]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/crypto/tls_openssl.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
OpenSSL: Add option to disable ECDHE with Suite B RSA
[thirdparty/hostap.git] / src / crypto / tls_openssl.c
1 /*
2 * SSL/TLS interface functions for OpenSSL
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #ifndef CONFIG_SMARTCARD
12 #ifndef OPENSSL_NO_ENGINE
13 #ifndef ANDROID
14 #define OPENSSL_NO_ENGINE
15 #endif
16 #endif
17 #endif
18
19 #include <openssl/ssl.h>
20 #include <openssl/err.h>
21 #include <openssl/opensslv.h>
22 #include <openssl/pkcs12.h>
23 #include <openssl/x509v3.h>
24 #ifndef OPENSSL_NO_ENGINE
25 #include <openssl/engine.h>
26 #endif /* OPENSSL_NO_ENGINE */
27 #ifndef OPENSSL_NO_DSA
28 #include <openssl/dsa.h>
29 #endif
30 #ifndef OPENSSL_NO_DH
31 #include <openssl/dh.h>
32 #endif
33
34 #include "common.h"
35 #include "crypto.h"
36 #include "sha1.h"
37 #include "sha256.h"
38 #include "tls.h"
39 #include "tls_openssl.h"
40
41 #if !defined(CONFIG_FIPS) && \
42 (defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || \
43 defined(EAP_SERVER_FAST))
44 #define OPENSSL_NEED_EAP_FAST_PRF
45 #endif
46
47 #if defined(OPENSSL_IS_BORINGSSL)
48 /* stack_index_t is the return type of OpenSSL's sk_XXX_num() functions. */
49 typedef size_t stack_index_t;
50 #else
51 typedef int stack_index_t;
52 #endif
53
54 #ifdef SSL_set_tlsext_status_type
55 #ifndef OPENSSL_NO_TLSEXT
56 #define HAVE_OCSP
57 #include <openssl/ocsp.h>
58 #endif /* OPENSSL_NO_TLSEXT */
59 #endif /* SSL_set_tlsext_status_type */
60
61 #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
62 defined(LIBRESSL_VERSION_NUMBER)) && \
63 !defined(BORINGSSL_API_VERSION)
64 /*
65 * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
66 * 1.1.0 and newer BoringSSL revisions. Provide compatibility wrappers for
67 * older versions.
68 */
69
70 static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
71 size_t outlen)
72 {
73 if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
74 return 0;
75 os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
76 return SSL3_RANDOM_SIZE;
77 }
78
79
80 static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
81 size_t outlen)
82 {
83 if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
84 return 0;
85 os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
86 return SSL3_RANDOM_SIZE;
87 }
88
89
90 #ifdef OPENSSL_NEED_EAP_FAST_PRF
91 static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
92 unsigned char *out, size_t outlen)
93 {
94 if (!session || session->master_key_length < 0 ||
95 (size_t) session->master_key_length > outlen)
96 return 0;
97 if ((size_t) session->master_key_length < outlen)
98 outlen = session->master_key_length;
99 os_memcpy(out, session->master_key, outlen);
100 return outlen;
101 }
102 #endif /* OPENSSL_NEED_EAP_FAST_PRF */
103
104 #endif
105
106 #if OPENSSL_VERSION_NUMBER < 0x10100000L
107 #ifdef CONFIG_SUITEB
108 static int RSA_bits(const RSA *r)
109 {
110 return BN_num_bits(r->n);
111 }
112 #endif /* CONFIG_SUITEB */
113 #endif
114
115 #ifdef ANDROID
116 #include <openssl/pem.h>
117 #include <keystore/keystore_get.h>
118
119 static BIO * BIO_from_keystore(const char *key)
120 {
121 BIO *bio = NULL;
122 uint8_t *value = NULL;
123 int length = keystore_get(key, strlen(key), &value);
124 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL)
125 BIO_write(bio, value, length);
126 free(value);
127 return bio;
128 }
129
130
131 static int tls_add_ca_from_keystore(X509_STORE *ctx, const char *key_alias)
132 {
133 BIO *bio = BIO_from_keystore(key_alias);
134 STACK_OF(X509_INFO) *stack = NULL;
135 stack_index_t i;
136
137 if (bio) {
138 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
139 BIO_free(bio);
140 }
141
142 if (!stack) {
143 wpa_printf(MSG_WARNING, "TLS: Failed to parse certificate: %s",
144 key_alias);
145 return -1;
146 }
147
148 for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
149 X509_INFO *info = sk_X509_INFO_value(stack, i);
150
151 if (info->x509)
152 X509_STORE_add_cert(ctx, info->x509);
153 if (info->crl)
154 X509_STORE_add_crl(ctx, info->crl);
155 }
156
157 sk_X509_INFO_pop_free(stack, X509_INFO_free);
158
159 return 0;
160 }
161
162
163 static int tls_add_ca_from_keystore_encoded(X509_STORE *ctx,
164 const char *encoded_key_alias)
165 {
166 int rc = -1;
167 int len = os_strlen(encoded_key_alias);
168 unsigned char *decoded_alias;
169
170 if (len & 1) {
171 wpa_printf(MSG_WARNING, "Invalid hex-encoded alias: %s",
172 encoded_key_alias);
173 return rc;
174 }
175
176 decoded_alias = os_malloc(len / 2 + 1);
177 if (decoded_alias) {
178 if (!hexstr2bin(encoded_key_alias, decoded_alias, len / 2)) {
179 decoded_alias[len / 2] = '\0';
180 rc = tls_add_ca_from_keystore(
181 ctx, (const char *) decoded_alias);
182 }
183 os_free(decoded_alias);
184 }
185
186 return rc;
187 }
188
189 #endif /* ANDROID */
190
191 static int tls_openssl_ref_count = 0;
192 static int tls_ex_idx_session = -1;
193
194 struct tls_context {
195 void (*event_cb)(void *ctx, enum tls_event ev,
196 union tls_event_data *data);
197 void *cb_ctx;
198 int cert_in_cb;
199 char *ocsp_stapling_response;
200 };
201
202 static struct tls_context *tls_global = NULL;
203
204
205 struct tls_data {
206 SSL_CTX *ssl;
207 unsigned int tls_session_lifetime;
208 };
209
210 struct tls_connection {
211 struct tls_context *context;
212 SSL_CTX *ssl_ctx;
213 SSL *ssl;
214 BIO *ssl_in, *ssl_out;
215 #if defined(ANDROID) || !defined(OPENSSL_NO_ENGINE)
216 ENGINE *engine; /* functional reference to the engine */
217 EVP_PKEY *private_key; /* the private key if using engine */
218 #endif /* OPENSSL_NO_ENGINE */
219 char *subject_match, *altsubject_match, *suffix_match, *domain_match;
220 int read_alerts, write_alerts, failed;
221
222 tls_session_ticket_cb session_ticket_cb;
223 void *session_ticket_cb_ctx;
224
225 /* SessionTicket received from OpenSSL hello_extension_cb (server) */
226 u8 *session_ticket;
227 size_t session_ticket_len;
228
229 unsigned int ca_cert_verify:1;
230 unsigned int cert_probe:1;
231 unsigned int server_cert_only:1;
232 unsigned int invalid_hb_used:1;
233 unsigned int success_data:1;
234
235 u8 srv_cert_hash[32];
236
237 unsigned int flags;
238
239 X509 *peer_cert;
240 X509 *peer_issuer;
241 X509 *peer_issuer_issuer;
242
243 unsigned char client_random[SSL3_RANDOM_SIZE];
244 unsigned char server_random[SSL3_RANDOM_SIZE];
245 };
246
247
248 static struct tls_context * tls_context_new(const struct tls_config *conf)
249 {
250 struct tls_context *context = os_zalloc(sizeof(*context));
251 if (context == NULL)
252 return NULL;
253 if (conf) {
254 context->event_cb = conf->event_cb;
255 context->cb_ctx = conf->cb_ctx;
256 context->cert_in_cb = conf->cert_in_cb;
257 }
258 return context;
259 }
260
261
262 #ifdef CONFIG_NO_STDOUT_DEBUG
263
264 static void _tls_show_errors(void)
265 {
266 unsigned long err;
267
268 while ((err = ERR_get_error())) {
269 /* Just ignore the errors, since stdout is disabled */
270 }
271 }
272 #define tls_show_errors(l, f, t) _tls_show_errors()
273
274 #else /* CONFIG_NO_STDOUT_DEBUG */
275
276 static void tls_show_errors(int level, const char *func, const char *txt)
277 {
278 unsigned long err;
279
280 wpa_printf(level, "OpenSSL: %s - %s %s",
281 func, txt, ERR_error_string(ERR_get_error(), NULL));
282
283 while ((err = ERR_get_error())) {
284 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
285 ERR_error_string(err, NULL));
286 }
287 }
288
289 #endif /* CONFIG_NO_STDOUT_DEBUG */
290
291
292 #ifdef CONFIG_NATIVE_WINDOWS
293
294 /* Windows CryptoAPI and access to certificate stores */
295 #include <wincrypt.h>
296
297 #ifdef __MINGW32_VERSION
298 /*
299 * MinGW does not yet include all the needed definitions for CryptoAPI, so
300 * define here whatever extra is needed.
301 */
302 #define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
303 #define CERT_STORE_READONLY_FLAG 0x00008000
304 #define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
305
306 #endif /* __MINGW32_VERSION */
307
308
309 struct cryptoapi_rsa_data {
310 const CERT_CONTEXT *cert;
311 HCRYPTPROV crypt_prov;
312 DWORD key_spec;
313 BOOL free_crypt_prov;
314 };
315
316
317 static void cryptoapi_error(const char *msg)
318 {
319 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u",
320 msg, (unsigned int) GetLastError());
321 }
322
323
324 static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from,
325 unsigned char *to, RSA *rsa, int padding)
326 {
327 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
328 return 0;
329 }
330
331
332 static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from,
333 unsigned char *to, RSA *rsa, int padding)
334 {
335 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
336 return 0;
337 }
338
339
340 static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
341 unsigned char *to, RSA *rsa, int padding)
342 {
343 struct cryptoapi_rsa_data *priv =
344 (struct cryptoapi_rsa_data *) rsa->meth->app_data;
345 HCRYPTHASH hash;
346 DWORD hash_size, len, i;
347 unsigned char *buf = NULL;
348 int ret = 0;
349
350 if (priv == NULL) {
351 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
352 ERR_R_PASSED_NULL_PARAMETER);
353 return 0;
354 }
355
356 if (padding != RSA_PKCS1_PADDING) {
357 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
358 RSA_R_UNKNOWN_PADDING_TYPE);
359 return 0;
360 }
361
362 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
363 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
364 __func__);
365 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
366 RSA_R_INVALID_MESSAGE_LENGTH);
367 return 0;
368 }
369
370 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
371 {
372 cryptoapi_error("CryptCreateHash failed");
373 return 0;
374 }
375
376 len = sizeof(hash_size);
377 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len,
378 0)) {
379 cryptoapi_error("CryptGetHashParam failed");
380 goto err;
381 }
382
383 if ((int) hash_size != flen) {
384 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)",
385 (unsigned) hash_size, flen);
386 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
387 RSA_R_INVALID_MESSAGE_LENGTH);
388 goto err;
389 }
390 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) {
391 cryptoapi_error("CryptSetHashParam failed");
392 goto err;
393 }
394
395 len = RSA_size(rsa);
396 buf = os_malloc(len);
397 if (buf == NULL) {
398 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
399 goto err;
400 }
401
402 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
403 cryptoapi_error("CryptSignHash failed");
404 goto err;
405 }
406
407 for (i = 0; i < len; i++)
408 to[i] = buf[len - i - 1];
409 ret = len;
410
411 err:
412 os_free(buf);
413 CryptDestroyHash(hash);
414
415 return ret;
416 }
417
418
419 static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from,
420 unsigned char *to, RSA *rsa, int padding)
421 {
422 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
423 return 0;
424 }
425
426
427 static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv)
428 {
429 if (priv == NULL)
430 return;
431 if (priv->crypt_prov && priv->free_crypt_prov)
432 CryptReleaseContext(priv->crypt_prov, 0);
433 if (priv->cert)
434 CertFreeCertificateContext(priv->cert);
435 os_free(priv);
436 }
437
438
439 static int cryptoapi_finish(RSA *rsa)
440 {
441 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
442 os_free((void *) rsa->meth);
443 rsa->meth = NULL;
444 return 1;
445 }
446
447
448 static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store)
449 {
450 HCERTSTORE cs;
451 const CERT_CONTEXT *ret = NULL;
452
453 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0,
454 store | CERT_STORE_OPEN_EXISTING_FLAG |
455 CERT_STORE_READONLY_FLAG, L"MY");
456 if (cs == NULL) {
457 cryptoapi_error("Failed to open 'My system store'");
458 return NULL;
459 }
460
461 if (strncmp(name, "cert://", 7) == 0) {
462 unsigned short wbuf[255];
463 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
464 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING |
465 PKCS_7_ASN_ENCODING,
466 0, CERT_FIND_SUBJECT_STR,
467 wbuf, NULL);
468 } else if (strncmp(name, "hash://", 7) == 0) {
469 CRYPT_HASH_BLOB blob;
470 int len;
471 const char *hash = name + 7;
472 unsigned char *buf;
473
474 len = os_strlen(hash) / 2;
475 buf = os_malloc(len);
476 if (buf && hexstr2bin(hash, buf, len) == 0) {
477 blob.cbData = len;
478 blob.pbData = buf;
479 ret = CertFindCertificateInStore(cs,
480 X509_ASN_ENCODING |
481 PKCS_7_ASN_ENCODING,
482 0, CERT_FIND_HASH,
483 &blob, NULL);
484 }
485 os_free(buf);
486 }
487
488 CertCloseStore(cs, 0);
489
490 return ret;
491 }
492
493
494 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
495 {
496 X509 *cert = NULL;
497 RSA *rsa = NULL, *pub_rsa;
498 struct cryptoapi_rsa_data *priv;
499 RSA_METHOD *rsa_meth;
500
501 if (name == NULL ||
502 (strncmp(name, "cert://", 7) != 0 &&
503 strncmp(name, "hash://", 7) != 0))
504 return -1;
505
506 priv = os_zalloc(sizeof(*priv));
507 rsa_meth = os_zalloc(sizeof(*rsa_meth));
508 if (priv == NULL || rsa_meth == NULL) {
509 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory "
510 "for CryptoAPI RSA method");
511 os_free(priv);
512 os_free(rsa_meth);
513 return -1;
514 }
515
516 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
517 if (priv->cert == NULL) {
518 priv->cert = cryptoapi_find_cert(
519 name, CERT_SYSTEM_STORE_LOCAL_MACHINE);
520 }
521 if (priv->cert == NULL) {
522 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate "
523 "'%s'", name);
524 goto err;
525 }
526
527 cert = d2i_X509(NULL,
528 (const unsigned char **) &priv->cert->pbCertEncoded,
529 priv->cert->cbCertEncoded);
530 if (cert == NULL) {
531 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
532 "encoding");
533 goto err;
534 }
535
536 if (!CryptAcquireCertificatePrivateKey(priv->cert,
537 CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
538 NULL, &priv->crypt_prov,
539 &priv->key_spec,
540 &priv->free_crypt_prov)) {
541 cryptoapi_error("Failed to acquire a private key for the "
542 "certificate");
543 goto err;
544 }
545
546 rsa_meth->name = "Microsoft CryptoAPI RSA Method";
547 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
548 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
549 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
550 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
551 rsa_meth->finish = cryptoapi_finish;
552 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
553 rsa_meth->app_data = (char *) priv;
554
555 rsa = RSA_new();
556 if (rsa == NULL) {
557 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,
558 ERR_R_MALLOC_FAILURE);
559 goto err;
560 }
561
562 if (!SSL_use_certificate(ssl, cert)) {
563 RSA_free(rsa);
564 rsa = NULL;
565 goto err;
566 }
567 pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
568 X509_free(cert);
569 cert = NULL;
570
571 rsa->n = BN_dup(pub_rsa->n);
572 rsa->e = BN_dup(pub_rsa->e);
573 if (!RSA_set_method(rsa, rsa_meth))
574 goto err;
575
576 if (!SSL_use_RSAPrivateKey(ssl, rsa))
577 goto err;
578 RSA_free(rsa);
579
580 return 0;
581
582 err:
583 if (cert)
584 X509_free(cert);
585 if (rsa)
586 RSA_free(rsa);
587 else {
588 os_free(rsa_meth);
589 cryptoapi_free_data(priv);
590 }
591 return -1;
592 }
593
594
595 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
596 {
597 HCERTSTORE cs;
598 PCCERT_CONTEXT ctx = NULL;
599 X509 *cert;
600 char buf[128];
601 const char *store;
602 #ifdef UNICODE
603 WCHAR *wstore;
604 #endif /* UNICODE */
605
606 if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
607 return -1;
608
609 store = name + 13;
610 #ifdef UNICODE
611 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR));
612 if (wstore == NULL)
613 return -1;
614 wsprintf(wstore, L"%S", store);
615 cs = CertOpenSystemStore(0, wstore);
616 os_free(wstore);
617 #else /* UNICODE */
618 cs = CertOpenSystemStore(0, store);
619 #endif /* UNICODE */
620 if (cs == NULL) {
621 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
622 "'%s': error=%d", __func__, store,
623 (int) GetLastError());
624 return -1;
625 }
626
627 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
628 cert = d2i_X509(NULL,
629 (const unsigned char **) &ctx->pbCertEncoded,
630 ctx->cbCertEncoded);
631 if (cert == NULL) {
632 wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
633 "X509 DER encoding for CA cert");
634 continue;
635 }
636
637 X509_NAME_oneline(X509_get_subject_name(cert), buf,
638 sizeof(buf));
639 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for "
640 "system certificate store: subject='%s'", buf);
641
642 if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx),
643 cert)) {
644 tls_show_errors(MSG_WARNING, __func__,
645 "Failed to add ca_cert to OpenSSL "
646 "certificate store");
647 }
648
649 X509_free(cert);
650 }
651
652 if (!CertCloseStore(cs, 0)) {
653 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
654 "'%s': error=%d", __func__, name + 13,
655 (int) GetLastError());
656 }
657
658 return 0;
659 }
660
661
662 #else /* CONFIG_NATIVE_WINDOWS */
663
664 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
665 {
666 return -1;
667 }
668
669 #endif /* CONFIG_NATIVE_WINDOWS */
670
671
672 static void ssl_info_cb(const SSL *ssl, int where, int ret)
673 {
674 const char *str;
675 int w;
676
677 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
678 w = where & ~SSL_ST_MASK;
679 if (w & SSL_ST_CONNECT)
680 str = "SSL_connect";
681 else if (w & SSL_ST_ACCEPT)
682 str = "SSL_accept";
683 else
684 str = "undefined";
685
686 if (where & SSL_CB_LOOP) {
687 wpa_printf(MSG_DEBUG, "SSL: %s:%s",
688 str, SSL_state_string_long(ssl));
689 } else if (where & SSL_CB_ALERT) {
690 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
691 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
692 where & SSL_CB_READ ?
693 "read (remote end reported an error)" :
694 "write (local SSL3 detected an error)",
695 SSL_alert_type_string_long(ret),
696 SSL_alert_desc_string_long(ret));
697 if ((ret >> 8) == SSL3_AL_FATAL) {
698 if (where & SSL_CB_READ)
699 conn->read_alerts++;
700 else
701 conn->write_alerts++;
702 }
703 if (conn->context->event_cb != NULL) {
704 union tls_event_data ev;
705 struct tls_context *context = conn->context;
706 os_memset(&ev, 0, sizeof(ev));
707 ev.alert.is_local = !(where & SSL_CB_READ);
708 ev.alert.type = SSL_alert_type_string_long(ret);
709 ev.alert.description = SSL_alert_desc_string_long(ret);
710 context->event_cb(context->cb_ctx, TLS_ALERT, &ev);
711 }
712 } else if (where & SSL_CB_EXIT && ret <= 0) {
713 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
714 str, ret == 0 ? "failed" : "error",
715 SSL_state_string_long(ssl));
716 }
717 }
718
719
720 #ifndef OPENSSL_NO_ENGINE
721 /**
722 * tls_engine_load_dynamic_generic - load any openssl engine
723 * @pre: an array of commands and values that load an engine initialized
724 * in the engine specific function
725 * @post: an array of commands and values that initialize an already loaded
726 * engine (or %NULL if not required)
727 * @id: the engine id of the engine to load (only required if post is not %NULL
728 *
729 * This function is a generic function that loads any openssl engine.
730 *
731 * Returns: 0 on success, -1 on failure
732 */
733 static int tls_engine_load_dynamic_generic(const char *pre[],
734 const char *post[], const char *id)
735 {
736 ENGINE *engine;
737 const char *dynamic_id = "dynamic";
738
739 engine = ENGINE_by_id(id);
740 if (engine) {
741 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
742 "available", id);
743 /*
744 * If it was auto-loaded by ENGINE_by_id() we might still
745 * need to tell it which PKCS#11 module to use in legacy
746 * (non-p11-kit) environments. Do so now; even if it was
747 * properly initialised before, setting it again will be
748 * harmless.
749 */
750 goto found;
751 }
752 ERR_clear_error();
753
754 engine = ENGINE_by_id(dynamic_id);
755 if (engine == NULL) {
756 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
757 dynamic_id,
758 ERR_error_string(ERR_get_error(), NULL));
759 return -1;
760 }
761
762 /* Perform the pre commands. This will load the engine. */
763 while (pre && pre[0]) {
764 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
765 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
766 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
767 "%s %s [%s]", pre[0], pre[1],
768 ERR_error_string(ERR_get_error(), NULL));
769 ENGINE_free(engine);
770 return -1;
771 }
772 pre += 2;
773 }
774
775 /*
776 * Free the reference to the "dynamic" engine. The loaded engine can
777 * now be looked up using ENGINE_by_id().
778 */
779 ENGINE_free(engine);
780
781 engine = ENGINE_by_id(id);
782 if (engine == NULL) {
783 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
784 id, ERR_error_string(ERR_get_error(), NULL));
785 return -1;
786 }
787 found:
788 while (post && post[0]) {
789 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
790 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
791 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
792 " %s %s [%s]", post[0], post[1],
793 ERR_error_string(ERR_get_error(), NULL));
794 ENGINE_remove(engine);
795 ENGINE_free(engine);
796 return -1;
797 }
798 post += 2;
799 }
800 ENGINE_free(engine);
801
802 return 0;
803 }
804
805
806 /**
807 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
808 * @pkcs11_so_path: pksc11_so_path from the configuration
809 * @pcks11_module_path: pkcs11_module_path from the configuration
810 */
811 static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
812 const char *pkcs11_module_path)
813 {
814 char *engine_id = "pkcs11";
815 const char *pre_cmd[] = {
816 "SO_PATH", NULL /* pkcs11_so_path */,
817 "ID", NULL /* engine_id */,
818 "LIST_ADD", "1",
819 /* "NO_VCHECK", "1", */
820 "LOAD", NULL,
821 NULL, NULL
822 };
823 const char *post_cmd[] = {
824 "MODULE_PATH", NULL /* pkcs11_module_path */,
825 NULL, NULL
826 };
827
828 if (!pkcs11_so_path)
829 return 0;
830
831 pre_cmd[1] = pkcs11_so_path;
832 pre_cmd[3] = engine_id;
833 if (pkcs11_module_path)
834 post_cmd[1] = pkcs11_module_path;
835 else
836 post_cmd[0] = NULL;
837
838 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
839 pkcs11_so_path);
840
841 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id);
842 }
843
844
845 /**
846 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
847 * @opensc_so_path: opensc_so_path from the configuration
848 */
849 static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
850 {
851 char *engine_id = "opensc";
852 const char *pre_cmd[] = {
853 "SO_PATH", NULL /* opensc_so_path */,
854 "ID", NULL /* engine_id */,
855 "LIST_ADD", "1",
856 "LOAD", NULL,
857 NULL, NULL
858 };
859
860 if (!opensc_so_path)
861 return 0;
862
863 pre_cmd[1] = opensc_so_path;
864 pre_cmd[3] = engine_id;
865
866 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s",
867 opensc_so_path);
868
869 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id);
870 }
871 #endif /* OPENSSL_NO_ENGINE */
872
873
874 static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
875 {
876 struct wpabuf *buf;
877
878 if (tls_ex_idx_session < 0)
879 return;
880 buf = SSL_SESSION_get_ex_data(sess, tls_ex_idx_session);
881 if (!buf)
882 return;
883 wpa_printf(MSG_DEBUG,
884 "OpenSSL: Free application session data %p (sess %p)",
885 buf, sess);
886 wpabuf_free(buf);
887
888 SSL_SESSION_set_ex_data(sess, tls_ex_idx_session, NULL);
889 }
890
891
892 void * tls_init(const struct tls_config *conf)
893 {
894 struct tls_data *data;
895 SSL_CTX *ssl;
896 struct tls_context *context;
897 const char *ciphers;
898
899 if (tls_openssl_ref_count == 0) {
900 tls_global = context = tls_context_new(conf);
901 if (context == NULL)
902 return NULL;
903 #ifdef CONFIG_FIPS
904 #ifdef OPENSSL_FIPS
905 if (conf && conf->fips_mode) {
906 static int fips_enabled = 0;
907
908 if (!fips_enabled && !FIPS_mode_set(1)) {
909 wpa_printf(MSG_ERROR, "Failed to enable FIPS "
910 "mode");
911 ERR_load_crypto_strings();
912 ERR_print_errors_fp(stderr);
913 os_free(tls_global);
914 tls_global = NULL;
915 return NULL;
916 } else {
917 wpa_printf(MSG_INFO, "Running in FIPS mode");
918 fips_enabled = 1;
919 }
920 }
921 #else /* OPENSSL_FIPS */
922 if (conf && conf->fips_mode) {
923 wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
924 "supported");
925 os_free(tls_global);
926 tls_global = NULL;
927 return NULL;
928 }
929 #endif /* OPENSSL_FIPS */
930 #endif /* CONFIG_FIPS */
931 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
932 SSL_load_error_strings();
933 SSL_library_init();
934 #ifndef OPENSSL_NO_SHA256
935 EVP_add_digest(EVP_sha256());
936 #endif /* OPENSSL_NO_SHA256 */
937 /* TODO: if /dev/urandom is available, PRNG is seeded
938 * automatically. If this is not the case, random data should
939 * be added here. */
940
941 #ifdef PKCS12_FUNCS
942 #ifndef OPENSSL_NO_RC2
943 /*
944 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
945 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
946 * versions, but it looks like OpenSSL 1.0.0 does not do that
947 * anymore.
948 */
949 EVP_add_cipher(EVP_rc2_40_cbc());
950 #endif /* OPENSSL_NO_RC2 */
951 PKCS12_PBE_add();
952 #endif /* PKCS12_FUNCS */
953 #endif /* < 1.1.0 */
954 } else {
955 context = tls_context_new(conf);
956 if (context == NULL)
957 return NULL;
958 }
959 tls_openssl_ref_count++;
960
961 data = os_zalloc(sizeof(*data));
962 if (data)
963 ssl = SSL_CTX_new(SSLv23_method());
964 else
965 ssl = NULL;
966 if (ssl == NULL) {
967 tls_openssl_ref_count--;
968 if (context != tls_global)
969 os_free(context);
970 if (tls_openssl_ref_count == 0) {
971 os_free(tls_global);
972 tls_global = NULL;
973 }
974 os_free(data);
975 return NULL;
976 }
977 data->ssl = ssl;
978 if (conf)
979 data->tls_session_lifetime = conf->tls_session_lifetime;
980
981 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
982 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
983
984 #ifdef SSL_MODE_NO_AUTO_CHAIN
985 /* Number of deployed use cases assume the default OpenSSL behavior of
986 * auto chaining the local certificate is in use. BoringSSL removed this
987 * functionality by default, so we need to restore it here to avoid
988 * breaking existing use cases. */
989 SSL_CTX_clear_mode(ssl, SSL_MODE_NO_AUTO_CHAIN);
990 #endif /* SSL_MODE_NO_AUTO_CHAIN */
991
992 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
993 SSL_CTX_set_app_data(ssl, context);
994 if (data->tls_session_lifetime > 0) {
995 SSL_CTX_set_quiet_shutdown(ssl, 1);
996 /*
997 * Set default context here. In practice, this will be replaced
998 * by the per-EAP method context in tls_connection_set_verify().
999 */
1000 SSL_CTX_set_session_id_context(ssl, (u8 *) "hostapd", 7);
1001 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_SERVER);
1002 SSL_CTX_set_timeout(ssl, data->tls_session_lifetime);
1003 SSL_CTX_sess_set_remove_cb(ssl, remove_session_cb);
1004 } else {
1005 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
1006 }
1007
1008 if (tls_ex_idx_session < 0) {
1009 tls_ex_idx_session = SSL_SESSION_get_ex_new_index(
1010 0, NULL, NULL, NULL, NULL);
1011 if (tls_ex_idx_session < 0) {
1012 tls_deinit(data);
1013 return NULL;
1014 }
1015 }
1016
1017 #ifndef OPENSSL_NO_ENGINE
1018 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
1019 ERR_load_ENGINE_strings();
1020 ENGINE_load_dynamic();
1021
1022 if (conf &&
1023 (conf->opensc_engine_path || conf->pkcs11_engine_path ||
1024 conf->pkcs11_module_path)) {
1025 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
1026 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
1027 conf->pkcs11_module_path)) {
1028 tls_deinit(data);
1029 return NULL;
1030 }
1031 }
1032 #endif /* OPENSSL_NO_ENGINE */
1033
1034 if (conf && conf->openssl_ciphers)
1035 ciphers = conf->openssl_ciphers;
1036 else
1037 ciphers = TLS_DEFAULT_CIPHERS;
1038 if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) {
1039 wpa_printf(MSG_ERROR,
1040 "OpenSSL: Failed to set cipher string '%s'",
1041 ciphers);
1042 tls_deinit(data);
1043 return NULL;
1044 }
1045
1046 return data;
1047 }
1048
1049
1050 void tls_deinit(void *ssl_ctx)
1051 {
1052 struct tls_data *data = ssl_ctx;
1053 SSL_CTX *ssl = data->ssl;
1054 struct tls_context *context = SSL_CTX_get_app_data(ssl);
1055 if (context != tls_global)
1056 os_free(context);
1057 if (data->tls_session_lifetime > 0)
1058 SSL_CTX_flush_sessions(ssl, 0);
1059 SSL_CTX_free(ssl);
1060
1061 tls_openssl_ref_count--;
1062 if (tls_openssl_ref_count == 0) {
1063 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
1064 #ifndef OPENSSL_NO_ENGINE
1065 ENGINE_cleanup();
1066 #endif /* OPENSSL_NO_ENGINE */
1067 CRYPTO_cleanup_all_ex_data();
1068 ERR_remove_thread_state(NULL);
1069 ERR_free_strings();
1070 EVP_cleanup();
1071 #endif /* < 1.1.0 */
1072 os_free(tls_global->ocsp_stapling_response);
1073 tls_global->ocsp_stapling_response = NULL;
1074 os_free(tls_global);
1075 tls_global = NULL;
1076 }
1077
1078 os_free(data);
1079 }
1080
1081
1082 #ifndef OPENSSL_NO_ENGINE
1083
1084 /* Cryptoki return values */
1085 #define CKR_PIN_INCORRECT 0x000000a0
1086 #define CKR_PIN_INVALID 0x000000a1
1087 #define CKR_PIN_LEN_RANGE 0x000000a2
1088
1089 /* libp11 */
1090 #define ERR_LIB_PKCS11 ERR_LIB_USER
1091
1092 static int tls_is_pin_error(unsigned int err)
1093 {
1094 return ERR_GET_LIB(err) == ERR_LIB_PKCS11 &&
1095 (ERR_GET_REASON(err) == CKR_PIN_INCORRECT ||
1096 ERR_GET_REASON(err) == CKR_PIN_INVALID ||
1097 ERR_GET_REASON(err) == CKR_PIN_LEN_RANGE);
1098 }
1099
1100 #endif /* OPENSSL_NO_ENGINE */
1101
1102
1103 #ifdef ANDROID
1104 /* EVP_PKEY_from_keystore comes from system/security/keystore-engine. */
1105 EVP_PKEY * EVP_PKEY_from_keystore(const char *key_id);
1106 #endif /* ANDROID */
1107
1108 static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
1109 const char *pin, const char *key_id,
1110 const char *cert_id, const char *ca_cert_id)
1111 {
1112 #if defined(ANDROID) && defined(OPENSSL_IS_BORINGSSL)
1113 #if !defined(OPENSSL_NO_ENGINE)
1114 #error "This code depends on OPENSSL_NO_ENGINE being defined by BoringSSL."
1115 #endif
1116 if (!key_id)
1117 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
1118 conn->engine = NULL;
1119 conn->private_key = EVP_PKEY_from_keystore(key_id);
1120 if (!conn->private_key) {
1121 wpa_printf(MSG_ERROR,
1122 "ENGINE: cannot load private key with id '%s' [%s]",
1123 key_id,
1124 ERR_error_string(ERR_get_error(), NULL));
1125 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
1126 }
1127 #endif /* ANDROID && OPENSSL_IS_BORINGSSL */
1128
1129 #ifndef OPENSSL_NO_ENGINE
1130 int ret = -1;
1131 if (engine_id == NULL) {
1132 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
1133 return -1;
1134 }
1135
1136 ERR_clear_error();
1137 #ifdef ANDROID
1138 ENGINE_load_dynamic();
1139 #endif
1140 conn->engine = ENGINE_by_id(engine_id);
1141 if (!conn->engine) {
1142 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
1143 engine_id, ERR_error_string(ERR_get_error(), NULL));
1144 goto err;
1145 }
1146 if (ENGINE_init(conn->engine) != 1) {
1147 wpa_printf(MSG_ERROR, "ENGINE: engine init failed "
1148 "(engine: %s) [%s]", engine_id,
1149 ERR_error_string(ERR_get_error(), NULL));
1150 goto err;
1151 }
1152 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
1153
1154 #ifndef ANDROID
1155 if (pin && ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
1156 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
1157 ERR_error_string(ERR_get_error(), NULL));
1158 goto err;
1159 }
1160 #endif
1161 if (key_id) {
1162 /*
1163 * Ensure that the ENGINE does not attempt to use the OpenSSL
1164 * UI system to obtain a PIN, if we didn't provide one.
1165 */
1166 struct {
1167 const void *password;
1168 const char *prompt_info;
1169 } key_cb = { "", NULL };
1170
1171 /* load private key first in-case PIN is required for cert */
1172 conn->private_key = ENGINE_load_private_key(conn->engine,
1173 key_id, NULL,
1174 &key_cb);
1175 if (!conn->private_key) {
1176 unsigned long err = ERR_get_error();
1177
1178 wpa_printf(MSG_ERROR,
1179 "ENGINE: cannot load private key with id '%s' [%s]",
1180 key_id,
1181 ERR_error_string(err, NULL));
1182 if (tls_is_pin_error(err))
1183 ret = TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN;
1184 else
1185 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
1186 goto err;
1187 }
1188 }
1189
1190 /* handle a certificate and/or CA certificate */
1191 if (cert_id || ca_cert_id) {
1192 const char *cmd_name = "LOAD_CERT_CTRL";
1193
1194 /* test if the engine supports a LOAD_CERT_CTRL */
1195 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
1196 0, (void *)cmd_name, NULL)) {
1197 wpa_printf(MSG_ERROR, "ENGINE: engine does not support"
1198 " loading certificates");
1199 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
1200 goto err;
1201 }
1202 }
1203
1204 return 0;
1205
1206 err:
1207 if (conn->engine) {
1208 ENGINE_free(conn->engine);
1209 conn->engine = NULL;
1210 }
1211
1212 if (conn->private_key) {
1213 EVP_PKEY_free(conn->private_key);
1214 conn->private_key = NULL;
1215 }
1216
1217 return ret;
1218 #else /* OPENSSL_NO_ENGINE */
1219 return 0;
1220 #endif /* OPENSSL_NO_ENGINE */
1221 }
1222
1223
1224 static void tls_engine_deinit(struct tls_connection *conn)
1225 {
1226 #if defined(ANDROID) || !defined(OPENSSL_NO_ENGINE)
1227 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit");
1228 if (conn->private_key) {
1229 EVP_PKEY_free(conn->private_key);
1230 conn->private_key = NULL;
1231 }
1232 if (conn->engine) {
1233 #if !defined(OPENSSL_IS_BORINGSSL)
1234 ENGINE_finish(conn->engine);
1235 #endif /* !OPENSSL_IS_BORINGSSL */
1236 conn->engine = NULL;
1237 }
1238 #endif /* ANDROID || !OPENSSL_NO_ENGINE */
1239 }
1240
1241
1242 int tls_get_errors(void *ssl_ctx)
1243 {
1244 int count = 0;
1245 unsigned long err;
1246
1247 while ((err = ERR_get_error())) {
1248 wpa_printf(MSG_INFO, "TLS - SSL error: %s",
1249 ERR_error_string(err, NULL));
1250 count++;
1251 }
1252
1253 return count;
1254 }
1255
1256
1257 static const char * openssl_content_type(int content_type)
1258 {
1259 switch (content_type) {
1260 case 20:
1261 return "change cipher spec";
1262 case 21:
1263 return "alert";
1264 case 22:
1265 return "handshake";
1266 case 23:
1267 return "application data";
1268 case 24:
1269 return "heartbeat";
1270 case 256:
1271 return "TLS header info"; /* pseudo content type */
1272 default:
1273 return "?";
1274 }
1275 }
1276
1277
1278 static const char * openssl_handshake_type(int content_type, const u8 *buf,
1279 size_t len)
1280 {
1281 if (content_type != 22 || !buf || len == 0)
1282 return "";
1283 switch (buf[0]) {
1284 case 0:
1285 return "hello request";
1286 case 1:
1287 return "client hello";
1288 case 2:
1289 return "server hello";
1290 case 4:
1291 return "new session ticket";
1292 case 11:
1293 return "certificate";
1294 case 12:
1295 return "server key exchange";
1296 case 13:
1297 return "certificate request";
1298 case 14:
1299 return "server hello done";
1300 case 15:
1301 return "certificate verify";
1302 case 16:
1303 return "client key exchange";
1304 case 20:
1305 return "finished";
1306 case 21:
1307 return "certificate url";
1308 case 22:
1309 return "certificate status";
1310 default:
1311 return "?";
1312 }
1313 }
1314
1315
1316 static void tls_msg_cb(int write_p, int version, int content_type,
1317 const void *buf, size_t len, SSL *ssl, void *arg)
1318 {
1319 struct tls_connection *conn = arg;
1320 const u8 *pos = buf;
1321
1322 if (write_p == 2) {
1323 wpa_printf(MSG_DEBUG,
1324 "OpenSSL: session ver=0x%x content_type=%d",
1325 version, content_type);
1326 wpa_hexdump_key(MSG_MSGDUMP, "OpenSSL: Data", buf, len);
1327 return;
1328 }
1329
1330 wpa_printf(MSG_DEBUG, "OpenSSL: %s ver=0x%x content_type=%d (%s/%s)",
1331 write_p ? "TX" : "RX", version, content_type,
1332 openssl_content_type(content_type),
1333 openssl_handshake_type(content_type, buf, len));
1334 wpa_hexdump_key(MSG_MSGDUMP, "OpenSSL: Message", buf, len);
1335 if (content_type == 24 && len >= 3 && pos[0] == 1) {
1336 size_t payload_len = WPA_GET_BE16(pos + 1);
1337 if (payload_len + 3 > len) {
1338 wpa_printf(MSG_ERROR, "OpenSSL: Heartbeat attack detected");
1339 conn->invalid_hb_used = 1;
1340 }
1341 }
1342 }
1343
1344
1345 struct tls_connection * tls_connection_init(void *ssl_ctx)
1346 {
1347 struct tls_data *data = ssl_ctx;
1348 SSL_CTX *ssl = data->ssl;
1349 struct tls_connection *conn;
1350 long options;
1351 struct tls_context *context = SSL_CTX_get_app_data(ssl);
1352
1353 conn = os_zalloc(sizeof(*conn));
1354 if (conn == NULL)
1355 return NULL;
1356 conn->ssl_ctx = ssl;
1357 conn->ssl = SSL_new(ssl);
1358 if (conn->ssl == NULL) {
1359 tls_show_errors(MSG_INFO, __func__,
1360 "Failed to initialize new SSL connection");
1361 os_free(conn);
1362 return NULL;
1363 }
1364
1365 conn->context = context;
1366 SSL_set_app_data(conn->ssl, conn);
1367 SSL_set_msg_callback(conn->ssl, tls_msg_cb);
1368 SSL_set_msg_callback_arg(conn->ssl, conn);
1369 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
1370 SSL_OP_SINGLE_DH_USE;
1371 #ifdef SSL_OP_NO_COMPRESSION
1372 options |= SSL_OP_NO_COMPRESSION;
1373 #endif /* SSL_OP_NO_COMPRESSION */
1374 SSL_set_options(conn->ssl, options);
1375
1376 conn->ssl_in = BIO_new(BIO_s_mem());
1377 if (!conn->ssl_in) {
1378 tls_show_errors(MSG_INFO, __func__,
1379 "Failed to create a new BIO for ssl_in");
1380 SSL_free(conn->ssl);
1381 os_free(conn);
1382 return NULL;
1383 }
1384
1385 conn->ssl_out = BIO_new(BIO_s_mem());
1386 if (!conn->ssl_out) {
1387 tls_show_errors(MSG_INFO, __func__,
1388 "Failed to create a new BIO for ssl_out");
1389 SSL_free(conn->ssl);
1390 BIO_free(conn->ssl_in);
1391 os_free(conn);
1392 return NULL;
1393 }
1394
1395 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1396
1397 return conn;
1398 }
1399
1400
1401 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
1402 {
1403 if (conn == NULL)
1404 return;
1405 if (conn->success_data) {
1406 /*
1407 * Make sure ssl_clear_bad_session() does not remove this
1408 * session.
1409 */
1410 SSL_set_quiet_shutdown(conn->ssl, 1);
1411 SSL_shutdown(conn->ssl);
1412 }
1413 SSL_free(conn->ssl);
1414 tls_engine_deinit(conn);
1415 os_free(conn->subject_match);
1416 os_free(conn->altsubject_match);
1417 os_free(conn->suffix_match);
1418 os_free(conn->domain_match);
1419 os_free(conn->session_ticket);
1420 os_free(conn);
1421 }
1422
1423
1424 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
1425 {
1426 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1427 }
1428
1429
1430 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
1431 {
1432 if (conn == NULL)
1433 return -1;
1434
1435 /* Shutdown previous TLS connection without notifying the peer
1436 * because the connection was already terminated in practice
1437 * and "close notify" shutdown alert would confuse AS. */
1438 SSL_set_quiet_shutdown(conn->ssl, 1);
1439 SSL_shutdown(conn->ssl);
1440 return SSL_clear(conn->ssl) == 1 ? 0 : -1;
1441 }
1442
1443
1444 static int tls_match_altsubject_component(X509 *cert, int type,
1445 const char *value, size_t len)
1446 {
1447 GENERAL_NAME *gen;
1448 void *ext;
1449 int found = 0;
1450 stack_index_t i;
1451
1452 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1453
1454 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1455 gen = sk_GENERAL_NAME_value(ext, i);
1456 if (gen->type != type)
1457 continue;
1458 if (os_strlen((char *) gen->d.ia5->data) == len &&
1459 os_memcmp(value, gen->d.ia5->data, len) == 0)
1460 found++;
1461 }
1462
1463 sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
1464
1465 return found;
1466 }
1467
1468
1469 static int tls_match_altsubject(X509 *cert, const char *match)
1470 {
1471 int type;
1472 const char *pos, *end;
1473 size_t len;
1474
1475 pos = match;
1476 do {
1477 if (os_strncmp(pos, "EMAIL:", 6) == 0) {
1478 type = GEN_EMAIL;
1479 pos += 6;
1480 } else if (os_strncmp(pos, "DNS:", 4) == 0) {
1481 type = GEN_DNS;
1482 pos += 4;
1483 } else if (os_strncmp(pos, "URI:", 4) == 0) {
1484 type = GEN_URI;
1485 pos += 4;
1486 } else {
1487 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName "
1488 "match '%s'", pos);
1489 return 0;
1490 }
1491 end = os_strchr(pos, ';');
1492 while (end) {
1493 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 ||
1494 os_strncmp(end + 1, "DNS:", 4) == 0 ||
1495 os_strncmp(end + 1, "URI:", 4) == 0)
1496 break;
1497 end = os_strchr(end + 1, ';');
1498 }
1499 if (end)
1500 len = end - pos;
1501 else
1502 len = os_strlen(pos);
1503 if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1504 return 1;
1505 pos = end + 1;
1506 } while (end);
1507
1508 return 0;
1509 }
1510
1511
1512 #ifndef CONFIG_NATIVE_WINDOWS
1513 static int domain_suffix_match(const u8 *val, size_t len, const char *match,
1514 int full)
1515 {
1516 size_t i, match_len;
1517
1518 /* Check for embedded nuls that could mess up suffix matching */
1519 for (i = 0; i < len; i++) {
1520 if (val[i] == '\0') {
1521 wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject");
1522 return 0;
1523 }
1524 }
1525
1526 match_len = os_strlen(match);
1527 if (match_len > len || (full && match_len != len))
1528 return 0;
1529
1530 if (os_strncasecmp((const char *) val + len - match_len, match,
1531 match_len) != 0)
1532 return 0; /* no match */
1533
1534 if (match_len == len)
1535 return 1; /* exact match */
1536
1537 if (val[len - match_len - 1] == '.')
1538 return 1; /* full label match completes suffix match */
1539
1540 wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match");
1541 return 0;
1542 }
1543 #endif /* CONFIG_NATIVE_WINDOWS */
1544
1545
1546 static int tls_match_suffix(X509 *cert, const char *match, int full)
1547 {
1548 #ifdef CONFIG_NATIVE_WINDOWS
1549 /* wincrypt.h has conflicting X509_NAME definition */
1550 return -1;
1551 #else /* CONFIG_NATIVE_WINDOWS */
1552 GENERAL_NAME *gen;
1553 void *ext;
1554 int i;
1555 stack_index_t j;
1556 int dns_name = 0;
1557 X509_NAME *name;
1558
1559 wpa_printf(MSG_DEBUG, "TLS: Match domain against %s%s",
1560 full ? "": "suffix ", match);
1561
1562 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1563
1564 for (j = 0; ext && j < sk_GENERAL_NAME_num(ext); j++) {
1565 gen = sk_GENERAL_NAME_value(ext, j);
1566 if (gen->type != GEN_DNS)
1567 continue;
1568 dns_name++;
1569 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
1570 gen->d.dNSName->data,
1571 gen->d.dNSName->length);
1572 if (domain_suffix_match(gen->d.dNSName->data,
1573 gen->d.dNSName->length, match, full) ==
1574 1) {
1575 wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found",
1576 full ? "Match" : "Suffix match");
1577 sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
1578 return 1;
1579 }
1580 }
1581 sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
1582
1583 if (dns_name) {
1584 wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched");
1585 return 0;
1586 }
1587
1588 name = X509_get_subject_name(cert);
1589 i = -1;
1590 for (;;) {
1591 X509_NAME_ENTRY *e;
1592 ASN1_STRING *cn;
1593
1594 i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
1595 if (i == -1)
1596 break;
1597 e = X509_NAME_get_entry(name, i);
1598 if (e == NULL)
1599 continue;
1600 cn = X509_NAME_ENTRY_get_data(e);
1601 if (cn == NULL)
1602 continue;
1603 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName",
1604 cn->data, cn->length);
1605 if (domain_suffix_match(cn->data, cn->length, match, full) == 1)
1606 {
1607 wpa_printf(MSG_DEBUG, "TLS: %s in commonName found",
1608 full ? "Match" : "Suffix match");
1609 return 1;
1610 }
1611 }
1612
1613 wpa_printf(MSG_DEBUG, "TLS: No CommonName %smatch found",
1614 full ? "": "suffix ");
1615 return 0;
1616 #endif /* CONFIG_NATIVE_WINDOWS */
1617 }
1618
1619
1620 static enum tls_fail_reason openssl_tls_fail_reason(int err)
1621 {
1622 switch (err) {
1623 case X509_V_ERR_CERT_REVOKED:
1624 return TLS_FAIL_REVOKED;
1625 case X509_V_ERR_CERT_NOT_YET_VALID:
1626 case X509_V_ERR_CRL_NOT_YET_VALID:
1627 return TLS_FAIL_NOT_YET_VALID;
1628 case X509_V_ERR_CERT_HAS_EXPIRED:
1629 case X509_V_ERR_CRL_HAS_EXPIRED:
1630 return TLS_FAIL_EXPIRED;
1631 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1632 case X509_V_ERR_UNABLE_TO_GET_CRL:
1633 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1634 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1635 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1636 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1637 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1638 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1639 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1640 case X509_V_ERR_INVALID_CA:
1641 return TLS_FAIL_UNTRUSTED;
1642 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1643 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1644 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1645 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1646 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1647 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1648 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1649 case X509_V_ERR_CERT_UNTRUSTED:
1650 case X509_V_ERR_CERT_REJECTED:
1651 return TLS_FAIL_BAD_CERTIFICATE;
1652 default:
1653 return TLS_FAIL_UNSPECIFIED;
1654 }
1655 }
1656
1657
1658 static struct wpabuf * get_x509_cert(X509 *cert)
1659 {
1660 struct wpabuf *buf;
1661 u8 *tmp;
1662
1663 int cert_len = i2d_X509(cert, NULL);
1664 if (cert_len <= 0)
1665 return NULL;
1666
1667 buf = wpabuf_alloc(cert_len);
1668 if (buf == NULL)
1669 return NULL;
1670
1671 tmp = wpabuf_put(buf, cert_len);
1672 i2d_X509(cert, &tmp);
1673 return buf;
1674 }
1675
1676
1677 static void openssl_tls_fail_event(struct tls_connection *conn,
1678 X509 *err_cert, int err, int depth,
1679 const char *subject, const char *err_str,
1680 enum tls_fail_reason reason)
1681 {
1682 union tls_event_data ev;
1683 struct wpabuf *cert = NULL;
1684 struct tls_context *context = conn->context;
1685
1686 if (context->event_cb == NULL)
1687 return;
1688
1689 cert = get_x509_cert(err_cert);
1690 os_memset(&ev, 0, sizeof(ev));
1691 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ?
1692 reason : openssl_tls_fail_reason(err);
1693 ev.cert_fail.depth = depth;
1694 ev.cert_fail.subject = subject;
1695 ev.cert_fail.reason_txt = err_str;
1696 ev.cert_fail.cert = cert;
1697 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev);
1698 wpabuf_free(cert);
1699 }
1700
1701
1702 static void openssl_tls_cert_event(struct tls_connection *conn,
1703 X509 *err_cert, int depth,
1704 const char *subject)
1705 {
1706 struct wpabuf *cert = NULL;
1707 union tls_event_data ev;
1708 struct tls_context *context = conn->context;
1709 char *altsubject[TLS_MAX_ALT_SUBJECT];
1710 int alt, num_altsubject = 0;
1711 GENERAL_NAME *gen;
1712 void *ext;
1713 stack_index_t i;
1714 #ifdef CONFIG_SHA256
1715 u8 hash[32];
1716 #endif /* CONFIG_SHA256 */
1717
1718 if (context->event_cb == NULL)
1719 return;
1720
1721 os_memset(&ev, 0, sizeof(ev));
1722 if (conn->cert_probe || (conn->flags & TLS_CONN_EXT_CERT_CHECK) ||
1723 context->cert_in_cb) {
1724 cert = get_x509_cert(err_cert);
1725 ev.peer_cert.cert = cert;
1726 }
1727 #ifdef CONFIG_SHA256
1728 if (cert) {
1729 const u8 *addr[1];
1730 size_t len[1];
1731 addr[0] = wpabuf_head(cert);
1732 len[0] = wpabuf_len(cert);
1733 if (sha256_vector(1, addr, len, hash) == 0) {
1734 ev.peer_cert.hash = hash;
1735 ev.peer_cert.hash_len = sizeof(hash);
1736 }
1737 }
1738 #endif /* CONFIG_SHA256 */
1739 ev.peer_cert.depth = depth;
1740 ev.peer_cert.subject = subject;
1741
1742 ext = X509_get_ext_d2i(err_cert, NID_subject_alt_name, NULL, NULL);
1743 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1744 char *pos;
1745
1746 if (num_altsubject == TLS_MAX_ALT_SUBJECT)
1747 break;
1748 gen = sk_GENERAL_NAME_value(ext, i);
1749 if (gen->type != GEN_EMAIL &&
1750 gen->type != GEN_DNS &&
1751 gen->type != GEN_URI)
1752 continue;
1753
1754 pos = os_malloc(10 + gen->d.ia5->length + 1);
1755 if (pos == NULL)
1756 break;
1757 altsubject[num_altsubject++] = pos;
1758
1759 switch (gen->type) {
1760 case GEN_EMAIL:
1761 os_memcpy(pos, "EMAIL:", 6);
1762 pos += 6;
1763 break;
1764 case GEN_DNS:
1765 os_memcpy(pos, "DNS:", 4);
1766 pos += 4;
1767 break;
1768 case GEN_URI:
1769 os_memcpy(pos, "URI:", 4);
1770 pos += 4;
1771 break;
1772 }
1773
1774 os_memcpy(pos, gen->d.ia5->data, gen->d.ia5->length);
1775 pos += gen->d.ia5->length;
1776 *pos = '\0';
1777 }
1778 sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
1779
1780 for (alt = 0; alt < num_altsubject; alt++)
1781 ev.peer_cert.altsubject[alt] = altsubject[alt];
1782 ev.peer_cert.num_altsubject = num_altsubject;
1783
1784 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev);
1785 wpabuf_free(cert);
1786 for (alt = 0; alt < num_altsubject; alt++)
1787 os_free(altsubject[alt]);
1788 }
1789
1790
1791 static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
1792 {
1793 char buf[256];
1794 X509 *err_cert;
1795 int err, depth;
1796 SSL *ssl;
1797 struct tls_connection *conn;
1798 struct tls_context *context;
1799 char *match, *altmatch, *suffix_match, *domain_match;
1800 const char *err_str;
1801
1802 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
1803 if (!err_cert)
1804 return 0;
1805
1806 err = X509_STORE_CTX_get_error(x509_ctx);
1807 depth = X509_STORE_CTX_get_error_depth(x509_ctx);
1808 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1809 SSL_get_ex_data_X509_STORE_CTX_idx());
1810 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
1811
1812 conn = SSL_get_app_data(ssl);
1813 if (conn == NULL)
1814 return 0;
1815
1816 if (depth == 0)
1817 conn->peer_cert = err_cert;
1818 else if (depth == 1)
1819 conn->peer_issuer = err_cert;
1820 else if (depth == 2)
1821 conn->peer_issuer_issuer = err_cert;
1822
1823 context = conn->context;
1824 match = conn->subject_match;
1825 altmatch = conn->altsubject_match;
1826 suffix_match = conn->suffix_match;
1827 domain_match = conn->domain_match;
1828
1829 if (!preverify_ok && !conn->ca_cert_verify)
1830 preverify_ok = 1;
1831 if (!preverify_ok && depth > 0 && conn->server_cert_only)
1832 preverify_ok = 1;
1833 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
1834 (err == X509_V_ERR_CERT_HAS_EXPIRED ||
1835 err == X509_V_ERR_CERT_NOT_YET_VALID)) {
1836 wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity "
1837 "time mismatch");
1838 preverify_ok = 1;
1839 }
1840
1841 err_str = X509_verify_cert_error_string(err);
1842
1843 #ifdef CONFIG_SHA256
1844 /*
1845 * Do not require preverify_ok so we can explicity allow otherwise
1846 * invalid pinned server certificates.
1847 */
1848 if (depth == 0 && conn->server_cert_only) {
1849 struct wpabuf *cert;
1850 cert = get_x509_cert(err_cert);
1851 if (!cert) {
1852 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch "
1853 "server certificate data");
1854 preverify_ok = 0;
1855 } else {
1856 u8 hash[32];
1857 const u8 *addr[1];
1858 size_t len[1];
1859 addr[0] = wpabuf_head(cert);
1860 len[0] = wpabuf_len(cert);
1861 if (sha256_vector(1, addr, len, hash) < 0 ||
1862 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1863 err_str = "Server certificate mismatch";
1864 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
1865 preverify_ok = 0;
1866 } else if (!preverify_ok) {
1867 /*
1868 * Certificate matches pinned certificate, allow
1869 * regardless of other problems.
1870 */
1871 wpa_printf(MSG_DEBUG,
1872 "OpenSSL: Ignore validation issues for a pinned server certificate");
1873 preverify_ok = 1;
1874 }
1875 wpabuf_free(cert);
1876 }
1877 }
1878 #endif /* CONFIG_SHA256 */
1879
1880 if (!preverify_ok) {
1881 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
1882 " error %d (%s) depth %d for '%s'", err, err_str,
1883 depth, buf);
1884 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1885 err_str, TLS_FAIL_UNSPECIFIED);
1886 return preverify_ok;
1887 }
1888
1889 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d "
1890 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'",
1891 preverify_ok, err, err_str,
1892 conn->ca_cert_verify, depth, buf);
1893 if (depth == 0 && match && os_strstr(buf, match) == NULL) {
1894 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
1895 "match with '%s'", buf, match);
1896 preverify_ok = 0;
1897 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1898 "Subject mismatch",
1899 TLS_FAIL_SUBJECT_MISMATCH);
1900 } else if (depth == 0 && altmatch &&
1901 !tls_match_altsubject(err_cert, altmatch)) {
1902 wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
1903 "'%s' not found", altmatch);
1904 preverify_ok = 0;
1905 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1906 "AltSubject mismatch",
1907 TLS_FAIL_ALTSUBJECT_MISMATCH);
1908 } else if (depth == 0 && suffix_match &&
1909 !tls_match_suffix(err_cert, suffix_match, 0)) {
1910 wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found",
1911 suffix_match);
1912 preverify_ok = 0;
1913 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1914 "Domain suffix mismatch",
1915 TLS_FAIL_DOMAIN_SUFFIX_MISMATCH);
1916 } else if (depth == 0 && domain_match &&
1917 !tls_match_suffix(err_cert, domain_match, 1)) {
1918 wpa_printf(MSG_WARNING, "TLS: Domain match '%s' not found",
1919 domain_match);
1920 preverify_ok = 0;
1921 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1922 "Domain mismatch",
1923 TLS_FAIL_DOMAIN_MISMATCH);
1924 } else
1925 openssl_tls_cert_event(conn, err_cert, depth, buf);
1926
1927 if (conn->cert_probe && preverify_ok && depth == 0) {
1928 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
1929 "on probe-only run");
1930 preverify_ok = 0;
1931 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1932 "Server certificate chain probe",
1933 TLS_FAIL_SERVER_CHAIN_PROBE);
1934 }
1935
1936 #ifdef CONFIG_SUITEB
1937 if (conn->flags & TLS_CONN_SUITEB) {
1938 EVP_PKEY *pk;
1939 RSA *rsa;
1940 int len = -1;
1941
1942 pk = X509_get_pubkey(err_cert);
1943 if (pk) {
1944 rsa = EVP_PKEY_get1_RSA(pk);
1945 if (rsa) {
1946 len = RSA_bits(rsa);
1947 RSA_free(rsa);
1948 }
1949 EVP_PKEY_free(pk);
1950 }
1951
1952 if (len >= 0) {
1953 wpa_printf(MSG_DEBUG,
1954 "OpenSSL: RSA modulus size: %d bits", len);
1955 if (len < 3072) {
1956 preverify_ok = 0;
1957 openssl_tls_fail_event(
1958 conn, err_cert, err,
1959 depth, buf,
1960 "Insufficient RSA modulus size",
1961 TLS_FAIL_INSUFFICIENT_KEY_LEN);
1962 }
1963 }
1964 }
1965 #endif /* CONFIG_SUITEB */
1966
1967 #ifdef OPENSSL_IS_BORINGSSL
1968 if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) &&
1969 preverify_ok) {
1970 enum ocsp_result res;
1971
1972 res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert,
1973 conn->peer_issuer,
1974 conn->peer_issuer_issuer);
1975 if (res == OCSP_REVOKED) {
1976 preverify_ok = 0;
1977 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1978 "certificate revoked",
1979 TLS_FAIL_REVOKED);
1980 if (err == X509_V_OK)
1981 X509_STORE_CTX_set_error(
1982 x509_ctx, X509_V_ERR_CERT_REVOKED);
1983 } else if (res != OCSP_GOOD &&
1984 (conn->flags & TLS_CONN_REQUIRE_OCSP)) {
1985 preverify_ok = 0;
1986 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1987 "bad certificate status response",
1988 TLS_FAIL_UNSPECIFIED);
1989 }
1990 }
1991 #endif /* OPENSSL_IS_BORINGSSL */
1992
1993 if (depth == 0 && preverify_ok && context->event_cb != NULL)
1994 context->event_cb(context->cb_ctx,
1995 TLS_CERT_CHAIN_SUCCESS, NULL);
1996
1997 return preverify_ok;
1998 }
1999
2000
2001 #ifndef OPENSSL_NO_STDIO
2002 static int tls_load_ca_der(struct tls_data *data, const char *ca_cert)
2003 {
2004 SSL_CTX *ssl_ctx = data->ssl;
2005 X509_LOOKUP *lookup;
2006 int ret = 0;
2007
2008 lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(ssl_ctx),
2009 X509_LOOKUP_file());
2010 if (lookup == NULL) {
2011 tls_show_errors(MSG_WARNING, __func__,
2012 "Failed add lookup for X509 store");
2013 return -1;
2014 }
2015
2016 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
2017 unsigned long err = ERR_peek_error();
2018 tls_show_errors(MSG_WARNING, __func__,
2019 "Failed load CA in DER format");
2020 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
2021 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
2022 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
2023 "cert already in hash table error",
2024 __func__);
2025 } else
2026 ret = -1;
2027 }
2028
2029 return ret;
2030 }
2031 #endif /* OPENSSL_NO_STDIO */
2032
2033
2034 static int tls_connection_ca_cert(struct tls_data *data,
2035 struct tls_connection *conn,
2036 const char *ca_cert, const u8 *ca_cert_blob,
2037 size_t ca_cert_blob_len, const char *ca_path)
2038 {
2039 SSL_CTX *ssl_ctx = data->ssl;
2040 X509_STORE *store;
2041
2042 /*
2043 * Remove previously configured trusted CA certificates before adding
2044 * new ones.
2045 */
2046 store = X509_STORE_new();
2047 if (store == NULL) {
2048 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
2049 "certificate store", __func__);
2050 return -1;
2051 }
2052 SSL_CTX_set_cert_store(ssl_ctx, store);
2053
2054 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2055 conn->ca_cert_verify = 1;
2056
2057 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) {
2058 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate "
2059 "chain");
2060 conn->cert_probe = 1;
2061 conn->ca_cert_verify = 0;
2062 return 0;
2063 }
2064
2065 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) {
2066 #ifdef CONFIG_SHA256
2067 const char *pos = ca_cert + 7;
2068 if (os_strncmp(pos, "server/sha256/", 14) != 0) {
2069 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert "
2070 "hash value '%s'", ca_cert);
2071 return -1;
2072 }
2073 pos += 14;
2074 if (os_strlen(pos) != 32 * 2) {
2075 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 "
2076 "hash length in ca_cert '%s'", ca_cert);
2077 return -1;
2078 }
2079 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
2080 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash "
2081 "value in ca_cert '%s'", ca_cert);
2082 return -1;
2083 }
2084 conn->server_cert_only = 1;
2085 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server "
2086 "certificate match");
2087 return 0;
2088 #else /* CONFIG_SHA256 */
2089 wpa_printf(MSG_INFO, "No SHA256 included in the build - "
2090 "cannot validate server certificate hash");
2091 return -1;
2092 #endif /* CONFIG_SHA256 */
2093 }
2094
2095 if (ca_cert_blob) {
2096 X509 *cert = d2i_X509(NULL,
2097 (const unsigned char **) &ca_cert_blob,
2098 ca_cert_blob_len);
2099 if (cert == NULL) {
2100 tls_show_errors(MSG_WARNING, __func__,
2101 "Failed to parse ca_cert_blob");
2102 return -1;
2103 }
2104
2105 if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx),
2106 cert)) {
2107 unsigned long err = ERR_peek_error();
2108 tls_show_errors(MSG_WARNING, __func__,
2109 "Failed to add ca_cert_blob to "
2110 "certificate store");
2111 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
2112 ERR_GET_REASON(err) ==
2113 X509_R_CERT_ALREADY_IN_HASH_TABLE) {
2114 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
2115 "cert already in hash table error",
2116 __func__);
2117 } else {
2118 X509_free(cert);
2119 return -1;
2120 }
2121 }
2122 X509_free(cert);
2123 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
2124 "to certificate store", __func__);
2125 return 0;
2126 }
2127
2128 #ifdef ANDROID
2129 /* Single alias */
2130 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) {
2131 if (tls_add_ca_from_keystore(SSL_CTX_get_cert_store(ssl_ctx),
2132 &ca_cert[11]) < 0)
2133 return -1;
2134 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2135 return 0;
2136 }
2137
2138 /* Multiple aliases separated by space */
2139 if (ca_cert && os_strncmp("keystores://", ca_cert, 12) == 0) {
2140 char *aliases = os_strdup(&ca_cert[12]);
2141 const char *delim = " ";
2142 int rc = 0;
2143 char *savedptr;
2144 char *alias;
2145
2146 if (!aliases)
2147 return -1;
2148 alias = strtok_r(aliases, delim, &savedptr);
2149 for (; alias; alias = strtok_r(NULL, delim, &savedptr)) {
2150 if (tls_add_ca_from_keystore_encoded(
2151 SSL_CTX_get_cert_store(ssl_ctx), alias)) {
2152 wpa_printf(MSG_WARNING,
2153 "OpenSSL: %s - Failed to add ca_cert %s from keystore",
2154 __func__, alias);
2155 rc = -1;
2156 break;
2157 }
2158 }
2159 os_free(aliases);
2160 if (rc)
2161 return rc;
2162
2163 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2164 return 0;
2165 }
2166 #endif /* ANDROID */
2167
2168 #ifdef CONFIG_NATIVE_WINDOWS
2169 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
2170 0) {
2171 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from "
2172 "system certificate store");
2173 return 0;
2174 }
2175 #endif /* CONFIG_NATIVE_WINDOWS */
2176
2177 if (ca_cert || ca_path) {
2178 #ifndef OPENSSL_NO_STDIO
2179 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
2180 1) {
2181 tls_show_errors(MSG_WARNING, __func__,
2182 "Failed to load root certificates");
2183 if (ca_cert &&
2184 tls_load_ca_der(data, ca_cert) == 0) {
2185 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
2186 "DER format CA certificate",
2187 __func__);
2188 } else
2189 return -1;
2190 } else {
2191 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
2192 "certificate(s) loaded");
2193 tls_get_errors(data);
2194 }
2195 #else /* OPENSSL_NO_STDIO */
2196 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
2197 __func__);
2198 return -1;
2199 #endif /* OPENSSL_NO_STDIO */
2200 } else {
2201 /* No ca_cert configured - do not try to verify server
2202 * certificate */
2203 conn->ca_cert_verify = 0;
2204 }
2205
2206 return 0;
2207 }
2208
2209
2210 static int tls_global_ca_cert(struct tls_data *data, const char *ca_cert)
2211 {
2212 SSL_CTX *ssl_ctx = data->ssl;
2213
2214 if (ca_cert) {
2215 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
2216 {
2217 tls_show_errors(MSG_WARNING, __func__,
2218 "Failed to load root certificates");
2219 return -1;
2220 }
2221
2222 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
2223 "certificate(s) loaded");
2224
2225 #ifndef OPENSSL_NO_STDIO
2226 /* Add the same CAs to the client certificate requests */
2227 SSL_CTX_set_client_CA_list(ssl_ctx,
2228 SSL_load_client_CA_file(ca_cert));
2229 #endif /* OPENSSL_NO_STDIO */
2230 }
2231
2232 return 0;
2233 }
2234
2235
2236 int tls_global_set_verify(void *ssl_ctx, int check_crl)
2237 {
2238 int flags;
2239
2240 if (check_crl) {
2241 struct tls_data *data = ssl_ctx;
2242 X509_STORE *cs = SSL_CTX_get_cert_store(data->ssl);
2243 if (cs == NULL) {
2244 tls_show_errors(MSG_INFO, __func__, "Failed to get "
2245 "certificate store when enabling "
2246 "check_crl");
2247 return -1;
2248 }
2249 flags = X509_V_FLAG_CRL_CHECK;
2250 if (check_crl == 2)
2251 flags |= X509_V_FLAG_CRL_CHECK_ALL;
2252 X509_STORE_set_flags(cs, flags);
2253 }
2254 return 0;
2255 }
2256
2257
2258 static int tls_connection_set_subject_match(struct tls_connection *conn,
2259 const char *subject_match,
2260 const char *altsubject_match,
2261 const char *suffix_match,
2262 const char *domain_match)
2263 {
2264 os_free(conn->subject_match);
2265 conn->subject_match = NULL;
2266 if (subject_match) {
2267 conn->subject_match = os_strdup(subject_match);
2268 if (conn->subject_match == NULL)
2269 return -1;
2270 }
2271
2272 os_free(conn->altsubject_match);
2273 conn->altsubject_match = NULL;
2274 if (altsubject_match) {
2275 conn->altsubject_match = os_strdup(altsubject_match);
2276 if (conn->altsubject_match == NULL)
2277 return -1;
2278 }
2279
2280 os_free(conn->suffix_match);
2281 conn->suffix_match = NULL;
2282 if (suffix_match) {
2283 conn->suffix_match = os_strdup(suffix_match);
2284 if (conn->suffix_match == NULL)
2285 return -1;
2286 }
2287
2288 os_free(conn->domain_match);
2289 conn->domain_match = NULL;
2290 if (domain_match) {
2291 conn->domain_match = os_strdup(domain_match);
2292 if (conn->domain_match == NULL)
2293 return -1;
2294 }
2295
2296 return 0;
2297 }
2298
2299
2300 static int tls_set_conn_flags(SSL *ssl, unsigned int flags)
2301 {
2302 #ifdef SSL_OP_NO_TICKET
2303 if (flags & TLS_CONN_DISABLE_SESSION_TICKET)
2304 SSL_set_options(ssl, SSL_OP_NO_TICKET);
2305 else
2306 SSL_clear_options(ssl, SSL_OP_NO_TICKET);
2307 #endif /* SSL_OP_NO_TICKET */
2308
2309 #ifdef SSL_OP_NO_TLSv1
2310 if (flags & TLS_CONN_DISABLE_TLSv1_0)
2311 SSL_set_options(ssl, SSL_OP_NO_TLSv1);
2312 else
2313 SSL_clear_options(ssl, SSL_OP_NO_TLSv1);
2314 #endif /* SSL_OP_NO_TLSv1 */
2315 #ifdef SSL_OP_NO_TLSv1_1
2316 if (flags & TLS_CONN_DISABLE_TLSv1_1)
2317 SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
2318 else
2319 SSL_clear_options(ssl, SSL_OP_NO_TLSv1_1);
2320 #endif /* SSL_OP_NO_TLSv1_1 */
2321 #ifdef SSL_OP_NO_TLSv1_2
2322 if (flags & TLS_CONN_DISABLE_TLSv1_2)
2323 SSL_set_options(ssl, SSL_OP_NO_TLSv1_2);
2324 else
2325 SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2);
2326 #endif /* SSL_OP_NO_TLSv1_2 */
2327 #ifdef CONFIG_SUITEB
2328 if (flags & TLS_CONN_SUITEB_NO_ECDH) {
2329 const char *ciphers = "DHE-RSA-AES256-GCM-SHA384";
2330
2331 if (SSL_set_cipher_list(ssl, ciphers) != 1) {
2332 wpa_printf(MSG_INFO,
2333 "OpenSSL: Failed to set Suite B ciphers");
2334 return -1;
2335 }
2336 } else if (flags & TLS_CONN_SUITEB) {
2337 EC_KEY *ecdh;
2338 const char *ciphers =
2339 "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384";
2340
2341 if (SSL_set_cipher_list(ssl, ciphers) != 1) {
2342 wpa_printf(MSG_INFO,
2343 "OpenSSL: Failed to set Suite B ciphers");
2344 return -1;
2345 }
2346
2347 if (SSL_set1_curves_list(ssl, "P-384") != 1) {
2348 wpa_printf(MSG_INFO,
2349 "OpenSSL: Failed to set Suite B curves");
2350 return -1;
2351 }
2352
2353 ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
2354 if (!ecdh || SSL_set_tmp_ecdh(ssl, ecdh) != 1) {
2355 EC_KEY_free(ecdh);
2356 wpa_printf(MSG_INFO,
2357 "OpenSSL: Failed to set ECDH parameter");
2358 return -1;
2359 }
2360 EC_KEY_free(ecdh);
2361 }
2362 if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
2363 /* ECDSA+SHA384 if need to add EC support here */
2364 if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
2365 wpa_printf(MSG_INFO,
2366 "OpenSSL: Failed to set Suite B sigalgs");
2367 return -1;
2368 }
2369
2370 SSL_set_options(ssl, SSL_OP_NO_TLSv1);
2371 SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
2372 }
2373 #endif /* CONFIG_SUITEB */
2374
2375 return 0;
2376 }
2377
2378
2379 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
2380 int verify_peer, unsigned int flags,
2381 const u8 *session_ctx, size_t session_ctx_len)
2382 {
2383 static int counter = 0;
2384 struct tls_data *data = ssl_ctx;
2385
2386 if (conn == NULL)
2387 return -1;
2388
2389 if (verify_peer) {
2390 conn->ca_cert_verify = 1;
2391 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
2392 SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
2393 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb);
2394 } else {
2395 conn->ca_cert_verify = 0;
2396 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
2397 }
2398
2399 if (tls_set_conn_flags(conn->ssl, flags) < 0)
2400 return -1;
2401 conn->flags = flags;
2402
2403 SSL_set_accept_state(conn->ssl);
2404
2405 if (data->tls_session_lifetime == 0) {
2406 /*
2407 * Set session id context to a unique value to make sure
2408 * session resumption cannot be used either through session
2409 * caching or TLS ticket extension.
2410 */
2411 counter++;
2412 SSL_set_session_id_context(conn->ssl,
2413 (const unsigned char *) &counter,
2414 sizeof(counter));
2415 } else if (session_ctx) {
2416 SSL_set_session_id_context(conn->ssl, session_ctx,
2417 session_ctx_len);
2418 }
2419
2420 return 0;
2421 }
2422
2423
2424 static int tls_connection_client_cert(struct tls_connection *conn,
2425 const char *client_cert,
2426 const u8 *client_cert_blob,
2427 size_t client_cert_blob_len)
2428 {
2429 if (client_cert == NULL && client_cert_blob == NULL)
2430 return 0;
2431
2432 #ifdef PKCS12_FUNCS
2433 #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
2434 /*
2435 * Clear previously set extra chain certificates, if any, from PKCS#12
2436 * processing in tls_parse_pkcs12() to allow OpenSSL to build a new
2437 * chain properly.
2438 */
2439 SSL_CTX_clear_extra_chain_certs(conn->ssl_ctx);
2440 #endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
2441 #endif /* PKCS12_FUNCS */
2442
2443 if (client_cert_blob &&
2444 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
2445 client_cert_blob_len) == 1) {
2446 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
2447 "OK");
2448 return 0;
2449 } else if (client_cert_blob) {
2450 tls_show_errors(MSG_DEBUG, __func__,
2451 "SSL_use_certificate_ASN1 failed");
2452 }
2453
2454 if (client_cert == NULL)
2455 return -1;
2456
2457 #ifdef ANDROID
2458 if (os_strncmp("keystore://", client_cert, 11) == 0) {
2459 BIO *bio = BIO_from_keystore(&client_cert[11]);
2460 X509 *x509 = NULL;
2461 int ret = -1;
2462 if (bio) {
2463 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
2464 }
2465 if (x509) {
2466 if (SSL_use_certificate(conn->ssl, x509) == 1)
2467 ret = 0;
2468 X509_free(x509);
2469 }
2470
2471 /* Read additional certificates into the chain. */
2472 while (bio) {
2473 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
2474 if (x509) {
2475 /* Takes ownership of x509 */
2476 SSL_add0_chain_cert(conn->ssl, x509);
2477 } else {
2478 BIO_free(bio);
2479 bio = NULL;
2480 }
2481 }
2482 return ret;
2483 }
2484 #endif /* ANDROID */
2485
2486 #ifndef OPENSSL_NO_STDIO
2487 if (SSL_use_certificate_file(conn->ssl, client_cert,
2488 SSL_FILETYPE_ASN1) == 1) {
2489 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
2490 " --> OK");
2491 return 0;
2492 }
2493
2494 if (SSL_use_certificate_file(conn->ssl, client_cert,
2495 SSL_FILETYPE_PEM) == 1) {
2496 ERR_clear_error();
2497 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
2498 " --> OK");
2499 return 0;
2500 }
2501
2502 tls_show_errors(MSG_DEBUG, __func__,
2503 "SSL_use_certificate_file failed");
2504 #else /* OPENSSL_NO_STDIO */
2505 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
2506 #endif /* OPENSSL_NO_STDIO */
2507
2508 return -1;
2509 }
2510
2511
2512 static int tls_global_client_cert(struct tls_data *data,
2513 const char *client_cert)
2514 {
2515 #ifndef OPENSSL_NO_STDIO
2516 SSL_CTX *ssl_ctx = data->ssl;
2517
2518 if (client_cert == NULL)
2519 return 0;
2520
2521 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
2522 SSL_FILETYPE_ASN1) != 1 &&
2523 SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
2524 SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
2525 SSL_FILETYPE_PEM) != 1) {
2526 tls_show_errors(MSG_INFO, __func__,
2527 "Failed to load client certificate");
2528 return -1;
2529 }
2530 return 0;
2531 #else /* OPENSSL_NO_STDIO */
2532 if (client_cert == NULL)
2533 return 0;
2534 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
2535 return -1;
2536 #endif /* OPENSSL_NO_STDIO */
2537 }
2538
2539
2540 static int tls_passwd_cb(char *buf, int size, int rwflag, void *password)
2541 {
2542 if (password == NULL) {
2543 return 0;
2544 }
2545 os_strlcpy(buf, (char *) password, size);
2546 return os_strlen(buf);
2547 }
2548
2549
2550 #ifdef PKCS12_FUNCS
2551 static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
2552 const char *passwd)
2553 {
2554 EVP_PKEY *pkey;
2555 X509 *cert;
2556 STACK_OF(X509) *certs;
2557 int res = 0;
2558 char buf[256];
2559
2560 pkey = NULL;
2561 cert = NULL;
2562 certs = NULL;
2563 if (!passwd)
2564 passwd = "";
2565 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
2566 tls_show_errors(MSG_DEBUG, __func__,
2567 "Failed to parse PKCS12 file");
2568 PKCS12_free(p12);
2569 return -1;
2570 }
2571 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
2572
2573 if (cert) {
2574 X509_NAME_oneline(X509_get_subject_name(cert), buf,
2575 sizeof(buf));
2576 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: "
2577 "subject='%s'", buf);
2578 if (ssl) {
2579 if (SSL_use_certificate(ssl, cert) != 1)
2580 res = -1;
2581 } else {
2582 if (SSL_CTX_use_certificate(data->ssl, cert) != 1)
2583 res = -1;
2584 }
2585 X509_free(cert);
2586 }
2587
2588 if (pkey) {
2589 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12");
2590 if (ssl) {
2591 if (SSL_use_PrivateKey(ssl, pkey) != 1)
2592 res = -1;
2593 } else {
2594 if (SSL_CTX_use_PrivateKey(data->ssl, pkey) != 1)
2595 res = -1;
2596 }
2597 EVP_PKEY_free(pkey);
2598 }
2599
2600 if (certs) {
2601 #if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
2602 if (ssl)
2603 SSL_clear_chain_certs(ssl);
2604 else
2605 SSL_CTX_clear_chain_certs(data->ssl);
2606 while ((cert = sk_X509_pop(certs)) != NULL) {
2607 X509_NAME_oneline(X509_get_subject_name(cert), buf,
2608 sizeof(buf));
2609 wpa_printf(MSG_DEBUG, "TLS: additional certificate"
2610 " from PKCS12: subject='%s'", buf);
2611 if ((ssl && SSL_add1_chain_cert(ssl, cert) != 1) ||
2612 (!ssl && SSL_CTX_add1_chain_cert(data->ssl,
2613 cert) != 1)) {
2614 tls_show_errors(MSG_DEBUG, __func__,
2615 "Failed to add additional certificate");
2616 res = -1;
2617 X509_free(cert);
2618 break;
2619 }
2620 X509_free(cert);
2621 }
2622 if (!res) {
2623 /* Try to continue anyway */
2624 }
2625 sk_X509_pop_free(certs, X509_free);
2626 #ifndef OPENSSL_IS_BORINGSSL
2627 if (ssl)
2628 res = SSL_build_cert_chain(
2629 ssl,
2630 SSL_BUILD_CHAIN_FLAG_CHECK |
2631 SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
2632 else
2633 res = SSL_CTX_build_cert_chain(
2634 data->ssl,
2635 SSL_BUILD_CHAIN_FLAG_CHECK |
2636 SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
2637 if (!res) {
2638 tls_show_errors(MSG_DEBUG, __func__,
2639 "Failed to build certificate chain");
2640 } else if (res == 2) {
2641 wpa_printf(MSG_DEBUG,
2642 "TLS: Ignore certificate chain verification error when building chain with PKCS#12 extra certificates");
2643 }
2644 #endif /* OPENSSL_IS_BORINGSSL */
2645 /*
2646 * Try to continue regardless of result since it is possible for
2647 * the extra certificates not to be required.
2648 */
2649 res = 0;
2650 #else /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
2651 SSL_CTX_clear_extra_chain_certs(data->ssl);
2652 while ((cert = sk_X509_pop(certs)) != NULL) {
2653 X509_NAME_oneline(X509_get_subject_name(cert), buf,
2654 sizeof(buf));
2655 wpa_printf(MSG_DEBUG, "TLS: additional certificate"
2656 " from PKCS12: subject='%s'", buf);
2657 /*
2658 * There is no SSL equivalent for the chain cert - so
2659 * always add it to the context...
2660 */
2661 if (SSL_CTX_add_extra_chain_cert(data->ssl, cert) != 1)
2662 {
2663 X509_free(cert);
2664 res = -1;
2665 break;
2666 }
2667 }
2668 sk_X509_pop_free(certs, X509_free);
2669 #endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */
2670 }
2671
2672 PKCS12_free(p12);
2673
2674 if (res < 0)
2675 tls_get_errors(data);
2676
2677 return res;
2678 }
2679 #endif /* PKCS12_FUNCS */
2680
2681
2682 static int tls_read_pkcs12(struct tls_data *data, SSL *ssl,
2683 const char *private_key, const char *passwd)
2684 {
2685 #ifdef PKCS12_FUNCS
2686 FILE *f;
2687 PKCS12 *p12;
2688
2689 f = fopen(private_key, "rb");
2690 if (f == NULL)
2691 return -1;
2692
2693 p12 = d2i_PKCS12_fp(f, NULL);
2694 fclose(f);
2695
2696 if (p12 == NULL) {
2697 tls_show_errors(MSG_INFO, __func__,
2698 "Failed to use PKCS#12 file");
2699 return -1;
2700 }
2701
2702 return tls_parse_pkcs12(data, ssl, p12, passwd);
2703
2704 #else /* PKCS12_FUNCS */
2705 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
2706 "p12/pfx files");
2707 return -1;
2708 #endif /* PKCS12_FUNCS */
2709 }
2710
2711
2712 static int tls_read_pkcs12_blob(struct tls_data *data, SSL *ssl,
2713 const u8 *blob, size_t len, const char *passwd)
2714 {
2715 #ifdef PKCS12_FUNCS
2716 PKCS12 *p12;
2717
2718 p12 = d2i_PKCS12(NULL, (const unsigned char **) &blob, len);
2719 if (p12 == NULL) {
2720 tls_show_errors(MSG_INFO, __func__,
2721 "Failed to use PKCS#12 blob");
2722 return -1;
2723 }
2724
2725 return tls_parse_pkcs12(data, ssl, p12, passwd);
2726
2727 #else /* PKCS12_FUNCS */
2728 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
2729 "p12/pfx blobs");
2730 return -1;
2731 #endif /* PKCS12_FUNCS */
2732 }
2733
2734
2735 #ifndef OPENSSL_NO_ENGINE
2736 static int tls_engine_get_cert(struct tls_connection *conn,
2737 const char *cert_id,
2738 X509 **cert)
2739 {
2740 /* this runs after the private key is loaded so no PIN is required */
2741 struct {
2742 const char *cert_id;
2743 X509 *cert;
2744 } params;
2745 params.cert_id = cert_id;
2746 params.cert = NULL;
2747
2748 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
2749 0, &params, NULL, 1)) {
2750 unsigned long err = ERR_get_error();
2751
2752 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
2753 " '%s' [%s]", cert_id,
2754 ERR_error_string(err, NULL));
2755 if (tls_is_pin_error(err))
2756 return TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN;
2757 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
2758 }
2759 if (!params.cert) {
2760 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
2761 " '%s'", cert_id);
2762 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
2763 }
2764 *cert = params.cert;
2765 return 0;
2766 }
2767 #endif /* OPENSSL_NO_ENGINE */
2768
2769
2770 static int tls_connection_engine_client_cert(struct tls_connection *conn,
2771 const char *cert_id)
2772 {
2773 #ifndef OPENSSL_NO_ENGINE
2774 X509 *cert;
2775
2776 if (tls_engine_get_cert(conn, cert_id, &cert))
2777 return -1;
2778
2779 if (!SSL_use_certificate(conn->ssl, cert)) {
2780 tls_show_errors(MSG_ERROR, __func__,
2781 "SSL_use_certificate failed");
2782 X509_free(cert);
2783 return -1;
2784 }
2785 X509_free(cert);
2786 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> "
2787 "OK");
2788 return 0;
2789
2790 #else /* OPENSSL_NO_ENGINE */
2791 return -1;
2792 #endif /* OPENSSL_NO_ENGINE */
2793 }
2794
2795
2796 static int tls_connection_engine_ca_cert(struct tls_data *data,
2797 struct tls_connection *conn,
2798 const char *ca_cert_id)
2799 {
2800 #ifndef OPENSSL_NO_ENGINE
2801 X509 *cert;
2802 SSL_CTX *ssl_ctx = data->ssl;
2803 X509_STORE *store;
2804
2805 if (tls_engine_get_cert(conn, ca_cert_id, &cert))
2806 return -1;
2807
2808 /* start off the same as tls_connection_ca_cert */
2809 store = X509_STORE_new();
2810 if (store == NULL) {
2811 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
2812 "certificate store", __func__);
2813 X509_free(cert);
2814 return -1;
2815 }
2816 SSL_CTX_set_cert_store(ssl_ctx, store);
2817 if (!X509_STORE_add_cert(store, cert)) {
2818 unsigned long err = ERR_peek_error();
2819 tls_show_errors(MSG_WARNING, __func__,
2820 "Failed to add CA certificate from engine "
2821 "to certificate store");
2822 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
2823 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
2824 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
2825 " already in hash table error",
2826 __func__);
2827 } else {
2828 X509_free(cert);
2829 return -1;
2830 }
2831 }
2832 X509_free(cert);
2833 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
2834 "to certificate store", __func__);
2835 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2836 conn->ca_cert_verify = 1;
2837
2838 return 0;
2839
2840 #else /* OPENSSL_NO_ENGINE */
2841 return -1;
2842 #endif /* OPENSSL_NO_ENGINE */
2843 }
2844
2845
2846 static int tls_connection_engine_private_key(struct tls_connection *conn)
2847 {
2848 #if defined(ANDROID) || !defined(OPENSSL_NO_ENGINE)
2849 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
2850 tls_show_errors(MSG_ERROR, __func__,
2851 "ENGINE: cannot use private key for TLS");
2852 return -1;
2853 }
2854 if (!SSL_check_private_key(conn->ssl)) {
2855 tls_show_errors(MSG_INFO, __func__,
2856 "Private key failed verification");
2857 return -1;
2858 }
2859 return 0;
2860 #else /* OPENSSL_NO_ENGINE */
2861 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
2862 "engine support was not compiled in");
2863 return -1;
2864 #endif /* OPENSSL_NO_ENGINE */
2865 }
2866
2867
2868 static void tls_clear_default_passwd_cb(SSL_CTX *ssl_ctx, SSL *ssl)
2869 {
2870 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
2871 if (ssl) {
2872 SSL_set_default_passwd_cb(ssl, NULL);
2873 SSL_set_default_passwd_cb_userdata(ssl, NULL);
2874 }
2875 #endif /* >= 1.1.0f && !LibreSSL */
2876 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2877 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, NULL);
2878 }
2879
2880
2881 static int tls_connection_private_key(struct tls_data *data,
2882 struct tls_connection *conn,
2883 const char *private_key,
2884 const char *private_key_passwd,
2885 const u8 *private_key_blob,
2886 size_t private_key_blob_len)
2887 {
2888 SSL_CTX *ssl_ctx = data->ssl;
2889 char *passwd;
2890 int ok;
2891
2892 if (private_key == NULL && private_key_blob == NULL)
2893 return 0;
2894
2895 if (private_key_passwd) {
2896 passwd = os_strdup(private_key_passwd);
2897 if (passwd == NULL)
2898 return -1;
2899 } else
2900 passwd = NULL;
2901
2902 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
2903 /*
2904 * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback
2905 * from the SSL object. See OpenSSL commit d61461a75253.
2906 */
2907 SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
2908 SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
2909 #endif /* >= 1.1.0f && !LibreSSL */
2910 /* Keep these for OpenSSL < 1.1.0f */
2911 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2912 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2913
2914 ok = 0;
2915 while (private_key_blob) {
2916 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
2917 (u8 *) private_key_blob,
2918 private_key_blob_len) == 1) {
2919 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2920 "ASN1(EVP_PKEY_RSA) --> OK");
2921 ok = 1;
2922 break;
2923 }
2924
2925 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2926 (u8 *) private_key_blob,
2927 private_key_blob_len) == 1) {
2928 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2929 "ASN1(EVP_PKEY_DSA) --> OK");
2930 ok = 1;
2931 break;
2932 }
2933
2934 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2935 (u8 *) private_key_blob,
2936 private_key_blob_len) == 1) {
2937 wpa_printf(MSG_DEBUG, "OpenSSL: "
2938 "SSL_use_RSAPrivateKey_ASN1 --> OK");
2939 ok = 1;
2940 break;
2941 }
2942
2943 if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
2944 private_key_blob_len, passwd) == 0) {
2945 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
2946 "OK");
2947 ok = 1;
2948 break;
2949 }
2950
2951 break;
2952 }
2953
2954 while (!ok && private_key) {
2955 #ifndef OPENSSL_NO_STDIO
2956 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2957 SSL_FILETYPE_ASN1) == 1) {
2958 wpa_printf(MSG_DEBUG, "OpenSSL: "
2959 "SSL_use_PrivateKey_File (DER) --> OK");
2960 ok = 1;
2961 break;
2962 }
2963
2964 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2965 SSL_FILETYPE_PEM) == 1) {
2966 wpa_printf(MSG_DEBUG, "OpenSSL: "
2967 "SSL_use_PrivateKey_File (PEM) --> OK");
2968 ok = 1;
2969 break;
2970 }
2971 #else /* OPENSSL_NO_STDIO */
2972 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
2973 __func__);
2974 #endif /* OPENSSL_NO_STDIO */
2975
2976 if (tls_read_pkcs12(data, conn->ssl, private_key, passwd)
2977 == 0) {
2978 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
2979 "--> OK");
2980 ok = 1;
2981 break;
2982 }
2983
2984 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2985 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to "
2986 "access certificate store --> OK");
2987 ok = 1;
2988 break;
2989 }
2990
2991 break;
2992 }
2993
2994 if (!ok) {
2995 tls_show_errors(MSG_INFO, __func__,
2996 "Failed to load private key");
2997 tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
2998 os_free(passwd);
2999 return -1;
3000 }
3001 ERR_clear_error();
3002 tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
3003 os_free(passwd);
3004
3005 if (!SSL_check_private_key(conn->ssl)) {
3006 tls_show_errors(MSG_INFO, __func__, "Private key failed "
3007 "verification");
3008 return -1;
3009 }
3010
3011 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
3012 return 0;
3013 }
3014
3015
3016 static int tls_global_private_key(struct tls_data *data,
3017 const char *private_key,
3018 const char *private_key_passwd)
3019 {
3020 SSL_CTX *ssl_ctx = data->ssl;
3021 char *passwd;
3022
3023 if (private_key == NULL)
3024 return 0;
3025
3026 if (private_key_passwd) {
3027 passwd = os_strdup(private_key_passwd);
3028 if (passwd == NULL)
3029 return -1;
3030 } else
3031 passwd = NULL;
3032
3033 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
3034 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
3035 if (
3036 #ifndef OPENSSL_NO_STDIO
3037 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
3038 SSL_FILETYPE_ASN1) != 1 &&
3039 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
3040 SSL_FILETYPE_PEM) != 1 &&
3041 #endif /* OPENSSL_NO_STDIO */
3042 tls_read_pkcs12(data, NULL, private_key, passwd)) {
3043 tls_show_errors(MSG_INFO, __func__,
3044 "Failed to load private key");
3045 tls_clear_default_passwd_cb(ssl_ctx, NULL);
3046 os_free(passwd);
3047 ERR_clear_error();
3048 return -1;
3049 }
3050 tls_clear_default_passwd_cb(ssl_ctx, NULL);
3051 os_free(passwd);
3052 ERR_clear_error();
3053
3054 if (!SSL_CTX_check_private_key(ssl_ctx)) {
3055 tls_show_errors(MSG_INFO, __func__,
3056 "Private key failed verification");
3057 return -1;
3058 }
3059
3060 return 0;
3061 }
3062
3063
3064 static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
3065 {
3066 #ifdef OPENSSL_NO_DH
3067 if (dh_file == NULL)
3068 return 0;
3069 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
3070 "dh_file specified");
3071 return -1;
3072 #else /* OPENSSL_NO_DH */
3073 DH *dh;
3074 BIO *bio;
3075
3076 /* TODO: add support for dh_blob */
3077 if (dh_file == NULL)
3078 return 0;
3079 if (conn == NULL)
3080 return -1;
3081
3082 bio = BIO_new_file(dh_file, "r");
3083 if (bio == NULL) {
3084 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
3085 dh_file, ERR_error_string(ERR_get_error(), NULL));
3086 return -1;
3087 }
3088 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
3089 BIO_free(bio);
3090 #ifndef OPENSSL_NO_DSA
3091 while (dh == NULL) {
3092 DSA *dsa;
3093 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
3094 " trying to parse as DSA params", dh_file,
3095 ERR_error_string(ERR_get_error(), NULL));
3096 bio = BIO_new_file(dh_file, "r");
3097 if (bio == NULL)
3098 break;
3099 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
3100 BIO_free(bio);
3101 if (!dsa) {
3102 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
3103 "'%s': %s", dh_file,
3104 ERR_error_string(ERR_get_error(), NULL));
3105 break;
3106 }
3107
3108 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
3109 dh = DSA_dup_DH(dsa);
3110 DSA_free(dsa);
3111 if (dh == NULL) {
3112 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
3113 "params into DH params");
3114 break;
3115 }
3116 break;
3117 }
3118 #endif /* !OPENSSL_NO_DSA */
3119 if (dh == NULL) {
3120 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
3121 "'%s'", dh_file);
3122 return -1;
3123 }
3124
3125 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
3126 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
3127 "%s", dh_file,
3128 ERR_error_string(ERR_get_error(), NULL));
3129 DH_free(dh);
3130 return -1;
3131 }
3132 DH_free(dh);
3133 return 0;
3134 #endif /* OPENSSL_NO_DH */
3135 }
3136
3137
3138 static int tls_global_dh(struct tls_data *data, const char *dh_file)
3139 {
3140 #ifdef OPENSSL_NO_DH
3141 if (dh_file == NULL)
3142 return 0;
3143 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
3144 "dh_file specified");
3145 return -1;
3146 #else /* OPENSSL_NO_DH */
3147 SSL_CTX *ssl_ctx = data->ssl;
3148 DH *dh;
3149 BIO *bio;
3150
3151 /* TODO: add support for dh_blob */
3152 if (dh_file == NULL)
3153 return 0;
3154 if (ssl_ctx == NULL)
3155 return -1;
3156
3157 bio = BIO_new_file(dh_file, "r");
3158 if (bio == NULL) {
3159 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
3160 dh_file, ERR_error_string(ERR_get_error(), NULL));
3161 return -1;
3162 }
3163 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
3164 BIO_free(bio);
3165 #ifndef OPENSSL_NO_DSA
3166 while (dh == NULL) {
3167 DSA *dsa;
3168 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
3169 " trying to parse as DSA params", dh_file,
3170 ERR_error_string(ERR_get_error(), NULL));
3171 bio = BIO_new_file(dh_file, "r");
3172 if (bio == NULL)
3173 break;
3174 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
3175 BIO_free(bio);
3176 if (!dsa) {
3177 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
3178 "'%s': %s", dh_file,
3179 ERR_error_string(ERR_get_error(), NULL));
3180 break;
3181 }
3182
3183 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
3184 dh = DSA_dup_DH(dsa);
3185 DSA_free(dsa);
3186 if (dh == NULL) {
3187 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
3188 "params into DH params");
3189 break;
3190 }
3191 break;
3192 }
3193 #endif /* !OPENSSL_NO_DSA */
3194 if (dh == NULL) {
3195 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
3196 "'%s'", dh_file);
3197 return -1;
3198 }
3199
3200 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
3201 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
3202 "%s", dh_file,
3203 ERR_error_string(ERR_get_error(), NULL));
3204 DH_free(dh);
3205 return -1;
3206 }
3207 DH_free(dh);
3208 return 0;
3209 #endif /* OPENSSL_NO_DH */
3210 }
3211
3212
3213 int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
3214 struct tls_random *keys)
3215 {
3216 SSL *ssl;
3217
3218 if (conn == NULL || keys == NULL)
3219 return -1;
3220 ssl = conn->ssl;
3221 if (ssl == NULL)
3222 return -1;
3223
3224 os_memset(keys, 0, sizeof(*keys));
3225 keys->client_random = conn->client_random;
3226 keys->client_random_len = SSL_get_client_random(
3227 ssl, conn->client_random, sizeof(conn->client_random));
3228 keys->server_random = conn->server_random;
3229 keys->server_random_len = SSL_get_server_random(
3230 ssl, conn->server_random, sizeof(conn->server_random));
3231
3232 return 0;
3233 }
3234
3235
3236 #ifdef OPENSSL_NEED_EAP_FAST_PRF
3237 static int openssl_get_keyblock_size(SSL *ssl)
3238 {
3239 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
3240 const EVP_CIPHER *c;
3241 const EVP_MD *h;
3242 int md_size;
3243
3244 if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL ||
3245 ssl->read_hash == NULL)
3246 return -1;
3247
3248 c = ssl->enc_read_ctx->cipher;
3249 h = EVP_MD_CTX_md(ssl->read_hash);
3250 if (h)
3251 md_size = EVP_MD_size(h);
3252 else if (ssl->s3)
3253 md_size = ssl->s3->tmp.new_mac_secret_size;
3254 else
3255 return -1;
3256
3257 wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
3258 "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
3259 EVP_CIPHER_iv_length(c));
3260 return 2 * (EVP_CIPHER_key_length(c) +
3261 md_size +
3262 EVP_CIPHER_iv_length(c));
3263 #else
3264 const SSL_CIPHER *ssl_cipher;
3265 int cipher, digest;
3266 const EVP_CIPHER *c;
3267 const EVP_MD *h;
3268
3269 ssl_cipher = SSL_get_current_cipher(ssl);
3270 if (!ssl_cipher)
3271 return -1;
3272 cipher = SSL_CIPHER_get_cipher_nid(ssl_cipher);
3273 digest = SSL_CIPHER_get_digest_nid(ssl_cipher);
3274 wpa_printf(MSG_DEBUG, "OpenSSL: cipher nid %d digest nid %d",
3275 cipher, digest);
3276 if (cipher < 0 || digest < 0)
3277 return -1;
3278 c = EVP_get_cipherbynid(cipher);
3279 h = EVP_get_digestbynid(digest);
3280 if (!c || !h)
3281 return -1;
3282
3283 wpa_printf(MSG_DEBUG,
3284 "OpenSSL: keyblock size: key_len=%d MD_size=%d IV_len=%d",
3285 EVP_CIPHER_key_length(c), EVP_MD_size(h),
3286 EVP_CIPHER_iv_length(c));
3287 return 2 * (EVP_CIPHER_key_length(c) + EVP_MD_size(h) +
3288 EVP_CIPHER_iv_length(c));
3289 #endif
3290 }
3291 #endif /* OPENSSL_NEED_EAP_FAST_PRF */
3292
3293
3294 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
3295 const char *label, u8 *out, size_t out_len)
3296 {
3297 if (!conn ||
3298 SSL_export_keying_material(conn->ssl, out, out_len, label,
3299 os_strlen(label), NULL, 0, 0) != 1)
3300 return -1;
3301 return 0;
3302 }
3303
3304
3305 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
3306 u8 *out, size_t out_len)
3307 {
3308 #ifdef OPENSSL_NEED_EAP_FAST_PRF
3309 SSL *ssl;
3310 SSL_SESSION *sess;
3311 u8 *rnd;
3312 int ret = -1;
3313 int skip = 0;
3314 u8 *tmp_out = NULL;
3315 u8 *_out = out;
3316 unsigned char client_random[SSL3_RANDOM_SIZE];
3317 unsigned char server_random[SSL3_RANDOM_SIZE];
3318 unsigned char master_key[64];
3319 size_t master_key_len;
3320 const char *ver;
3321
3322 /*
3323 * TLS library did not support EAP-FAST key generation, so get the
3324 * needed TLS session parameters and use an internal implementation of
3325 * TLS PRF to derive the key.
3326 */
3327
3328 if (conn == NULL)
3329 return -1;
3330 ssl = conn->ssl;
3331 if (ssl == NULL)
3332 return -1;
3333 ver = SSL_get_version(ssl);
3334 sess = SSL_get_session(ssl);
3335 if (!ver || !sess)
3336 return -1;
3337
3338 skip = openssl_get_keyblock_size(ssl);
3339 if (skip < 0)
3340 return -1;
3341 tmp_out = os_malloc(skip + out_len);
3342 if (!tmp_out)
3343 return -1;
3344 _out = tmp_out;
3345
3346 rnd = os_malloc(2 * SSL3_RANDOM_SIZE);
3347 if (!rnd) {
3348 os_free(tmp_out);
3349 return -1;
3350 }
3351
3352 SSL_get_client_random(ssl, client_random, sizeof(client_random));
3353 SSL_get_server_random(ssl, server_random, sizeof(server_random));
3354 master_key_len = SSL_SESSION_get_master_key(sess, master_key,
3355 sizeof(master_key));
3356
3357 os_memcpy(rnd, server_random, SSL3_RANDOM_SIZE);
3358 os_memcpy(rnd + SSL3_RANDOM_SIZE, client_random, SSL3_RANDOM_SIZE);
3359
3360 if (os_strcmp(ver, "TLSv1.2") == 0) {
3361 tls_prf_sha256(master_key, master_key_len,
3362 "key expansion", rnd, 2 * SSL3_RANDOM_SIZE,
3363 _out, skip + out_len);
3364 ret = 0;
3365 } else if (tls_prf_sha1_md5(master_key, master_key_len,
3366 "key expansion", rnd, 2 * SSL3_RANDOM_SIZE,
3367 _out, skip + out_len) == 0) {
3368 ret = 0;
3369 }
3370 os_memset(master_key, 0, sizeof(master_key));
3371 os_free(rnd);
3372 if (ret == 0)
3373 os_memcpy(out, _out + skip, out_len);
3374 bin_clear_free(tmp_out, skip);
3375
3376 return ret;
3377 #else /* OPENSSL_NEED_EAP_FAST_PRF */
3378 wpa_printf(MSG_ERROR,
3379 "OpenSSL: EAP-FAST keys cannot be exported in FIPS mode");
3380 return -1;
3381 #endif /* OPENSSL_NEED_EAP_FAST_PRF */
3382 }
3383
3384
3385 static struct wpabuf *
3386 openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
3387 int server)
3388 {
3389 int res;
3390 struct wpabuf *out_data;
3391
3392 /*
3393 * Give TLS handshake data from the server (if available) to OpenSSL
3394 * for processing.
3395 */
3396 if (in_data && wpabuf_len(in_data) > 0 &&
3397 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
3398 < 0) {
3399 tls_show_errors(MSG_INFO, __func__,
3400 "Handshake failed - BIO_write");
3401 return NULL;
3402 }
3403
3404 /* Initiate TLS handshake or continue the existing handshake */
3405 if (server)
3406 res = SSL_accept(conn->ssl);
3407 else
3408 res = SSL_connect(conn->ssl);
3409 if (res != 1) {
3410 int err = SSL_get_error(conn->ssl, res);
3411 if (err == SSL_ERROR_WANT_READ)
3412 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
3413 "more data");
3414 else if (err == SSL_ERROR_WANT_WRITE)
3415 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
3416 "write");
3417 else {
3418 tls_show_errors(MSG_INFO, __func__, "SSL_connect");
3419 conn->failed++;
3420 }
3421 }
3422
3423 /* Get the TLS handshake data to be sent to the server */
3424 res = BIO_ctrl_pending(conn->ssl_out);
3425 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
3426 out_data = wpabuf_alloc(res);
3427 if (out_data == NULL) {
3428 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
3429 "handshake output (%d bytes)", res);
3430 if (BIO_reset(conn->ssl_out) < 0) {
3431 tls_show_errors(MSG_INFO, __func__,
3432 "BIO_reset failed");
3433 }
3434 return NULL;
3435 }
3436 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
3437 res);
3438 if (res < 0) {
3439 tls_show_errors(MSG_INFO, __func__,
3440 "Handshake failed - BIO_read");
3441 if (BIO_reset(conn->ssl_out) < 0) {
3442 tls_show_errors(MSG_INFO, __func__,
3443 "BIO_reset failed");
3444 }
3445 wpabuf_free(out_data);
3446 return NULL;
3447 }
3448 wpabuf_put(out_data, res);
3449
3450 return out_data;
3451 }
3452
3453
3454 static struct wpabuf *
3455 openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
3456 {
3457 struct wpabuf *appl_data;
3458 int res;
3459
3460 appl_data = wpabuf_alloc(max_len + 100);
3461 if (appl_data == NULL)
3462 return NULL;
3463
3464 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
3465 wpabuf_size(appl_data));
3466 if (res < 0) {
3467 int err = SSL_get_error(conn->ssl, res);
3468 if (err == SSL_ERROR_WANT_READ ||
3469 err == SSL_ERROR_WANT_WRITE) {
3470 wpa_printf(MSG_DEBUG, "SSL: No Application Data "
3471 "included");
3472 } else {
3473 tls_show_errors(MSG_INFO, __func__,
3474 "Failed to read possible "
3475 "Application Data");
3476 }
3477 wpabuf_free(appl_data);
3478 return NULL;
3479 }
3480
3481 wpabuf_put(appl_data, res);
3482 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
3483 "message", appl_data);
3484
3485 return appl_data;
3486 }
3487
3488
3489 static struct wpabuf *
3490 openssl_connection_handshake(struct tls_connection *conn,
3491 const struct wpabuf *in_data,
3492 struct wpabuf **appl_data, int server)
3493 {
3494 struct wpabuf *out_data;
3495
3496 if (appl_data)
3497 *appl_data = NULL;
3498
3499 out_data = openssl_handshake(conn, in_data, server);
3500 if (out_data == NULL)
3501 return NULL;
3502 if (conn->invalid_hb_used) {
3503 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
3504 wpabuf_free(out_data);
3505 return NULL;
3506 }
3507
3508 if (SSL_is_init_finished(conn->ssl)) {
3509 wpa_printf(MSG_DEBUG,
3510 "OpenSSL: Handshake finished - resumed=%d",
3511 tls_connection_resumed(conn->ssl_ctx, conn));
3512 if (appl_data && in_data)
3513 *appl_data = openssl_get_appl_data(conn,
3514 wpabuf_len(in_data));
3515 }
3516
3517 if (conn->invalid_hb_used) {
3518 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
3519 if (appl_data) {
3520 wpabuf_free(*appl_data);
3521 *appl_data = NULL;
3522 }
3523 wpabuf_free(out_data);
3524 return NULL;
3525 }
3526
3527 return out_data;
3528 }
3529
3530
3531 struct wpabuf *
3532 tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
3533 const struct wpabuf *in_data,
3534 struct wpabuf **appl_data)
3535 {
3536 return openssl_connection_handshake(conn, in_data, appl_data, 0);
3537 }
3538
3539
3540 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
3541 struct tls_connection *conn,
3542 const struct wpabuf *in_data,
3543 struct wpabuf **appl_data)
3544 {
3545 return openssl_connection_handshake(conn, in_data, appl_data, 1);
3546 }
3547
3548
3549 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
3550 struct tls_connection *conn,
3551 const struct wpabuf *in_data)
3552 {
3553 int res;
3554 struct wpabuf *buf;
3555
3556 if (conn == NULL)
3557 return NULL;
3558
3559 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */
3560 if ((res = BIO_reset(conn->ssl_in)) < 0 ||
3561 (res = BIO_reset(conn->ssl_out)) < 0) {
3562 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
3563 return NULL;
3564 }
3565 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
3566 if (res < 0) {
3567 tls_show_errors(MSG_INFO, __func__,
3568 "Encryption failed - SSL_write");
3569 return NULL;
3570 }
3571
3572 /* Read encrypted data to be sent to the server */
3573 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
3574 if (buf == NULL)
3575 return NULL;
3576 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
3577 if (res < 0) {
3578 tls_show_errors(MSG_INFO, __func__,
3579 "Encryption failed - BIO_read");
3580 wpabuf_free(buf);
3581 return NULL;
3582 }
3583 wpabuf_put(buf, res);
3584
3585 return buf;
3586 }
3587
3588
3589 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
3590 struct tls_connection *conn,
3591 const struct wpabuf *in_data)
3592 {
3593 int res;
3594 struct wpabuf *buf;
3595
3596 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */
3597 res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
3598 wpabuf_len(in_data));
3599 if (res < 0) {
3600 tls_show_errors(MSG_INFO, __func__,
3601 "Decryption failed - BIO_write");
3602 return NULL;
3603 }
3604 if (BIO_reset(conn->ssl_out) < 0) {
3605 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
3606 return NULL;
3607 }
3608
3609 /* Read decrypted data for further processing */
3610 /*
3611 * Even though we try to disable TLS compression, it is possible that
3612 * this cannot be done with all TLS libraries. Add extra buffer space
3613 * to handle the possibility of the decrypted data being longer than
3614 * input data.
3615 */
3616 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
3617 if (buf == NULL)
3618 return NULL;
3619 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
3620 if (res < 0) {
3621 tls_show_errors(MSG_INFO, __func__,
3622 "Decryption failed - SSL_read");
3623 wpabuf_free(buf);
3624 return NULL;
3625 }
3626 wpabuf_put(buf, res);
3627
3628 if (conn->invalid_hb_used) {
3629 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
3630 wpabuf_free(buf);
3631 return NULL;
3632 }
3633
3634 return buf;
3635 }
3636
3637
3638 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
3639 {
3640 return conn ? SSL_cache_hit(conn->ssl) : 0;
3641 }
3642
3643
3644 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
3645 u8 *ciphers)
3646 {
3647 char buf[500], *pos, *end;
3648 u8 *c;
3649 int ret;
3650
3651 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
3652 return -1;
3653
3654 buf[0] = '\0';
3655 pos = buf;
3656 end = pos + sizeof(buf);
3657
3658 c = ciphers;
3659 while (*c != TLS_CIPHER_NONE) {
3660 const char *suite;
3661
3662 switch (*c) {
3663 case TLS_CIPHER_RC4_SHA:
3664 suite = "RC4-SHA";
3665 break;
3666 case TLS_CIPHER_AES128_SHA:
3667 suite = "AES128-SHA";
3668 break;
3669 case TLS_CIPHER_RSA_DHE_AES128_SHA:
3670 suite = "DHE-RSA-AES128-SHA";
3671 break;
3672 case TLS_CIPHER_ANON_DH_AES128_SHA:
3673 suite = "ADH-AES128-SHA";
3674 break;
3675 case TLS_CIPHER_RSA_DHE_AES256_SHA:
3676 suite = "DHE-RSA-AES256-SHA";
3677 break;
3678 case TLS_CIPHER_AES256_SHA:
3679 suite = "AES256-SHA";
3680 break;
3681 default:
3682 wpa_printf(MSG_DEBUG, "TLS: Unsupported "
3683 "cipher selection: %d", *c);
3684 return -1;
3685 }
3686 ret = os_snprintf(pos, end - pos, ":%s", suite);
3687 if (os_snprintf_error(end - pos, ret))
3688 break;
3689 pos += ret;
3690
3691 c++;
3692 }
3693
3694 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
3695
3696 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
3697 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
3698 if (os_strstr(buf, ":ADH-")) {
3699 /*
3700 * Need to drop to security level 0 to allow anonymous
3701 * cipher suites for EAP-FAST.
3702 */
3703 SSL_set_security_level(conn->ssl, 0);
3704 } else if (SSL_get_security_level(conn->ssl) == 0) {
3705 /* Force at least security level 1 */
3706 SSL_set_security_level(conn->ssl, 1);
3707 }
3708 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3709 #endif
3710
3711 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
3712 tls_show_errors(MSG_INFO, __func__,
3713 "Cipher suite configuration failed");
3714 return -1;
3715 }
3716
3717 return 0;
3718 }
3719
3720
3721 int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
3722 char *buf, size_t buflen)
3723 {
3724 const char *name;
3725 if (conn == NULL || conn->ssl == NULL)
3726 return -1;
3727
3728 name = SSL_get_version(conn->ssl);
3729 if (name == NULL)
3730 return -1;
3731
3732 os_strlcpy(buf, name, buflen);
3733 return 0;
3734 }
3735
3736
3737 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
3738 char *buf, size_t buflen)
3739 {
3740 const char *name;
3741 if (conn == NULL || conn->ssl == NULL)
3742 return -1;
3743
3744 name = SSL_get_cipher(conn->ssl);
3745 if (name == NULL)
3746 return -1;
3747
3748 os_strlcpy(buf, name, buflen);
3749 return 0;
3750 }
3751
3752
3753 int tls_connection_enable_workaround(void *ssl_ctx,
3754 struct tls_connection *conn)
3755 {
3756 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
3757
3758 return 0;
3759 }
3760
3761
3762 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
3763 /* ClientHello TLS extensions require a patch to openssl, so this function is
3764 * commented out unless explicitly needed for EAP-FAST in order to be able to
3765 * build this file with unmodified openssl. */
3766 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
3767 int ext_type, const u8 *data,
3768 size_t data_len)
3769 {
3770 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
3771 return -1;
3772
3773 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
3774 data_len) != 1)
3775 return -1;
3776
3777 return 0;
3778 }
3779 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3780
3781
3782 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
3783 {
3784 if (conn == NULL)
3785 return -1;
3786 return conn->failed;
3787 }
3788
3789
3790 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
3791 {
3792 if (conn == NULL)
3793 return -1;
3794 return conn->read_alerts;
3795 }
3796
3797
3798 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
3799 {
3800 if (conn == NULL)
3801 return -1;
3802 return conn->write_alerts;
3803 }
3804
3805
3806 #ifdef HAVE_OCSP
3807
3808 static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp)
3809 {
3810 #ifndef CONFIG_NO_STDOUT_DEBUG
3811 BIO *out;
3812 size_t rlen;
3813 char *txt;
3814 int res;
3815
3816 if (wpa_debug_level > MSG_DEBUG)
3817 return;
3818
3819 out = BIO_new(BIO_s_mem());
3820 if (!out)
3821 return;
3822
3823 OCSP_RESPONSE_print(out, rsp, 0);
3824 rlen = BIO_ctrl_pending(out);
3825 txt = os_malloc(rlen + 1);
3826 if (!txt) {
3827 BIO_free(out);
3828 return;
3829 }
3830
3831 res = BIO_read(out, txt, rlen);
3832 if (res > 0) {
3833 txt[res] = '\0';
3834 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt);
3835 }
3836 os_free(txt);
3837 BIO_free(out);
3838 #endif /* CONFIG_NO_STDOUT_DEBUG */
3839 }
3840
3841
3842 static void debug_print_cert(X509 *cert, const char *title)
3843 {
3844 #ifndef CONFIG_NO_STDOUT_DEBUG
3845 BIO *out;
3846 size_t rlen;
3847 char *txt;
3848 int res;
3849
3850 if (wpa_debug_level > MSG_DEBUG)
3851 return;
3852
3853 out = BIO_new(BIO_s_mem());
3854 if (!out)
3855 return;
3856
3857 X509_print(out, cert);
3858 rlen = BIO_ctrl_pending(out);
3859 txt = os_malloc(rlen + 1);
3860 if (!txt) {
3861 BIO_free(out);
3862 return;
3863 }
3864
3865 res = BIO_read(out, txt, rlen);
3866 if (res > 0) {
3867 txt[res] = '\0';
3868 wpa_printf(MSG_DEBUG, "OpenSSL: %s\n%s", title, txt);
3869 }
3870 os_free(txt);
3871
3872 BIO_free(out);
3873 #endif /* CONFIG_NO_STDOUT_DEBUG */
3874 }
3875
3876
3877 static int ocsp_resp_cb(SSL *s, void *arg)
3878 {
3879 struct tls_connection *conn = arg;
3880 const unsigned char *p;
3881 int len, status, reason, res;
3882 OCSP_RESPONSE *rsp;
3883 OCSP_BASICRESP *basic;
3884 OCSP_CERTID *id;
3885 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update;
3886 X509_STORE *store;
3887 STACK_OF(X509) *certs = NULL;
3888
3889 len = SSL_get_tlsext_status_ocsp_resp(s, &p);
3890 if (!p) {
3891 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
3892 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
3893 }
3894
3895 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len);
3896
3897 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
3898 if (!rsp) {
3899 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response");
3900 return 0;
3901 }
3902
3903 ocsp_debug_print_resp(rsp);
3904
3905 status = OCSP_response_status(rsp);
3906 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
3907 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)",
3908 status, OCSP_response_status_str(status));
3909 return 0;
3910 }
3911
3912 basic = OCSP_response_get1_basic(rsp);
3913 if (!basic) {
3914 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse");
3915 return 0;
3916 }
3917
3918 store = SSL_CTX_get_cert_store(conn->ssl_ctx);
3919 if (conn->peer_issuer) {
3920 debug_print_cert(conn->peer_issuer, "Add OCSP issuer");
3921
3922 if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) {
3923 tls_show_errors(MSG_INFO, __func__,
3924 "OpenSSL: Could not add issuer to certificate store");
3925 }
3926 certs = sk_X509_new_null();
3927 if (certs) {
3928 X509 *cert;
3929 cert = X509_dup(conn->peer_issuer);
3930 if (cert && !sk_X509_push(certs, cert)) {
3931 tls_show_errors(
3932 MSG_INFO, __func__,
3933 "OpenSSL: Could not add issuer to OCSP responder trust store");
3934 X509_free(cert);
3935 sk_X509_free(certs);
3936 certs = NULL;
3937 }
3938 if (certs && conn->peer_issuer_issuer) {
3939 cert = X509_dup(conn->peer_issuer_issuer);
3940 if (cert && !sk_X509_push(certs, cert)) {
3941 tls_show_errors(
3942 MSG_INFO, __func__,
3943 "OpenSSL: Could not add issuer's issuer to OCSP responder trust store");
3944 X509_free(cert);
3945 }
3946 }
3947 }
3948 }
3949
3950 status = OCSP_basic_verify(basic, certs, store, OCSP_TRUSTOTHER);
3951 sk_X509_pop_free(certs, X509_free);
3952 if (status <= 0) {
3953 tls_show_errors(MSG_INFO, __func__,
3954 "OpenSSL: OCSP response failed verification");
3955 OCSP_BASICRESP_free(basic);
3956 OCSP_RESPONSE_free(rsp);
3957 return 0;
3958 }
3959
3960 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded");
3961
3962 if (!conn->peer_cert) {
3963 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check");
3964 OCSP_BASICRESP_free(basic);
3965 OCSP_RESPONSE_free(rsp);
3966 return 0;
3967 }
3968
3969 if (!conn->peer_issuer) {
3970 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check");
3971 OCSP_BASICRESP_free(basic);
3972 OCSP_RESPONSE_free(rsp);
3973 return 0;
3974 }
3975
3976 id = OCSP_cert_to_id(EVP_sha256(), conn->peer_cert, conn->peer_issuer);
3977 if (!id) {
3978 wpa_printf(MSG_DEBUG,
3979 "OpenSSL: Could not create OCSP certificate identifier (SHA256)");
3980 OCSP_BASICRESP_free(basic);
3981 OCSP_RESPONSE_free(rsp);
3982 return 0;
3983 }
3984
3985 res = OCSP_resp_find_status(basic, id, &status, &reason, &produced_at,
3986 &this_update, &next_update);
3987 if (!res) {
3988 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer);
3989 if (!id) {
3990 wpa_printf(MSG_DEBUG,
3991 "OpenSSL: Could not create OCSP certificate identifier (SHA1)");
3992 OCSP_BASICRESP_free(basic);
3993 OCSP_RESPONSE_free(rsp);
3994 return 0;
3995 }
3996
3997 res = OCSP_resp_find_status(basic, id, &status, &reason,
3998 &produced_at, &this_update,
3999 &next_update);
4000 }
4001
4002 if (!res) {
4003 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s",
4004 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" :
4005 " (OCSP not required)");
4006 OCSP_CERTID_free(id);
4007 OCSP_BASICRESP_free(basic);
4008 OCSP_RESPONSE_free(rsp);
4009 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
4010 }
4011 OCSP_CERTID_free(id);
4012
4013 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) {
4014 tls_show_errors(MSG_INFO, __func__,
4015 "OpenSSL: OCSP status times invalid");
4016 OCSP_BASICRESP_free(basic);
4017 OCSP_RESPONSE_free(rsp);
4018 return 0;
4019 }
4020
4021 OCSP_BASICRESP_free(basic);
4022 OCSP_RESPONSE_free(rsp);
4023
4024 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s",
4025 OCSP_cert_status_str(status));
4026
4027 if (status == V_OCSP_CERTSTATUS_GOOD)
4028 return 1;
4029 if (status == V_OCSP_CERTSTATUS_REVOKED)
4030 return 0;
4031 if (conn->flags & TLS_CONN_REQUIRE_OCSP) {
4032 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required");
4033 return 0;
4034 }
4035 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue");
4036 return 1;
4037 }
4038
4039
4040 static int ocsp_status_cb(SSL *s, void *arg)
4041 {
4042 char *tmp;
4043 char *resp;
4044 size_t len;
4045
4046 if (tls_global->ocsp_stapling_response == NULL) {
4047 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured");
4048 return SSL_TLSEXT_ERR_OK;
4049 }
4050
4051 resp = os_readfile(tls_global->ocsp_stapling_response, &len);
4052 if (resp == NULL) {
4053 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file");
4054 /* TODO: Build OCSPResponse with responseStatus = internalError
4055 */
4056 return SSL_TLSEXT_ERR_OK;
4057 }
4058 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response");
4059 tmp = OPENSSL_malloc(len);
4060 if (tmp == NULL) {
4061 os_free(resp);
4062 return SSL_TLSEXT_ERR_ALERT_FATAL;
4063 }
4064
4065 os_memcpy(tmp, resp, len);
4066 os_free(resp);
4067 SSL_set_tlsext_status_ocsp_resp(s, tmp, len);
4068
4069 return SSL_TLSEXT_ERR_OK;
4070 }
4071
4072 #endif /* HAVE_OCSP */
4073
4074
4075 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
4076 const struct tls_connection_params *params)
4077 {
4078 struct tls_data *data = tls_ctx;
4079 int ret;
4080 unsigned long err;
4081 int can_pkcs11 = 0;
4082 const char *key_id = params->key_id;
4083 const char *cert_id = params->cert_id;
4084 const char *ca_cert_id = params->ca_cert_id;
4085 const char *engine_id = params->engine ? params->engine_id : NULL;
4086
4087 if (conn == NULL)
4088 return -1;
4089
4090 if (params->flags & TLS_CONN_REQUIRE_OCSP_ALL) {
4091 wpa_printf(MSG_INFO,
4092 "OpenSSL: ocsp=3 not supported");
4093 return -1;
4094 }
4095
4096 /*
4097 * If the engine isn't explicitly configured, and any of the
4098 * cert/key fields are actually PKCS#11 URIs, then automatically
4099 * use the PKCS#11 ENGINE.
4100 */
4101 if (!engine_id || os_strcmp(engine_id, "pkcs11") == 0)
4102 can_pkcs11 = 1;
4103
4104 if (!key_id && params->private_key && can_pkcs11 &&
4105 os_strncmp(params->private_key, "pkcs11:", 7) == 0) {
4106 can_pkcs11 = 2;
4107 key_id = params->private_key;
4108 }
4109
4110 if (!cert_id && params->client_cert && can_pkcs11 &&
4111 os_strncmp(params->client_cert, "pkcs11:", 7) == 0) {
4112 can_pkcs11 = 2;
4113 cert_id = params->client_cert;
4114 }
4115
4116 if (!ca_cert_id && params->ca_cert && can_pkcs11 &&
4117 os_strncmp(params->ca_cert, "pkcs11:", 7) == 0) {
4118 can_pkcs11 = 2;
4119 ca_cert_id = params->ca_cert;
4120 }
4121
4122 /* If we need to automatically enable the PKCS#11 ENGINE, do so. */
4123 if (can_pkcs11 == 2 && !engine_id)
4124 engine_id = "pkcs11";
4125
4126 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
4127 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
4128 if (params->flags & TLS_CONN_EAP_FAST) {
4129 wpa_printf(MSG_DEBUG,
4130 "OpenSSL: Use TLSv1_method() for EAP-FAST");
4131 if (SSL_set_ssl_method(conn->ssl, TLSv1_method()) != 1) {
4132 tls_show_errors(MSG_INFO, __func__,
4133 "Failed to set TLSv1_method() for EAP-FAST");
4134 return -1;
4135 }
4136 }
4137 #endif
4138 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
4139
4140 while ((err = ERR_get_error())) {
4141 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
4142 __func__, ERR_error_string(err, NULL));
4143 }
4144
4145 if (engine_id) {
4146 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
4147 ret = tls_engine_init(conn, engine_id, params->pin,
4148 key_id, cert_id, ca_cert_id);
4149 if (ret)
4150 return ret;
4151 }
4152 if (tls_connection_set_subject_match(conn,
4153 params->subject_match,
4154 params->altsubject_match,
4155 params->suffix_match,
4156 params->domain_match))
4157 return -1;
4158
4159 if (engine_id && ca_cert_id) {
4160 if (tls_connection_engine_ca_cert(data, conn, ca_cert_id))
4161 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
4162 } else if (tls_connection_ca_cert(data, conn, params->ca_cert,
4163 params->ca_cert_blob,
4164 params->ca_cert_blob_len,
4165 params->ca_path))
4166 return -1;
4167
4168 if (engine_id && cert_id) {
4169 if (tls_connection_engine_client_cert(conn, cert_id))
4170 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
4171 } else if (tls_connection_client_cert(conn, params->client_cert,
4172 params->client_cert_blob,
4173 params->client_cert_blob_len))
4174 return -1;
4175
4176 if (engine_id && key_id) {
4177 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine");
4178 if (tls_connection_engine_private_key(conn))
4179 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
4180 } else if (tls_connection_private_key(data, conn,
4181 params->private_key,
4182 params->private_key_passwd,
4183 params->private_key_blob,
4184 params->private_key_blob_len)) {
4185 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'",
4186 params->private_key);
4187 return -1;
4188 }
4189
4190 if (tls_connection_dh(conn, params->dh_file)) {
4191 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
4192 params->dh_file);
4193 return -1;
4194 }
4195
4196 if (params->openssl_ciphers &&
4197 SSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
4198 wpa_printf(MSG_INFO,
4199 "OpenSSL: Failed to set cipher string '%s'",
4200 params->openssl_ciphers);
4201 return -1;
4202 }
4203
4204 if (tls_set_conn_flags(conn->ssl, params->flags) < 0)
4205 return -1;
4206
4207 #ifdef OPENSSL_IS_BORINGSSL
4208 if (params->flags & TLS_CONN_REQUEST_OCSP) {
4209 SSL_enable_ocsp_stapling(conn->ssl);
4210 }
4211 #else /* OPENSSL_IS_BORINGSSL */
4212 #ifdef HAVE_OCSP
4213 if (params->flags & TLS_CONN_REQUEST_OCSP) {
4214 SSL_CTX *ssl_ctx = data->ssl;
4215 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
4216 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
4217 SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn);
4218 }
4219 #else /* HAVE_OCSP */
4220 if (params->flags & TLS_CONN_REQUIRE_OCSP) {
4221 wpa_printf(MSG_INFO,
4222 "OpenSSL: No OCSP support included - reject configuration");
4223 return -1;
4224 }
4225 if (params->flags & TLS_CONN_REQUEST_OCSP) {
4226 wpa_printf(MSG_DEBUG,
4227 "OpenSSL: No OCSP support included - allow optional OCSP case to continue");
4228 }
4229 #endif /* HAVE_OCSP */
4230 #endif /* OPENSSL_IS_BORINGSSL */
4231
4232 conn->flags = params->flags;
4233
4234 tls_get_errors(data);
4235
4236 return 0;
4237 }
4238
4239
4240 int tls_global_set_params(void *tls_ctx,
4241 const struct tls_connection_params *params)
4242 {
4243 struct tls_data *data = tls_ctx;
4244 SSL_CTX *ssl_ctx = data->ssl;
4245 unsigned long err;
4246
4247 while ((err = ERR_get_error())) {
4248 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
4249 __func__, ERR_error_string(err, NULL));
4250 }
4251
4252 if (tls_global_ca_cert(data, params->ca_cert) ||
4253 tls_global_client_cert(data, params->client_cert) ||
4254 tls_global_private_key(data, params->private_key,
4255 params->private_key_passwd) ||
4256 tls_global_dh(data, params->dh_file)) {
4257 wpa_printf(MSG_INFO, "TLS: Failed to set global parameters");
4258 return -1;
4259 }
4260
4261 if (params->openssl_ciphers &&
4262 SSL_CTX_set_cipher_list(ssl_ctx, params->openssl_ciphers) != 1) {
4263 wpa_printf(MSG_INFO,
4264 "OpenSSL: Failed to set cipher string '%s'",
4265 params->openssl_ciphers);
4266 return -1;
4267 }
4268
4269 #ifdef SSL_OP_NO_TICKET
4270 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
4271 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
4272 else
4273 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET);
4274 #endif /* SSL_OP_NO_TICKET */
4275
4276 #ifdef HAVE_OCSP
4277 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb);
4278 SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx);
4279 os_free(tls_global->ocsp_stapling_response);
4280 if (params->ocsp_stapling_response)
4281 tls_global->ocsp_stapling_response =
4282 os_strdup(params->ocsp_stapling_response);
4283 else
4284 tls_global->ocsp_stapling_response = NULL;
4285 #endif /* HAVE_OCSP */
4286
4287 return 0;
4288 }
4289
4290
4291 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
4292 /* Pre-shared secred requires a patch to openssl, so this function is
4293 * commented out unless explicitly needed for EAP-FAST in order to be able to
4294 * build this file with unmodified openssl. */
4295
4296 #if (defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
4297 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
4298 STACK_OF(SSL_CIPHER) *peer_ciphers,
4299 const SSL_CIPHER **cipher, void *arg)
4300 #else /* OPENSSL_IS_BORINGSSL */
4301 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
4302 STACK_OF(SSL_CIPHER) *peer_ciphers,
4303 SSL_CIPHER **cipher, void *arg)
4304 #endif /* OPENSSL_IS_BORINGSSL */
4305 {
4306 struct tls_connection *conn = arg;
4307 int ret;
4308
4309 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
4310 if (conn == NULL || conn->session_ticket_cb == NULL)
4311 return 0;
4312
4313 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
4314 conn->session_ticket,
4315 conn->session_ticket_len,
4316 s->s3->client_random,
4317 s->s3->server_random, secret);
4318 #else
4319 unsigned char client_random[SSL3_RANDOM_SIZE];
4320 unsigned char server_random[SSL3_RANDOM_SIZE];
4321
4322 if (conn == NULL || conn->session_ticket_cb == NULL)
4323 return 0;
4324
4325 SSL_get_client_random(s, client_random, sizeof(client_random));
4326 SSL_get_server_random(s, server_random, sizeof(server_random));
4327
4328 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
4329 conn->session_ticket,
4330 conn->session_ticket_len,
4331 client_random,
4332 server_random, secret);
4333 #endif
4334
4335 os_free(conn->session_ticket);
4336 conn->session_ticket = NULL;
4337
4338 if (ret <= 0)
4339 return 0;
4340
4341 *secret_len = SSL_MAX_MASTER_KEY_LENGTH;
4342 return 1;
4343 }
4344
4345
4346 static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
4347 int len, void *arg)
4348 {
4349 struct tls_connection *conn = arg;
4350
4351 if (conn == NULL || conn->session_ticket_cb == NULL)
4352 return 0;
4353
4354 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len);
4355
4356 os_free(conn->session_ticket);
4357 conn->session_ticket = NULL;
4358
4359 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
4360 "extension", data, len);
4361
4362 conn->session_ticket = os_memdup(data, len);
4363 if (conn->session_ticket == NULL)
4364 return 0;
4365
4366 conn->session_ticket_len = len;
4367
4368 return 1;
4369 }
4370 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
4371
4372
4373 int tls_connection_set_session_ticket_cb(void *tls_ctx,
4374 struct tls_connection *conn,
4375 tls_session_ticket_cb cb,
4376 void *ctx)
4377 {
4378 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
4379 conn->session_ticket_cb = cb;
4380 conn->session_ticket_cb_ctx = ctx;
4381
4382 if (cb) {
4383 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
4384 conn) != 1)
4385 return -1;
4386 SSL_set_session_ticket_ext_cb(conn->ssl,
4387 tls_session_ticket_ext_cb, conn);
4388 } else {
4389 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
4390 return -1;
4391 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
4392 }
4393
4394 return 0;
4395 #else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
4396 return -1;
4397 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
4398 }
4399
4400
4401 int tls_get_library_version(char *buf, size_t buf_len)
4402 {
4403 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
4404 return os_snprintf(buf, buf_len, "OpenSSL build=%s run=%s",
4405 OPENSSL_VERSION_TEXT,
4406 OpenSSL_version(OPENSSL_VERSION));
4407 #else
4408 return os_snprintf(buf, buf_len, "OpenSSL build=%s run=%s",
4409 OPENSSL_VERSION_TEXT,
4410 SSLeay_version(SSLEAY_VERSION));
4411 #endif
4412 }
4413
4414
4415 void tls_connection_set_success_data(struct tls_connection *conn,
4416 struct wpabuf *data)
4417 {
4418 SSL_SESSION *sess;
4419 struct wpabuf *old;
4420
4421 if (tls_ex_idx_session < 0)
4422 goto fail;
4423 sess = SSL_get_session(conn->ssl);
4424 if (!sess)
4425 goto fail;
4426 old = SSL_SESSION_get_ex_data(sess, tls_ex_idx_session);
4427 if (old) {
4428 wpa_printf(MSG_DEBUG, "OpenSSL: Replacing old success data %p",
4429 old);
4430 wpabuf_free(old);
4431 }
4432 if (SSL_SESSION_set_ex_data(sess, tls_ex_idx_session, data) != 1)
4433 goto fail;
4434
4435 wpa_printf(MSG_DEBUG, "OpenSSL: Stored success data %p", data);
4436 conn->success_data = 1;
4437 return;
4438
4439 fail:
4440 wpa_printf(MSG_INFO, "OpenSSL: Failed to store success data");
4441 wpabuf_free(data);
4442 }
4443
4444
4445 void tls_connection_set_success_data_resumed(struct tls_connection *conn)
4446 {
4447 wpa_printf(MSG_DEBUG,
4448 "OpenSSL: Success data accepted for resumed session");
4449 conn->success_data = 1;
4450 }
4451
4452
4453 const struct wpabuf *
4454 tls_connection_get_success_data(struct tls_connection *conn)
4455 {
4456 SSL_SESSION *sess;
4457
4458 if (tls_ex_idx_session < 0 ||
4459 !(sess = SSL_get_session(conn->ssl)))
4460 return NULL;
4461 return SSL_SESSION_get_ex_data(sess, tls_ex_idx_session);
4462 }
4463
4464
4465 void tls_connection_remove_session(struct tls_connection *conn)
4466 {
4467 SSL_SESSION *sess;
4468
4469 sess = SSL_get_session(conn->ssl);
4470 if (!sess)
4471 return;
4472
4473 if (SSL_CTX_remove_session(conn->ssl_ctx, sess) != 1)
4474 wpa_printf(MSG_DEBUG,
4475 "OpenSSL: Session was not cached");
4476 else
4477 wpa_printf(MSG_DEBUG,
4478 "OpenSSL: Removed cached session to disable session resumption");
4479 }
Unnamed repository; edit this file 'description' to name the repository.