERR_error_string(err, NULL)); 116 } 117} 118 119#endif /* CONFIG_NO_STDOUT_DEBUG */ 120 121 122#ifdef CONFIG_NATIVE_WINDOWS 123 124/* Windows CryptoAPI and access to certificate stores */ 125#include <wincrypt.h> 126 127#ifdef __MINGW32_VERSION 128/* 129 * MinGW does not yet include all the needed definitions for CryptoAPI, so 130 * define here whatever extra is needed. 131 */ 132#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16) 133#define CERT_STORE_READONLY_FLAG 0x00008000 134#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 135 136#endif /* __MINGW32_VERSION */ 137 138 139struct cryptoapi_rsa_data { 140 const CERT_CONTEXT *cert; 141 HCRYPTPROV crypt_prov; 142 DWORD key_spec; 143 BOOL free_crypt_prov; 144}; 145 146 147static void cryptoapi_error(const char *msg) 148{ 149 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u", 150 msg, (unsigned int) GetLastError()); 151} 152 153 154static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from, 155 unsigned char *to, RSA *rsa, int padding) 156{ 157 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 158 return 0; 159} 160 161 162static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from, 163 unsigned char *to, RSA *rsa, int padding) 164{ 165 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 166 return 0; 167} 168 169 170static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from, 171 unsigned char *to, RSA *rsa, int padding) 172{ 173 struct cryptoapi_rsa_data *priv = 174 (struct cryptoapi_rsa_data *) rsa->meth->app_data; 175 HCRYPTHASH hash; 176 DWORD hash_size, len, i; 177 unsigned char *buf = NULL; 178 int ret = 0; 179 180 if (priv == NULL) { 181 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 182 ERR_R_PASSED_NULL_PARAMETER); 183 return 0; 184 } 185 186 if (padding != RSA_PKCS1_PADDING) { 187 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 188 RSA_R_UNKNOWN_PADDING_TYPE); 189 return 0; 190 } 191 192 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) { 193 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported", 194 __func__); 195 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 196 RSA_R_INVALID_MESSAGE_LENGTH); 197 return 0; 198 } 199 200 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash)) 201 { 202 cryptoapi_error("CryptCreateHash failed"); 203 return 0; 204 } 205 206 len = sizeof(hash_size); 207 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len, 208 0)) { 209 cryptoapi_error("CryptGetHashParam failed"); 210 goto err; 211 } 212 213 if ((int) hash_size != flen) { 214 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)", 215 (unsigned) hash_size, flen); 216 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 217 RSA_R_INVALID_MESSAGE_LENGTH); 218 goto err; 219 } 220 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) { 221 cryptoapi_error("CryptSetHashParam failed"); 222 goto err; 223 } 224 225 len = RSA_size(rsa); 226 buf = os_malloc(len); 227 if (buf == NULL) { 228 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 229 goto err; 230 } 231 232 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) { 233 cryptoapi_error("CryptSignHash failed"); 234 goto err; 235 } 236 237 for (i = 0; i < len; i++) 238 to[i] = buf[len - i - 1]; 239 ret = len; 240 241err: 242 os_free(buf); 243 CryptDestroyHash(hash); 244 245 return ret; 246} 247 248 249static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from, 250 unsigned char *to, RSA *rsa, int padding) 251{ 252 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 253 return 0; 254} 255 256 257static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv) 258{ 259 if (priv == NULL) 260 return; 261 if (priv->crypt_prov && priv->free_crypt_prov) 262 CryptReleaseContext(priv->crypt_prov, 0); 263 if (priv->cert) 264 CertFreeCertificateContext(priv->cert); 265 os_free(priv); 266} 267 268 269static int cryptoapi_finish(RSA *rsa) 270{ 271 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data); 272 os_free((void *) rsa->meth); 273 rsa->meth = NULL; 274 return 1; 275} 276 277 278static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store) 279{ 280 HCERTSTORE cs; 281 const CERT_CONTEXT *ret = NULL; 282 283 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0, 284 store | CERT_STORE_OPEN_EXISTING_FLAG | 285 CERT_STORE_READONLY_FLAG, L"MY"); 286 if (cs == NULL) { 287 cryptoapi_error("Failed to open 'My system store'"); 288 return NULL; 289 } 290 291 if (strncmp(name, "cert://", 7) == 0) { 292 unsigned short wbuf[255]; 293 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255); 294 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING | 295 PKCS_7_ASN_ENCODING, 296 0, CERT_FIND_SUBJECT_STR, 297 wbuf, NULL); 298 } else if (strncmp(name, "hash://", 7) == 0) { 299 CRYPT_HASH_BLOB blob; 300 int len; 301 const char *hash = name + 7; 302 unsigned char *buf; 303 304 len = os_strlen(hash) / 2; 305 buf = os_malloc(len); 306 if (buf && hexstr2bin(hash, buf, len) == 0) { 307 blob.cbData = len; 308 blob.pbData = buf; 309 ret = CertFindCertificateInStore(cs, 310 X509_ASN_ENCODING | 311 PKCS_7_ASN_ENCODING, 312 0, CERT_FIND_HASH, 313 &blob, NULL); 314 } 315 os_free(buf); 316 } 317 318 CertCloseStore(cs, 0); 319 320 return ret; 321} 322 323 324static int tls_cryptoapi_cert(SSL *ssl, const char *name) 325{ 326 X509 *cert = NULL; 327 RSA *rsa = NULL, *pub_rsa; 328 struct cryptoapi_rsa_data *priv; 329 RSA_METHOD *rsa_meth; 330 331 if (name == NULL || 332 (strncmp(name, "cert://", 7) != 0 && 333 strncmp(name, "hash://", 7) != 0)) 334 return -1; 335 336 priv = os_zalloc(sizeof(*priv)); 337 rsa_meth = os_zalloc(sizeof(*rsa_meth)); 338 if (priv == NULL || rsa_meth == NULL) { 339 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory " 340 "for CryptoAPI RSA method"); 341 os_free(priv); 342 os_free(rsa_meth); 343 return -1; 344 } 345 346 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER); 347 if (priv->cert == NULL) { 348 priv->cert = cryptoapi_find_cert( 349 name, CERT_SYSTEM_STORE_LOCAL_MACHINE); 350 } 351 if (priv->cert == NULL) { 352 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate " 353 "'%s'", name); 354 goto err; 355 } 356 357 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded, 358 priv->cert->cbCertEncoded); 359 if (cert == NULL) { 360 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER " 361 "encoding"); 362 goto err; 363 } 364 365 if (!CryptAcquireCertificatePrivateKey(priv->cert, 366 CRYPT_ACQUIRE_COMPARE_KEY_FLAG, 367 NULL, &priv->crypt_prov, 368 &priv->key_spec, 369 &priv->free_crypt_prov)) { 370 cryptoapi_error("Failed to acquire a private key for the " 371 "certificate"); 372 goto err; 373 } 374 375 rsa_meth->name = "Microsoft CryptoAPI RSA Method"; 376 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc; 377 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec; 378 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc; 379 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec; 380 rsa_meth->finish = cryptoapi_finish; 381 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; 382 rsa_meth->app_data = (char *) priv; 383 384 rsa = RSA_new(); 385 if (rsa == NULL) { 386 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 387 ERR_R_MALLOC_FAILURE); 388 goto err; 389 } 390 391 if (!SSL_use_certificate(ssl, cert)) { 392 RSA_free(rsa); 393 rsa = NULL; 394 goto err; 395 } 396 pub_rsa = cert->cert_info->key->pkey->pkey.rsa; 397 X509_free(cert); 398 cert = NULL; 399 400 rsa->n = BN_dup(pub_rsa->n); 401 rsa->e = BN_dup(pub_rsa->e); 402 if (!RSA_set_method(rsa, rsa_meth)) 403 goto err; 404 405 if (!SSL_use_RSAPrivateKey(ssl, rsa)) 406 goto err; 407 RSA_free(rsa); 408 409 return 0; 410 411err: 412 if (cert) 413 X509_free(cert); 414 if (rsa) 415 RSA_free(rsa); 416 else { 417 os_free(rsa_meth); 418 cryptoapi_free_data(priv); 419 } 420 return -1; 421} 422 423 424static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name) 425{ 426 HCERTSTORE cs; 427 PCCERT_CONTEXT ctx = NULL; 428 X509 *cert; 429 char buf[128]; 430 const char *store; 431#ifdef UNICODE 432 WCHAR *wstore; 433#endif /* UNICODE */ 434 435 if (name == NULL || strncmp(name, "cert_store://", 13) != 0) 436 return -1; 437 438 store = name + 13; 439#ifdef UNICODE 440 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR)); 441 if (wstore == NULL) 442 return -1; 443 wsprintf(wstore, L"%S", store); 444 cs = CertOpenSystemStore(0, wstore); 445 os_free(wstore); 446#else /* UNICODE */ 447 cs = CertOpenSystemStore(0, store); 448#endif /* UNICODE */ 449 if (cs == NULL) { 450 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store " 451 "'%s': error=%d", __func__, store, 452 (int) GetLastError()); 453 return -1; 454 } 455 456 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) { 457 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded, 458 ctx->cbCertEncoded); 459 if (cert == NULL) { 460 wpa_printf(MSG_INFO, "CryptoAPI: Could not process " 461 "X509 DER encoding for CA cert"); 462 continue; 463 } 464 465 X509_NAME_oneline(X509_get_subject_name(cert), buf, 466 sizeof(buf)); 467 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for " 468 "system certificate store: subject='%s'", buf); 469 470 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 471 tls_show_errors(MSG_WARNING, __func__, 472 "Failed to add ca_cert to OpenSSL " 473 "certificate store"); 474 } 475 476 X509_free(cert); 477 } 478 479 if (!CertCloseStore(cs, 0)) { 480 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store " 481 "'%s': error=%d", __func__, name + 13, 482 (int) GetLastError()); 483 } 484 485 return 0; 486} 487 488 489#else /* CONFIG_NATIVE_WINDOWS */ 490 491static int tls_cryptoapi_cert(SSL *ssl, const char *name) 492{ 493 return -1; 494} 495 496#endif /* CONFIG_NATIVE_WINDOWS */ 497 498 499static void ssl_info_cb(const SSL *ssl, int where, int ret) 500{ 501 const char *str; 502 int w; 503 504 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret); 505 w = where & ~SSL_ST_MASK; 506 if (w & SSL_ST_CONNECT) 507 str = "SSL_connect"; 508 else if (w & SSL_ST_ACCEPT) 509 str = "SSL_accept"; 510 else 511 str = "undefined"; 512 513 if (where & SSL_CB_LOOP) { 514 wpa_printf(MSG_DEBUG, "SSL: %s:%s", 515 str, SSL_state_string_long(ssl)); 516 } else if (where & SSL_CB_ALERT) { 517 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s", 518 where & SSL_CB_READ ? 519 "read (remote end reported an error)" : 520 "write (local SSL3 detected an error)", 521 SSL_alert_type_string_long(ret), 522 SSL_alert_desc_string_long(ret)); 523 if ((ret >> 8) == SSL3_AL_FATAL) { 524 struct tls_connection *conn = 525 SSL_get_app_data((SSL *) ssl); 526 if (where & SSL_CB_READ) 527 conn->read_alerts++; 528 else 529 conn->write_alerts++; 530 } 531 } else if (where & SSL_CB_EXIT && ret <= 0) { 532 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", 533 str, ret == 0 ? "failed" : "error", 534 SSL_state_string_long(ssl)); 535 } 536} 537 538 539#ifndef OPENSSL_NO_ENGINE 540/** 541 * tls_engine_load_dynamic_generic - load any openssl engine 542 * @pre: an array of commands and values that load an engine initialized 543 * in the engine specific function 544 * @post: an array of commands and values that initialize an already loaded 545 * engine (or %NULL if not required) 546 * @id: the engine id of the engine to load (only required if post is not %NULL 547 * 548 * This function is a generic function that loads any openssl engine. 549 * 550 * Returns: 0 on success, -1 on failure 551 */ 552static int tls_engine_load_dynamic_generic(const char *pre[], 553 const char *post[], const char *id) 554{ 555 ENGINE *engine; 556 const char *dynamic_id = "dynamic"; 557 558 engine = ENGINE_by_id(id); 559 if (engine) { 560 ENGINE_free(engine); 561 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " 562 "available", id); 563 return 0; 564 } 565 ERR_clear_error(); 566 567 engine = ENGINE_by_id(dynamic_id); 568 if (engine == NULL) { 569 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 570 dynamic_id, 571 ERR_error_string(ERR_get_error(), NULL)); 572 return -1; 573 } 574 575 /* Perform the pre commands. This will load the engine. */ 576 while (pre && pre[0]) { 577 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]); 578 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) { 579 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: " 580 "%s %s [%s]", pre[0], pre[1], 581 ERR_error_string(ERR_get_error(), NULL)); 582 ENGINE_free(engine); 583 return -1; 584 } 585 pre += 2; 586 } 587 588 /* 589 * Free the reference to the "dynamic" engine. The loaded engine can 590 * now be looked up using ENGINE_by_id(). 591 */ 592 ENGINE_free(engine); 593 594 engine = ENGINE_by_id(id); 595 if (engine == NULL) { 596 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 597 id, ERR_error_string(ERR_get_error(), NULL)); 598 return -1; 599 } 600 601 while (post && post[0]) { 602 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]); 603 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) { 604 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:" 605 " %s %s [%s]", post[0], post[1], 606 ERR_error_string(ERR_get_error(), NULL)); 607 ENGINE_remove(engine); 608 ENGINE_free(engine); 609 return -1; 610 } 611 post += 2; 612 } 613 ENGINE_free(engine); 614 615 return 0; 616} 617 618 619/** 620 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc 621 * @pkcs11_so_path: pksc11_so_path from the configuration 622 * @pcks11_module_path: pkcs11_module_path from the configuration 623 */ 624static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, 625 const char *pkcs11_module_path) 626{ 627 char *engine_id = "pkcs11"; 628 const char *pre_cmd[] = { 629 "SO_PATH", NULL /* pkcs11_so_path */, 630 "ID", NULL /* engine_id */, 631 "LIST_ADD", "1", 632 /* "NO_VCHECK", "1", */ 633 "LOAD", NULL, 634 NULL, NULL 635 }; 636 const char *post_cmd[] = { 637 "MODULE_PATH", NULL /* pkcs11_module_path */, 638 NULL, NULL 639 }; 640 641 if (!pkcs11_so_path || !pkcs11_module_path) 642 return 0; 643 644 pre_cmd[1] = pkcs11_so_path; 645 pre_cmd[3] = engine_id; 646 post_cmd[1] = pkcs11_module_path; 647 648 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", 649 pkcs11_so_path); 650 651 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id); 652} 653 654 655/** 656 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc 657 * @opensc_so_path: opensc_so_path from the configuration 658 */ 659static int tls_engine_load_dynamic_opensc(const char *opensc_so_path) 660{ 661 char *engine_id = "opensc"; 662 const char *pre_cmd[] = { 663 "SO_PATH", NULL /* opensc_so_path */, 664 "ID", NULL /* engine_id */, 665 "LIST_ADD", "1", 666 "LOAD", NULL, 667 NULL, NULL 668 }; 669 670 if (!opensc_so_path) 671 return 0; 672 673 pre_cmd[1] = opensc_so_path; 674 pre_cmd[3] = engine_id; 675 676 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s", 677 opensc_so_path); 678 679 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); 680} 681#endif /* OPENSSL_NO_ENGINE */ 682 683 684void * tls_init(const struct tls_config *conf) 685{ 686 SSL_CTX *ssl; 687 688 if (tls_openssl_ref_count == 0) { 689 tls_global = os_zalloc(sizeof(*tls_global)); 690 if (tls_global == NULL) 691 return NULL; 692 if (conf) { 693 tls_global->event_cb = conf->event_cb; 694 tls_global->cb_ctx = conf->cb_ctx; 695 } 696 697#ifdef CONFIG_FIPS 698#ifdef OPENSSL_FIPS 699 if (conf && conf->fips_mode) { 700 if (!FIPS_mode_set(1)) { 701 wpa_printf(MSG_ERROR, "Failed to enable FIPS " 702 "mode"); 703 ERR_load_crypto_strings(); 704 ERR_print_errors_fp(stderr); 705 return NULL; 706 } else 707 wpa_printf(MSG_INFO, "Running in FIPS mode"); 708 } 709#else /* OPENSSL_FIPS */ 710 if (conf && conf->fips_mode) { 711 wpa_printf(MSG_ERROR, "FIPS mode requested, but not " 712 "supported"); 713 return NULL; 714 } 715#endif /* OPENSSL_FIPS */ 716#endif /* CONFIG_FIPS */ 717 SSL_load_error_strings(); 718 SSL_library_init(); 719#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) 720 EVP_add_digest(EVP_sha256()); 721#endif /* OPENSSL_NO_SHA256 */ 722 /* TODO: if /dev/urandom is available, PRNG is seeded 723 * automatically. If this is not the case, random data should 724 * be added here. */ 725 726#ifdef PKCS12_FUNCS 727#ifndef OPENSSL_NO_RC2 728 /* 729 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it. 730 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8 731 * versions, but it looks like OpenSSL 1.0.0 does not do that 732 * anymore. 733 */ 734 EVP_add_cipher(EVP_rc2_40_cbc()); 735#endif /* OPENSSL_NO_RC2 */ 736 PKCS12_PBE_add(); 737#endif /* PKCS12_FUNCS */ 738 } 739 tls_openssl_ref_count++; 740 741 ssl = SSL_CTX_new(TLSv1_method()); 742 if (ssl == NULL) 743 return NULL; 744 745 SSL_CTX_set_info_callback(ssl, ssl_info_cb); 746 747#ifndef OPENSSL_NO_ENGINE 748 if (conf && 749 (conf->opensc_engine_path || conf->pkcs11_engine_path || 750 conf->pkcs11_module_path)) { 751 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); 752 ERR_load_ENGINE_strings(); 753 ENGINE_load_dynamic(); 754 755 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || 756 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, 757 conf->pkcs11_module_path)) { 758 tls_deinit(ssl); 759 return NULL; 760 } 761 } 762#endif /* OPENSSL_NO_ENGINE */ 763 764 return ssl; 765} 766 767 768void tls_deinit(void *ssl_ctx) 769{ 770 SSL_CTX *ssl = ssl_ctx; 771 SSL_CTX_free(ssl); 772 773 tls_openssl_ref_count--; 774 if (tls_openssl_ref_count == 0) { 775#ifndef OPENSSL_NO_ENGINE 776 ENGINE_cleanup(); 777#endif /* OPENSSL_NO_ENGINE */ 778 CRYPTO_cleanup_all_ex_data(); 779 ERR_remove_state(0); 780 ERR_free_strings(); 781 EVP_cleanup(); 782 os_free(tls_global); 783 tls_global = NULL; 784 } 785} 786 787 788static int tls_engine_init(struct tls_connection *conn, const char *engine_id, 789 const char *pin, const char *key_id, 790 const char *cert_id, const char *ca_cert_id) 791{ 792#ifndef OPENSSL_NO_ENGINE 793 int ret = -1; 794 if (engine_id == NULL) { 795 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); 796 return -1; 797 } 798 if (pin == NULL) { 799 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set"); 800 return -1; 801 } 802 if (key_id == NULL) { 803 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set"); 804 return -1; 805 } 806 807 ERR_clear_error(); 808 conn->engine = ENGINE_by_id(engine_id); 809 if (!conn->engine) { 810 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", 811 engine_id, ERR_error_string(ERR_get_error(), NULL)); 812 goto err; 813 } 814 if (ENGINE_init(conn->engine) != 1) { 815 wpa_printf(MSG_ERROR, "ENGINE: engine init failed " 816 "(engine: %s) [%s]", engine_id, 817 ERR_error_string(ERR_get_error(), NULL)); 818 goto err; 819 } 820 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); 821 822 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { 823 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", 824 ERR_error_string(ERR_get_error(), NULL)); 825 goto err; 826 } 827 /* load private key first in-case PIN is required for cert */ 828 conn->private_key = ENGINE_load_private_key(conn->engine, 829 key_id, NULL, NULL); 830 if (!conn->private_key) { 831 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id" 832 " '%s' [%s]", key_id, 833 ERR_error_string(ERR_get_error(), NULL)); 834 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 835 goto err; 836 } 837 838 /* handle a certificate and/or CA certificate */ 839 if (cert_id || ca_cert_id) { 840 const char *cmd_name = "LOAD_CERT_CTRL"; 841 842 /* test if the engine supports a LOAD_CERT_CTRL */ 843 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME, 844 0, (void *)cmd_name, NULL)) { 845 wpa_printf(MSG_ERROR, "ENGINE: engine does not support" 846 " loading certificates"); 847 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 848 goto err; 849 } 850 } 851 852 return 0; 853 854err: 855 if (conn->engine) { 856 ENGINE_free(conn->engine); 857 conn->engine = NULL; 858 } 859 860 if (conn->private_key) { 861 EVP_PKEY_free(conn->private_key); 862 conn->private_key = NULL; 863 } 864 865 return ret; 866#else /* OPENSSL_NO_ENGINE */ 867 return 0; 868#endif /* OPENSSL_NO_ENGINE */ 869} 870 871 872static void tls_engine_deinit(struct tls_connection *conn) 873{ 874#ifndef OPENSSL_NO_ENGINE 875 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit"); 876 if (conn->private_key) { 877 EVP_PKEY_free(conn->private_key); 878 conn->private_key = NULL; 879 } 880 if (conn->engine) { 881 ENGINE_finish(conn->engine); 882 conn->engine = NULL; 883 } 884#endif /* OPENSSL_NO_ENGINE */ 885} 886 887 888int tls_get_errors(void *ssl_ctx) 889{ 890 int count = 0; 891 unsigned long err; 892 893 while ((err = ERR_get_error())) { 894 wpa_printf(MSG_INFO, "TLS - SSL error: %s", 895 ERR_error_string(err, NULL)); 896 count++; 897 } 898 899 return count; 900} 901 902struct tls_connection * tls_connection_init(void *ssl_ctx) 903{ 904 SSL_CTX *ssl = ssl_ctx; 905 struct tls_connection *conn; 906 long options; 907 908 conn = os_zalloc(sizeof(*conn)); 909 if (conn == NULL) 910 return NULL; 911 conn->ssl = SSL_new(ssl); 912 if (conn->ssl == NULL) { 913 tls_show_errors(MSG_INFO, __func__, 914 "Failed to initialize new SSL connection"); 915 os_free(conn); 916 return NULL; 917 } 918 919 SSL_set_app_data(conn->ssl, conn); 920 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 921 SSL_OP_SINGLE_DH_USE; 922#ifdef SSL_OP_NO_COMPRESSION 923 options |= SSL_OP_NO_COMPRESSION; 924#endif /* SSL_OP_NO_COMPRESSION */ 925 SSL_set_options(conn->ssl, options); 926 927 conn->ssl_in = BIO_new(BIO_s_mem()); 928 if (!conn->ssl_in) { 929 tls_show_errors(MSG_INFO, __func__, 930 "Failed to create a new BIO for ssl_in"); 931 SSL_free(conn->ssl); 932 os_free(conn); 933 return NULL; 934 } 935 936 conn->ssl_out = BIO_new(BIO_s_mem()); 937 if (!conn->ssl_out) { 938 tls_show_errors(MSG_INFO, __func__, 939 "Failed to create a new BIO for ssl_out"); 940 SSL_free(conn->ssl); 941 BIO_free(conn->ssl_in); 942 os_free(conn); 943 return NULL; 944 } 945 946 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out); 947 948 return conn; 949} 950 951 952void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) 953{ 954 if (conn == NULL) 955 return; 956 SSL_free(conn->ssl); 957 tls_engine_deinit(conn); 958 os_free(conn->subject_match); 959 os_free(conn->altsubject_match); 960 os_free(conn->session_ticket); 961 os_free(conn); 962} 963 964 965int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) 966{ 967 return conn ? SSL_is_init_finished(conn->ssl) : 0; 968} 969 970 971int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) 972{ 973 if (conn == NULL) 974 return -1; 975 976 /* Shutdown previous TLS connection without notifying the peer 977 * because the connection was already terminated in practice 978 * and "close notify" shutdown alert would confuse AS. */ 979 SSL_set_quiet_shutdown(conn->ssl, 1); 980 SSL_shutdown(conn->ssl); 981 return 0; 982} 983 984 985static int tls_match_altsubject_component(X509 *cert, int type, 986 const char *value, size_t len) 987{ 988 GENERAL_NAME *gen; 989 void *ext; 990 int i, found = 0; 991 992 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 993 994 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 995 gen = sk_GENERAL_NAME_value(ext, i); 996 if (gen->type != type) 997 continue; 998 if (os_strlen((char *) gen->d.ia5->data) == len && 999 os_memcmp(value, gen->d.ia5->data, len) == 0) 1000 found++; 1001 } 1002 1003 return found; 1004} 1005 1006 1007static int tls_match_altsubject(X509 *cert, const char *match) 1008{ 1009 int type; 1010 const char *pos, *end; 1011 size_t len; 1012 1013 pos = match; 1014 do { 1015 if (os_strncmp(pos, "EMAIL:", 6) == 0) { 1016 type = GEN_EMAIL; 1017 pos += 6; 1018 } else if (os_strncmp(pos, "DNS:", 4) == 0) { 1019 type = GEN_DNS; 1020 pos += 4; 1021 } else if (os_strncmp(pos, "URI:", 4) == 0) { 1022 type = GEN_URI; 1023 pos += 4; 1024 } else { 1025 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " 1026 "match '%s'", pos); 1027 return 0; 1028 } 1029 end = os_strchr(pos, ';'); 1030 while (end) { 1031 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || 1032 os_strncmp(end + 1, "DNS:", 4) == 0 || 1033 os_strncmp(end + 1, "URI:", 4) == 0) 1034 break; 1035 end = os_strchr(end + 1, ';'); 1036 } 1037 if (end) 1038 len = end - pos; 1039 else 1040 len = os_strlen(pos); 1041 if (tls_match_altsubject_component(cert, type, pos, len) > 0) 1042 return 1; 1043 pos = end + 1; 1044 } while (end); 1045 1046 return 0; 1047} 1048 1049 1050static enum tls_fail_reason openssl_tls_fail_reason(int err) 1051{ 1052 switch (err) { 1053 case X509_V_ERR_CERT_REVOKED: 1054 return TLS_FAIL_REVOKED; 1055 case X509_V_ERR_CERT_NOT_YET_VALID: 1056 case X509_V_ERR_CRL_NOT_YET_VALID: 1057 return TLS_FAIL_NOT_YET_VALID; 1058 case X509_V_ERR_CERT_HAS_EXPIRED: 1059 case X509_V_ERR_CRL_HAS_EXPIRED: 1060 return TLS_FAIL_EXPIRED; 1061 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 1062 case X509_V_ERR_UNABLE_TO_GET_CRL: 1063 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 1064 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 1065 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 1066 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1067 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 1068 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 1069 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 1070 case X509_V_ERR_INVALID_CA: 1071 return TLS_FAIL_UNTRUSTED; 1072 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 1073 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 1074 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 1075 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 1076 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 1077 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 1078 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 1079 case X509_V_ERR_CERT_UNTRUSTED: 1080 case X509_V_ERR_CERT_REJECTED: 1081 return TLS_FAIL_BAD_CERTIFICATE; 1082 default: 1083 return TLS_FAIL_UNSPECIFIED; 1084 } 1085} 1086 1087 1088static struct wpabuf * get_x509_cert(X509 *cert) 1089{ 1090 struct wpabuf *buf; 1091 u8 *tmp; 1092 1093 int cert_len = i2d_X509(cert, NULL); 1094 if (cert_len <= 0) 1095 return NULL; 1096 1097 buf = wpabuf_alloc(cert_len); 1098 if (buf == NULL) 1099 return NULL; 1100 1101 tmp = wpabuf_put(buf, cert_len); 1102 i2d_X509(cert, &tmp); 1103 return buf; 1104} 1105 1106 1107static void openssl_tls_fail_event(struct tls_connection *conn, 1108 X509 *err_cert, int err, int depth, 1109 const char *subject, const char *err_str, 1110 enum tls_fail_reason reason) 1111{ 1112 union tls_event_data ev; 1113 struct wpabuf *cert = NULL; 1114 1115 if (tls_global->event_cb == NULL) 1116 return; 1117 1118 cert = get_x509_cert(err_cert); 1119 os_memset(&ev, 0, sizeof(ev)); 1120 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ? 1121 reason : openssl_tls_fail_reason(err); 1122 ev.cert_fail.depth = depth; 1123 ev.cert_fail.subject = subject; 1124 ev.cert_fail.reason_txt = err_str; 1125 ev.cert_fail.cert = cert; 1126 tls_global->event_cb(tls_global->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev); 1127 wpabuf_free(cert); 1128} 1129 1130 1131static void openssl_tls_cert_event(struct tls_connection *conn, 1132 X509 *err_cert, int depth, 1133 const char *subject) 1134{ 1135 struct wpabuf *cert = NULL; 1136 union tls_event_data ev; 1137#ifdef CONFIG_SHA256 1138 u8 hash[32]; 1139#endif /* CONFIG_SHA256 */ 1140 1141 if (tls_global->event_cb == NULL) 1142 return; 1143 1144 os_memset(&ev, 0, sizeof(ev)); 1145 if (conn->cert_probe) { 1146 cert = get_x509_cert(err_cert); 1147 ev.peer_cert.cert = cert; 1148 } 1149#ifdef CONFIG_SHA256 1150 if (cert) { 1151 const u8 *addr[1]; 1152 size_t len[1]; 1153 addr[0] = wpabuf_head(cert); 1154 len[0] = wpabuf_len(cert); 1155 if (sha256_vector(1, addr, len, hash) == 0) { 1156 ev.peer_cert.hash = hash; 1157 ev.peer_cert.hash_len = sizeof(hash); 1158 } 1159 } 1160#endif /* CONFIG_SHA256 */ 1161 ev.peer_cert.depth = depth; 1162 ev.peer_cert.subject = subject; 1163 tls_global->event_cb(tls_global->cb_ctx, TLS_PEER_CERTIFICATE, &ev); 1164 wpabuf_free(cert); 1165} 1166 1167 1168static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) 1169{ 1170 char buf[256]; 1171 X509 *err_cert; 1172 int err, depth; 1173 SSL *ssl; 1174 struct tls_connection *conn; 1175 char *match, *altmatch; 1176 const char *err_str; 1177 1178 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); 1179 err = X509_STORE_CTX_get_error(x509_ctx); 1180 depth = X509_STORE_CTX_get_error_depth(x509_ctx); 1181 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 1182 SSL_get_ex_data_X509_STORE_CTX_idx()); 1183 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); 1184 1185 conn = SSL_get_app_data(ssl); 1186 if (conn == NULL) 1187 return 0; 1188 match = conn->subject_match; 1189 altmatch = conn->altsubject_match; 1190 1191 if (!preverify_ok && !conn->ca_cert_verify) 1192 preverify_ok = 1; 1193 if (!preverify_ok && depth > 0 && conn->server_cert_only) 1194 preverify_ok = 1; 1195 1196 err_str = X509_verify_cert_error_string(err); 1197 1198#ifdef CONFIG_SHA256 1199 if (preverify_ok && depth == 0 && conn->server_cert_only) { 1200 struct wpabuf *cert; 1201 cert = get_x509_cert(err_cert); 1202 if (!cert) { 1203 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch " 1204 "server certificate data"); 1205 preverify_ok = 0; 1206 } else { 1207 u8 hash[32]; 1208 const u8 *addr[1]; 1209 size_t len[1]; 1210 addr[0] = wpabuf_head(cert); 1211 len[0] = wpabuf_len(cert); 1212 if (sha256_vector(1, addr, len, hash) < 0 || 1213 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { 1214 err_str = "Server certificate mismatch"; 1215 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 1216 preverify_ok = 0; 1217 } 1218 wpabuf_free(cert); 1219 } 1220 } 1221#endif /* CONFIG_SHA256 */ 1222 1223 if (!preverify_ok) { 1224 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," 1225 " error %d (%s) depth %d for '%s'", err, err_str, 1226 depth, buf); 1227 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1228 err_str, TLS_FAIL_UNSPECIFIED); 1229 return preverify_ok; 1230 } 1231 1232 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d " 1233 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", 1234 preverify_ok, err, err_str, 1235 conn->ca_cert_verify, depth, buf); 1236 if (depth == 0 && match && os_strstr(buf, match) == NULL) { 1237 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " 1238 "match with '%s'", buf, match); 1239 preverify_ok = 0; 1240 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1241 "Subject mismatch", 1242 TLS_FAIL_SUBJECT_MISMATCH); 1243 } else if (depth == 0 && altmatch && 1244 !tls_match_altsubject(err_cert, altmatch)) { 1245 wpa_printf(MSG_WARNING, "TLS: altSubjectName match " 1246 "'%s' not found", altmatch); 1247 preverify_ok = 0; 1248 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1249 "AltSubject mismatch", 1250 TLS_FAIL_ALTSUBJECT_MISMATCH); 1251 } else 1252 openssl_tls_cert_event(conn, err_cert, depth, buf); 1253 1254 if (conn->cert_probe && preverify_ok && depth == 0) { 1255 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate " 1256 "on probe-only run"); 1257 preverify_ok = 0; 1258 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1259 "Server certificate chain probe", 1260 TLS_FAIL_SERVER_CHAIN_PROBE); 1261 } 1262 1263 return preverify_ok; 1264} 1265 1266 1267#ifndef OPENSSL_NO_STDIO 1268static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert) 1269{ 1270 SSL_CTX *ssl_ctx = _ssl_ctx; 1271 X509_LOOKUP *lookup; 1272 int ret = 0; 1273 1274 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store, 1275 X509_LOOKUP_file()); 1276 if (lookup == NULL) { 1277 tls_show_errors(MSG_WARNING, __func__, 1278 "Failed add lookup for X509 store"); 1279 return -1; 1280 } 1281 1282 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) { 1283 unsigned long err = ERR_peek_error(); 1284 tls_show_errors(MSG_WARNING, __func__, 1285 "Failed load CA in DER format"); 1286 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1287 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1288 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1289 "cert already in hash table error", 1290 __func__); 1291 } else 1292 ret = -1; 1293 } 1294 1295 return ret; 1296} 1297#endif /* OPENSSL_NO_STDIO */ 1298 1299 1300#ifdef ANDROID 1301static BIO * BIO_from_keystore(const char *key) 1302{ 1303 BIO *bio = NULL; 1304 char value[KEYSTORE_MESSAGE_SIZE]; 1305 int length = keystore_get(key, strlen(key), value); 1306 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) 1307 BIO_write(bio, value, length); 1308 return bio; 1309} 1310#endif /* ANDROID */ 1311 1312 1313static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn, 1314 const char *ca_cert, const u8 *ca_cert_blob, 1315 size_t ca_cert_blob_len, const char *ca_path) 1316{ 1317 SSL_CTX *ssl_ctx = _ssl_ctx; 1318 1319 /* 1320 * Remove previously configured trusted CA certificates before adding 1321 * new ones. 1322 */ 1323 X509_STORE_free(ssl_ctx->cert_store); 1324 ssl_ctx->cert_store = X509_STORE_new(); 1325 if (ssl_ctx->cert_store == NULL) { 1326 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1327 "certificate store", __func__); 1328 return -1; 1329 } 1330 1331 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1332 conn->ca_cert_verify = 1; 1333 1334 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) { 1335 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate " 1336 "chain"); 1337 conn->cert_probe = 1; 1338 conn->ca_cert_verify = 0; 1339 return 0; 1340 } 1341 1342 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) { 1343#ifdef CONFIG_SHA256 1344 const char *pos = ca_cert + 7; 1345 if (os_strncmp(pos, "server/sha256/", 14) != 0) { 1346 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert " 1347 "hash value '%s'", ca_cert); 1348 return -1; 1349 } 1350 pos += 14; 1351 if (os_strlen(pos) != 32 * 2) { 1352 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 " 1353 "hash length in ca_cert '%s'", ca_cert); 1354 return -1; 1355 } 1356 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { 1357 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash " 1358 "value in ca_cert '%s'", ca_cert); 1359 return -1; 1360 } 1361 conn->server_cert_only = 1; 1362 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server " 1363 "certificate match"); 1364 return 0; 1365#else /* CONFIG_SHA256 */ 1366 wpa_printf(MSG_INFO, "No SHA256 included in the build - " 1367 "cannot validate server certificate hash"); 1368 return -1; 1369#endif /* CONFIG_SHA256 */ 1370 } 1371 1372 if (ca_cert_blob) { 1373 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob, 1374 ca_cert_blob_len); 1375 if (cert == NULL) { 1376 tls_show_errors(MSG_WARNING, __func__, 1377 "Failed to parse ca_cert_blob"); 1378 return -1; 1379 } 1380 1381 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1382 unsigned long err = ERR_peek_error(); 1383 tls_show_errors(MSG_WARNING, __func__, 1384 "Failed to add ca_cert_blob to " 1385 "certificate store"); 1386 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1387 ERR_GET_REASON(err) == 1388 X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1389 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1390 "cert already in hash table error", 1391 __func__); 1392 } else { 1393 X509_free(cert); 1394 return -1; 1395 } 1396 } 1397 X509_free(cert); 1398 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob " 1399 "to certificate store", __func__); 1400 return 0; 1401 } 1402 1403#ifdef ANDROID 1404 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) { 1405 BIO *bio = BIO_from_keystore(&ca_cert[11]); 1406 STACK_OF(X509_INFO) *stack = NULL; 1407 int i; 1408 1409 if (bio) { 1410 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 1411 BIO_free(bio); 1412 } 1413 if (!stack) 1414 return -1; 1415 1416 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 1417 X509_INFO *info = sk_X509_INFO_value(stack, i); 1418 if (info->x509) { 1419 X509_STORE_add_cert(ssl_ctx->cert_store, 1420 info->x509); 1421 } 1422 if (info->crl) { 1423 X509_STORE_add_crl(ssl_ctx->cert_store, 1424 info->crl); 1425 } 1426 } 1427 sk_X509_INFO_pop_free(stack, X509_INFO_free); 1428 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1429 return 0; 1430 } 1431#endif /* ANDROID */ 1432 1433#ifdef CONFIG_NATIVE_WINDOWS 1434 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) == 1435 0) { 1436 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from " 1437 "system certificate store"); 1438 return 0; 1439 } 1440#endif /* CONFIG_NATIVE_WINDOWS */ 1441 1442 if (ca_cert || ca_path) { 1443#ifndef OPENSSL_NO_STDIO 1444 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) != 1445 1) { 1446 tls_show_errors(MSG_WARNING, __func__, 1447 "Failed to load root certificates"); 1448 if (ca_cert && 1449 tls_load_ca_der(ssl_ctx, ca_cert) == 0) { 1450 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded " 1451 "DER format CA certificate", 1452 __func__); 1453 } else 1454 return -1; 1455 } else { 1456 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1457 "certificate(s) loaded"); 1458 tls_get_errors(ssl_ctx); 1459 } 1460#else /* OPENSSL_NO_STDIO */ 1461 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1462 __func__); 1463 return -1; 1464#endif /* OPENSSL_NO_STDIO */ 1465 } else { 1466 /* No ca_cert configured - do not try to verify server 1467 * certificate */ 1468 conn->ca_cert_verify = 0; 1469 } 1470 1471 return 0; 1472} 1473 1474 1475static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert) 1476{ 1477 if (ca_cert) { 1478 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1) 1479 { 1480 tls_show_errors(MSG_WARNING, __func__, 1481 "Failed to load root certificates"); 1482 return -1; 1483 } 1484 1485 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1486 "certificate(s) loaded"); 1487 1488#ifndef OPENSSL_NO_STDIO 1489 /* Add the same CAs to the client certificate requests */ 1490 SSL_CTX_set_client_CA_list(ssl_ctx, 1491 SSL_load_client_CA_file(ca_cert)); 1492#endif /* OPENSSL_NO_STDIO */ 1493 } 1494 1495 return 0; 1496} 1497 1498 1499int tls_global_set_verify(void *ssl_ctx, int check_crl) 1500{ 1501 int flags; 1502 1503 if (check_crl) { 1504 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx); 1505 if (cs == NULL) { 1506 tls_show_errors(MSG_INFO, __func__, "Failed to get " 1507 "certificate store when enabling " 1508 "check_crl"); 1509 return -1; 1510 } 1511 flags = X509_V_FLAG_CRL_CHECK; 1512 if (check_crl == 2) 1513 flags |= X509_V_FLAG_CRL_CHECK_ALL; 1514 X509_STORE_set_flags(cs, flags); 1515 } 1516 return 0; 1517} 1518 1519 1520static int tls_connection_set_subject_match(struct tls_connection *conn, 1521 const char *subject_match, 1522 const char *altsubject_match) 1523{ 1524 os_free(conn->subject_match); 1525 conn->subject_match = NULL; 1526 if (subject_match) { 1527 conn->subject_match = os_strdup(subject_match); 1528 if (conn->subject_match == NULL) 1529 return -1; 1530 } 1531 1532 os_free(conn->altsubject_match); 1533 conn->altsubject_match = NULL; 1534 if (altsubject_match) { 1535 conn->altsubject_match = os_strdup(altsubject_match); 1536 if (conn->altsubject_match == NULL) 1537 return -1; 1538 } 1539 1540 return 0; 1541} 1542 1543 1544int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, 1545 int verify_peer) 1546{ 1547 static int counter = 0; 1548 1549 if (conn == NULL) 1550 return -1; 1551 1552 if (verify_peer) { 1553 conn->ca_cert_verify = 1; 1554 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER | 1555 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1556 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb); 1557 } else { 1558 conn->ca_cert_verify = 0; 1559 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1560 } 1561 1562 SSL_set_accept_state(conn->ssl); 1563 1564 /* 1565 * Set session id context in order to avoid fatal errors when client 1566 * tries to resume a session. However, set the context to a unique 1567 * value in order to effectively disable session resumption for now 1568 * since not all areas of the server code are ready for it (e.g., 1569 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS 1570 * handshake). 1571 */ 1572 counter++; 1573 SSL_set_session_id_context(conn->ssl, 1574 (const unsigned char *) &counter, 1575 sizeof(counter)); 1576 1577 return 0; 1578} 1579 1580 1581static int tls_connection_client_cert(struct tls_connection *conn, 1582 const char *client_cert, 1583 const u8 *client_cert_blob, 1584 size_t client_cert_blob_len) 1585{ 1586 if (client_cert == NULL && client_cert_blob == NULL) 1587 return 0; 1588 1589 if (client_cert_blob && 1590 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob, 1591 client_cert_blob_len) == 1) { 1592 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> " 1593 "OK"); 1594 return 0; 1595 } else if (client_cert_blob) { 1596 tls_show_errors(MSG_DEBUG, __func__, 1597 "SSL_use_certificate_ASN1 failed"); 1598 } 1599 1600 if (client_cert == NULL) 1601 return -1; 1602 1603#ifdef ANDROID 1604 if (os_strncmp("keystore://", client_cert, 11) == 0) { 1605 BIO *bio = BIO_from_keystore(&client_cert[11]); 1606 X509 *x509 = NULL; 1607 int ret = -1; 1608 if (bio) { 1609 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 1610 BIO_free(bio); 1611 } 1612 if (x509) { 1613 if (SSL_use_certificate(conn->ssl, x509) == 1) 1614 ret = 0; 1615 X509_free(x509); 1616 } 1617 return ret; 1618 } 1619#endif /* ANDROID */ 1620 1621#ifndef OPENSSL_NO_STDIO 1622 if (SSL_use_certificate_file(conn->ssl, client_cert, 1623 SSL_FILETYPE_ASN1) == 1) { 1624 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" 1625 " --> OK"); 1626 return 0; 1627 } 1628 1629 if (SSL_use_certificate_file(conn->ssl, client_cert, 1630 SSL_FILETYPE_PEM) == 1) { 1631 ERR_clear_error(); 1632 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" 1633 " --> OK"); 1634 return 0; 1635 } 1636 1637 tls_show_errors(MSG_DEBUG, __func__, 1638 "SSL_use_certificate_file failed"); 1639#else /* OPENSSL_NO_STDIO */ 1640 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1641#endif /* OPENSSL_NO_STDIO */ 1642 1643 return -1; 1644} 1645 1646 1647static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) 1648{ 1649#ifndef OPENSSL_NO_STDIO 1650 if (client_cert == NULL) 1651 return 0; 1652 1653 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1654 SSL_FILETYPE_ASN1) != 1 && 1655 SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1656 SSL_FILETYPE_PEM) != 1) { 1657 tls_show_errors(MSG_INFO, __func__, 1658 "Failed to load client certificate"); 1659 return -1; 1660 } 1661 return 0; 1662#else /* OPENSSL_NO_STDIO */ 1663 if (client_cert == NULL) 1664 return 0; 1665 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1666 return -1; 1667#endif /* OPENSSL_NO_STDIO */ 1668} 1669 1670 1671static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) 1672{ 1673 if (password == NULL) { 1674 return 0; 1675 } 1676 os_strlcpy(buf, (char *) password, size); 1677 return os_strlen(buf); 1678} 1679 1680 1681#ifdef PKCS12_FUNCS 1682static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, 1683 const char *passwd) 1684{ 1685 EVP_PKEY *pkey; 1686 X509 *cert; 1687 STACK_OF(X509) *certs; 1688 int res = 0; 1689 char buf[256]; 1690 1691 pkey = NULL; 1692 cert = NULL; 1693 certs = NULL; 1694 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { 1695 tls_show_errors(MSG_DEBUG, __func__, 1696 "Failed to parse PKCS12 file"); 1697 PKCS12_free(p12); 1698 return -1; 1699 } 1700 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data"); 1701 1702 if (cert) { 1703 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1704 sizeof(buf)); 1705 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: " 1706 "subject='%s'", buf); 1707 if (ssl) { 1708 if (SSL_use_certificate(ssl, cert) != 1) 1709 res = -1; 1710 } else { 1711 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1) 1712 res = -1; 1713 } 1714 X509_free(cert); 1715 } 1716 1717 if (pkey) { 1718 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12"); 1719 if (ssl) { 1720 if (SSL_use_PrivateKey(ssl, pkey) != 1) 1721 res = -1; 1722 } else { 1723 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) 1724 res = -1; 1725 } 1726 EVP_PKEY_free(pkey); 1727 } 1728 1729 if (certs) { 1730 while ((cert = sk_X509_pop(certs)) != NULL) { 1731 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1732 sizeof(buf)); 1733 wpa_printf(MSG_DEBUG, "TLS: additional certificate" 1734 " from PKCS12: subject='%s'", buf); 1735 /* 1736 * There is no SSL equivalent for the chain cert - so 1737 * always add it to the context... 1738 */ 1739 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) { 1740 res = -1; 1741 break; 1742 } 1743 } 1744 sk_X509_free(certs); 1745 } 1746 1747 PKCS12_free(p12); 1748 1749 if (res < 0) 1750 tls_get_errors(ssl_ctx); 1751 1752 return res; 1753} 1754#endif /* PKCS12_FUNCS */ 1755 1756 1757static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key, 1758 const char *passwd) 1759{ 1760#ifdef PKCS12_FUNCS 1761 FILE *f; 1762 PKCS12 *p12; 1763 1764 f = fopen(private_key, "rb"); 1765 if (f == NULL) 1766 return -1; 1767 1768 p12 = d2i_PKCS12_fp(f, NULL); 1769 fclose(f); 1770 1771 if (p12 == NULL) { 1772 tls_show_errors(MSG_INFO, __func__, 1773 "Failed to use PKCS#12 file"); 1774 return -1; 1775 } 1776 1777 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 1778 1779#else /* PKCS12_FUNCS */ 1780 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read " 1781 "p12/pfx files"); 1782 return -1; 1783#endif /* PKCS12_FUNCS */ 1784} 1785 1786 1787static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl, 1788 const u8 *blob, size_t len, const char *passwd) 1789{ 1790#ifdef PKCS12_FUNCS 1791 PKCS12 *p12; 1792 1793 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len); 1794 if (p12 == NULL) { 1795 tls_show_errors(MSG_INFO, __func__, 1796 "Failed to use PKCS#12 blob"); 1797 return -1; 1798 } 1799 1800 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 1801 1802#else /* PKCS12_FUNCS */ 1803 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse " 1804 "p12/pfx blobs"); 1805 return -1; 1806#endif /* PKCS12_FUNCS */ 1807} 1808 1809 1810#ifndef OPENSSL_NO_ENGINE 1811static int tls_engine_get_cert(struct tls_connection *conn, 1812 const char *cert_id, 1813 X509 **cert) 1814{ 1815 /* this runs after the private key is loaded so no PIN is required */ 1816 struct { 1817 const char *cert_id; 1818 X509 *cert; 1819 } params; 1820 params.cert_id = cert_id; 1821 params.cert = NULL; 1822 1823 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL", 1824 0, ¶ms, NULL, 1)) { 1825 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id" 1826 " '%s' [%s]", cert_id, 1827 ERR_error_string(ERR_get_error(), NULL)); 1828 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 1829 } 1830 if (!params.cert) { 1831 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id" 1832 " '%s'", cert_id); 1833 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 1834 } 1835 *cert = params.cert; 1836 return 0; 1837} 1838#endif /* OPENSSL_NO_ENGINE */ 1839 1840 1841static int tls_connection_engine_client_cert(struct tls_connection *conn, 1842 const char *cert_id) 1843{ 1844#ifndef OPENSSL_NO_ENGINE 1845 X509 *cert; 1846 1847 if (tls_engine_get_cert(conn, cert_id, &cert)) 1848 return -1; 1849 1850 if (!SSL_use_certificate(conn->ssl, cert)) { 1851 tls_show_errors(MSG_ERROR, __func__, 1852 "SSL_use_certificate failed"); 1853 X509_free(cert); 1854 return -1; 1855 } 1856 X509_free(cert); 1857 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> " 1858 "OK"); 1859 return 0; 1860 1861#else /* OPENSSL_NO_ENGINE */ 1862 return -1; 1863#endif /* OPENSSL_NO_ENGINE */ 1864} 1865 1866 1867static int tls_connection_engine_ca_cert(void *_ssl_ctx, 1868 struct tls_connection *conn, 1869 const char *ca_cert_id) 1870{ 1871#ifndef OPENSSL_NO_ENGINE 1872 X509 *cert; 1873 SSL_CTX *ssl_ctx = _ssl_ctx; 1874 1875 if (tls_engine_get_cert(conn, ca_cert_id, &cert)) 1876 return -1; 1877 1878 /* start off the same as tls_connection_ca_cert */ 1879 X509_STORE_free(ssl_ctx->cert_store); 1880 ssl_ctx->cert_store = X509_STORE_new(); 1881 if (ssl_ctx->cert_store == NULL) { 1882 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1883 "certificate store", __func__); 1884 X509_free(cert); 1885 return -1; 1886 } 1887 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1888 unsigned long err = ERR_peek_error(); 1889 tls_show_errors(MSG_WARNING, __func__, 1890 "Failed to add CA certificate from engine " 1891 "to certificate store"); 1892 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1893 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1894 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert" 1895 " already in hash table error", 1896 __func__); 1897 } else { 1898 X509_free(cert); 1899 return -1; 1900 } 1901 } 1902 X509_free(cert); 1903 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine " 1904 "to certificate store", __func__); 1905 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1906 return 0; 1907 1908#else /* OPENSSL_NO_ENGINE */ 1909 return -1; 1910#endif /* OPENSSL_NO_ENGINE */ 1911} 1912 1913 1914static int tls_connection_engine_private_key(struct tls_connection *conn) 1915{ 1916#ifndef OPENSSL_NO_ENGINE 1917 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) { 1918 tls_show_errors(MSG_ERROR, __func__, 1919 "ENGINE: cannot use private key for TLS"); 1920 return -1; 1921 } 1922 if (!SSL_check_private_key(conn->ssl)) { 1923 tls_show_errors(MSG_INFO, __func__, 1924 "Private key failed verification"); 1925 return -1; 1926 } 1927 return 0; 1928#else /* OPENSSL_NO_ENGINE */ 1929 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but " 1930 "engine support was not compiled in"); 1931 return -1; 1932#endif /* OPENSSL_NO_ENGINE */ 1933} 1934 1935 1936static int tls_connection_private_key(void *_ssl_ctx, 1937 struct tls_connection *conn, 1938 const char *private_key, 1939 const char *private_key_passwd, 1940 const u8 *private_key_blob, 1941 size_t private_key_blob_len) 1942{ 1943 SSL_CTX *ssl_ctx = _ssl_ctx; 1944 char *passwd; 1945 int ok; 1946 1947 if (private_key == NULL && private_key_blob == NULL) 1948 return 0; 1949 1950 if (private_key_passwd) { 1951 passwd = os_strdup(private_key_passwd); 1952 if (passwd == NULL) 1953 return -1; 1954 } else 1955 passwd = NULL; 1956 1957 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 1958 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 1959 1960 ok = 0; 1961 while (private_key_blob) { 1962 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl, 1963 (u8 *) private_key_blob, 1964 private_key_blob_len) == 1) { 1965 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 1966 "ASN1(EVP_PKEY_RSA) --> OK"); 1967 ok = 1; 1968 break; 1969 } 1970 1971 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, 1972 (u8 *) private_key_blob, 1973 private_key_blob_len) == 1) { 1974 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 1975 "ASN1(EVP_PKEY_DSA) --> OK"); 1976 ok = 1; 1977 break; 1978 } 1979 1980 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, 1981 (u8 *) private_key_blob, 1982 private_key_blob_len) == 1) { 1983 wpa_printf(MSG_DEBUG, "OpenSSL: " 1984 "SSL_use_RSAPrivateKey_ASN1 --> OK"); 1985 ok = 1; 1986 break; 1987 } 1988 1989 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, 1990 private_key_blob_len, passwd) == 0) { 1991 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> " 1992 "OK"); 1993 ok = 1; 1994 break; 1995 } 1996 1997 break; 1998 } 1999 2000#ifdef ANDROID 2001 if (!ok && private_key && 2002 os_strncmp("keystore://", private_key, 11) == 0) { 2003 BIO *bio = BIO_from_keystore(&private_key[11]); 2004 EVP_PKEY *pkey = NULL; 2005 if (bio) { 2006 pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); 2007 BIO_free(bio); 2008 } 2009 if (pkey) { 2010 if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) { 2011 wpa_printf(MSG_DEBUG, "OpenSSL: Private key " 2012 "from keystore"); 2013 ok = 1; 2014 } 2015 EVP_PKEY_free(pkey); 2016 } 2017 } 2018#endif /* ANDROID */ 2019 2020 while (!ok && private_key) { 2021#ifndef OPENSSL_NO_STDIO 2022 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2023 SSL_FILETYPE_ASN1) == 1) { 2024 wpa_printf(MSG_DEBUG, "OpenSSL: " 2025 "SSL_use_PrivateKey_File (DER) --> OK"); 2026 ok = 1; 2027 break; 2028 } 2029 2030 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2031 SSL_FILETYPE_PEM) == 1) { 2032 wpa_printf(MSG_DEBUG, "OpenSSL: " 2033 "SSL_use_PrivateKey_File (PEM) --> OK"); 2034 ok = 1; 2035 break; 2036 } 2037#else /* OPENSSL_NO_STDIO */ 2038 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 2039 __func__); 2040#endif /* OPENSSL_NO_STDIO */ 2041 2042 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd) 2043 == 0) { 2044 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file " 2045 "--> OK"); 2046 ok = 1; 2047 break; 2048 } 2049 2050 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) { 2051 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to " 2052 "access certificate store --> OK"); 2053 ok = 1; 2054 break; 2055 } 2056 2057 break; 2058 } 2059 2060 if (!ok) { 2061 tls_show_errors(MSG_INFO, __func__, 2062 "Failed to load private key"); 2063 os_free(passwd); 2064 return -1; 2065 } 2066 ERR_clear_error(); 2067 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2068 os_free(passwd); 2069 2070 if (!SSL_check_private_key(conn->ssl)) { 2071 tls_show_errors(MSG_INFO, __func__, "Private key failed " 2072 "verification"); 2073 return -1; 2074 } 2075 2076 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully"); 2077 return 0; 2078} 2079 2080 2081static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key, 2082 const char *private_key_passwd) 2083{ 2084 char *passwd; 2085 2086 if (private_key == NULL) 2087 return 0; 2088 2089 if (private_key_passwd) { 2090 passwd = os_strdup(private_key_passwd); 2091 if (passwd == NULL) 2092 return -1; 2093 } else 2094 passwd = NULL; 2095 2096 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2097 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2098 if ( 2099#ifndef OPENSSL_NO_STDIO 2100 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2101 SSL_FILETYPE_ASN1) != 1 && 2102 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2103 SSL_FILETYPE_PEM) != 1 && 2104#endif /* OPENSSL_NO_STDIO */ 2105 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) { 2106 tls_show_errors(MSG_INFO, __func__, 2107 "Failed to load private key"); 2108 os_free(passwd); 2109 ERR_clear_error(); 2110 return -1; 2111 } 2112 os_free(passwd); 2113 ERR_clear_error(); 2114 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2115 2116 if (!SSL_CTX_check_private_key(ssl_ctx)) { 2117 tls_show_errors(MSG_INFO, __func__, 2118 "Private key failed verification"); 2119 return -1; 2120 } 2121 2122 return 0; 2123} 2124 2125 2126static int tls_connection_dh(struct tls_connection *conn, const char *dh_file) 2127{ 2128#ifdef OPENSSL_NO_DH 2129 if (dh_file == NULL) 2130 return 0; 2131 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2132 "dh_file specified"); 2133 return -1; 2134#else /* OPENSSL_NO_DH */ 2135 DH *dh; 2136 BIO *bio; 2137 2138 /* TODO: add support for dh_blob */ 2139 if (dh_file == NULL) 2140 return 0; 2141 if (conn == NULL) 2142 return -1; 2143 2144 bio = BIO_new_file(dh_file, "r"); 2145 if (bio == NULL) { 2146 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2147 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2148 return -1; 2149 } 2150 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2151 BIO_free(bio); 2152#ifndef OPENSSL_NO_DSA 2153 while (dh == NULL) { 2154 DSA *dsa; 2155 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2156 " trying to parse as DSA params", dh_file, 2157 ERR_error_string(ERR_get_error(), NULL)); 2158 bio = BIO_new_file(dh_file, "r"); 2159 if (bio == NULL) 2160 break; 2161 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2162 BIO_free(bio); 2163 if (!dsa) { 2164 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2165 "'%s': %s", dh_file, 2166 ERR_error_string(ERR_get_error(), NULL)); 2167 break; 2168 } 2169 2170 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2171 dh = DSA_dup_DH(dsa); 2172 DSA_free(dsa); 2173 if (dh == NULL) { 2174 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2175 "params into DH params"); 2176 break; 2177 } 2178 break; 2179 } 2180#endif /* !OPENSSL_NO_DSA */ 2181 if (dh == NULL) { 2182 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2183 "'%s'", dh_file); 2184 return -1; 2185 } 2186 2187 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) { 2188 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2189 "%s", dh_file, 2190 ERR_error_string(ERR_get_error(), NULL)); 2191 DH_free(dh); 2192 return -1; 2193 } 2194 DH_free(dh); 2195 return 0; 2196#endif /* OPENSSL_NO_DH */ 2197} 2198 2199 2200static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file) 2201{ 2202#ifdef OPENSSL_NO_DH 2203 if (dh_file == NULL) 2204 return 0; 2205 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2206 "dh_file specified"); 2207 return -1; 2208#else /* OPENSSL_NO_DH */ 2209 DH *dh; 2210 BIO *bio; 2211 2212 /* TODO: add support for dh_blob */ 2213 if (dh_file == NULL) 2214 return 0; 2215 if (ssl_ctx == NULL) 2216 return -1; 2217 2218 bio = BIO_new_file(dh_file, "r"); 2219 if (bio == NULL) { 2220 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2221 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2222 return -1; 2223 } 2224 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2225 BIO_free(bio); 2226#ifndef OPENSSL_NO_DSA 2227 while (dh == NULL) { 2228 DSA *dsa; 2229 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2230 " trying to parse as DSA params", dh_file, 2231 ERR_error_string(ERR_get_error(), NULL)); 2232 bio = BIO_new_file(dh_file, "r"); 2233 if (bio == NULL) 2234 break; 2235 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2236 BIO_free(bio); 2237 if (!dsa) { 2238 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2239 "'%s': %s", dh_file, 2240 ERR_error_string(ERR_get_error(), NULL)); 2241 break; 2242 } 2243 2244 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2245 dh = DSA_dup_DH(dsa); 2246 DSA_free(dsa); 2247 if (dh == NULL) { 2248 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2249 "params into DH params"); 2250 break; 2251 } 2252 break; 2253 } 2254#endif /* !OPENSSL_NO_DSA */ 2255 if (dh == NULL) { 2256 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2257 "'%s'", dh_file); 2258 return -1; 2259 } 2260 2261 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) { 2262 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2263 "%s", dh_file, 2264 ERR_error_string(ERR_get_error(), NULL)); 2265 DH_free(dh); 2266 return -1; 2267 } 2268 DH_free(dh); 2269 return 0; 2270#endif /* OPENSSL_NO_DH */ 2271} 2272 2273 2274int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, 2275 struct tls_keys *keys) 2276{ 2277 SSL *ssl; 2278 2279 if (conn == NULL || keys == NULL) 2280 return -1; 2281 ssl = conn->ssl; 2282 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) 2283 return -1; 2284 2285 os_memset(keys, 0, sizeof(*keys)); 2286 keys->master_key = ssl->session->master_key; 2287 keys->master_key_len = ssl->session->master_key_length; 2288 keys->client_random = ssl->s3->client_random; 2289 keys->client_random_len = SSL3_RANDOM_SIZE; 2290 keys->server_random = ssl->s3->server_random; 2291 keys->server_random_len = SSL3_RANDOM_SIZE; 2292 2293 return 0; 2294} 2295 2296 2297int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 2298 const char *label, int server_random_first, 2299 u8 *out, size_t out_len) 2300{ 2301 return -1; 2302} 2303 2304 2305static struct wpabuf * 2306openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, 2307 int server) 2308{ 2309 int res; 2310 struct wpabuf *out_data; 2311 2312 /* 2313 * Give TLS handshake data from the server (if available) to OpenSSL 2314 * for processing. 2315 */ 2316 if (in_data && 2317 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data)) 2318 < 0) { 2319 tls_show_errors(MSG_INFO, __func__, 2320 "Handshake failed - BIO_write"); 2321 return NULL; 2322 } 2323 2324 /* Initiate TLS handshake or continue the existing handshake */ 2325 if (server) 2326 res = SSL_accept(conn->ssl); 2327 else 2328 res = SSL_connect(conn->ssl); 2329 if (res != 1) { 2330 int err = SSL_get_error(conn->ssl, res); 2331 if (err == SSL_ERROR_WANT_READ) 2332 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want " 2333 "more data"); 2334 else if (err == SSL_ERROR_WANT_WRITE) 2335 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " 2336 "write"); 2337 else { 2338 tls_show_errors(MSG_INFO, __func__, "SSL_connect"); 2339 conn->failed++; 2340 } 2341 } 2342 2343 /* Get the TLS handshake data to be sent to the server */ 2344 res = BIO_ctrl_pending(conn->ssl_out); 2345 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2346 out_data = wpabuf_alloc(res); 2347 if (out_data == NULL) { 2348 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2349 "handshake output (%d bytes)", res); 2350 if (BIO_reset(conn->ssl_out) < 0) { 2351 tls_show_errors(MSG_INFO, __func__, 2352 "BIO_reset failed"); 2353 } 2354 return NULL; 2355 } 2356 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data), 2357 res); 2358 if (res < 0) { 2359 tls_show_errors(MSG_INFO, __func__, 2360 "Handshake failed - BIO_read"); 2361 if (BIO_reset(conn->ssl_out) < 0) { 2362 tls_show_errors(MSG_INFO, __func__, 2363 "BIO_reset failed"); 2364 } 2365 wpabuf_free(out_data); 2366 return NULL; 2367 } 2368 wpabuf_put(out_data, res); 2369 2370 return out_data; 2371} 2372 2373 2374static struct wpabuf * 2375openssl_get_appl_data(struct tls_connection *conn, size_t max_len) 2376{ 2377 struct wpabuf *appl_data; 2378 int res; 2379 2380 appl_data = wpabuf_alloc(max_len + 100); 2381 if (appl_data == NULL) 2382 return NULL; 2383 2384 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data), 2385 wpabuf_size(appl_data)); 2386 if (res < 0) { 2387 int err = SSL_get_error(conn->ssl, res); 2388 if (err == SSL_ERROR_WANT_READ || 2389 err == SSL_ERROR_WANT_WRITE) { 2390 wpa_printf(MSG_DEBUG, "SSL: No Application Data " 2391 "included"); 2392 } else { 2393 tls_show_errors(MSG_INFO, __func__, 2394 "Failed to read possible " 2395 "Application Data"); 2396 } 2397 wpabuf_free(appl_data); 2398 return NULL; 2399 } 2400 2401 wpabuf_put(appl_data, res); 2402 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished " 2403 "message", appl_data); 2404 2405 return appl_data; 2406} 2407 2408 2409static struct wpabuf * 2410openssl_connection_handshake(struct tls_connection *conn, 2411 const struct wpabuf *in_data, 2412 struct wpabuf **appl_data, int server) 2413{ 2414 struct wpabuf *out_data; 2415 2416 if (appl_data) 2417 *appl_data = NULL; 2418 2419 out_data = openssl_handshake(conn, in_data, server); 2420 if (out_data == NULL) 2421 return NULL; 2422 2423 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data) 2424 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data)); 2425 2426 return out_data; 2427} 2428 2429 2430struct wpabuf * 2431tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, 2432 const struct wpabuf *in_data, 2433 struct wpabuf **appl_data) 2434{ 2435 return openssl_connection_handshake(conn, in_data, appl_data, 0); 2436} 2437 2438 2439struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 2440 struct tls_connection *conn, 2441 const struct wpabuf *in_data, 2442 struct wpabuf **appl_data) 2443{ 2444 return openssl_connection_handshake(conn, in_data, appl_data, 1); 2445} 2446 2447 2448struct wpabuf * tls_connection_encrypt(void *tls_ctx, 2449 struct tls_connection *conn, 2450 const struct wpabuf *in_data) 2451{ 2452 int res; 2453 struct wpabuf *buf; 2454 2455 if (conn == NULL) 2456 return NULL; 2457 2458 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */ 2459 if ((res = BIO_reset(conn->ssl_in)) < 0 || 2460 (res = BIO_reset(conn->ssl_out)) < 0) { 2461 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2462 return NULL; 2463 } 2464 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data)); 2465 if (res < 0) { 2466 tls_show_errors(MSG_INFO, __func__, 2467 "Encryption failed - SSL_write"); 2468 return NULL; 2469 } 2470 2471 /* Read encrypted data to be sent to the server */ 2472 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 2473 if (buf == NULL) 2474 return NULL; 2475 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf)); 2476 if (res < 0) { 2477 tls_show_errors(MSG_INFO, __func__, 2478 "Encryption failed - BIO_read"); 2479 wpabuf_free(buf); 2480 return NULL; 2481 } 2482 wpabuf_put(buf, res); 2483 2484 return buf; 2485} 2486 2487 2488struct wpabuf * tls_connection_decrypt(void *tls_ctx, 2489 struct tls_connection *conn, 2490 const struct wpabuf *in_data) 2491{ 2492 int res; 2493 struct wpabuf *buf; 2494 2495 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */ 2496 res = BIO_write(conn->ssl_in, wpabuf_head(in_data), 2497 wpabuf_len(in_data)); 2498 if (res < 0) { 2499 tls_show_errors(MSG_INFO, __func__, 2500 "Decryption failed - BIO_write"); 2501 return NULL; 2502 } 2503 if (BIO_reset(conn->ssl_out) < 0) { 2504 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2505 return NULL; 2506 } 2507 2508 /* Read decrypted data for further processing */ 2509 /* 2510 * Even though we try to disable TLS compression, it is possible that 2511 * this cannot be done with all TLS libraries. Add extra buffer space 2512 * to handle the possibility of the decrypted data being longer than 2513 * input data. 2514 */ 2515 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 2516 if (buf == NULL) 2517 return NULL; 2518 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); 2519 if (res < 0) { 2520 tls_show_errors(MSG_INFO, __func__, 2521 "Decryption failed - SSL_read"); 2522 wpabuf_free(buf); 2523 return NULL; 2524 } 2525 wpabuf_put(buf, res); 2526 2527 return buf; 2528} 2529 2530 2531int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 2532{ 2533 return conn ? conn->ssl->hit : 0; 2534} 2535 2536 2537int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 2538 u8 *ciphers) 2539{ 2540 char buf[100], *pos, *end; 2541 u8 *c; 2542 int ret; 2543 2544 if (conn == NULL || conn->ssl == NULL || ciphers == NULL) 2545 return -1; 2546 2547 buf[0] = '\0'; 2548 pos = buf; 2549 end = pos + sizeof(buf); 2550 2551 c = ciphers; 2552 while (*c != TLS_CIPHER_NONE) { 2553 const char *suite; 2554 2555 switch (*c) { 2556 case TLS_CIPHER_RC4_SHA: 2557 suite = "RC4-SHA"; 2558 break; 2559 case TLS_CIPHER_AES128_SHA: 2560 suite = "AES128-SHA"; 2561 break; 2562 case TLS_CIPHER_RSA_DHE_AES128_SHA: 2563 suite = "DHE-RSA-AES128-SHA"; 2564 break; 2565 case TLS_CIPHER_ANON_DH_AES128_SHA: 2566 suite = "ADH-AES128-SHA"; 2567 break; 2568 default: 2569 wpa_printf(MSG_DEBUG, "TLS: Unsupported " 2570 "cipher selection: %d", *c); 2571 return -1; 2572 } 2573 ret = os_snprintf(pos, end - pos, ":%s", suite); 2574 if (ret < 0 || ret >= end - pos) 2575 break; 2576 pos += ret; 2577 2578 c++; 2579 } 2580 2581 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); 2582 2583 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) { 2584 tls_show_errors(MSG_INFO, __func__, 2585 "Cipher suite configuration failed"); 2586 return -1; 2587 } 2588 2589 return 0; 2590} 2591 2592 2593int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, 2594 char *buf, size_t buflen) 2595{ 2596 const char *name; 2597 if (conn == NULL || conn->ssl == NULL) 2598 return -1; 2599 2600 name = SSL_get_cipher(conn->ssl); 2601 if (name == NULL) 2602 return -1; 2603 2604 os_strlcpy(buf, name, buflen); 2605 return 0; 2606} 2607 2608 2609int tls_connection_enable_workaround(void *ssl_ctx, 2610 struct tls_connection *conn) 2611{ 2612 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 2613 2614 return 0; 2615} 2616 2617 2618#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 2619/* ClientHello TLS extensions require a patch to openssl, so this function is 2620 * commented out unless explicitly needed for EAP-FAST in order to be able to 2621 * build this file with unmodified openssl. */ 2622int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, 2623 int ext_type, const u8 *data, 2624 size_t data_len) 2625{ 2626 if (conn == NULL || conn->ssl == NULL || ext_type != 35) 2627 return -1; 2628 2629#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2630 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data, 2631 data_len) != 1) 2632 return -1; 2633#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2634 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data, 2635 data_len) != 1) 2636 return -1; 2637#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2638 2639 return 0; 2640} 2641#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 2642 2643 2644int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) 2645{ 2646 if (conn == NULL) 2647 return -1; 2648 return conn->failed; 2649} 2650 2651 2652int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) 2653{ 2654 if (conn == NULL) 2655 return -1; 2656 return conn->read_alerts; 2657} 2658 2659 2660int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) 2661{ 2662 if (conn == NULL) 2663 return -1; 2664 return conn->write_alerts; 2665} 2666 2667 2668int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 2669 const struct tls_connection_params *params) 2670{ 2671 int ret; 2672 unsigned long err; 2673 2674 if (conn == NULL) 2675 return -1; 2676 2677 while ((err = ERR_get_error())) { 2678 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 2679 __func__, ERR_error_string(err, NULL)); 2680 } 2681 2682 if (params->engine) { 2683 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine"); 2684 ret = tls_engine_init(conn, params->engine_id, params->pin, 2685 params->key_id, params->cert_id, 2686 params->ca_cert_id); 2687 if (ret) 2688 return ret; 2689 } 2690 if (tls_connection_set_subject_match(conn, 2691 params->subject_match, 2692 params->altsubject_match)) 2693 return -1; 2694 2695 if (params->engine && params->ca_cert_id) { 2696 if (tls_connection_engine_ca_cert(tls_ctx, conn, 2697 params->ca_cert_id)) 2698 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2699 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, 2700 params->ca_cert_blob, 2701 params->ca_cert_blob_len, 2702 params->ca_path)) 2703 return -1; 2704 2705 if (params->engine && params->cert_id) { 2706 if (tls_connection_engine_client_cert(conn, params->cert_id)) 2707 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2708 } else if (tls_connection_client_cert(conn, params->client_cert, 2709 params->client_cert_blob, 2710 params->client_cert_blob_len)) 2711 return -1; 2712 2713 if (params->engine && params->key_id) { 2714 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine"); 2715 if (tls_connection_engine_private_key(conn)) 2716 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2717 } else if (tls_connection_private_key(tls_ctx, conn, 2718 params->private_key, 2719 params->private_key_passwd, 2720 params->private_key_blob, 2721 params->private_key_blob_len)) { 2722 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'", 2723 params->private_key); 2724 return -1; 2725 } 2726 2727 if (tls_connection_dh(conn, params->dh_file)) { 2728 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 2729 params->dh_file); 2730 return -1; 2731 } 2732 2733 tls_get_errors(tls_ctx); 2734 2735 return 0; 2736} 2737 2738 2739int tls_global_set_params(void *tls_ctx, 2740 const struct tls_connection_params *params) 2741{ 2742 SSL_CTX *ssl_ctx = tls_ctx; 2743 unsigned long err; 2744 2745 while ((err = ERR_get_error())) { 2746 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 2747 __func__, ERR_error_string(err, NULL)); 2748 } 2749 2750 if (tls_global_ca_cert(ssl_ctx, params->ca_cert)) 2751 return -1; 2752 2753 if (tls_global_client_cert(ssl_ctx, params->client_cert)) 2754 return -1; 2755 2756 if (tls_global_private_key(ssl_ctx, params->private_key, 2757 params->private_key_passwd)) 2758 return -1; 2759 2760 if (tls_global_dh(ssl_ctx, params->dh_file)) { 2761 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 2762 params->dh_file); 2763 return -1; 2764 } 2765 2766 return 0; 2767} 2768 2769 2770int tls_connection_get_keyblock_size(void *tls_ctx, 2771 struct tls_connection *conn) 2772{ 2773 const EVP_CIPHER *c; 2774 const EVP_MD *h; 2775 2776 if (conn == NULL || conn->ssl == NULL || 2777 conn->ssl->enc_read_ctx == NULL || 2778 conn->ssl->enc_read_ctx->cipher == NULL || 2779 conn->ssl->read_hash == NULL) 2780 return -1; 2781 2782 c = conn->ssl->enc_read_ctx->cipher; 2783#if OPENSSL_VERSION_NUMBER >= 0x00909000L 2784 h = EVP_MD_CTX_md(conn->ssl->read_hash); 2785#else 2786 h = conn->ssl->read_hash; 2787#endif 2788 2789 return 2 * (EVP_CIPHER_key_length(c) + 2790 EVP_MD_size(h) + 2791 EVP_CIPHER_iv_length(c)); 2792} 2793 2794 2795unsigned int tls_capabilities(void *tls_ctx) 2796{ 2797 return 0; 2798} 2799 2800 2801int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, 2802 int tls_ia) 2803{ 2804 return -1; 2805} 2806 2807 2808struct wpabuf * tls_connection_ia_send_phase_finished( 2809 void *tls_ctx, struct tls_connection *conn, int final) 2810{ 2811 return NULL; 2812} 2813 2814 2815int tls_connection_ia_final_phase_finished(void *tls_ctx, 2816 struct tls_connection *conn) 2817{ 2818 return -1; 2819} 2820 2821 2822int tls_connection_ia_permute_inner_secret(void *tls_ctx, 2823 struct tls_connection *conn, 2824 const u8 *key, size_t key_len) 2825{ 2826 return -1; 2827} 2828 2829 2830#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 2831/* Pre-shared secred requires a patch to openssl, so this function is 2832 * commented out unless explicitly needed for EAP-FAST in order to be able to 2833 * build this file with unmodified openssl. */ 2834 2835static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, 2836 STACK_OF(SSL_CIPHER) *peer_ciphers, 2837 SSL_CIPHER **cipher, void *arg) 2838{ 2839 struct tls_connection *conn = arg; 2840 int ret; 2841 2842 if (conn == NULL || conn->session_ticket_cb == NULL) 2843 return 0; 2844 2845 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, 2846 conn->session_ticket, 2847 conn->session_ticket_len, 2848 s->s3->client_random, 2849 s->s3->server_random, secret); 2850 os_free(conn->session_ticket); 2851 conn->session_ticket = NULL; 2852 2853 if (ret <= 0) 2854 return 0; 2855 2856 *secret_len = SSL_MAX_MASTER_KEY_LENGTH; 2857 return 1; 2858} 2859 2860 2861#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2862static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data, 2863 int len, void *arg) 2864{ 2865 struct tls_connection *conn = arg; 2866 2867 if (conn == NULL || conn->session_ticket_cb == NULL) 2868 return 0; 2869 2870 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len); 2871 2872 os_free(conn->session_ticket); 2873 conn->session_ticket = NULL; 2874 2875 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2876 "extension", data, len); 2877 2878 conn->session_ticket = os_malloc(len); 2879 if (conn->session_ticket == NULL) 2880 return 0; 2881 2882 os_memcpy(conn->session_ticket, data, len); 2883 conn->session_ticket_len = len; 2884 2885 return 1; 2886} 2887#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2888#ifdef SSL_OP_NO_TICKET 2889static void tls_hello_ext_cb(SSL *s, int client_server, int type, 2890 unsigned char *data, int len, void *arg) 2891{ 2892 struct tls_connection *conn = arg; 2893 2894 if (conn == NULL || conn->session_ticket_cb == NULL) 2895 return; 2896 2897 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 2898 type, len); 2899 2900 if (type == TLSEXT_TYPE_session_ticket && !client_server) { 2901 os_free(conn->session_ticket); 2902 conn->session_ticket = NULL; 2903 2904 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2905 "extension", data, len); 2906 conn->session_ticket = os_malloc(len); 2907 if (conn->session_ticket == NULL) 2908 return; 2909 2910 os_memcpy(conn->session_ticket, data, len); 2911 conn->session_ticket_len = len; 2912 } 2913} 2914#else /* SSL_OP_NO_TICKET */ 2915static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg) 2916{ 2917 struct tls_connection *conn = arg; 2918 2919 if (conn == NULL || conn->session_ticket_cb == NULL) 2920 return 0; 2921 2922 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 2923 ext->type, ext->length); 2924 2925 os_free(conn->session_ticket); 2926 conn->session_ticket = NULL; 2927 2928 if (ext->type == 35) { 2929 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2930 "extension", ext->data, ext->length); 2931 conn->session_ticket = os_malloc(ext->length); 2932 if (conn->session_ticket == NULL) 2933 return SSL_AD_INTERNAL_ERROR; 2934 2935 os_memcpy(conn->session_ticket, ext->data, ext->length); 2936 conn->session_ticket_len = ext->length; 2937 } 2938 2939 return 0; 2940} 2941#endif /* SSL_OP_NO_TICKET */ 2942#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2943#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 2944 2945 2946int tls_connection_set_session_ticket_cb(void *tls_ctx, 2947 struct tls_connection *conn, 2948 tls_session_ticket_cb cb, 2949 void *ctx) 2950{ 2951#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 2952 conn->session_ticket_cb = cb; 2953 conn->session_ticket_cb_ctx = ctx; 2954 2955 if (cb) { 2956 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, 2957 conn) != 1) 2958 return -1; 2959#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2960 SSL_set_session_ticket_ext_cb(conn->ssl, 2961 tls_session_ticket_ext_cb, conn); 2962#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2963#ifdef SSL_OP_NO_TICKET 2964 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb); 2965 SSL_set_tlsext_debug_arg(conn->ssl, conn); 2966#else /* SSL_OP_NO_TICKET */ 2967 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb, 2968 conn) != 1) 2969 return -1; 2970#endif /* SSL_OP_NO_TICKET */ 2971#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2972 } else { 2973 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) 2974 return -1; 2975#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2976 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL); 2977#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2978#ifdef SSL_OP_NO_TICKET 2979 SSL_set_tlsext_debug_callback(conn->ssl, NULL); 2980 SSL_set_tlsext_debug_arg(conn->ssl, conn); 2981#else /* SSL_OP_NO_TICKET */ 2982 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1) 2983 return -1; 2984#endif /* SSL_OP_NO_TICKET */ 2985#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2986 } 2987 2988 return 0; 2989#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 2990 return -1; 2991#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 2992} 2993