tls_openssl.c revision fb79edc9df1f20461e90e478363d207348213d35
1/* 2 * SSL/TLS interface functions for OpenSSL 3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#ifndef CONFIG_SMARTCARD 12#ifndef OPENSSL_NO_ENGINE 13#ifndef ANDROID 14#define OPENSSL_NO_ENGINE 15#endif 16#endif 17#endif 18 19#include <openssl/ssl.h> 20#include <openssl/err.h> 21#include <openssl/pkcs12.h> 22#include <openssl/x509v3.h> 23#ifndef OPENSSL_NO_ENGINE 24#include <openssl/engine.h> 25#endif /* OPENSSL_NO_ENGINE */ 26 27#include "common.h" 28#include "crypto.h" 29#include "tls.h" 30 31#if OPENSSL_VERSION_NUMBER >= 0x0090800fL 32#define OPENSSL_d2i_TYPE const unsigned char ** 33#else 34#define OPENSSL_d2i_TYPE unsigned char ** 35#endif 36 37#if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data) 38#define OPENSSL_SUPPORTS_CTX_APP_DATA 39#endif 40 41#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT 42#ifdef SSL_OP_NO_TICKET 43/* 44 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on 45 * 2008-11-15. This version uses a bit different API compared to the old patch. 46 */ 47#define CONFIG_OPENSSL_TICKET_OVERRIDE 48#endif 49#endif 50 51#ifdef SSL_set_tlsext_status_type 52#ifndef OPENSSL_NO_TLSEXT 53#define HAVE_OCSP 54#include <openssl/ocsp.h> 55#endif /* OPENSSL_NO_TLSEXT */ 56#endif /* SSL_set_tlsext_status_type */ 57 58#ifdef ANDROID 59#include <openssl/pem.h> 60#include <keystore/keystore_get.h> 61 62static BIO * BIO_from_keystore(const char *key) 63{ 64 BIO *bio = NULL; 65 uint8_t *value = NULL; 66 int length = keystore_get(key, strlen(key), &value); 67 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) 68 BIO_write(bio, value, length); 69 free(value); 70 return bio; 71} 72#endif /* ANDROID */ 73 74static int tls_openssl_ref_count = 0; 75 76struct tls_context { 77 void (*event_cb)(void *ctx, enum tls_event ev, 78 union tls_event_data *data); 79 void *cb_ctx; 80 int cert_in_cb; 81 char *ocsp_stapling_response; 82}; 83 84static struct tls_context *tls_global = NULL; 85 86 87struct tls_connection { 88 struct tls_context *context; 89 SSL *ssl; 90 BIO *ssl_in, *ssl_out; 91#ifndef OPENSSL_NO_ENGINE 92 ENGINE *engine; /* functional reference to the engine */ 93 EVP_PKEY *private_key; /* the private key if using engine */ 94#endif /* OPENSSL_NO_ENGINE */ 95 char *subject_match, *altsubject_match, *suffix_match; 96 int read_alerts, write_alerts, failed; 97 98 tls_session_ticket_cb session_ticket_cb; 99 void *session_ticket_cb_ctx; 100 101 /* SessionTicket received from OpenSSL hello_extension_cb (server) */ 102 u8 *session_ticket; 103 size_t session_ticket_len; 104 105 unsigned int ca_cert_verify:1; 106 unsigned int cert_probe:1; 107 unsigned int server_cert_only:1; 108 unsigned int server:1; 109 110 u8 srv_cert_hash[32]; 111 112 unsigned int flags; 113 114 X509 *peer_cert; 115 X509 *peer_issuer; 116 X509 *peer_issuer_issuer; 117}; 118 119 120static struct tls_context * tls_context_new(const struct tls_config *conf) 121{ 122 struct tls_context *context = os_zalloc(sizeof(*context)); 123 if (context == NULL) 124 return NULL; 125 if (conf) { 126 context->event_cb = conf->event_cb; 127 context->cb_ctx = conf->cb_ctx; 128 context->cert_in_cb = conf->cert_in_cb; 129 } 130 return context; 131} 132 133 134#ifdef CONFIG_NO_STDOUT_DEBUG 135 136static void _tls_show_errors(void) 137{ 138 unsigned long err; 139 140 while ((err = ERR_get_error())) { 141 /* Just ignore the errors, since stdout is disabled */ 142 } 143} 144#define tls_show_errors(l, f, t) _tls_show_errors() 145 146#else /* CONFIG_NO_STDOUT_DEBUG */ 147 148static void tls_show_errors(int level, const char *func, const char *txt) 149{ 150 unsigned long err; 151 152 wpa_printf(level, "OpenSSL: %s - %s %s", 153 func, txt, ERR_error_string(ERR_get_error(), NULL)); 154 155 while ((err = ERR_get_error())) { 156 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 157 ERR_error_string(err, NULL)); 158 } 159} 160 161#endif /* CONFIG_NO_STDOUT_DEBUG */ 162 163 164#ifdef CONFIG_NATIVE_WINDOWS 165 166/* Windows CryptoAPI and access to certificate stores */ 167#include <wincrypt.h> 168 169#ifdef __MINGW32_VERSION 170/* 171 * MinGW does not yet include all the needed definitions for CryptoAPI, so 172 * define here whatever extra is needed. 173 */ 174#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16) 175#define CERT_STORE_READONLY_FLAG 0x00008000 176#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 177 178#endif /* __MINGW32_VERSION */ 179 180 181struct cryptoapi_rsa_data { 182 const CERT_CONTEXT *cert; 183 HCRYPTPROV crypt_prov; 184 DWORD key_spec; 185 BOOL free_crypt_prov; 186}; 187 188 189static void cryptoapi_error(const char *msg) 190{ 191 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u", 192 msg, (unsigned int) GetLastError()); 193} 194 195 196static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from, 197 unsigned char *to, RSA *rsa, int padding) 198{ 199 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 200 return 0; 201} 202 203 204static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from, 205 unsigned char *to, RSA *rsa, int padding) 206{ 207 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 208 return 0; 209} 210 211 212static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from, 213 unsigned char *to, RSA *rsa, int padding) 214{ 215 struct cryptoapi_rsa_data *priv = 216 (struct cryptoapi_rsa_data *) rsa->meth->app_data; 217 HCRYPTHASH hash; 218 DWORD hash_size, len, i; 219 unsigned char *buf = NULL; 220 int ret = 0; 221 222 if (priv == NULL) { 223 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 224 ERR_R_PASSED_NULL_PARAMETER); 225 return 0; 226 } 227 228 if (padding != RSA_PKCS1_PADDING) { 229 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 230 RSA_R_UNKNOWN_PADDING_TYPE); 231 return 0; 232 } 233 234 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) { 235 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported", 236 __func__); 237 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 238 RSA_R_INVALID_MESSAGE_LENGTH); 239 return 0; 240 } 241 242 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash)) 243 { 244 cryptoapi_error("CryptCreateHash failed"); 245 return 0; 246 } 247 248 len = sizeof(hash_size); 249 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len, 250 0)) { 251 cryptoapi_error("CryptGetHashParam failed"); 252 goto err; 253 } 254 255 if ((int) hash_size != flen) { 256 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)", 257 (unsigned) hash_size, flen); 258 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 259 RSA_R_INVALID_MESSAGE_LENGTH); 260 goto err; 261 } 262 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) { 263 cryptoapi_error("CryptSetHashParam failed"); 264 goto err; 265 } 266 267 len = RSA_size(rsa); 268 buf = os_malloc(len); 269 if (buf == NULL) { 270 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 271 goto err; 272 } 273 274 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) { 275 cryptoapi_error("CryptSignHash failed"); 276 goto err; 277 } 278 279 for (i = 0; i < len; i++) 280 to[i] = buf[len - i - 1]; 281 ret = len; 282 283err: 284 os_free(buf); 285 CryptDestroyHash(hash); 286 287 return ret; 288} 289 290 291static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from, 292 unsigned char *to, RSA *rsa, int padding) 293{ 294 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 295 return 0; 296} 297 298 299static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv) 300{ 301 if (priv == NULL) 302 return; 303 if (priv->crypt_prov && priv->free_crypt_prov) 304 CryptReleaseContext(priv->crypt_prov, 0); 305 if (priv->cert) 306 CertFreeCertificateContext(priv->cert); 307 os_free(priv); 308} 309 310 311static int cryptoapi_finish(RSA *rsa) 312{ 313 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data); 314 os_free((void *) rsa->meth); 315 rsa->meth = NULL; 316 return 1; 317} 318 319 320static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store) 321{ 322 HCERTSTORE cs; 323 const CERT_CONTEXT *ret = NULL; 324 325 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0, 326 store | CERT_STORE_OPEN_EXISTING_FLAG | 327 CERT_STORE_READONLY_FLAG, L"MY"); 328 if (cs == NULL) { 329 cryptoapi_error("Failed to open 'My system store'"); 330 return NULL; 331 } 332 333 if (strncmp(name, "cert://", 7) == 0) { 334 unsigned short wbuf[255]; 335 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255); 336 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING | 337 PKCS_7_ASN_ENCODING, 338 0, CERT_FIND_SUBJECT_STR, 339 wbuf, NULL); 340 } else if (strncmp(name, "hash://", 7) == 0) { 341 CRYPT_HASH_BLOB blob; 342 int len; 343 const char *hash = name + 7; 344 unsigned char *buf; 345 346 len = os_strlen(hash) / 2; 347 buf = os_malloc(len); 348 if (buf && hexstr2bin(hash, buf, len) == 0) { 349 blob.cbData = len; 350 blob.pbData = buf; 351 ret = CertFindCertificateInStore(cs, 352 X509_ASN_ENCODING | 353 PKCS_7_ASN_ENCODING, 354 0, CERT_FIND_HASH, 355 &blob, NULL); 356 } 357 os_free(buf); 358 } 359 360 CertCloseStore(cs, 0); 361 362 return ret; 363} 364 365 366static int tls_cryptoapi_cert(SSL *ssl, const char *name) 367{ 368 X509 *cert = NULL; 369 RSA *rsa = NULL, *pub_rsa; 370 struct cryptoapi_rsa_data *priv; 371 RSA_METHOD *rsa_meth; 372 373 if (name == NULL || 374 (strncmp(name, "cert://", 7) != 0 && 375 strncmp(name, "hash://", 7) != 0)) 376 return -1; 377 378 priv = os_zalloc(sizeof(*priv)); 379 rsa_meth = os_zalloc(sizeof(*rsa_meth)); 380 if (priv == NULL || rsa_meth == NULL) { 381 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory " 382 "for CryptoAPI RSA method"); 383 os_free(priv); 384 os_free(rsa_meth); 385 return -1; 386 } 387 388 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER); 389 if (priv->cert == NULL) { 390 priv->cert = cryptoapi_find_cert( 391 name, CERT_SYSTEM_STORE_LOCAL_MACHINE); 392 } 393 if (priv->cert == NULL) { 394 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate " 395 "'%s'", name); 396 goto err; 397 } 398 399 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded, 400 priv->cert->cbCertEncoded); 401 if (cert == NULL) { 402 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER " 403 "encoding"); 404 goto err; 405 } 406 407 if (!CryptAcquireCertificatePrivateKey(priv->cert, 408 CRYPT_ACQUIRE_COMPARE_KEY_FLAG, 409 NULL, &priv->crypt_prov, 410 &priv->key_spec, 411 &priv->free_crypt_prov)) { 412 cryptoapi_error("Failed to acquire a private key for the " 413 "certificate"); 414 goto err; 415 } 416 417 rsa_meth->name = "Microsoft CryptoAPI RSA Method"; 418 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc; 419 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec; 420 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc; 421 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec; 422 rsa_meth->finish = cryptoapi_finish; 423 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; 424 rsa_meth->app_data = (char *) priv; 425 426 rsa = RSA_new(); 427 if (rsa == NULL) { 428 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 429 ERR_R_MALLOC_FAILURE); 430 goto err; 431 } 432 433 if (!SSL_use_certificate(ssl, cert)) { 434 RSA_free(rsa); 435 rsa = NULL; 436 goto err; 437 } 438 pub_rsa = cert->cert_info->key->pkey->pkey.rsa; 439 X509_free(cert); 440 cert = NULL; 441 442 rsa->n = BN_dup(pub_rsa->n); 443 rsa->e = BN_dup(pub_rsa->e); 444 if (!RSA_set_method(rsa, rsa_meth)) 445 goto err; 446 447 if (!SSL_use_RSAPrivateKey(ssl, rsa)) 448 goto err; 449 RSA_free(rsa); 450 451 return 0; 452 453err: 454 if (cert) 455 X509_free(cert); 456 if (rsa) 457 RSA_free(rsa); 458 else { 459 os_free(rsa_meth); 460 cryptoapi_free_data(priv); 461 } 462 return -1; 463} 464 465 466static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name) 467{ 468 HCERTSTORE cs; 469 PCCERT_CONTEXT ctx = NULL; 470 X509 *cert; 471 char buf[128]; 472 const char *store; 473#ifdef UNICODE 474 WCHAR *wstore; 475#endif /* UNICODE */ 476 477 if (name == NULL || strncmp(name, "cert_store://", 13) != 0) 478 return -1; 479 480 store = name + 13; 481#ifdef UNICODE 482 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR)); 483 if (wstore == NULL) 484 return -1; 485 wsprintf(wstore, L"%S", store); 486 cs = CertOpenSystemStore(0, wstore); 487 os_free(wstore); 488#else /* UNICODE */ 489 cs = CertOpenSystemStore(0, store); 490#endif /* UNICODE */ 491 if (cs == NULL) { 492 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store " 493 "'%s': error=%d", __func__, store, 494 (int) GetLastError()); 495 return -1; 496 } 497 498 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) { 499 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded, 500 ctx->cbCertEncoded); 501 if (cert == NULL) { 502 wpa_printf(MSG_INFO, "CryptoAPI: Could not process " 503 "X509 DER encoding for CA cert"); 504 continue; 505 } 506 507 X509_NAME_oneline(X509_get_subject_name(cert), buf, 508 sizeof(buf)); 509 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for " 510 "system certificate store: subject='%s'", buf); 511 512 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 513 tls_show_errors(MSG_WARNING, __func__, 514 "Failed to add ca_cert to OpenSSL " 515 "certificate store"); 516 } 517 518 X509_free(cert); 519 } 520 521 if (!CertCloseStore(cs, 0)) { 522 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store " 523 "'%s': error=%d", __func__, name + 13, 524 (int) GetLastError()); 525 } 526 527 return 0; 528} 529 530 531#else /* CONFIG_NATIVE_WINDOWS */ 532 533static int tls_cryptoapi_cert(SSL *ssl, const char *name) 534{ 535 return -1; 536} 537 538#endif /* CONFIG_NATIVE_WINDOWS */ 539 540 541static void ssl_info_cb(const SSL *ssl, int where, int ret) 542{ 543 const char *str; 544 int w; 545 546 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret); 547 w = where & ~SSL_ST_MASK; 548 if (w & SSL_ST_CONNECT) 549 str = "SSL_connect"; 550 else if (w & SSL_ST_ACCEPT) 551 str = "SSL_accept"; 552 else 553 str = "undefined"; 554 555 if (where & SSL_CB_LOOP) { 556 wpa_printf(MSG_DEBUG, "SSL: %s:%s", 557 str, SSL_state_string_long(ssl)); 558 } else if (where & SSL_CB_ALERT) { 559 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl); 560 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s", 561 where & SSL_CB_READ ? 562 "read (remote end reported an error)" : 563 "write (local SSL3 detected an error)", 564 SSL_alert_type_string_long(ret), 565 SSL_alert_desc_string_long(ret)); 566 if ((ret >> 8) == SSL3_AL_FATAL) { 567 if (where & SSL_CB_READ) 568 conn->read_alerts++; 569 else 570 conn->write_alerts++; 571 } 572 if (conn->context->event_cb != NULL) { 573 union tls_event_data ev; 574 struct tls_context *context = conn->context; 575 os_memset(&ev, 0, sizeof(ev)); 576 ev.alert.is_local = !(where & SSL_CB_READ); 577 ev.alert.type = SSL_alert_type_string_long(ret); 578 ev.alert.description = SSL_alert_desc_string_long(ret); 579 context->event_cb(context->cb_ctx, TLS_ALERT, &ev); 580 } 581 } else if (where & SSL_CB_EXIT && ret <= 0) { 582 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", 583 str, ret == 0 ? "failed" : "error", 584 SSL_state_string_long(ssl)); 585 } 586} 587 588 589#ifndef OPENSSL_NO_ENGINE 590/** 591 * tls_engine_load_dynamic_generic - load any openssl engine 592 * @pre: an array of commands and values that load an engine initialized 593 * in the engine specific function 594 * @post: an array of commands and values that initialize an already loaded 595 * engine (or %NULL if not required) 596 * @id: the engine id of the engine to load (only required if post is not %NULL 597 * 598 * This function is a generic function that loads any openssl engine. 599 * 600 * Returns: 0 on success, -1 on failure 601 */ 602static int tls_engine_load_dynamic_generic(const char *pre[], 603 const char *post[], const char *id) 604{ 605 ENGINE *engine; 606 const char *dynamic_id = "dynamic"; 607 608 engine = ENGINE_by_id(id); 609 if (engine) { 610 ENGINE_free(engine); 611 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " 612 "available", id); 613 return 0; 614 } 615 ERR_clear_error(); 616 617 engine = ENGINE_by_id(dynamic_id); 618 if (engine == NULL) { 619 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 620 dynamic_id, 621 ERR_error_string(ERR_get_error(), NULL)); 622 return -1; 623 } 624 625 /* Perform the pre commands. This will load the engine. */ 626 while (pre && pre[0]) { 627 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]); 628 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) { 629 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: " 630 "%s %s [%s]", pre[0], pre[1], 631 ERR_error_string(ERR_get_error(), NULL)); 632 ENGINE_free(engine); 633 return -1; 634 } 635 pre += 2; 636 } 637 638 /* 639 * Free the reference to the "dynamic" engine. The loaded engine can 640 * now be looked up using ENGINE_by_id(). 641 */ 642 ENGINE_free(engine); 643 644 engine = ENGINE_by_id(id); 645 if (engine == NULL) { 646 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 647 id, ERR_error_string(ERR_get_error(), NULL)); 648 return -1; 649 } 650 651 while (post && post[0]) { 652 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]); 653 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) { 654 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:" 655 " %s %s [%s]", post[0], post[1], 656 ERR_error_string(ERR_get_error(), NULL)); 657 ENGINE_remove(engine); 658 ENGINE_free(engine); 659 return -1; 660 } 661 post += 2; 662 } 663 ENGINE_free(engine); 664 665 return 0; 666} 667 668 669/** 670 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc 671 * @pkcs11_so_path: pksc11_so_path from the configuration 672 * @pcks11_module_path: pkcs11_module_path from the configuration 673 */ 674static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, 675 const char *pkcs11_module_path) 676{ 677 char *engine_id = "pkcs11"; 678 const char *pre_cmd[] = { 679 "SO_PATH", NULL /* pkcs11_so_path */, 680 "ID", NULL /* engine_id */, 681 "LIST_ADD", "1", 682 /* "NO_VCHECK", "1", */ 683 "LOAD", NULL, 684 NULL, NULL 685 }; 686 const char *post_cmd[] = { 687 "MODULE_PATH", NULL /* pkcs11_module_path */, 688 NULL, NULL 689 }; 690 691 if (!pkcs11_so_path || !pkcs11_module_path) 692 return 0; 693 694 pre_cmd[1] = pkcs11_so_path; 695 pre_cmd[3] = engine_id; 696 post_cmd[1] = pkcs11_module_path; 697 698 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", 699 pkcs11_so_path); 700 701 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id); 702} 703 704 705/** 706 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc 707 * @opensc_so_path: opensc_so_path from the configuration 708 */ 709static int tls_engine_load_dynamic_opensc(const char *opensc_so_path) 710{ 711 char *engine_id = "opensc"; 712 const char *pre_cmd[] = { 713 "SO_PATH", NULL /* opensc_so_path */, 714 "ID", NULL /* engine_id */, 715 "LIST_ADD", "1", 716 "LOAD", NULL, 717 NULL, NULL 718 }; 719 720 if (!opensc_so_path) 721 return 0; 722 723 pre_cmd[1] = opensc_so_path; 724 pre_cmd[3] = engine_id; 725 726 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s", 727 opensc_so_path); 728 729 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); 730} 731#endif /* OPENSSL_NO_ENGINE */ 732 733 734void * tls_init(const struct tls_config *conf) 735{ 736 SSL_CTX *ssl; 737 struct tls_context *context; 738 739 if (tls_openssl_ref_count == 0) { 740 tls_global = context = tls_context_new(conf); 741 if (context == NULL) 742 return NULL; 743#ifdef CONFIG_FIPS 744#ifdef OPENSSL_FIPS 745 if (conf && conf->fips_mode) { 746 if (!FIPS_mode_set(1)) { 747 wpa_printf(MSG_ERROR, "Failed to enable FIPS " 748 "mode"); 749 ERR_load_crypto_strings(); 750 ERR_print_errors_fp(stderr); 751 os_free(tls_global); 752 tls_global = NULL; 753 return NULL; 754 } else 755 wpa_printf(MSG_INFO, "Running in FIPS mode"); 756 } 757#else /* OPENSSL_FIPS */ 758 if (conf && conf->fips_mode) { 759 wpa_printf(MSG_ERROR, "FIPS mode requested, but not " 760 "supported"); 761 os_free(tls_global); 762 tls_global = NULL; 763 return NULL; 764 } 765#endif /* OPENSSL_FIPS */ 766#endif /* CONFIG_FIPS */ 767 SSL_load_error_strings(); 768 SSL_library_init(); 769#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256) 770 EVP_add_digest(EVP_sha256()); 771#endif /* OPENSSL_NO_SHA256 */ 772 /* TODO: if /dev/urandom is available, PRNG is seeded 773 * automatically. If this is not the case, random data should 774 * be added here. */ 775 776#ifdef PKCS12_FUNCS 777#ifndef OPENSSL_NO_RC2 778 /* 779 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it. 780 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8 781 * versions, but it looks like OpenSSL 1.0.0 does not do that 782 * anymore. 783 */ 784 EVP_add_cipher(EVP_rc2_40_cbc()); 785#endif /* OPENSSL_NO_RC2 */ 786 PKCS12_PBE_add(); 787#endif /* PKCS12_FUNCS */ 788 } else { 789 context = tls_global; 790#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 791 /* Newer OpenSSL can store app-data per-SSL */ 792 context = tls_context_new(conf); 793 if (context == NULL) 794 return NULL; 795#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 796 } 797 tls_openssl_ref_count++; 798 799 ssl = SSL_CTX_new(TLSv1_method()); 800 if (ssl == NULL) { 801 tls_openssl_ref_count--; 802#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 803 if (context != tls_global) 804 os_free(context); 805#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 806 if (tls_openssl_ref_count == 0) { 807 os_free(tls_global); 808 tls_global = NULL; 809 } 810 return NULL; 811 } 812 813 SSL_CTX_set_info_callback(ssl, ssl_info_cb); 814#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 815 SSL_CTX_set_app_data(ssl, context); 816#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 817 818#ifndef OPENSSL_NO_ENGINE 819 if (conf && 820 (conf->opensc_engine_path || conf->pkcs11_engine_path || 821 conf->pkcs11_module_path)) { 822 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); 823 ERR_load_ENGINE_strings(); 824 ENGINE_load_dynamic(); 825 826 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || 827 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, 828 conf->pkcs11_module_path)) { 829 tls_deinit(ssl); 830 return NULL; 831 } 832 } 833#endif /* OPENSSL_NO_ENGINE */ 834 835 return ssl; 836} 837 838 839void tls_deinit(void *ssl_ctx) 840{ 841 SSL_CTX *ssl = ssl_ctx; 842#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 843 struct tls_context *context = SSL_CTX_get_app_data(ssl); 844 if (context != tls_global) 845 os_free(context); 846#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 847 SSL_CTX_free(ssl); 848 849 tls_openssl_ref_count--; 850 if (tls_openssl_ref_count == 0) { 851#ifndef OPENSSL_NO_ENGINE 852 ENGINE_cleanup(); 853#endif /* OPENSSL_NO_ENGINE */ 854 CRYPTO_cleanup_all_ex_data(); 855 ERR_remove_state(0); 856 ERR_free_strings(); 857 EVP_cleanup(); 858 os_free(tls_global->ocsp_stapling_response); 859 tls_global->ocsp_stapling_response = NULL; 860 os_free(tls_global); 861 tls_global = NULL; 862 } 863} 864 865 866static int tls_engine_init(struct tls_connection *conn, const char *engine_id, 867 const char *pin, const char *key_id, 868 const char *cert_id, const char *ca_cert_id) 869{ 870#ifndef OPENSSL_NO_ENGINE 871 int ret = -1; 872 if (engine_id == NULL) { 873 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); 874 return -1; 875 } 876#ifndef ANDROID 877 if (pin == NULL) { 878 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set"); 879 return -1; 880 } 881#endif 882 if (key_id == NULL) { 883 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set"); 884 return -1; 885 } 886 887 ERR_clear_error(); 888#ifdef ANDROID 889 ENGINE_load_dynamic(); 890#endif 891 conn->engine = ENGINE_by_id(engine_id); 892 if (!conn->engine) { 893 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", 894 engine_id, ERR_error_string(ERR_get_error(), NULL)); 895 goto err; 896 } 897 if (ENGINE_init(conn->engine) != 1) { 898 wpa_printf(MSG_ERROR, "ENGINE: engine init failed " 899 "(engine: %s) [%s]", engine_id, 900 ERR_error_string(ERR_get_error(), NULL)); 901 goto err; 902 } 903 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); 904 905#ifndef ANDROID 906 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { 907 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", 908 ERR_error_string(ERR_get_error(), NULL)); 909 goto err; 910 } 911#endif 912 /* load private key first in-case PIN is required for cert */ 913 conn->private_key = ENGINE_load_private_key(conn->engine, 914 key_id, NULL, NULL); 915 if (!conn->private_key) { 916 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id" 917 " '%s' [%s]", key_id, 918 ERR_error_string(ERR_get_error(), NULL)); 919 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 920 goto err; 921 } 922 923 /* handle a certificate and/or CA certificate */ 924 if (cert_id || ca_cert_id) { 925 const char *cmd_name = "LOAD_CERT_CTRL"; 926 927 /* test if the engine supports a LOAD_CERT_CTRL */ 928 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME, 929 0, (void *)cmd_name, NULL)) { 930 wpa_printf(MSG_ERROR, "ENGINE: engine does not support" 931 " loading certificates"); 932 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 933 goto err; 934 } 935 } 936 937 return 0; 938 939err: 940 if (conn->engine) { 941 ENGINE_free(conn->engine); 942 conn->engine = NULL; 943 } 944 945 if (conn->private_key) { 946 EVP_PKEY_free(conn->private_key); 947 conn->private_key = NULL; 948 } 949 950 return ret; 951#else /* OPENSSL_NO_ENGINE */ 952 return 0; 953#endif /* OPENSSL_NO_ENGINE */ 954} 955 956 957static void tls_engine_deinit(struct tls_connection *conn) 958{ 959#ifndef OPENSSL_NO_ENGINE 960 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit"); 961 if (conn->private_key) { 962 EVP_PKEY_free(conn->private_key); 963 conn->private_key = NULL; 964 } 965 if (conn->engine) { 966 ENGINE_finish(conn->engine); 967 conn->engine = NULL; 968 } 969#endif /* OPENSSL_NO_ENGINE */ 970} 971 972 973int tls_get_errors(void *ssl_ctx) 974{ 975 int count = 0; 976 unsigned long err; 977 978 while ((err = ERR_get_error())) { 979 wpa_printf(MSG_INFO, "TLS - SSL error: %s", 980 ERR_error_string(err, NULL)); 981 count++; 982 } 983 984 return count; 985} 986 987struct tls_connection * tls_connection_init(void *ssl_ctx) 988{ 989 SSL_CTX *ssl = ssl_ctx; 990 struct tls_connection *conn; 991 long options; 992 struct tls_context *context = tls_global; 993#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 994 context = SSL_CTX_get_app_data(ssl); 995#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 996 997 conn = os_zalloc(sizeof(*conn)); 998 if (conn == NULL) 999 return NULL; 1000 conn->ssl = SSL_new(ssl); 1001 if (conn->ssl == NULL) { 1002 tls_show_errors(MSG_INFO, __func__, 1003 "Failed to initialize new SSL connection"); 1004 os_free(conn); 1005 return NULL; 1006 } 1007 1008 conn->context = context; 1009 SSL_set_app_data(conn->ssl, conn); 1010 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 1011 SSL_OP_SINGLE_DH_USE; 1012#ifdef SSL_OP_NO_COMPRESSION 1013 options |= SSL_OP_NO_COMPRESSION; 1014#endif /* SSL_OP_NO_COMPRESSION */ 1015#ifdef ANDROID 1016 options |= SSL_OP_NO_TLSv1_1; 1017 options |= SSL_OP_NO_TLSv1_2; 1018 options |= SSL_OP_NO_TICKET; 1019#endif /* ANDROID */ 1020 SSL_set_options(conn->ssl, options); 1021 1022 conn->ssl_in = BIO_new(BIO_s_mem()); 1023 if (!conn->ssl_in) { 1024 tls_show_errors(MSG_INFO, __func__, 1025 "Failed to create a new BIO for ssl_in"); 1026 SSL_free(conn->ssl); 1027 os_free(conn); 1028 return NULL; 1029 } 1030 1031 conn->ssl_out = BIO_new(BIO_s_mem()); 1032 if (!conn->ssl_out) { 1033 tls_show_errors(MSG_INFO, __func__, 1034 "Failed to create a new BIO for ssl_out"); 1035 SSL_free(conn->ssl); 1036 BIO_free(conn->ssl_in); 1037 os_free(conn); 1038 return NULL; 1039 } 1040 1041 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out); 1042 1043 return conn; 1044} 1045 1046 1047void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) 1048{ 1049 if (conn == NULL) 1050 return; 1051 SSL_free(conn->ssl); 1052 tls_engine_deinit(conn); 1053 os_free(conn->subject_match); 1054 os_free(conn->altsubject_match); 1055 os_free(conn->suffix_match); 1056 os_free(conn->session_ticket); 1057 os_free(conn); 1058} 1059 1060 1061int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) 1062{ 1063 return conn ? SSL_is_init_finished(conn->ssl) : 0; 1064} 1065 1066 1067int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) 1068{ 1069 if (conn == NULL) 1070 return -1; 1071 1072 /* Shutdown previous TLS connection without notifying the peer 1073 * because the connection was already terminated in practice 1074 * and "close notify" shutdown alert would confuse AS. */ 1075 SSL_set_quiet_shutdown(conn->ssl, 1); 1076 SSL_shutdown(conn->ssl); 1077 return 0; 1078} 1079 1080 1081static int tls_match_altsubject_component(X509 *cert, int type, 1082 const char *value, size_t len) 1083{ 1084 GENERAL_NAME *gen; 1085 void *ext; 1086 int i, found = 0; 1087 1088 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 1089 1090 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 1091 gen = sk_GENERAL_NAME_value(ext, i); 1092 if (gen->type != type) 1093 continue; 1094 if (os_strlen((char *) gen->d.ia5->data) == len && 1095 os_memcmp(value, gen->d.ia5->data, len) == 0) 1096 found++; 1097 } 1098 1099 return found; 1100} 1101 1102 1103static int tls_match_altsubject(X509 *cert, const char *match) 1104{ 1105 int type; 1106 const char *pos, *end; 1107 size_t len; 1108 1109 pos = match; 1110 do { 1111 if (os_strncmp(pos, "EMAIL:", 6) == 0) { 1112 type = GEN_EMAIL; 1113 pos += 6; 1114 } else if (os_strncmp(pos, "DNS:", 4) == 0) { 1115 type = GEN_DNS; 1116 pos += 4; 1117 } else if (os_strncmp(pos, "URI:", 4) == 0) { 1118 type = GEN_URI; 1119 pos += 4; 1120 } else { 1121 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " 1122 "match '%s'", pos); 1123 return 0; 1124 } 1125 end = os_strchr(pos, ';'); 1126 while (end) { 1127 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || 1128 os_strncmp(end + 1, "DNS:", 4) == 0 || 1129 os_strncmp(end + 1, "URI:", 4) == 0) 1130 break; 1131 end = os_strchr(end + 1, ';'); 1132 } 1133 if (end) 1134 len = end - pos; 1135 else 1136 len = os_strlen(pos); 1137 if (tls_match_altsubject_component(cert, type, pos, len) > 0) 1138 return 1; 1139 pos = end + 1; 1140 } while (end); 1141 1142 return 0; 1143} 1144 1145 1146#ifndef CONFIG_NATIVE_WINDOWS 1147static int domain_suffix_match(const u8 *val, size_t len, const char *match) 1148{ 1149 size_t i, match_len; 1150 1151 /* Check for embedded nuls that could mess up suffix matching */ 1152 for (i = 0; i < len; i++) { 1153 if (val[i] == '\0') { 1154 wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject"); 1155 return 0; 1156 } 1157 } 1158 1159 match_len = os_strlen(match); 1160 if (match_len > len) 1161 return 0; 1162 1163 if (os_strncasecmp((const char *) val + len - match_len, match, 1164 match_len) != 0) 1165 return 0; /* no match */ 1166 1167 if (match_len == len) 1168 return 1; /* exact match */ 1169 1170 if (val[len - match_len - 1] == '.') 1171 return 1; /* full label match completes suffix match */ 1172 1173 wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match"); 1174 return 0; 1175} 1176#endif /* CONFIG_NATIVE_WINDOWS */ 1177 1178 1179static int tls_match_suffix(X509 *cert, const char *match) 1180{ 1181#ifdef CONFIG_NATIVE_WINDOWS 1182 /* wincrypt.h has conflicting X509_NAME definition */ 1183 return -1; 1184#else /* CONFIG_NATIVE_WINDOWS */ 1185 GENERAL_NAME *gen; 1186 void *ext; 1187 int i; 1188 int dns_name = 0; 1189 X509_NAME *name; 1190 1191 wpa_printf(MSG_DEBUG, "TLS: Match domain against suffix %s", match); 1192 1193 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 1194 1195 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 1196 gen = sk_GENERAL_NAME_value(ext, i); 1197 if (gen->type != GEN_DNS) 1198 continue; 1199 dns_name++; 1200 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName", 1201 gen->d.dNSName->data, 1202 gen->d.dNSName->length); 1203 if (domain_suffix_match(gen->d.dNSName->data, 1204 gen->d.dNSName->length, match) == 1) { 1205 wpa_printf(MSG_DEBUG, "TLS: Suffix match in dNSName found"); 1206 return 1; 1207 } 1208 } 1209 1210 if (dns_name) { 1211 wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched"); 1212 return 0; 1213 } 1214 1215 name = X509_get_subject_name(cert); 1216 i = -1; 1217 for (;;) { 1218 X509_NAME_ENTRY *e; 1219 ASN1_STRING *cn; 1220 1221 i = X509_NAME_get_index_by_NID(name, NID_commonName, i); 1222 if (i == -1) 1223 break; 1224 e = X509_NAME_get_entry(name, i); 1225 if (e == NULL) 1226 continue; 1227 cn = X509_NAME_ENTRY_get_data(e); 1228 if (cn == NULL) 1229 continue; 1230 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName", 1231 cn->data, cn->length); 1232 if (domain_suffix_match(cn->data, cn->length, match) == 1) { 1233 wpa_printf(MSG_DEBUG, "TLS: Suffix match in commonName found"); 1234 return 1; 1235 } 1236 } 1237 1238 wpa_printf(MSG_DEBUG, "TLS: No CommonName suffix match found"); 1239 return 0; 1240#endif /* CONFIG_NATIVE_WINDOWS */ 1241} 1242 1243 1244static enum tls_fail_reason openssl_tls_fail_reason(int err) 1245{ 1246 switch (err) { 1247 case X509_V_ERR_CERT_REVOKED: 1248 return TLS_FAIL_REVOKED; 1249 case X509_V_ERR_CERT_NOT_YET_VALID: 1250 case X509_V_ERR_CRL_NOT_YET_VALID: 1251 return TLS_FAIL_NOT_YET_VALID; 1252 case X509_V_ERR_CERT_HAS_EXPIRED: 1253 case X509_V_ERR_CRL_HAS_EXPIRED: 1254 return TLS_FAIL_EXPIRED; 1255 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 1256 case X509_V_ERR_UNABLE_TO_GET_CRL: 1257 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 1258 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 1259 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 1260 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1261 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 1262 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 1263 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 1264 case X509_V_ERR_INVALID_CA: 1265 return TLS_FAIL_UNTRUSTED; 1266 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 1267 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 1268 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 1269 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 1270 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 1271 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 1272 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 1273 case X509_V_ERR_CERT_UNTRUSTED: 1274 case X509_V_ERR_CERT_REJECTED: 1275 return TLS_FAIL_BAD_CERTIFICATE; 1276 default: 1277 return TLS_FAIL_UNSPECIFIED; 1278 } 1279} 1280 1281 1282static struct wpabuf * get_x509_cert(X509 *cert) 1283{ 1284 struct wpabuf *buf; 1285 u8 *tmp; 1286 1287 int cert_len = i2d_X509(cert, NULL); 1288 if (cert_len <= 0) 1289 return NULL; 1290 1291 buf = wpabuf_alloc(cert_len); 1292 if (buf == NULL) 1293 return NULL; 1294 1295 tmp = wpabuf_put(buf, cert_len); 1296 i2d_X509(cert, &tmp); 1297 return buf; 1298} 1299 1300 1301static void openssl_tls_fail_event(struct tls_connection *conn, 1302 X509 *err_cert, int err, int depth, 1303 const char *subject, const char *err_str, 1304 enum tls_fail_reason reason) 1305{ 1306 union tls_event_data ev; 1307 struct wpabuf *cert = NULL; 1308 struct tls_context *context = conn->context; 1309 1310 if (context->event_cb == NULL) 1311 return; 1312 1313 cert = get_x509_cert(err_cert); 1314 os_memset(&ev, 0, sizeof(ev)); 1315 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ? 1316 reason : openssl_tls_fail_reason(err); 1317 ev.cert_fail.depth = depth; 1318 ev.cert_fail.subject = subject; 1319 ev.cert_fail.reason_txt = err_str; 1320 ev.cert_fail.cert = cert; 1321 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev); 1322 wpabuf_free(cert); 1323} 1324 1325 1326static void openssl_tls_cert_event(struct tls_connection *conn, 1327 X509 *err_cert, int depth, 1328 const char *subject) 1329{ 1330 struct wpabuf *cert = NULL; 1331 union tls_event_data ev; 1332 struct tls_context *context = conn->context; 1333#ifdef CONFIG_SHA256 1334 u8 hash[32]; 1335#endif /* CONFIG_SHA256 */ 1336 1337 if (context->event_cb == NULL) 1338 return; 1339 1340 os_memset(&ev, 0, sizeof(ev)); 1341 if (conn->cert_probe || context->cert_in_cb) { 1342 cert = get_x509_cert(err_cert); 1343 ev.peer_cert.cert = cert; 1344 } 1345#ifdef CONFIG_SHA256 1346 if (cert) { 1347 const u8 *addr[1]; 1348 size_t len[1]; 1349 addr[0] = wpabuf_head(cert); 1350 len[0] = wpabuf_len(cert); 1351 if (sha256_vector(1, addr, len, hash) == 0) { 1352 ev.peer_cert.hash = hash; 1353 ev.peer_cert.hash_len = sizeof(hash); 1354 } 1355 } 1356#endif /* CONFIG_SHA256 */ 1357 ev.peer_cert.depth = depth; 1358 ev.peer_cert.subject = subject; 1359 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev); 1360 wpabuf_free(cert); 1361} 1362 1363 1364static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) 1365{ 1366 char buf[256]; 1367 X509 *err_cert; 1368 int err, depth; 1369 SSL *ssl; 1370 struct tls_connection *conn; 1371 struct tls_context *context; 1372 char *match, *altmatch, *suffix_match; 1373 const char *err_str; 1374 1375 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); 1376 err = X509_STORE_CTX_get_error(x509_ctx); 1377 depth = X509_STORE_CTX_get_error_depth(x509_ctx); 1378 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 1379 SSL_get_ex_data_X509_STORE_CTX_idx()); 1380 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); 1381 1382 conn = SSL_get_app_data(ssl); 1383 if (conn == NULL) 1384 return 0; 1385 1386 if (depth == 0) 1387 conn->peer_cert = err_cert; 1388 else if (depth == 1) 1389 conn->peer_issuer = err_cert; 1390 else if (depth == 2) 1391 conn->peer_issuer_issuer = err_cert; 1392 1393 context = conn->context; 1394 match = conn->subject_match; 1395 altmatch = conn->altsubject_match; 1396 suffix_match = conn->suffix_match; 1397 1398 if (!preverify_ok && !conn->ca_cert_verify) 1399 preverify_ok = 1; 1400 if (!preverify_ok && depth > 0 && conn->server_cert_only) 1401 preverify_ok = 1; 1402 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) && 1403 (err == X509_V_ERR_CERT_HAS_EXPIRED || 1404 err == X509_V_ERR_CERT_NOT_YET_VALID)) { 1405 wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity " 1406 "time mismatch"); 1407 preverify_ok = 1; 1408 } 1409 1410 err_str = X509_verify_cert_error_string(err); 1411 1412#ifdef CONFIG_SHA256 1413 if (preverify_ok && depth == 0 && conn->server_cert_only) { 1414 struct wpabuf *cert; 1415 cert = get_x509_cert(err_cert); 1416 if (!cert) { 1417 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch " 1418 "server certificate data"); 1419 preverify_ok = 0; 1420 } else { 1421 u8 hash[32]; 1422 const u8 *addr[1]; 1423 size_t len[1]; 1424 addr[0] = wpabuf_head(cert); 1425 len[0] = wpabuf_len(cert); 1426 if (sha256_vector(1, addr, len, hash) < 0 || 1427 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { 1428 err_str = "Server certificate mismatch"; 1429 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 1430 preverify_ok = 0; 1431 } 1432 wpabuf_free(cert); 1433 } 1434 } 1435#endif /* CONFIG_SHA256 */ 1436 1437 if (!preverify_ok) { 1438 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," 1439 " error %d (%s) depth %d for '%s'", err, err_str, 1440 depth, buf); 1441 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1442 err_str, TLS_FAIL_UNSPECIFIED); 1443 return preverify_ok; 1444 } 1445 1446 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d " 1447 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", 1448 preverify_ok, err, err_str, 1449 conn->ca_cert_verify, depth, buf); 1450 if (depth == 0 && match && os_strstr(buf, match) == NULL) { 1451 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " 1452 "match with '%s'", buf, match); 1453 preverify_ok = 0; 1454 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1455 "Subject mismatch", 1456 TLS_FAIL_SUBJECT_MISMATCH); 1457 } else if (depth == 0 && altmatch && 1458 !tls_match_altsubject(err_cert, altmatch)) { 1459 wpa_printf(MSG_WARNING, "TLS: altSubjectName match " 1460 "'%s' not found", altmatch); 1461 preverify_ok = 0; 1462 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1463 "AltSubject mismatch", 1464 TLS_FAIL_ALTSUBJECT_MISMATCH); 1465 } else if (depth == 0 && suffix_match && 1466 !tls_match_suffix(err_cert, suffix_match)) { 1467 wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found", 1468 suffix_match); 1469 preverify_ok = 0; 1470 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1471 "Domain suffix mismatch", 1472 TLS_FAIL_DOMAIN_SUFFIX_MISMATCH); 1473 } else 1474 openssl_tls_cert_event(conn, err_cert, depth, buf); 1475 1476 if (conn->cert_probe && preverify_ok && depth == 0) { 1477 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate " 1478 "on probe-only run"); 1479 preverify_ok = 0; 1480 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1481 "Server certificate chain probe", 1482 TLS_FAIL_SERVER_CHAIN_PROBE); 1483 } 1484 1485 if (!conn->server && err_cert && preverify_ok && depth == 0 && 1486 (err_cert->ex_flags & EXFLAG_XKUSAGE) && 1487 (err_cert->ex_xkusage & XKU_SSL_CLIENT)) { 1488 wpa_printf(MSG_WARNING, "TLS: Server used client certificate"); 1489 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1490 "Server used client certificate", 1491 TLS_FAIL_SERVER_USED_CLIENT_CERT); 1492 preverify_ok = 0; 1493 } 1494 1495 if (preverify_ok && context->event_cb != NULL) 1496 context->event_cb(context->cb_ctx, 1497 TLS_CERT_CHAIN_SUCCESS, NULL); 1498 1499 return preverify_ok; 1500} 1501 1502 1503#ifndef OPENSSL_NO_STDIO 1504static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert) 1505{ 1506 SSL_CTX *ssl_ctx = _ssl_ctx; 1507 X509_LOOKUP *lookup; 1508 int ret = 0; 1509 1510 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store, 1511 X509_LOOKUP_file()); 1512 if (lookup == NULL) { 1513 tls_show_errors(MSG_WARNING, __func__, 1514 "Failed add lookup for X509 store"); 1515 return -1; 1516 } 1517 1518 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) { 1519 unsigned long err = ERR_peek_error(); 1520 tls_show_errors(MSG_WARNING, __func__, 1521 "Failed load CA in DER format"); 1522 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1523 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1524 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1525 "cert already in hash table error", 1526 __func__); 1527 } else 1528 ret = -1; 1529 } 1530 1531 return ret; 1532} 1533#endif /* OPENSSL_NO_STDIO */ 1534 1535 1536static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn, 1537 const char *ca_cert, const u8 *ca_cert_blob, 1538 size_t ca_cert_blob_len, const char *ca_path) 1539{ 1540 SSL_CTX *ssl_ctx = _ssl_ctx; 1541 1542 /* 1543 * Remove previously configured trusted CA certificates before adding 1544 * new ones. 1545 */ 1546 X509_STORE_free(ssl_ctx->cert_store); 1547 ssl_ctx->cert_store = X509_STORE_new(); 1548 if (ssl_ctx->cert_store == NULL) { 1549 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1550 "certificate store", __func__); 1551 return -1; 1552 } 1553 1554 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1555 conn->ca_cert_verify = 1; 1556 1557 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) { 1558 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate " 1559 "chain"); 1560 conn->cert_probe = 1; 1561 conn->ca_cert_verify = 0; 1562 return 0; 1563 } 1564 1565 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) { 1566#ifdef CONFIG_SHA256 1567 const char *pos = ca_cert + 7; 1568 if (os_strncmp(pos, "server/sha256/", 14) != 0) { 1569 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert " 1570 "hash value '%s'", ca_cert); 1571 return -1; 1572 } 1573 pos += 14; 1574 if (os_strlen(pos) != 32 * 2) { 1575 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 " 1576 "hash length in ca_cert '%s'", ca_cert); 1577 return -1; 1578 } 1579 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { 1580 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash " 1581 "value in ca_cert '%s'", ca_cert); 1582 return -1; 1583 } 1584 conn->server_cert_only = 1; 1585 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server " 1586 "certificate match"); 1587 return 0; 1588#else /* CONFIG_SHA256 */ 1589 wpa_printf(MSG_INFO, "No SHA256 included in the build - " 1590 "cannot validate server certificate hash"); 1591 return -1; 1592#endif /* CONFIG_SHA256 */ 1593 } 1594 1595 if (ca_cert_blob) { 1596 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob, 1597 ca_cert_blob_len); 1598 if (cert == NULL) { 1599 tls_show_errors(MSG_WARNING, __func__, 1600 "Failed to parse ca_cert_blob"); 1601 return -1; 1602 } 1603 1604 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1605 unsigned long err = ERR_peek_error(); 1606 tls_show_errors(MSG_WARNING, __func__, 1607 "Failed to add ca_cert_blob to " 1608 "certificate store"); 1609 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1610 ERR_GET_REASON(err) == 1611 X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1612 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1613 "cert already in hash table error", 1614 __func__); 1615 } else { 1616 X509_free(cert); 1617 return -1; 1618 } 1619 } 1620 X509_free(cert); 1621 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob " 1622 "to certificate store", __func__); 1623 return 0; 1624 } 1625 1626#ifdef ANDROID 1627 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) { 1628 BIO *bio = BIO_from_keystore(&ca_cert[11]); 1629 STACK_OF(X509_INFO) *stack = NULL; 1630 int i; 1631 1632 if (bio) { 1633 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 1634 BIO_free(bio); 1635 } 1636 if (!stack) 1637 return -1; 1638 1639 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 1640 X509_INFO *info = sk_X509_INFO_value(stack, i); 1641 if (info->x509) { 1642 X509_STORE_add_cert(ssl_ctx->cert_store, 1643 info->x509); 1644 } 1645 if (info->crl) { 1646 X509_STORE_add_crl(ssl_ctx->cert_store, 1647 info->crl); 1648 } 1649 } 1650 sk_X509_INFO_pop_free(stack, X509_INFO_free); 1651 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1652 return 0; 1653 } 1654#endif /* ANDROID */ 1655 1656#ifdef CONFIG_NATIVE_WINDOWS 1657 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) == 1658 0) { 1659 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from " 1660 "system certificate store"); 1661 return 0; 1662 } 1663#endif /* CONFIG_NATIVE_WINDOWS */ 1664 1665 if (ca_cert || ca_path) { 1666#ifndef OPENSSL_NO_STDIO 1667 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) != 1668 1) { 1669 tls_show_errors(MSG_WARNING, __func__, 1670 "Failed to load root certificates"); 1671 if (ca_cert && 1672 tls_load_ca_der(ssl_ctx, ca_cert) == 0) { 1673 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded " 1674 "DER format CA certificate", 1675 __func__); 1676 } else 1677 return -1; 1678 } else { 1679 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1680 "certificate(s) loaded"); 1681 tls_get_errors(ssl_ctx); 1682 } 1683#else /* OPENSSL_NO_STDIO */ 1684 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1685 __func__); 1686 return -1; 1687#endif /* OPENSSL_NO_STDIO */ 1688 } else { 1689 /* No ca_cert configured - do not try to verify server 1690 * certificate */ 1691 conn->ca_cert_verify = 0; 1692 } 1693 1694 return 0; 1695} 1696 1697 1698static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert) 1699{ 1700 if (ca_cert) { 1701 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1) 1702 { 1703 tls_show_errors(MSG_WARNING, __func__, 1704 "Failed to load root certificates"); 1705 return -1; 1706 } 1707 1708 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1709 "certificate(s) loaded"); 1710 1711#ifndef OPENSSL_NO_STDIO 1712 /* Add the same CAs to the client certificate requests */ 1713 SSL_CTX_set_client_CA_list(ssl_ctx, 1714 SSL_load_client_CA_file(ca_cert)); 1715#endif /* OPENSSL_NO_STDIO */ 1716 } 1717 1718 return 0; 1719} 1720 1721 1722int tls_global_set_verify(void *ssl_ctx, int check_crl) 1723{ 1724 int flags; 1725 1726 if (check_crl) { 1727 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx); 1728 if (cs == NULL) { 1729 tls_show_errors(MSG_INFO, __func__, "Failed to get " 1730 "certificate store when enabling " 1731 "check_crl"); 1732 return -1; 1733 } 1734 flags = X509_V_FLAG_CRL_CHECK; 1735 if (check_crl == 2) 1736 flags |= X509_V_FLAG_CRL_CHECK_ALL; 1737 X509_STORE_set_flags(cs, flags); 1738 } 1739 return 0; 1740} 1741 1742 1743static int tls_connection_set_subject_match(struct tls_connection *conn, 1744 const char *subject_match, 1745 const char *altsubject_match, 1746 const char *suffix_match) 1747{ 1748 os_free(conn->subject_match); 1749 conn->subject_match = NULL; 1750 if (subject_match) { 1751 conn->subject_match = os_strdup(subject_match); 1752 if (conn->subject_match == NULL) 1753 return -1; 1754 } 1755 1756 os_free(conn->altsubject_match); 1757 conn->altsubject_match = NULL; 1758 if (altsubject_match) { 1759 conn->altsubject_match = os_strdup(altsubject_match); 1760 if (conn->altsubject_match == NULL) 1761 return -1; 1762 } 1763 1764 os_free(conn->suffix_match); 1765 conn->suffix_match = NULL; 1766 if (suffix_match) { 1767 conn->suffix_match = os_strdup(suffix_match); 1768 if (conn->suffix_match == NULL) 1769 return -1; 1770 } 1771 1772 return 0; 1773} 1774 1775 1776int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, 1777 int verify_peer) 1778{ 1779 static int counter = 0; 1780 1781 if (conn == NULL) 1782 return -1; 1783 1784 if (verify_peer) { 1785 conn->ca_cert_verify = 1; 1786 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER | 1787 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1788 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb); 1789 } else { 1790 conn->ca_cert_verify = 0; 1791 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1792 } 1793 1794 SSL_set_accept_state(conn->ssl); 1795 1796 /* 1797 * Set session id context in order to avoid fatal errors when client 1798 * tries to resume a session. However, set the context to a unique 1799 * value in order to effectively disable session resumption for now 1800 * since not all areas of the server code are ready for it (e.g., 1801 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS 1802 * handshake). 1803 */ 1804 counter++; 1805 SSL_set_session_id_context(conn->ssl, 1806 (const unsigned char *) &counter, 1807 sizeof(counter)); 1808 1809 return 0; 1810} 1811 1812 1813static int tls_connection_client_cert(struct tls_connection *conn, 1814 const char *client_cert, 1815 const u8 *client_cert_blob, 1816 size_t client_cert_blob_len) 1817{ 1818 if (client_cert == NULL && client_cert_blob == NULL) 1819 return 0; 1820 1821 if (client_cert_blob && 1822 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob, 1823 client_cert_blob_len) == 1) { 1824 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> " 1825 "OK"); 1826 return 0; 1827 } else if (client_cert_blob) { 1828 tls_show_errors(MSG_DEBUG, __func__, 1829 "SSL_use_certificate_ASN1 failed"); 1830 } 1831 1832 if (client_cert == NULL) 1833 return -1; 1834 1835#ifdef ANDROID 1836 if (os_strncmp("keystore://", client_cert, 11) == 0) { 1837 BIO *bio = BIO_from_keystore(&client_cert[11]); 1838 X509 *x509 = NULL; 1839 int ret = -1; 1840 if (bio) { 1841 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 1842 BIO_free(bio); 1843 } 1844 if (x509) { 1845 if (SSL_use_certificate(conn->ssl, x509) == 1) 1846 ret = 0; 1847 X509_free(x509); 1848 } 1849 return ret; 1850 } 1851#endif /* ANDROID */ 1852 1853#ifndef OPENSSL_NO_STDIO 1854 if (SSL_use_certificate_file(conn->ssl, client_cert, 1855 SSL_FILETYPE_ASN1) == 1) { 1856 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" 1857 " --> OK"); 1858 return 0; 1859 } 1860 1861 if (SSL_use_certificate_file(conn->ssl, client_cert, 1862 SSL_FILETYPE_PEM) == 1) { 1863 ERR_clear_error(); 1864 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" 1865 " --> OK"); 1866 return 0; 1867 } 1868 1869 tls_show_errors(MSG_DEBUG, __func__, 1870 "SSL_use_certificate_file failed"); 1871#else /* OPENSSL_NO_STDIO */ 1872 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1873#endif /* OPENSSL_NO_STDIO */ 1874 1875 return -1; 1876} 1877 1878 1879static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) 1880{ 1881#ifndef OPENSSL_NO_STDIO 1882 if (client_cert == NULL) 1883 return 0; 1884 1885 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1886 SSL_FILETYPE_ASN1) != 1 && 1887 SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 && 1888 SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1889 SSL_FILETYPE_PEM) != 1) { 1890 tls_show_errors(MSG_INFO, __func__, 1891 "Failed to load client certificate"); 1892 return -1; 1893 } 1894 return 0; 1895#else /* OPENSSL_NO_STDIO */ 1896 if (client_cert == NULL) 1897 return 0; 1898 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1899 return -1; 1900#endif /* OPENSSL_NO_STDIO */ 1901} 1902 1903 1904static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) 1905{ 1906 if (password == NULL) { 1907 return 0; 1908 } 1909 os_strlcpy(buf, (char *) password, size); 1910 return os_strlen(buf); 1911} 1912 1913 1914#ifdef PKCS12_FUNCS 1915static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, 1916 const char *passwd) 1917{ 1918 EVP_PKEY *pkey; 1919 X509 *cert; 1920 STACK_OF(X509) *certs; 1921 int res = 0; 1922 char buf[256]; 1923 1924 pkey = NULL; 1925 cert = NULL; 1926 certs = NULL; 1927 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { 1928 tls_show_errors(MSG_DEBUG, __func__, 1929 "Failed to parse PKCS12 file"); 1930 PKCS12_free(p12); 1931 return -1; 1932 } 1933 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data"); 1934 1935 if (cert) { 1936 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1937 sizeof(buf)); 1938 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: " 1939 "subject='%s'", buf); 1940 if (ssl) { 1941 if (SSL_use_certificate(ssl, cert) != 1) 1942 res = -1; 1943 } else { 1944 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1) 1945 res = -1; 1946 } 1947 X509_free(cert); 1948 } 1949 1950 if (pkey) { 1951 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12"); 1952 if (ssl) { 1953 if (SSL_use_PrivateKey(ssl, pkey) != 1) 1954 res = -1; 1955 } else { 1956 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) 1957 res = -1; 1958 } 1959 EVP_PKEY_free(pkey); 1960 } 1961 1962 if (certs) { 1963 while ((cert = sk_X509_pop(certs)) != NULL) { 1964 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1965 sizeof(buf)); 1966 wpa_printf(MSG_DEBUG, "TLS: additional certificate" 1967 " from PKCS12: subject='%s'", buf); 1968 /* 1969 * There is no SSL equivalent for the chain cert - so 1970 * always add it to the context... 1971 */ 1972 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) { 1973 res = -1; 1974 break; 1975 } 1976 } 1977 sk_X509_free(certs); 1978 } 1979 1980 PKCS12_free(p12); 1981 1982 if (res < 0) 1983 tls_get_errors(ssl_ctx); 1984 1985 return res; 1986} 1987#endif /* PKCS12_FUNCS */ 1988 1989 1990static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key, 1991 const char *passwd) 1992{ 1993#ifdef PKCS12_FUNCS 1994 FILE *f; 1995 PKCS12 *p12; 1996 1997 f = fopen(private_key, "rb"); 1998 if (f == NULL) 1999 return -1; 2000 2001 p12 = d2i_PKCS12_fp(f, NULL); 2002 fclose(f); 2003 2004 if (p12 == NULL) { 2005 tls_show_errors(MSG_INFO, __func__, 2006 "Failed to use PKCS#12 file"); 2007 return -1; 2008 } 2009 2010 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 2011 2012#else /* PKCS12_FUNCS */ 2013 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read " 2014 "p12/pfx files"); 2015 return -1; 2016#endif /* PKCS12_FUNCS */ 2017} 2018 2019 2020static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl, 2021 const u8 *blob, size_t len, const char *passwd) 2022{ 2023#ifdef PKCS12_FUNCS 2024 PKCS12 *p12; 2025 2026 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len); 2027 if (p12 == NULL) { 2028 tls_show_errors(MSG_INFO, __func__, 2029 "Failed to use PKCS#12 blob"); 2030 return -1; 2031 } 2032 2033 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 2034 2035#else /* PKCS12_FUNCS */ 2036 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse " 2037 "p12/pfx blobs"); 2038 return -1; 2039#endif /* PKCS12_FUNCS */ 2040} 2041 2042 2043#ifndef OPENSSL_NO_ENGINE 2044static int tls_engine_get_cert(struct tls_connection *conn, 2045 const char *cert_id, 2046 X509 **cert) 2047{ 2048 /* this runs after the private key is loaded so no PIN is required */ 2049 struct { 2050 const char *cert_id; 2051 X509 *cert; 2052 } params; 2053 params.cert_id = cert_id; 2054 params.cert = NULL; 2055 2056 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL", 2057 0, ¶ms, NULL, 1)) { 2058 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id" 2059 " '%s' [%s]", cert_id, 2060 ERR_error_string(ERR_get_error(), NULL)); 2061 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 2062 } 2063 if (!params.cert) { 2064 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id" 2065 " '%s'", cert_id); 2066 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 2067 } 2068 *cert = params.cert; 2069 return 0; 2070} 2071#endif /* OPENSSL_NO_ENGINE */ 2072 2073 2074static int tls_connection_engine_client_cert(struct tls_connection *conn, 2075 const char *cert_id) 2076{ 2077#ifndef OPENSSL_NO_ENGINE 2078 X509 *cert; 2079 2080 if (tls_engine_get_cert(conn, cert_id, &cert)) 2081 return -1; 2082 2083 if (!SSL_use_certificate(conn->ssl, cert)) { 2084 tls_show_errors(MSG_ERROR, __func__, 2085 "SSL_use_certificate failed"); 2086 X509_free(cert); 2087 return -1; 2088 } 2089 X509_free(cert); 2090 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> " 2091 "OK"); 2092 return 0; 2093 2094#else /* OPENSSL_NO_ENGINE */ 2095 return -1; 2096#endif /* OPENSSL_NO_ENGINE */ 2097} 2098 2099 2100static int tls_connection_engine_ca_cert(void *_ssl_ctx, 2101 struct tls_connection *conn, 2102 const char *ca_cert_id) 2103{ 2104#ifndef OPENSSL_NO_ENGINE 2105 X509 *cert; 2106 SSL_CTX *ssl_ctx = _ssl_ctx; 2107 2108 if (tls_engine_get_cert(conn, ca_cert_id, &cert)) 2109 return -1; 2110 2111 /* start off the same as tls_connection_ca_cert */ 2112 X509_STORE_free(ssl_ctx->cert_store); 2113 ssl_ctx->cert_store = X509_STORE_new(); 2114 if (ssl_ctx->cert_store == NULL) { 2115 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 2116 "certificate store", __func__); 2117 X509_free(cert); 2118 return -1; 2119 } 2120 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 2121 unsigned long err = ERR_peek_error(); 2122 tls_show_errors(MSG_WARNING, __func__, 2123 "Failed to add CA certificate from engine " 2124 "to certificate store"); 2125 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 2126 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 2127 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert" 2128 " already in hash table error", 2129 __func__); 2130 } else { 2131 X509_free(cert); 2132 return -1; 2133 } 2134 } 2135 X509_free(cert); 2136 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine " 2137 "to certificate store", __func__); 2138 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 2139 conn->ca_cert_verify = 1; 2140 2141 return 0; 2142 2143#else /* OPENSSL_NO_ENGINE */ 2144 return -1; 2145#endif /* OPENSSL_NO_ENGINE */ 2146} 2147 2148 2149static int tls_connection_engine_private_key(struct tls_connection *conn) 2150{ 2151#ifndef OPENSSL_NO_ENGINE 2152 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) { 2153 tls_show_errors(MSG_ERROR, __func__, 2154 "ENGINE: cannot use private key for TLS"); 2155 return -1; 2156 } 2157 if (!SSL_check_private_key(conn->ssl)) { 2158 tls_show_errors(MSG_INFO, __func__, 2159 "Private key failed verification"); 2160 return -1; 2161 } 2162 return 0; 2163#else /* OPENSSL_NO_ENGINE */ 2164 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but " 2165 "engine support was not compiled in"); 2166 return -1; 2167#endif /* OPENSSL_NO_ENGINE */ 2168} 2169 2170 2171static int tls_connection_private_key(void *_ssl_ctx, 2172 struct tls_connection *conn, 2173 const char *private_key, 2174 const char *private_key_passwd, 2175 const u8 *private_key_blob, 2176 size_t private_key_blob_len) 2177{ 2178 SSL_CTX *ssl_ctx = _ssl_ctx; 2179 char *passwd; 2180 int ok; 2181 2182 if (private_key == NULL && private_key_blob == NULL) 2183 return 0; 2184 2185 if (private_key_passwd) { 2186 passwd = os_strdup(private_key_passwd); 2187 if (passwd == NULL) 2188 return -1; 2189 } else 2190 passwd = NULL; 2191 2192 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2193 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2194 2195 ok = 0; 2196 while (private_key_blob) { 2197 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl, 2198 (u8 *) private_key_blob, 2199 private_key_blob_len) == 1) { 2200 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 2201 "ASN1(EVP_PKEY_RSA) --> OK"); 2202 ok = 1; 2203 break; 2204 } 2205 2206 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, 2207 (u8 *) private_key_blob, 2208 private_key_blob_len) == 1) { 2209 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 2210 "ASN1(EVP_PKEY_DSA) --> OK"); 2211 ok = 1; 2212 break; 2213 } 2214 2215 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, 2216 (u8 *) private_key_blob, 2217 private_key_blob_len) == 1) { 2218 wpa_printf(MSG_DEBUG, "OpenSSL: " 2219 "SSL_use_RSAPrivateKey_ASN1 --> OK"); 2220 ok = 1; 2221 break; 2222 } 2223 2224 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, 2225 private_key_blob_len, passwd) == 0) { 2226 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> " 2227 "OK"); 2228 ok = 1; 2229 break; 2230 } 2231 2232 break; 2233 } 2234 2235 while (!ok && private_key) { 2236#ifndef OPENSSL_NO_STDIO 2237 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2238 SSL_FILETYPE_ASN1) == 1) { 2239 wpa_printf(MSG_DEBUG, "OpenSSL: " 2240 "SSL_use_PrivateKey_File (DER) --> OK"); 2241 ok = 1; 2242 break; 2243 } 2244 2245 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2246 SSL_FILETYPE_PEM) == 1) { 2247 wpa_printf(MSG_DEBUG, "OpenSSL: " 2248 "SSL_use_PrivateKey_File (PEM) --> OK"); 2249 ok = 1; 2250 break; 2251 } 2252#else /* OPENSSL_NO_STDIO */ 2253 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 2254 __func__); 2255#endif /* OPENSSL_NO_STDIO */ 2256 2257 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd) 2258 == 0) { 2259 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file " 2260 "--> OK"); 2261 ok = 1; 2262 break; 2263 } 2264 2265 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) { 2266 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to " 2267 "access certificate store --> OK"); 2268 ok = 1; 2269 break; 2270 } 2271 2272 break; 2273 } 2274 2275 if (!ok) { 2276 tls_show_errors(MSG_INFO, __func__, 2277 "Failed to load private key"); 2278 os_free(passwd); 2279 return -1; 2280 } 2281 ERR_clear_error(); 2282 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2283 os_free(passwd); 2284 2285 if (!SSL_check_private_key(conn->ssl)) { 2286 tls_show_errors(MSG_INFO, __func__, "Private key failed " 2287 "verification"); 2288 return -1; 2289 } 2290 2291 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully"); 2292 return 0; 2293} 2294 2295 2296static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key, 2297 const char *private_key_passwd) 2298{ 2299 char *passwd; 2300 2301 if (private_key == NULL) 2302 return 0; 2303 2304 if (private_key_passwd) { 2305 passwd = os_strdup(private_key_passwd); 2306 if (passwd == NULL) 2307 return -1; 2308 } else 2309 passwd = NULL; 2310 2311 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2312 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2313 if ( 2314#ifndef OPENSSL_NO_STDIO 2315 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2316 SSL_FILETYPE_ASN1) != 1 && 2317 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2318 SSL_FILETYPE_PEM) != 1 && 2319#endif /* OPENSSL_NO_STDIO */ 2320 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) { 2321 tls_show_errors(MSG_INFO, __func__, 2322 "Failed to load private key"); 2323 os_free(passwd); 2324 ERR_clear_error(); 2325 return -1; 2326 } 2327 os_free(passwd); 2328 ERR_clear_error(); 2329 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2330 2331 if (!SSL_CTX_check_private_key(ssl_ctx)) { 2332 tls_show_errors(MSG_INFO, __func__, 2333 "Private key failed verification"); 2334 return -1; 2335 } 2336 2337 return 0; 2338} 2339 2340 2341static int tls_connection_dh(struct tls_connection *conn, const char *dh_file) 2342{ 2343#ifdef OPENSSL_NO_DH 2344 if (dh_file == NULL) 2345 return 0; 2346 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2347 "dh_file specified"); 2348 return -1; 2349#else /* OPENSSL_NO_DH */ 2350 DH *dh; 2351 BIO *bio; 2352 2353 /* TODO: add support for dh_blob */ 2354 if (dh_file == NULL) 2355 return 0; 2356 if (conn == NULL) 2357 return -1; 2358 2359 bio = BIO_new_file(dh_file, "r"); 2360 if (bio == NULL) { 2361 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2362 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2363 return -1; 2364 } 2365 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2366 BIO_free(bio); 2367#ifndef OPENSSL_NO_DSA 2368 while (dh == NULL) { 2369 DSA *dsa; 2370 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2371 " trying to parse as DSA params", dh_file, 2372 ERR_error_string(ERR_get_error(), NULL)); 2373 bio = BIO_new_file(dh_file, "r"); 2374 if (bio == NULL) 2375 break; 2376 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2377 BIO_free(bio); 2378 if (!dsa) { 2379 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2380 "'%s': %s", dh_file, 2381 ERR_error_string(ERR_get_error(), NULL)); 2382 break; 2383 } 2384 2385 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2386 dh = DSA_dup_DH(dsa); 2387 DSA_free(dsa); 2388 if (dh == NULL) { 2389 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2390 "params into DH params"); 2391 break; 2392 } 2393 break; 2394 } 2395#endif /* !OPENSSL_NO_DSA */ 2396 if (dh == NULL) { 2397 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2398 "'%s'", dh_file); 2399 return -1; 2400 } 2401 2402 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) { 2403 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2404 "%s", dh_file, 2405 ERR_error_string(ERR_get_error(), NULL)); 2406 DH_free(dh); 2407 return -1; 2408 } 2409 DH_free(dh); 2410 return 0; 2411#endif /* OPENSSL_NO_DH */ 2412} 2413 2414 2415static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file) 2416{ 2417#ifdef OPENSSL_NO_DH 2418 if (dh_file == NULL) 2419 return 0; 2420 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2421 "dh_file specified"); 2422 return -1; 2423#else /* OPENSSL_NO_DH */ 2424 DH *dh; 2425 BIO *bio; 2426 2427 /* TODO: add support for dh_blob */ 2428 if (dh_file == NULL) 2429 return 0; 2430 if (ssl_ctx == NULL) 2431 return -1; 2432 2433 bio = BIO_new_file(dh_file, "r"); 2434 if (bio == NULL) { 2435 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2436 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2437 return -1; 2438 } 2439 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2440 BIO_free(bio); 2441#ifndef OPENSSL_NO_DSA 2442 while (dh == NULL) { 2443 DSA *dsa; 2444 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2445 " trying to parse as DSA params", dh_file, 2446 ERR_error_string(ERR_get_error(), NULL)); 2447 bio = BIO_new_file(dh_file, "r"); 2448 if (bio == NULL) 2449 break; 2450 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2451 BIO_free(bio); 2452 if (!dsa) { 2453 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2454 "'%s': %s", dh_file, 2455 ERR_error_string(ERR_get_error(), NULL)); 2456 break; 2457 } 2458 2459 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2460 dh = DSA_dup_DH(dsa); 2461 DSA_free(dsa); 2462 if (dh == NULL) { 2463 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2464 "params into DH params"); 2465 break; 2466 } 2467 break; 2468 } 2469#endif /* !OPENSSL_NO_DSA */ 2470 if (dh == NULL) { 2471 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2472 "'%s'", dh_file); 2473 return -1; 2474 } 2475 2476 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) { 2477 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2478 "%s", dh_file, 2479 ERR_error_string(ERR_get_error(), NULL)); 2480 DH_free(dh); 2481 return -1; 2482 } 2483 DH_free(dh); 2484 return 0; 2485#endif /* OPENSSL_NO_DH */ 2486} 2487 2488 2489int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, 2490 struct tls_keys *keys) 2491{ 2492#ifdef CONFIG_FIPS 2493 wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS " 2494 "mode"); 2495 return -1; 2496#else /* CONFIG_FIPS */ 2497 SSL *ssl; 2498 2499 if (conn == NULL || keys == NULL) 2500 return -1; 2501 ssl = conn->ssl; 2502 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) 2503 return -1; 2504 2505 os_memset(keys, 0, sizeof(*keys)); 2506 keys->master_key = ssl->session->master_key; 2507 keys->master_key_len = ssl->session->master_key_length; 2508 keys->client_random = ssl->s3->client_random; 2509 keys->client_random_len = SSL3_RANDOM_SIZE; 2510 keys->server_random = ssl->s3->server_random; 2511 keys->server_random_len = SSL3_RANDOM_SIZE; 2512 2513 return 0; 2514#endif /* CONFIG_FIPS */ 2515} 2516 2517 2518int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 2519 const char *label, int server_random_first, 2520 u8 *out, size_t out_len) 2521{ 2522#if OPENSSL_VERSION_NUMBER >= 0x10001000L 2523 SSL *ssl; 2524 if (conn == NULL) 2525 return -1; 2526 if (server_random_first) 2527 return -1; 2528 ssl = conn->ssl; 2529 if (SSL_export_keying_material(ssl, out, out_len, label, 2530 os_strlen(label), NULL, 0, 0) == 1) { 2531 wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF"); 2532 return 0; 2533 } 2534#endif 2535 return -1; 2536} 2537 2538 2539static struct wpabuf * 2540openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, 2541 int server) 2542{ 2543 int res; 2544 struct wpabuf *out_data; 2545 2546 conn->server = !!server; 2547 2548 /* 2549 * Give TLS handshake data from the server (if available) to OpenSSL 2550 * for processing. 2551 */ 2552 if (in_data && 2553 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data)) 2554 < 0) { 2555 tls_show_errors(MSG_INFO, __func__, 2556 "Handshake failed - BIO_write"); 2557 return NULL; 2558 } 2559 2560 /* Initiate TLS handshake or continue the existing handshake */ 2561 if (server) 2562 res = SSL_accept(conn->ssl); 2563 else 2564 res = SSL_connect(conn->ssl); 2565 if (res != 1) { 2566 int err = SSL_get_error(conn->ssl, res); 2567 if (err == SSL_ERROR_WANT_READ) 2568 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want " 2569 "more data"); 2570 else if (err == SSL_ERROR_WANT_WRITE) 2571 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " 2572 "write"); 2573 else { 2574 tls_show_errors(MSG_INFO, __func__, "SSL_connect"); 2575 conn->failed++; 2576 } 2577 } 2578 2579 /* Get the TLS handshake data to be sent to the server */ 2580 res = BIO_ctrl_pending(conn->ssl_out); 2581 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2582 out_data = wpabuf_alloc(res); 2583 if (out_data == NULL) { 2584 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2585 "handshake output (%d bytes)", res); 2586 if (BIO_reset(conn->ssl_out) < 0) { 2587 tls_show_errors(MSG_INFO, __func__, 2588 "BIO_reset failed"); 2589 } 2590 return NULL; 2591 } 2592 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data), 2593 res); 2594 if (res < 0) { 2595 tls_show_errors(MSG_INFO, __func__, 2596 "Handshake failed - BIO_read"); 2597 if (BIO_reset(conn->ssl_out) < 0) { 2598 tls_show_errors(MSG_INFO, __func__, 2599 "BIO_reset failed"); 2600 } 2601 wpabuf_free(out_data); 2602 return NULL; 2603 } 2604 wpabuf_put(out_data, res); 2605 2606 return out_data; 2607} 2608 2609 2610static struct wpabuf * 2611openssl_get_appl_data(struct tls_connection *conn, size_t max_len) 2612{ 2613 struct wpabuf *appl_data; 2614 int res; 2615 2616 appl_data = wpabuf_alloc(max_len + 100); 2617 if (appl_data == NULL) 2618 return NULL; 2619 2620 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data), 2621 wpabuf_size(appl_data)); 2622 if (res < 0) { 2623 int err = SSL_get_error(conn->ssl, res); 2624 if (err == SSL_ERROR_WANT_READ || 2625 err == SSL_ERROR_WANT_WRITE) { 2626 wpa_printf(MSG_DEBUG, "SSL: No Application Data " 2627 "included"); 2628 } else { 2629 tls_show_errors(MSG_INFO, __func__, 2630 "Failed to read possible " 2631 "Application Data"); 2632 } 2633 wpabuf_free(appl_data); 2634 return NULL; 2635 } 2636 2637 wpabuf_put(appl_data, res); 2638 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished " 2639 "message", appl_data); 2640 2641 return appl_data; 2642} 2643 2644 2645static struct wpabuf * 2646openssl_connection_handshake(struct tls_connection *conn, 2647 const struct wpabuf *in_data, 2648 struct wpabuf **appl_data, int server) 2649{ 2650 struct wpabuf *out_data; 2651 2652 if (appl_data) 2653 *appl_data = NULL; 2654 2655 out_data = openssl_handshake(conn, in_data, server); 2656 if (out_data == NULL) 2657 return NULL; 2658 2659 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data) 2660 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data)); 2661 2662 return out_data; 2663} 2664 2665 2666struct wpabuf * 2667tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, 2668 const struct wpabuf *in_data, 2669 struct wpabuf **appl_data) 2670{ 2671 return openssl_connection_handshake(conn, in_data, appl_data, 0); 2672} 2673 2674 2675struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 2676 struct tls_connection *conn, 2677 const struct wpabuf *in_data, 2678 struct wpabuf **appl_data) 2679{ 2680 return openssl_connection_handshake(conn, in_data, appl_data, 1); 2681} 2682 2683 2684struct wpabuf * tls_connection_encrypt(void *tls_ctx, 2685 struct tls_connection *conn, 2686 const struct wpabuf *in_data) 2687{ 2688 int res; 2689 struct wpabuf *buf; 2690 2691 if (conn == NULL) 2692 return NULL; 2693 2694 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */ 2695 if ((res = BIO_reset(conn->ssl_in)) < 0 || 2696 (res = BIO_reset(conn->ssl_out)) < 0) { 2697 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2698 return NULL; 2699 } 2700 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data)); 2701 if (res < 0) { 2702 tls_show_errors(MSG_INFO, __func__, 2703 "Encryption failed - SSL_write"); 2704 return NULL; 2705 } 2706 2707 /* Read encrypted data to be sent to the server */ 2708 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 2709 if (buf == NULL) 2710 return NULL; 2711 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf)); 2712 if (res < 0) { 2713 tls_show_errors(MSG_INFO, __func__, 2714 "Encryption failed - BIO_read"); 2715 wpabuf_free(buf); 2716 return NULL; 2717 } 2718 wpabuf_put(buf, res); 2719 2720 return buf; 2721} 2722 2723 2724struct wpabuf * tls_connection_decrypt(void *tls_ctx, 2725 struct tls_connection *conn, 2726 const struct wpabuf *in_data) 2727{ 2728 int res; 2729 struct wpabuf *buf; 2730 2731 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */ 2732 res = BIO_write(conn->ssl_in, wpabuf_head(in_data), 2733 wpabuf_len(in_data)); 2734 if (res < 0) { 2735 tls_show_errors(MSG_INFO, __func__, 2736 "Decryption failed - BIO_write"); 2737 return NULL; 2738 } 2739 if (BIO_reset(conn->ssl_out) < 0) { 2740 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2741 return NULL; 2742 } 2743 2744 /* Read decrypted data for further processing */ 2745 /* 2746 * Even though we try to disable TLS compression, it is possible that 2747 * this cannot be done with all TLS libraries. Add extra buffer space 2748 * to handle the possibility of the decrypted data being longer than 2749 * input data. 2750 */ 2751 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 2752 if (buf == NULL) 2753 return NULL; 2754 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); 2755 if (res < 0) { 2756 tls_show_errors(MSG_INFO, __func__, 2757 "Decryption failed - SSL_read"); 2758 wpabuf_free(buf); 2759 return NULL; 2760 } 2761 wpabuf_put(buf, res); 2762 2763 return buf; 2764} 2765 2766 2767int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 2768{ 2769 return conn ? conn->ssl->hit : 0; 2770} 2771 2772 2773int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 2774 u8 *ciphers) 2775{ 2776 char buf[100], *pos, *end; 2777 u8 *c; 2778 int ret; 2779 2780 if (conn == NULL || conn->ssl == NULL || ciphers == NULL) 2781 return -1; 2782 2783 buf[0] = '\0'; 2784 pos = buf; 2785 end = pos + sizeof(buf); 2786 2787 c = ciphers; 2788 while (*c != TLS_CIPHER_NONE) { 2789 const char *suite; 2790 2791 switch (*c) { 2792 case TLS_CIPHER_RC4_SHA: 2793 suite = "RC4-SHA"; 2794 break; 2795 case TLS_CIPHER_AES128_SHA: 2796 suite = "AES128-SHA"; 2797 break; 2798 case TLS_CIPHER_RSA_DHE_AES128_SHA: 2799 suite = "DHE-RSA-AES128-SHA"; 2800 break; 2801 case TLS_CIPHER_ANON_DH_AES128_SHA: 2802 suite = "ADH-AES128-SHA"; 2803 break; 2804 default: 2805 wpa_printf(MSG_DEBUG, "TLS: Unsupported " 2806 "cipher selection: %d", *c); 2807 return -1; 2808 } 2809 ret = os_snprintf(pos, end - pos, ":%s", suite); 2810 if (ret < 0 || ret >= end - pos) 2811 break; 2812 pos += ret; 2813 2814 c++; 2815 } 2816 2817 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); 2818 2819 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) { 2820 tls_show_errors(MSG_INFO, __func__, 2821 "Cipher suite configuration failed"); 2822 return -1; 2823 } 2824 2825 return 0; 2826} 2827 2828 2829int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, 2830 char *buf, size_t buflen) 2831{ 2832 const char *name; 2833 if (conn == NULL || conn->ssl == NULL) 2834 return -1; 2835 2836 name = SSL_get_cipher(conn->ssl); 2837 if (name == NULL) 2838 return -1; 2839 2840 os_strlcpy(buf, name, buflen); 2841 return 0; 2842} 2843 2844 2845int tls_connection_enable_workaround(void *ssl_ctx, 2846 struct tls_connection *conn) 2847{ 2848 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 2849 2850 return 0; 2851} 2852 2853 2854#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 2855/* ClientHello TLS extensions require a patch to openssl, so this function is 2856 * commented out unless explicitly needed for EAP-FAST in order to be able to 2857 * build this file with unmodified openssl. */ 2858int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, 2859 int ext_type, const u8 *data, 2860 size_t data_len) 2861{ 2862 if (conn == NULL || conn->ssl == NULL || ext_type != 35) 2863 return -1; 2864 2865#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2866 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data, 2867 data_len) != 1) 2868 return -1; 2869#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2870 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data, 2871 data_len) != 1) 2872 return -1; 2873#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2874 2875 return 0; 2876} 2877#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 2878 2879 2880int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) 2881{ 2882 if (conn == NULL) 2883 return -1; 2884 return conn->failed; 2885} 2886 2887 2888int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) 2889{ 2890 if (conn == NULL) 2891 return -1; 2892 return conn->read_alerts; 2893} 2894 2895 2896int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) 2897{ 2898 if (conn == NULL) 2899 return -1; 2900 return conn->write_alerts; 2901} 2902 2903 2904#ifdef HAVE_OCSP 2905 2906static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp) 2907{ 2908#ifndef CONFIG_NO_STDOUT_DEBUG 2909 BIO *out; 2910 size_t rlen; 2911 char *txt; 2912 int res; 2913 2914 if (wpa_debug_level > MSG_DEBUG) 2915 return; 2916 2917 out = BIO_new(BIO_s_mem()); 2918 if (!out) 2919 return; 2920 2921 OCSP_RESPONSE_print(out, rsp, 0); 2922 rlen = BIO_ctrl_pending(out); 2923 txt = os_malloc(rlen + 1); 2924 if (!txt) { 2925 BIO_free(out); 2926 return; 2927 } 2928 2929 res = BIO_read(out, txt, rlen); 2930 if (res > 0) { 2931 txt[res] = '\0'; 2932 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt); 2933 } 2934 os_free(txt); 2935 BIO_free(out); 2936#endif /* CONFIG_NO_STDOUT_DEBUG */ 2937} 2938 2939 2940static int ocsp_resp_cb(SSL *s, void *arg) 2941{ 2942 struct tls_connection *conn = arg; 2943 const unsigned char *p; 2944 int len, status, reason; 2945 OCSP_RESPONSE *rsp; 2946 OCSP_BASICRESP *basic; 2947 OCSP_CERTID *id; 2948 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update; 2949 X509_STORE *store; 2950 STACK_OF(X509) *certs = NULL; 2951 2952 len = SSL_get_tlsext_status_ocsp_resp(s, &p); 2953 if (!p) { 2954 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received"); 2955 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1; 2956 } 2957 2958 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len); 2959 2960 rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 2961 if (!rsp) { 2962 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response"); 2963 return 0; 2964 } 2965 2966 ocsp_debug_print_resp(rsp); 2967 2968 status = OCSP_response_status(rsp); 2969 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { 2970 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)", 2971 status, OCSP_response_status_str(status)); 2972 return 0; 2973 } 2974 2975 basic = OCSP_response_get1_basic(rsp); 2976 if (!basic) { 2977 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse"); 2978 return 0; 2979 } 2980 2981 store = SSL_CTX_get_cert_store(s->ctx); 2982 if (conn->peer_issuer) { 2983 wpa_printf(MSG_DEBUG, "OpenSSL: Add issuer"); 2984 X509_print_fp(stdout, conn->peer_issuer); 2985 2986 if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) { 2987 tls_show_errors(MSG_INFO, __func__, 2988 "OpenSSL: Could not add issuer to certificate store\n"); 2989 } 2990 certs = sk_X509_new_null(); 2991 if (certs) { 2992 X509 *cert; 2993 cert = X509_dup(conn->peer_issuer); 2994 if (cert && !sk_X509_push(certs, cert)) { 2995 tls_show_errors( 2996 MSG_INFO, __func__, 2997 "OpenSSL: Could not add issuer to OCSP responder trust store\n"); 2998 X509_free(cert); 2999 sk_X509_free(certs); 3000 certs = NULL; 3001 } 3002 if (conn->peer_issuer_issuer) { 3003 cert = X509_dup(conn->peer_issuer_issuer); 3004 if (cert && !sk_X509_push(certs, cert)) { 3005 tls_show_errors( 3006 MSG_INFO, __func__, 3007 "OpenSSL: Could not add issuer to OCSP responder trust store\n"); 3008 X509_free(cert); 3009 } 3010 } 3011 } 3012 } 3013 3014 status = OCSP_basic_verify(basic, certs, store, OCSP_TRUSTOTHER); 3015 sk_X509_pop_free(certs, X509_free); 3016 if (status <= 0) { 3017 tls_show_errors(MSG_INFO, __func__, 3018 "OpenSSL: OCSP response failed verification"); 3019 OCSP_BASICRESP_free(basic); 3020 OCSP_RESPONSE_free(rsp); 3021 return 0; 3022 } 3023 3024 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded"); 3025 3026 if (!conn->peer_cert) { 3027 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check"); 3028 OCSP_BASICRESP_free(basic); 3029 OCSP_RESPONSE_free(rsp); 3030 return 0; 3031 } 3032 3033 if (!conn->peer_issuer) { 3034 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check"); 3035 OCSP_BASICRESP_free(basic); 3036 OCSP_RESPONSE_free(rsp); 3037 return 0; 3038 } 3039 3040 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer); 3041 if (!id) { 3042 wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier"); 3043 OCSP_BASICRESP_free(basic); 3044 OCSP_RESPONSE_free(rsp); 3045 return 0; 3046 } 3047 3048 if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at, 3049 &this_update, &next_update)) { 3050 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s", 3051 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" : 3052 " (OCSP not required)"); 3053 OCSP_BASICRESP_free(basic); 3054 OCSP_RESPONSE_free(rsp); 3055 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1; 3056 } 3057 3058 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) { 3059 tls_show_errors(MSG_INFO, __func__, 3060 "OpenSSL: OCSP status times invalid"); 3061 OCSP_BASICRESP_free(basic); 3062 OCSP_RESPONSE_free(rsp); 3063 return 0; 3064 } 3065 3066 OCSP_BASICRESP_free(basic); 3067 OCSP_RESPONSE_free(rsp); 3068 3069 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s", 3070 OCSP_cert_status_str(status)); 3071 3072 if (status == V_OCSP_CERTSTATUS_GOOD) 3073 return 1; 3074 if (status == V_OCSP_CERTSTATUS_REVOKED) 3075 return 0; 3076 if (conn->flags & TLS_CONN_REQUIRE_OCSP) { 3077 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required"); 3078 return 0; 3079 } 3080 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue"); 3081 return 1; 3082} 3083 3084 3085static int ocsp_status_cb(SSL *s, void *arg) 3086{ 3087 char *tmp; 3088 char *resp; 3089 size_t len; 3090 3091 if (tls_global->ocsp_stapling_response == NULL) { 3092 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured"); 3093 return SSL_TLSEXT_ERR_OK; 3094 } 3095 3096 resp = os_readfile(tls_global->ocsp_stapling_response, &len); 3097 if (resp == NULL) { 3098 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file"); 3099 /* TODO: Build OCSPResponse with responseStatus = internalError 3100 */ 3101 return SSL_TLSEXT_ERR_OK; 3102 } 3103 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response"); 3104 tmp = OPENSSL_malloc(len); 3105 if (tmp == NULL) { 3106 os_free(resp); 3107 return SSL_TLSEXT_ERR_ALERT_FATAL; 3108 } 3109 3110 os_memcpy(tmp, resp, len); 3111 os_free(resp); 3112 SSL_set_tlsext_status_ocsp_resp(s, tmp, len); 3113 3114 return SSL_TLSEXT_ERR_OK; 3115} 3116 3117#endif /* HAVE_OCSP */ 3118 3119 3120int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 3121 const struct tls_connection_params *params) 3122{ 3123 int ret; 3124 unsigned long err; 3125 3126 if (conn == NULL) 3127 return -1; 3128 3129 while ((err = ERR_get_error())) { 3130 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 3131 __func__, ERR_error_string(err, NULL)); 3132 } 3133 3134 if (params->engine) { 3135 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine"); 3136 ret = tls_engine_init(conn, params->engine_id, params->pin, 3137 params->key_id, params->cert_id, 3138 params->ca_cert_id); 3139 if (ret) 3140 return ret; 3141 } 3142 if (tls_connection_set_subject_match(conn, 3143 params->subject_match, 3144 params->altsubject_match, 3145 params->suffix_match)) 3146 return -1; 3147 3148 if (params->engine && params->ca_cert_id) { 3149 if (tls_connection_engine_ca_cert(tls_ctx, conn, 3150 params->ca_cert_id)) 3151 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3152 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, 3153 params->ca_cert_blob, 3154 params->ca_cert_blob_len, 3155 params->ca_path)) 3156 return -1; 3157 3158 if (params->engine && params->cert_id) { 3159 if (tls_connection_engine_client_cert(conn, params->cert_id)) 3160 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3161 } else if (tls_connection_client_cert(conn, params->client_cert, 3162 params->client_cert_blob, 3163 params->client_cert_blob_len)) 3164 return -1; 3165 3166 if (params->engine && params->key_id) { 3167 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine"); 3168 if (tls_connection_engine_private_key(conn)) 3169 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3170 } else if (tls_connection_private_key(tls_ctx, conn, 3171 params->private_key, 3172 params->private_key_passwd, 3173 params->private_key_blob, 3174 params->private_key_blob_len)) { 3175 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'", 3176 params->private_key); 3177 return -1; 3178 } 3179 3180 if (tls_connection_dh(conn, params->dh_file)) { 3181 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 3182 params->dh_file); 3183 return -1; 3184 } 3185 3186#ifdef SSL_OP_NO_TICKET 3187 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET) 3188 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET); 3189#ifdef SSL_clear_options 3190 else 3191 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET); 3192#endif /* SSL_clear_options */ 3193#endif /* SSL_OP_NO_TICKET */ 3194 3195#ifdef HAVE_OCSP 3196 if (params->flags & TLS_CONN_REQUEST_OCSP) { 3197 SSL_CTX *ssl_ctx = tls_ctx; 3198 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp); 3199 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb); 3200 SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn); 3201 } 3202#endif /* HAVE_OCSP */ 3203 3204 conn->flags = params->flags; 3205 3206 tls_get_errors(tls_ctx); 3207 3208 return 0; 3209} 3210 3211 3212int tls_global_set_params(void *tls_ctx, 3213 const struct tls_connection_params *params) 3214{ 3215 SSL_CTX *ssl_ctx = tls_ctx; 3216 unsigned long err; 3217 3218 while ((err = ERR_get_error())) { 3219 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 3220 __func__, ERR_error_string(err, NULL)); 3221 } 3222 3223 if (tls_global_ca_cert(ssl_ctx, params->ca_cert)) 3224 return -1; 3225 3226 if (tls_global_client_cert(ssl_ctx, params->client_cert)) 3227 return -1; 3228 3229 if (tls_global_private_key(ssl_ctx, params->private_key, 3230 params->private_key_passwd)) 3231 return -1; 3232 3233 if (tls_global_dh(ssl_ctx, params->dh_file)) { 3234 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 3235 params->dh_file); 3236 return -1; 3237 } 3238 3239#ifdef SSL_OP_NO_TICKET 3240 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET) 3241 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET); 3242#ifdef SSL_CTX_clear_options 3243 else 3244 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET); 3245#endif /* SSL_clear_options */ 3246#endif /* SSL_OP_NO_TICKET */ 3247 3248#ifdef HAVE_OCSP 3249 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb); 3250 SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx); 3251 os_free(tls_global->ocsp_stapling_response); 3252 if (params->ocsp_stapling_response) 3253 tls_global->ocsp_stapling_response = 3254 os_strdup(params->ocsp_stapling_response); 3255 else 3256 tls_global->ocsp_stapling_response = NULL; 3257#endif /* HAVE_OCSP */ 3258 3259 return 0; 3260} 3261 3262 3263int tls_connection_get_keyblock_size(void *tls_ctx, 3264 struct tls_connection *conn) 3265{ 3266 const EVP_CIPHER *c; 3267 const EVP_MD *h; 3268 int md_size; 3269 3270 if (conn == NULL || conn->ssl == NULL || 3271 conn->ssl->enc_read_ctx == NULL || 3272 conn->ssl->enc_read_ctx->cipher == NULL || 3273 conn->ssl->read_hash == NULL) 3274 return -1; 3275 3276 c = conn->ssl->enc_read_ctx->cipher; 3277#if OPENSSL_VERSION_NUMBER >= 0x00909000L 3278 h = EVP_MD_CTX_md(conn->ssl->read_hash); 3279#else 3280 h = conn->ssl->read_hash; 3281#endif 3282 if (h) 3283 md_size = EVP_MD_size(h); 3284#if OPENSSL_VERSION_NUMBER >= 0x10000000L 3285 else if (conn->ssl->s3) 3286 md_size = conn->ssl->s3->tmp.new_mac_secret_size; 3287#endif 3288 else 3289 return -1; 3290 3291 wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d " 3292 "IV_len=%d", EVP_CIPHER_key_length(c), md_size, 3293 EVP_CIPHER_iv_length(c)); 3294 return 2 * (EVP_CIPHER_key_length(c) + 3295 md_size + 3296 EVP_CIPHER_iv_length(c)); 3297} 3298 3299 3300unsigned int tls_capabilities(void *tls_ctx) 3301{ 3302 return 0; 3303} 3304 3305 3306#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3307/* Pre-shared secred requires a patch to openssl, so this function is 3308 * commented out unless explicitly needed for EAP-FAST in order to be able to 3309 * build this file with unmodified openssl. */ 3310 3311static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, 3312 STACK_OF(SSL_CIPHER) *peer_ciphers, 3313 SSL_CIPHER **cipher, void *arg) 3314{ 3315 struct tls_connection *conn = arg; 3316 int ret; 3317 3318 if (conn == NULL || conn->session_ticket_cb == NULL) 3319 return 0; 3320 3321 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, 3322 conn->session_ticket, 3323 conn->session_ticket_len, 3324 s->s3->client_random, 3325 s->s3->server_random, secret); 3326 os_free(conn->session_ticket); 3327 conn->session_ticket = NULL; 3328 3329 if (ret <= 0) 3330 return 0; 3331 3332 *secret_len = SSL_MAX_MASTER_KEY_LENGTH; 3333 return 1; 3334} 3335 3336 3337#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3338static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data, 3339 int len, void *arg) 3340{ 3341 struct tls_connection *conn = arg; 3342 3343 if (conn == NULL || conn->session_ticket_cb == NULL) 3344 return 0; 3345 3346 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len); 3347 3348 os_free(conn->session_ticket); 3349 conn->session_ticket = NULL; 3350 3351 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3352 "extension", data, len); 3353 3354 conn->session_ticket = os_malloc(len); 3355 if (conn->session_ticket == NULL) 3356 return 0; 3357 3358 os_memcpy(conn->session_ticket, data, len); 3359 conn->session_ticket_len = len; 3360 3361 return 1; 3362} 3363#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3364#ifdef SSL_OP_NO_TICKET 3365static void tls_hello_ext_cb(SSL *s, int client_server, int type, 3366 unsigned char *data, int len, void *arg) 3367{ 3368 struct tls_connection *conn = arg; 3369 3370 if (conn == NULL || conn->session_ticket_cb == NULL) 3371 return; 3372 3373 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 3374 type, len); 3375 3376 if (type == TLSEXT_TYPE_session_ticket && !client_server) { 3377 os_free(conn->session_ticket); 3378 conn->session_ticket = NULL; 3379 3380 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3381 "extension", data, len); 3382 conn->session_ticket = os_malloc(len); 3383 if (conn->session_ticket == NULL) 3384 return; 3385 3386 os_memcpy(conn->session_ticket, data, len); 3387 conn->session_ticket_len = len; 3388 } 3389} 3390#else /* SSL_OP_NO_TICKET */ 3391static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg) 3392{ 3393 struct tls_connection *conn = arg; 3394 3395 if (conn == NULL || conn->session_ticket_cb == NULL) 3396 return 0; 3397 3398 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 3399 ext->type, ext->length); 3400 3401 os_free(conn->session_ticket); 3402 conn->session_ticket = NULL; 3403 3404 if (ext->type == 35) { 3405 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3406 "extension", ext->data, ext->length); 3407 conn->session_ticket = os_malloc(ext->length); 3408 if (conn->session_ticket == NULL) 3409 return SSL_AD_INTERNAL_ERROR; 3410 3411 os_memcpy(conn->session_ticket, ext->data, ext->length); 3412 conn->session_ticket_len = ext->length; 3413 } 3414 3415 return 0; 3416} 3417#endif /* SSL_OP_NO_TICKET */ 3418#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3419#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3420 3421 3422int tls_connection_set_session_ticket_cb(void *tls_ctx, 3423 struct tls_connection *conn, 3424 tls_session_ticket_cb cb, 3425 void *ctx) 3426{ 3427#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3428 conn->session_ticket_cb = cb; 3429 conn->session_ticket_cb_ctx = ctx; 3430 3431 if (cb) { 3432 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, 3433 conn) != 1) 3434 return -1; 3435#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3436 SSL_set_session_ticket_ext_cb(conn->ssl, 3437 tls_session_ticket_ext_cb, conn); 3438#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3439#ifdef SSL_OP_NO_TICKET 3440 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb); 3441 SSL_set_tlsext_debug_arg(conn->ssl, conn); 3442#else /* SSL_OP_NO_TICKET */ 3443 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb, 3444 conn) != 1) 3445 return -1; 3446#endif /* SSL_OP_NO_TICKET */ 3447#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3448 } else { 3449 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) 3450 return -1; 3451#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 3452 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL); 3453#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3454#ifdef SSL_OP_NO_TICKET 3455 SSL_set_tlsext_debug_callback(conn->ssl, NULL); 3456 SSL_set_tlsext_debug_arg(conn->ssl, conn); 3457#else /* SSL_OP_NO_TICKET */ 3458 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1) 3459 return -1; 3460#endif /* SSL_OP_NO_TICKET */ 3461#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 3462 } 3463 3464 return 0; 3465#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3466 return -1; 3467#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3468} 3469