]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/crypto/tls_openssl.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
OpenSSL: Do not require private key to come from PKCS#11
[thirdparty/hostap.git] / src / crypto / tls_openssl.c
CommitLineData
6fc6879b 1/*
81c85c06 2 * SSL/TLS interface functions for OpenSSL
080585c0 3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 */
8
9#include "includes.h"
10
11#ifndef CONFIG_SMARTCARD
12#ifndef OPENSSL_NO_ENGINE
1176ab6d 13#ifndef ANDROID
6fc6879b
JM		 14#define OPENSSL_NO_ENGINE
15#endif
16#endif
1176ab6d 17#endif
6fc6879b
JM		 18
19#include <openssl/ssl.h>
20#include <openssl/err.h>
21#include <openssl/pkcs12.h>
22#include <openssl/x509v3.h>
23#ifndef OPENSSL_NO_ENGINE
24#include <openssl/engine.h>
25#endif /* OPENSSL_NO_ENGINE */
26
27#include "common.h"
00468b46 28#include "crypto.h"
6fc6879b
JM		 29#include "tls.h"
30
31#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
32#define OPENSSL_d2i_TYPE const unsigned char **
33#else
34#define OPENSSL_d2i_TYPE unsigned char **
35#endif
36
7c0e1e27
PS		 37#if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data)
38#define OPENSSL_SUPPORTS_CTX_APP_DATA
39#endif
40
a8572960
AL		 41#if OPENSSL_VERSION_NUMBER < 0x10000000L
42/* ERR_remove_thread_state replaces ERR_remove_state and the latter is
43 * deprecated. However, OpenSSL 0.9.8 doesn't include
44 * ERR_remove_thread_state. */
45#define ERR_remove_thread_state(tid) ERR_remove_state(0)
46#endif
47
a8572960
AL		 48#if defined(OPENSSL_IS_BORINGSSL)
49/* stack_index_t is the return type of OpenSSL's sk_XXX_num() functions. */
50typedef size_t stack_index_t;
51#else
52typedef int stack_index_t;
0cf03892
JM		 53#endif
54
080585c0
JM		 55#ifdef SSL_set_tlsext_status_type
56#ifndef OPENSSL_NO_TLSEXT
57#define HAVE_OCSP
58#include <openssl/ocsp.h>
59#endif /* OPENSSL_NO_TLSEXT */
60#endif /* SSL_set_tlsext_status_type */
61
1d415f1f
KR		 62#ifdef ANDROID
63#include <openssl/pem.h>
64#include <keystore/keystore_get.h>
65
66static BIO * BIO_from_keystore(const char *key)
67{
68 BIO *bio = NULL;
69 uint8_t *value = NULL;
70 int length = keystore_get(key, strlen(key), &value);
71 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL)
72 BIO_write(bio, value, length);
73 free(value);
74 return bio;
75}
76#endif /* ANDROID */
77
6fc6879b
JM		 78static int tls_openssl_ref_count = 0;
79
7c0e1e27 80struct tls_context {
00468b46
JM		 81 void (*event_cb)(void *ctx, enum tls_event ev,
82 union tls_event_data *data);
83 void *cb_ctx;
1b414f59 84 int cert_in_cb;
080585c0 85 char *ocsp_stapling_response;
00468b46
JM		 86};
87
7c0e1e27 88static struct tls_context *tls_global = NULL;
00468b46
JM		 89
90
6fc6879b 91struct tls_connection {
7c0e1e27 92 struct tls_context *context;
6fc6879b
JM		 93 SSL *ssl;
94 BIO *ssl_in, *ssl_out;
95#ifndef OPENSSL_NO_ENGINE
96 ENGINE *engine; /* functional reference to the engine */
97 EVP_PKEY *private_key; /* the private key if using engine */
98#endif /* OPENSSL_NO_ENGINE */
01f809c7 99 char *subject_match, *altsubject_match, *suffix_match;
6fc6879b
JM		 100 int read_alerts, write_alerts, failed;
101
102 tls_session_ticket_cb session_ticket_cb;
103 void *session_ticket_cb_ctx;
104
105 /* SessionTicket received from OpenSSL hello_extension_cb (server) */
106 u8 *session_ticket;
107 size_t session_ticket_len;
00468b46 108
8d6399e4
JM		 109 unsigned int ca_cert_verify:1;
110 unsigned int cert_probe:1;
111 unsigned int server_cert_only:1;
bb52293e 112 unsigned int invalid_hb_used:1;
00468b46
JM		 113
114 u8 srv_cert_hash[32];
235279e7
JM		 115
116 unsigned int flags;
080585c0
JM		 117
118 X509 *peer_cert;
119 X509 *peer_issuer;
6bf61fb2 120 X509 *peer_issuer_issuer;
6fc6879b
JM		 121};
122
123
7c0e1e27
PS		 124static struct tls_context * tls_context_new(const struct tls_config *conf)
125{
126 struct tls_context *context = os_zalloc(sizeof(*context));
127 if (context == NULL)
128 return NULL;
129 if (conf) {
130 context->event_cb = conf->event_cb;
131 context->cb_ctx = conf->cb_ctx;
132 context->cert_in_cb = conf->cert_in_cb;
133 }
134 return context;
135}
136
137
6fc6879b
JM		 138#ifdef CONFIG_NO_STDOUT_DEBUG
139
140static void _tls_show_errors(void)
141{
142 unsigned long err;
143
144 while ((err = ERR_get_error())) {
145 /* Just ignore the errors, since stdout is disabled */
146 }
147}
148#define tls_show_errors(l, f, t) _tls_show_errors()
149
150#else /* CONFIG_NO_STDOUT_DEBUG */
151
152static void tls_show_errors(int level, const char *func, const char *txt)
153{
154 unsigned long err;
155
156 wpa_printf(level, "OpenSSL: %s - %s %s",
157 func, txt, ERR_error_string(ERR_get_error(), NULL));
158
159 while ((err = ERR_get_error())) {
160 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
161 ERR_error_string(err, NULL));
162 }
163}
164
165#endif /* CONFIG_NO_STDOUT_DEBUG */
166
167
168#ifdef CONFIG_NATIVE_WINDOWS
169
170/* Windows CryptoAPI and access to certificate stores */
171#include <wincrypt.h>
172
173#ifdef __MINGW32_VERSION
174/*
175 * MinGW does not yet include all the needed definitions for CryptoAPI, so
176 * define here whatever extra is needed.
177 */
6fc6879b
JM		 178#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
179#define CERT_STORE_READONLY_FLAG 0x00008000
180#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
6fc6879b
JM		 181
182#endif /* __MINGW32_VERSION */
183
184
185struct cryptoapi_rsa_data {
186 const CERT_CONTEXT *cert;
187 HCRYPTPROV crypt_prov;
188 DWORD key_spec;
189 BOOL free_crypt_prov;
190};
191
192
193static void cryptoapi_error(const char *msg)
194{
195 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u",
196 msg, (unsigned int) GetLastError());
197}
198
199
200static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from,
201 unsigned char *to, RSA *rsa, int padding)
202{
203 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
204 return 0;
205}
206
207
208static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from,
209 unsigned char *to, RSA *rsa, int padding)
210{
211 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
212 return 0;
213}
214
215
216static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
217 unsigned char *to, RSA *rsa, int padding)
218{
219 struct cryptoapi_rsa_data *priv =
220 (struct cryptoapi_rsa_data *) rsa->meth->app_data;
221 HCRYPTHASH hash;
222 DWORD hash_size, len, i;
223 unsigned char *buf = NULL;
224 int ret = 0;
225
226 if (priv == NULL) {
227 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
228 ERR_R_PASSED_NULL_PARAMETER);
229 return 0;
230 }
231
232 if (padding != RSA_PKCS1_PADDING) {
233 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
234 RSA_R_UNKNOWN_PADDING_TYPE);
235 return 0;
236 }
237
238 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
239 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
240 __func__);
241 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
242 RSA_R_INVALID_MESSAGE_LENGTH);
243 return 0;
244 }
245
246 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
247 {
248 cryptoapi_error("CryptCreateHash failed");
249 return 0;
250 }
251
252 len = sizeof(hash_size);
253 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len,
254 0)) {
255 cryptoapi_error("CryptGetHashParam failed");
256 goto err;
257 }
258
259 if ((int) hash_size != flen) {
260 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)",
261 (unsigned) hash_size, flen);
262 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
263 RSA_R_INVALID_MESSAGE_LENGTH);
264 goto err;
265 }
266 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) {
267 cryptoapi_error("CryptSetHashParam failed");
268 goto err;
269 }
270
271 len = RSA_size(rsa);
272 buf = os_malloc(len);
273 if (buf == NULL) {
274 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
275 goto err;
276 }
277
278 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
279 cryptoapi_error("CryptSignHash failed");
280 goto err;
281 }
282
283 for (i = 0; i < len; i++)
284 to[i] = buf[len - i - 1];
285 ret = len;
286
287err:
288 os_free(buf);
289 CryptDestroyHash(hash);
290
291 return ret;
292}
293
294
295static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from,
296 unsigned char *to, RSA *rsa, int padding)
297{
298 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
299 return 0;
300}
301
302
303static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv)
304{
305 if (priv == NULL)
306 return;
307 if (priv->crypt_prov && priv->free_crypt_prov)
308 CryptReleaseContext(priv->crypt_prov, 0);
309 if (priv->cert)
310 CertFreeCertificateContext(priv->cert);
311 os_free(priv);
312}
313
314
315static int cryptoapi_finish(RSA *rsa)
316{
317 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
318 os_free((void *) rsa->meth);
319 rsa->meth = NULL;
320 return 1;
321}
322
323
324static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store)
325{
326 HCERTSTORE cs;
327 const CERT_CONTEXT *ret = NULL;
328
329 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0,
330 store | CERT_STORE_OPEN_EXISTING_FLAG |
331 CERT_STORE_READONLY_FLAG, L"MY");
332 if (cs == NULL) {
333 cryptoapi_error("Failed to open 'My system store'");
334 return NULL;
335 }
336
337 if (strncmp(name, "cert://", 7) == 0) {
338 unsigned short wbuf[255];
339 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
340 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING |
341 PKCS_7_ASN_ENCODING,
342 0, CERT_FIND_SUBJECT_STR,
343 wbuf, NULL);
344 } else if (strncmp(name, "hash://", 7) == 0) {
345 CRYPT_HASH_BLOB blob;
346 int len;
347 const char *hash = name + 7;
348 unsigned char *buf;
349
350 len = os_strlen(hash) / 2;
351 buf = os_malloc(len);
352 if (buf && hexstr2bin(hash, buf, len) == 0) {
353 blob.cbData = len;
354 blob.pbData = buf;
355 ret = CertFindCertificateInStore(cs,
356 X509_ASN_ENCODING |
357 PKCS_7_ASN_ENCODING,
358 0, CERT_FIND_HASH,
359 &blob, NULL);
360 }
361 os_free(buf);
362 }
363
364 CertCloseStore(cs, 0);
365
366 return ret;
367}
368
369
370static int tls_cryptoapi_cert(SSL *ssl, const char *name)
371{
372 X509 *cert = NULL;
373 RSA *rsa = NULL, *pub_rsa;
374 struct cryptoapi_rsa_data *priv;
375 RSA_METHOD *rsa_meth;
376
377 if (name == NULL ||
378 (strncmp(name, "cert://", 7) != 0 &&
379 strncmp(name, "hash://", 7) != 0))
380 return -1;
381
382 priv = os_zalloc(sizeof(*priv));
383 rsa_meth = os_zalloc(sizeof(*rsa_meth));
384 if (priv == NULL || rsa_meth == NULL) {
385 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory "
386 "for CryptoAPI RSA method");
387 os_free(priv);
388 os_free(rsa_meth);
389 return -1;
390 }
391
392 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
393 if (priv->cert == NULL) {
394 priv->cert = cryptoapi_find_cert(
395 name, CERT_SYSTEM_STORE_LOCAL_MACHINE);
396 }
397 if (priv->cert == NULL) {
398 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate "
399 "'%s'", name);
400 goto err;
401 }
402
403 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
404 priv->cert->cbCertEncoded);
405 if (cert == NULL) {
406 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
407 "encoding");
408 goto err;
409 }
410
6fc6879b
JM		 411 if (!CryptAcquireCertificatePrivateKey(priv->cert,
412 CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
413 NULL, &priv->crypt_prov,
414 &priv->key_spec,
415 &priv->free_crypt_prov)) {
416 cryptoapi_error("Failed to acquire a private key for the "
417 "certificate");
418 goto err;
419 }
420
421 rsa_meth->name = "Microsoft CryptoAPI RSA Method";
422 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
423 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
424 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
425 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
426 rsa_meth->finish = cryptoapi_finish;
427 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
428 rsa_meth->app_data = (char *) priv;
429
430 rsa = RSA_new();
431 if (rsa == NULL) {
432 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,
433 ERR_R_MALLOC_FAILURE);
434 goto err;
435 }
436
437 if (!SSL_use_certificate(ssl, cert)) {
438 RSA_free(rsa);
439 rsa = NULL;
440 goto err;
441 }
442 pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
443 X509_free(cert);
444 cert = NULL;
445
446 rsa->n = BN_dup(pub_rsa->n);
447 rsa->e = BN_dup(pub_rsa->e);
448 if (!RSA_set_method(rsa, rsa_meth))
449 goto err;
450
451 if (!SSL_use_RSAPrivateKey(ssl, rsa))
452 goto err;
453 RSA_free(rsa);
454
455 return 0;
456
457err:
458 if (cert)
459 X509_free(cert);
460 if (rsa)
461 RSA_free(rsa);
462 else {
463 os_free(rsa_meth);
464 cryptoapi_free_data(priv);
465 }
466 return -1;
467}
468
469
470static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
471{
472 HCERTSTORE cs;
473 PCCERT_CONTEXT ctx = NULL;
474 X509 *cert;
475 char buf[128];
476 const char *store;
477#ifdef UNICODE
478 WCHAR *wstore;
479#endif /* UNICODE */
480
6fc6879b
JM		 481 if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
482 return -1;
483
484 store = name + 13;
485#ifdef UNICODE
486 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR));
487 if (wstore == NULL)
488 return -1;
489 wsprintf(wstore, L"%S", store);
490 cs = CertOpenSystemStore(0, wstore);
491 os_free(wstore);
492#else /* UNICODE */
493 cs = CertOpenSystemStore(0, store);
494#endif /* UNICODE */
495 if (cs == NULL) {
496 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
497 "'%s': error=%d", __func__, store,
498 (int) GetLastError());
499 return -1;
500 }
501
502 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
503 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
504 ctx->cbCertEncoded);
505 if (cert == NULL) {
506 wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
507 "X509 DER encoding for CA cert");
508 continue;
509 }
510
511 X509_NAME_oneline(X509_get_subject_name(cert), buf,
512 sizeof(buf));
513 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for "
514 "system certificate store: subject='%s'", buf);
515
516 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
517 tls_show_errors(MSG_WARNING, __func__,
518 "Failed to add ca_cert to OpenSSL "
519 "certificate store");
520 }
521
522 X509_free(cert);
523 }
524
525 if (!CertCloseStore(cs, 0)) {
526 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
527 "'%s': error=%d", __func__, name + 13,
528 (int) GetLastError());
529 }
530
531 return 0;
532}
533
534
535#else /* CONFIG_NATIVE_WINDOWS */
536
537static int tls_cryptoapi_cert(SSL *ssl, const char *name)
538{
539 return -1;
540}
541
542#endif /* CONFIG_NATIVE_WINDOWS */
543
544
545static void ssl_info_cb(const SSL *ssl, int where, int ret)
546{
547 const char *str;
548 int w;
549
550 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
551 w = where & ~SSL_ST_MASK;
552 if (w & SSL_ST_CONNECT)
553 str = "SSL_connect";
554 else if (w & SSL_ST_ACCEPT)
555 str = "SSL_accept";
556 else
557 str = "undefined";
558
559 if (where & SSL_CB_LOOP) {
560 wpa_printf(MSG_DEBUG, "SSL: %s:%s",
561 str, SSL_state_string_long(ssl));
562 } else if (where & SSL_CB_ALERT) {
7c0e1e27 563 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
6fc6879b
JM		 564 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
565 where & SSL_CB_READ ?
566 "read (remote end reported an error)" :
567 "write (local SSL3 detected an error)",
568 SSL_alert_type_string_long(ret),
569 SSL_alert_desc_string_long(ret));
570 if ((ret >> 8) == SSL3_AL_FATAL) {
6fc6879b
JM		 571 if (where & SSL_CB_READ)
572 conn->read_alerts++;
573 else
574 conn->write_alerts++;
575 }
7c0e1e27 576 if (conn->context->event_cb != NULL) {
dd7fec1f 577 union tls_event_data ev;
7c0e1e27 578 struct tls_context *context = conn->context;
dd7fec1f
PS		 579 os_memset(&ev, 0, sizeof(ev));
580 ev.alert.is_local = !(where & SSL_CB_READ);
581 ev.alert.type = SSL_alert_type_string_long(ret);
582 ev.alert.description = SSL_alert_desc_string_long(ret);
7c0e1e27 583 context->event_cb(context->cb_ctx, TLS_ALERT, &ev);
dd7fec1f 584 }
6fc6879b
JM		 585 } else if (where & SSL_CB_EXIT && ret <= 0) {
586 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
587 str, ret == 0 ? "failed" : "error",
588 SSL_state_string_long(ssl));
589 }
590}
591
592
593#ifndef OPENSSL_NO_ENGINE
594/**
595 * tls_engine_load_dynamic_generic - load any openssl engine
596 * @pre: an array of commands and values that load an engine initialized
597 * in the engine specific function
598 * @post: an array of commands and values that initialize an already loaded
599 * engine (or %NULL if not required)
600 * @id: the engine id of the engine to load (only required if post is not %NULL
601 *
602 * This function is a generic function that loads any openssl engine.
603 *
604 * Returns: 0 on success, -1 on failure
605 */
606static int tls_engine_load_dynamic_generic(const char *pre[],
607 const char *post[], const char *id)
608{
609 ENGINE *engine;
610 const char *dynamic_id = "dynamic";
611
612 engine = ENGINE_by_id(id);
613 if (engine) {
614 ENGINE_free(engine);
615 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
616 "available", id);
617 return 0;
618 }
619 ERR_clear_error();
620
621 engine = ENGINE_by_id(dynamic_id);
622 if (engine == NULL) {
623 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
624 dynamic_id,
625 ERR_error_string(ERR_get_error(), NULL));
626 return -1;
627 }
628
629 /* Perform the pre commands. This will load the engine. */
630 while (pre && pre[0]) {
631 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
632 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
633 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
634 "%s %s [%s]", pre[0], pre[1],
635 ERR_error_string(ERR_get_error(), NULL));
636 ENGINE_free(engine);
637 return -1;
638 }
639 pre += 2;
640 }
641
642 /*
643 * Free the reference to the "dynamic" engine. The loaded engine can
644 * now be looked up using ENGINE_by_id().
645 */
646 ENGINE_free(engine);
647
648 engine = ENGINE_by_id(id);
649 if (engine == NULL) {
650 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
651 id, ERR_error_string(ERR_get_error(), NULL));
652 return -1;
653 }
654
655 while (post && post[0]) {
656 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
657 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
658 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
659 " %s %s [%s]", post[0], post[1],
660 ERR_error_string(ERR_get_error(), NULL));
661 ENGINE_remove(engine);
662 ENGINE_free(engine);
663 return -1;
664 }
665 post += 2;
666 }
667 ENGINE_free(engine);
668
669 return 0;
670}
671
672
673/**
674 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
675 * @pkcs11_so_path: pksc11_so_path from the configuration
676 * @pcks11_module_path: pkcs11_module_path from the configuration
677 */
678static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
679 const char *pkcs11_module_path)
680{
681 char *engine_id = "pkcs11";
682 const char *pre_cmd[] = {
683 "SO_PATH", NULL /* pkcs11_so_path */,
684 "ID", NULL /* engine_id */,
685 "LIST_ADD", "1",
686 /* "NO_VCHECK", "1", */
687 "LOAD", NULL,
688 NULL, NULL
689 };
690 const char *post_cmd[] = {
691 "MODULE_PATH", NULL /* pkcs11_module_path */,
692 NULL, NULL
693 };
694
5c8ab0d4 695 if (!pkcs11_so_path)
6fc6879b
JM		 696 return 0;
697
698 pre_cmd[1] = pkcs11_so_path;
699 pre_cmd[3] = engine_id;
5c8ab0d4
DW		 700 if (pkcs11_module_path)
701 post_cmd[1] = pkcs11_module_path;
702 else
703 post_cmd[0] = NULL;
6fc6879b
JM		 704
705 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
706 pkcs11_so_path);
707
708 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id);
709}
710
711
712/**
713 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
714 * @opensc_so_path: opensc_so_path from the configuration
715 */
716static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
717{
718 char *engine_id = "opensc";
719 const char *pre_cmd[] = {
720 "SO_PATH", NULL /* opensc_so_path */,
721 "ID", NULL /* engine_id */,
722 "LIST_ADD", "1",
723 "LOAD", NULL,
724 NULL, NULL
725 };
726
727 if (!opensc_so_path)
728 return 0;
729
730 pre_cmd[1] = opensc_so_path;
731 pre_cmd[3] = engine_id;
732
733 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s",
734 opensc_so_path);
735
736 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id);
737}
738#endif /* OPENSSL_NO_ENGINE */
739
740
741void * tls_init(const struct tls_config *conf)
742{
743 SSL_CTX *ssl;
7c0e1e27 744 struct tls_context *context;
b7328434 745 const char *ciphers;
6fc6879b
JM		 746
747 if (tls_openssl_ref_count == 0) {
7c0e1e27
PS		 748 tls_global = context = tls_context_new(conf);
749 if (context == NULL)
00468b46 750 return NULL;
76f04b38
JM		 751#ifdef CONFIG_FIPS
752#ifdef OPENSSL_FIPS
cf123d7f 753 if (conf && conf->fips_mode) {
76f04b38
JM		 754 if (!FIPS_mode_set(1)) {
755 wpa_printf(MSG_ERROR, "Failed to enable FIPS "
756 "mode");
757 ERR_load_crypto_strings();
758 ERR_print_errors_fp(stderr);
b36540db
JM		 759 os_free(tls_global);
760 tls_global = NULL;
76f04b38
JM		 761 return NULL;
762 } else
763 wpa_printf(MSG_INFO, "Running in FIPS mode");
764 }
765#else /* OPENSSL_FIPS */
cf123d7f 766 if (conf && conf->fips_mode) {
76f04b38
JM		 767 wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
768 "supported");
b36540db
JM		 769 os_free(tls_global);
770 tls_global = NULL;
76f04b38
JM		 771 return NULL;
772 }
773#endif /* OPENSSL_FIPS */
774#endif /* CONFIG_FIPS */
6fc6879b
JM		 775 SSL_load_error_strings();
776 SSL_library_init();
4bb3377b 777#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
e1ffdfc1
JM		 778 EVP_add_digest(EVP_sha256());
779#endif /* OPENSSL_NO_SHA256 */
6fc6879b
JM		 780 /* TODO: if /dev/urandom is available, PRNG is seeded
781 * automatically. If this is not the case, random data should
782 * be added here. */
783
784#ifdef PKCS12_FUNCS
1056dad7
JM		 785#ifndef OPENSSL_NO_RC2
786 /*
787 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
788 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
789 * versions, but it looks like OpenSSL 1.0.0 does not do that
790 * anymore.
791 */
792 EVP_add_cipher(EVP_rc2_40_cbc());
793#endif /* OPENSSL_NO_RC2 */
6fc6879b
JM		 794 PKCS12_PBE_add();
795#endif /* PKCS12_FUNCS */
7c0e1e27 796 } else {
7c0e1e27
PS		 797#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
798 /* Newer OpenSSL can store app-data per-SSL */
799 context = tls_context_new(conf);
800 if (context == NULL)
801 return NULL;
a5802c06
JM		 802#else /* OPENSSL_SUPPORTS_CTX_APP_DATA */
803 context = tls_global;
7c0e1e27 804#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
6fc6879b
JM		 805 }
806 tls_openssl_ref_count++;
807
35efa247 808 ssl = SSL_CTX_new(SSLv23_method());
7c0e1e27
PS		 809 if (ssl == NULL) {
810 tls_openssl_ref_count--;
a288da61
JM		 811#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
812 if (context != tls_global)
813 os_free(context);
814#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
7c0e1e27
PS		 815 if (tls_openssl_ref_count == 0) {
816 os_free(tls_global);
817 tls_global = NULL;
7c0e1e27 818 }
6fc6879b 819 return NULL;
7c0e1e27 820 }
6fc6879b 821
35efa247
JM		 822 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
823 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
824
6fc6879b 825 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
7c0e1e27
PS		 826#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
827 SSL_CTX_set_app_data(ssl, context);
828#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
6fc6879b
JM		 829
830#ifndef OPENSSL_NO_ENGINE
831 if (conf &&
832 (conf->opensc_engine_path || conf->pkcs11_engine_path ||
833 conf->pkcs11_module_path)) {
834 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
835 ERR_load_ENGINE_strings();
836 ENGINE_load_dynamic();
837
838 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
839 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
840 conf->pkcs11_module_path)) {
841 tls_deinit(ssl);
842 return NULL;
843 }
844 }
845#endif /* OPENSSL_NO_ENGINE */
846
b7328434
JM		 847 if (conf && conf->openssl_ciphers)
848 ciphers = conf->openssl_ciphers;
849 else
850 ciphers = "DEFAULT:!EXP:!LOW";
851 if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) {
852 wpa_printf(MSG_ERROR,
853 "OpenSSL: Failed to set cipher string '%s'",
854 ciphers);
855 tls_deinit(ssl);
856 return NULL;
857 }
858
6fc6879b
JM		 859 return ssl;
860}
861
862
863void tls_deinit(void *ssl_ctx)
864{
865 SSL_CTX *ssl = ssl_ctx;
7c0e1e27
PS		 866#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
867 struct tls_context *context = SSL_CTX_get_app_data(ssl);
868 if (context != tls_global)
869 os_free(context);
870#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
6fc6879b
JM		 871 SSL_CTX_free(ssl);
872
873 tls_openssl_ref_count--;
874 if (tls_openssl_ref_count == 0) {
875#ifndef OPENSSL_NO_ENGINE
876 ENGINE_cleanup();
877#endif /* OPENSSL_NO_ENGINE */
878 CRYPTO_cleanup_all_ex_data();
a8572960 879 ERR_remove_thread_state(NULL);
6fc6879b
JM		 880 ERR_free_strings();
881 EVP_cleanup();
080585c0
JM		 882 os_free(tls_global->ocsp_stapling_response);
883 tls_global->ocsp_stapling_response = NULL;
00468b46
JM		 884 os_free(tls_global);
885 tls_global = NULL;
6fc6879b
JM		 886 }
887}
888
889
890static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
e59c91af
DS		 891 const char *pin, const char *key_id,
892 const char *cert_id, const char *ca_cert_id)
6fc6879b
JM		 893{
894#ifndef OPENSSL_NO_ENGINE
895 int ret = -1;
896 if (engine_id == NULL) {
897 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
898 return -1;
899 }
1176ab6d 900#ifndef ANDROID
6fc6879b
JM		 901 if (pin == NULL) {
902 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
903 return -1;
904 }
1176ab6d 905#endif
6fc6879b
JM		 906
907 ERR_clear_error();
1176ab6d
KR		 908#ifdef ANDROID
909 ENGINE_load_dynamic();
910#endif
6fc6879b
JM		 911 conn->engine = ENGINE_by_id(engine_id);
912 if (!conn->engine) {
913 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
914 engine_id, ERR_error_string(ERR_get_error(), NULL));
915 goto err;
916 }
917 if (ENGINE_init(conn->engine) != 1) {
918 wpa_printf(MSG_ERROR, "ENGINE: engine init failed "
919 "(engine: %s) [%s]", engine_id,
920 ERR_error_string(ERR_get_error(), NULL));
921 goto err;
922 }
923 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
924
1176ab6d 925#ifndef ANDROID
6fc6879b
JM		 926 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
927 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
928 ERR_error_string(ERR_get_error(), NULL));
929 goto err;
930 }
1176ab6d 931#endif
3d268b8d
DW		 932 if (key_id) {
933 /* load private key first in-case PIN is required for cert */
934 conn->private_key = ENGINE_load_private_key(conn->engine,
935 key_id, NULL, NULL);
936 if (!conn->private_key) {
937 wpa_printf(MSG_ERROR,
938 "ENGINE: cannot load private key with id '%s' [%s]",
939 key_id,
940 ERR_error_string(ERR_get_error(), NULL));
941 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
942 goto err;
943 }
6fc6879b 944 }
e59c91af
DS		 945
946 /* handle a certificate and/or CA certificate */
947 if (cert_id || ca_cert_id) {
948 const char *cmd_name = "LOAD_CERT_CTRL";
949
950 /* test if the engine supports a LOAD_CERT_CTRL */
951 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
952 0, (void *)cmd_name, NULL)) {
953 wpa_printf(MSG_ERROR, "ENGINE: engine does not support"
954 " loading certificates");
955 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
956 goto err;
957 }
958 }
959
6fc6879b
JM		 960 return 0;
961
962err:
963 if (conn->engine) {
964 ENGINE_free(conn->engine);
965 conn->engine = NULL;
966 }
967
968 if (conn->private_key) {
969 EVP_PKEY_free(conn->private_key);
970 conn->private_key = NULL;
971 }
972
973 return ret;
974#else /* OPENSSL_NO_ENGINE */
975 return 0;
976#endif /* OPENSSL_NO_ENGINE */
977}
978
979
980static void tls_engine_deinit(struct tls_connection *conn)
981{
982#ifndef OPENSSL_NO_ENGINE
983 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit");
984 if (conn->private_key) {
985 EVP_PKEY_free(conn->private_key);
986 conn->private_key = NULL;
987 }
988 if (conn->engine) {
989 ENGINE_finish(conn->engine);
990 conn->engine = NULL;
991 }
992#endif /* OPENSSL_NO_ENGINE */
993}
994
995
996int tls_get_errors(void *ssl_ctx)
997{
998 int count = 0;
999 unsigned long err;
1000
1001 while ((err = ERR_get_error())) {
1002 wpa_printf(MSG_INFO, "TLS - SSL error: %s",
1003 ERR_error_string(err, NULL));
1004 count++;
1005 }
1006
1007 return count;
1008}
1009
bb52293e
JM		 1010
1011static void tls_msg_cb(int write_p, int version, int content_type,
1012 const void *buf, size_t len, SSL *ssl, void *arg)
1013{
1014 struct tls_connection *conn = arg;
1015 const u8 *pos = buf;
1016
1017 wpa_printf(MSG_DEBUG, "OpenSSL: %s ver=0x%x content_type=%d",
1018 write_p ? "TX" : "RX", version, content_type);
1019 wpa_hexdump_key(MSG_MSGDUMP, "OpenSSL: Message", buf, len);
1020 if (content_type == 24 && len >= 3 && pos[0] == 1) {
1021 size_t payload_len = WPA_GET_BE16(pos + 1);
1022 if (payload_len + 3 > len) {
1023 wpa_printf(MSG_ERROR, "OpenSSL: Heartbeat attack detected");
1024 conn->invalid_hb_used = 1;
1025 }
1026 }
1027}
1028
1029
6a31a31d 1030struct tls_connection * tls_connection_init(void *ssl_ctx)
6fc6879b 1031{
6a31a31d
JM		 1032 SSL_CTX *ssl = ssl_ctx;
1033 struct tls_connection *conn;
fca25ef4 1034 long options;
7c0e1e27 1035#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
6a31a31d 1036 struct tls_context *context = SSL_CTX_get_app_data(ssl);
a5802c06
JM		 1037#else /* OPENSSL_SUPPORTS_CTX_APP_DATA */
1038 struct tls_context *context = tls_global;
7c0e1e27 1039#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
6fc6879b 1040
6a31a31d
JM		 1041 conn = os_zalloc(sizeof(*conn));
1042 if (conn == NULL)
1043 return NULL;
1044 conn->ssl = SSL_new(ssl);
1045 if (conn->ssl == NULL) {
6fc6879b
JM		 1046 tls_show_errors(MSG_INFO, __func__,
1047 "Failed to initialize new SSL connection");
6a31a31d
JM		 1048 os_free(conn);
1049 return NULL;
6fc6879b
JM		 1050 }
1051
6a31a31d
JM		 1052 conn->context = context;
1053 SSL_set_app_data(conn->ssl, conn);
1054 SSL_set_msg_callback(conn->ssl, tls_msg_cb);
1055 SSL_set_msg_callback_arg(conn->ssl, conn);
fca25ef4
JM		 1056 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
1057 SSL_OP_SINGLE_DH_USE;
1058#ifdef SSL_OP_NO_COMPRESSION
1059 options |= SSL_OP_NO_COMPRESSION;
1060#endif /* SSL_OP_NO_COMPRESSION */
6a31a31d 1061 SSL_set_options(conn->ssl, options);
6fc6879b 1062
6a31a31d
JM		 1063 conn->ssl_in = BIO_new(BIO_s_mem());
1064 if (!conn->ssl_in) {
6fc6879b
JM		 1065 tls_show_errors(MSG_INFO, __func__,
1066 "Failed to create a new BIO for ssl_in");
6a31a31d
JM		 1067 SSL_free(conn->ssl);
1068 os_free(conn);
1069 return NULL;
6fc6879b
JM		 1070 }
1071
6a31a31d
JM		 1072 conn->ssl_out = BIO_new(BIO_s_mem());
1073 if (!conn->ssl_out) {
6fc6879b
JM		 1074 tls_show_errors(MSG_INFO, __func__,
1075 "Failed to create a new BIO for ssl_out");
1076 SSL_free(conn->ssl);
6a31a31d 1077 BIO_free(conn->ssl_in);
6fc6879b
JM		 1078 os_free(conn);
1079 return NULL;
1080 }
1081
6a31a31d
JM		 1082 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1083
6fc6879b
JM		 1084 return conn;
1085}
1086
1087
1088void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
1089{
1090 if (conn == NULL)
1091 return;
1092 SSL_free(conn->ssl);
1093 tls_engine_deinit(conn);
1094 os_free(conn->subject_match);
1095 os_free(conn->altsubject_match);
01f809c7 1096 os_free(conn->suffix_match);
6fc6879b
JM		 1097 os_free(conn->session_ticket);
1098 os_free(conn);
1099}
1100
1101
1102int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
1103{
1104 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1105}
1106
1107
1108int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
1109{
1110 if (conn == NULL)
1111 return -1;
1112
1113 /* Shutdown previous TLS connection without notifying the peer
1114 * because the connection was already terminated in practice
1115 * and "close notify" shutdown alert would confuse AS. */
1116 SSL_set_quiet_shutdown(conn->ssl, 1);
1117 SSL_shutdown(conn->ssl);
1118 return 0;
1119}
1120
1121
1122static int tls_match_altsubject_component(X509 *cert, int type,
1123 const char *value, size_t len)
1124{
1125 GENERAL_NAME *gen;
1126 void *ext;
a8572960
AL		 1127 int found = 0;
1128 stack_index_t i;
6fc6879b
JM		 1129
1130 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1131
1132 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1133 gen = sk_GENERAL_NAME_value(ext, i);
1134 if (gen->type != type)
1135 continue;
1136 if (os_strlen((char *) gen->d.ia5->data) == len &&
1137 os_memcmp(value, gen->d.ia5->data, len) == 0)
1138 found++;
1139 }
1140
1141 return found;
1142}
1143
1144
1145static int tls_match_altsubject(X509 *cert, const char *match)
1146{
1147 int type;
1148 const char *pos, *end;
1149 size_t len;
1150
1151 pos = match;
1152 do {
1153 if (os_strncmp(pos, "EMAIL:", 6) == 0) {
1154 type = GEN_EMAIL;
1155 pos += 6;
1156 } else if (os_strncmp(pos, "DNS:", 4) == 0) {
1157 type = GEN_DNS;
1158 pos += 4;
1159 } else if (os_strncmp(pos, "URI:", 4) == 0) {
1160 type = GEN_URI;
1161 pos += 4;
1162 } else {
1163 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName "
1164 "match '%s'", pos);
1165 return 0;
1166 }
1167 end = os_strchr(pos, ';');
1168 while (end) {
1169 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 ||
1170 os_strncmp(end + 1, "DNS:", 4) == 0 ||
1171 os_strncmp(end + 1, "URI:", 4) == 0)
1172 break;
1173 end = os_strchr(end + 1, ';');
1174 }
1175 if (end)
1176 len = end - pos;
1177 else
1178 len = os_strlen(pos);
1179 if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1180 return 1;
1181 pos = end + 1;
1182 } while (end);
1183
1184 return 0;
1185}
1186
1187
461e3ebe 1188#ifndef CONFIG_NATIVE_WINDOWS
01f809c7
JM		 1189static int domain_suffix_match(const u8 *val, size_t len, const char *match)
1190{
1191 size_t i, match_len;
1192
1193 /* Check for embedded nuls that could mess up suffix matching */
1194 for (i = 0; i < len; i++) {
1195 if (val[i] == '\0') {
1196 wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject");
1197 return 0;
1198 }
1199 }
1200
1201 match_len = os_strlen(match);
1202 if (match_len > len)
1203 return 0;
1204
1205 if (os_strncasecmp((const char *) val + len - match_len, match,
1206 match_len) != 0)
1207 return 0; /* no match */
1208
1209 if (match_len == len)
1210 return 1; /* exact match */
1211
1212 if (val[len - match_len - 1] == '.')
1213 return 1; /* full label match completes suffix match */
1214
1215 wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match");
1216 return 0;
1217}
461e3ebe 1218#endif /* CONFIG_NATIVE_WINDOWS */
01f809c7
JM		 1219
1220
1221static int tls_match_suffix(X509 *cert, const char *match)
1222{
461e3ebe
JM		 1223#ifdef CONFIG_NATIVE_WINDOWS
1224 /* wincrypt.h has conflicting X509_NAME definition */
1225 return -1;
1226#else /* CONFIG_NATIVE_WINDOWS */
01f809c7
JM		 1227 GENERAL_NAME *gen;
1228 void *ext;
1229 int i;
98a1571d 1230 stack_index_t j;
01f809c7
JM		 1231 int dns_name = 0;
1232 X509_NAME *name;
1233
1234 wpa_printf(MSG_DEBUG, "TLS: Match domain against suffix %s", match);
1235
1236 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1237
98a1571d
JM		 1238 for (j = 0; ext && j < sk_GENERAL_NAME_num(ext); j++) {
1239 gen = sk_GENERAL_NAME_value(ext, j);
01f809c7
JM		 1240 if (gen->type != GEN_DNS)
1241 continue;
1242 dns_name++;
1243 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
1244 gen->d.dNSName->data,
1245 gen->d.dNSName->length);
1246 if (domain_suffix_match(gen->d.dNSName->data,
1247 gen->d.dNSName->length, match) == 1) {
1248 wpa_printf(MSG_DEBUG, "TLS: Suffix match in dNSName found");
1249 return 1;
1250 }
1251 }
1252
1253 if (dns_name) {
1254 wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched");
1255 return 0;
1256 }
1257
1258 name = X509_get_subject_name(cert);
1259 i = -1;
1260 for (;;) {
1261 X509_NAME_ENTRY *e;
1262 ASN1_STRING *cn;
1263
1264 i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
1265 if (i == -1)
1266 break;
1267 e = X509_NAME_get_entry(name, i);
1268 if (e == NULL)
1269 continue;
1270 cn = X509_NAME_ENTRY_get_data(e);
1271 if (cn == NULL)
1272 continue;
1273 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName",
1274 cn->data, cn->length);
1275 if (domain_suffix_match(cn->data, cn->length, match) == 1) {
1276 wpa_printf(MSG_DEBUG, "TLS: Suffix match in commonName found");
1277 return 1;
1278 }
1279 }
1280
1281 wpa_printf(MSG_DEBUG, "TLS: No CommonName suffix match found");
1282 return 0;
461e3ebe 1283#endif /* CONFIG_NATIVE_WINDOWS */
01f809c7
JM		 1284}
1285
1286
00468b46
JM		 1287static enum tls_fail_reason openssl_tls_fail_reason(int err)
1288{
1289 switch (err) {
1290 case X509_V_ERR_CERT_REVOKED:
1291 return TLS_FAIL_REVOKED;
1292 case X509_V_ERR_CERT_NOT_YET_VALID:
1293 case X509_V_ERR_CRL_NOT_YET_VALID:
1294 return TLS_FAIL_NOT_YET_VALID;
1295 case X509_V_ERR_CERT_HAS_EXPIRED:
1296 case X509_V_ERR_CRL_HAS_EXPIRED:
1297 return TLS_FAIL_EXPIRED;
1298 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1299 case X509_V_ERR_UNABLE_TO_GET_CRL:
1300 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1301 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1302 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1303 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1304 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1305 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1306 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1307 case X509_V_ERR_INVALID_CA:
1308 return TLS_FAIL_UNTRUSTED;
1309 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1310 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1311 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1312 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1313 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1314 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1315 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1316 case X509_V_ERR_CERT_UNTRUSTED:
1317 case X509_V_ERR_CERT_REJECTED:
1318 return TLS_FAIL_BAD_CERTIFICATE;
1319 default:
1320 return TLS_FAIL_UNSPECIFIED;
1321 }
1322}
1323
1324
1325static struct wpabuf * get_x509_cert(X509 *cert)
1326{
1327 struct wpabuf *buf;
1328 u8 *tmp;
1329
1330 int cert_len = i2d_X509(cert, NULL);
1331 if (cert_len <= 0)
1332 return NULL;
1333
1334 buf = wpabuf_alloc(cert_len);
1335 if (buf == NULL)
1336 return NULL;
1337
1338 tmp = wpabuf_put(buf, cert_len);
1339 i2d_X509(cert, &tmp);
1340 return buf;
1341}
1342
1343
1344static void openssl_tls_fail_event(struct tls_connection *conn,
1345 X509 *err_cert, int err, int depth,
1346 const char *subject, const char *err_str,
1347 enum tls_fail_reason reason)
1348{
1349 union tls_event_data ev;
1350 struct wpabuf *cert = NULL;
7c0e1e27 1351 struct tls_context *context = conn->context;
00468b46 1352
7c0e1e27 1353 if (context->event_cb == NULL)
00468b46
JM		 1354 return;
1355
1356 cert = get_x509_cert(err_cert);
1357 os_memset(&ev, 0, sizeof(ev));
1358 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ?
1359 reason : openssl_tls_fail_reason(err);
1360 ev.cert_fail.depth = depth;
1361 ev.cert_fail.subject = subject;
1362 ev.cert_fail.reason_txt = err_str;
1363 ev.cert_fail.cert = cert;
7c0e1e27 1364 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev);
00468b46
JM		 1365 wpabuf_free(cert);
1366}
1367
1368
1369static void openssl_tls_cert_event(struct tls_connection *conn,
1370 X509 *err_cert, int depth,
1371 const char *subject)
1372{
1373 struct wpabuf *cert = NULL;
1374 union tls_event_data ev;
7c0e1e27 1375 struct tls_context *context = conn->context;
00468b46
JM		 1376#ifdef CONFIG_SHA256
1377 u8 hash[32];
1378#endif /* CONFIG_SHA256 */
1379
7c0e1e27 1380 if (context->event_cb == NULL)
00468b46
JM		 1381 return;
1382
1383 os_memset(&ev, 0, sizeof(ev));
7c0e1e27 1384 if (conn->cert_probe || context->cert_in_cb) {
00468b46
JM		 1385 cert = get_x509_cert(err_cert);
1386 ev.peer_cert.cert = cert;
1387 }
1388#ifdef CONFIG_SHA256
1389 if (cert) {
1390 const u8 *addr[1];
1391 size_t len[1];
1392 addr[0] = wpabuf_head(cert);
1393 len[0] = wpabuf_len(cert);
1394 if (sha256_vector(1, addr, len, hash) == 0) {
1395 ev.peer_cert.hash = hash;
1396 ev.peer_cert.hash_len = sizeof(hash);
1397 }
1398 }
1399#endif /* CONFIG_SHA256 */
1400 ev.peer_cert.depth = depth;
1401 ev.peer_cert.subject = subject;
7c0e1e27 1402 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev);
00468b46
JM		 1403 wpabuf_free(cert);
1404}
1405
1406
6fc6879b
JM		 1407static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
1408{
1409 char buf[256];
1410 X509 *err_cert;
1411 int err, depth;
1412 SSL *ssl;
1413 struct tls_connection *conn;
7c0e1e27 1414 struct tls_context *context;
01f809c7 1415 char *match, *altmatch, *suffix_match;
00468b46 1416 const char *err_str;
6fc6879b
JM		 1417
1418 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
97efe70b
EL		 1419 if (!err_cert)
1420 return 0;
1421
6fc6879b
JM		 1422 err = X509_STORE_CTX_get_error(x509_ctx);
1423 depth = X509_STORE_CTX_get_error_depth(x509_ctx);
1424 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1425 SSL_get_ex_data_X509_STORE_CTX_idx());
1426 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
1427
1428 conn = SSL_get_app_data(ssl);
0bdaa741
JM		 1429 if (conn == NULL)
1430 return 0;
080585c0
JM		 1431
1432 if (depth == 0)
1433 conn->peer_cert = err_cert;
1434 else if (depth == 1)
1435 conn->peer_issuer = err_cert;
6bf61fb2
JM		 1436 else if (depth == 2)
1437 conn->peer_issuer_issuer = err_cert;
080585c0 1438
7c0e1e27 1439 context = conn->context;
0bdaa741
JM		 1440 match = conn->subject_match;
1441 altmatch = conn->altsubject_match;
01f809c7 1442 suffix_match = conn->suffix_match;
6fc6879b 1443
00468b46
JM		 1444 if (!preverify_ok && !conn->ca_cert_verify)
1445 preverify_ok = 1;
1446 if (!preverify_ok && depth > 0 && conn->server_cert_only)
1447 preverify_ok = 1;
235279e7
JM		 1448 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
1449 (err == X509_V_ERR_CERT_HAS_EXPIRED ||
1450 err == X509_V_ERR_CERT_NOT_YET_VALID)) {
1451 wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity "
1452 "time mismatch");
1453 preverify_ok = 1;
1454 }
00468b46
JM		 1455
1456 err_str = X509_verify_cert_error_string(err);
1457
1458#ifdef CONFIG_SHA256
1459 if (preverify_ok && depth == 0 && conn->server_cert_only) {
1460 struct wpabuf *cert;
1461 cert = get_x509_cert(err_cert);
1462 if (!cert) {
1463 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch "
1464 "server certificate data");
6fc6879b 1465 preverify_ok = 0;
00468b46
JM		 1466 } else {
1467 u8 hash[32];
1468 const u8 *addr[1];
1469 size_t len[1];
1470 addr[0] = wpabuf_head(cert);
1471 len[0] = wpabuf_len(cert);
1472 if (sha256_vector(1, addr, len, hash) < 0 ||
1473 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1474 err_str = "Server certificate mismatch";
1475 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
1476 preverify_ok = 0;
1477 }
1478 wpabuf_free(cert);
6fc6879b
JM		 1479 }
1480 }
00468b46
JM		 1481#endif /* CONFIG_SHA256 */
1482
1483 if (!preverify_ok) {
1484 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
1485 " error %d (%s) depth %d for '%s'", err, err_str,
1486 depth, buf);
1487 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1488 err_str, TLS_FAIL_UNSPECIFIED);
1489 return preverify_ok;
1490 }
1491
1492 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d "
1493 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'",
1494 preverify_ok, err, err_str,
1495 conn->ca_cert_verify, depth, buf);
1496 if (depth == 0 && match && os_strstr(buf, match) == NULL) {
1497 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
1498 "match with '%s'", buf, match);
1499 preverify_ok = 0;
1500 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1501 "Subject mismatch",
1502 TLS_FAIL_SUBJECT_MISMATCH);
1503 } else if (depth == 0 && altmatch &&
1504 !tls_match_altsubject(err_cert, altmatch)) {
1505 wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
1506 "'%s' not found", altmatch);
1507 preverify_ok = 0;
1508 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1509 "AltSubject mismatch",
1510 TLS_FAIL_ALTSUBJECT_MISMATCH);
01f809c7
JM		 1511 } else if (depth == 0 && suffix_match &&
1512 !tls_match_suffix(err_cert, suffix_match)) {
1513 wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found",
1514 suffix_match);
1515 preverify_ok = 0;
1516 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1517 "Domain suffix mismatch",
1518 TLS_FAIL_DOMAIN_SUFFIX_MISMATCH);
00468b46
JM		 1519 } else
1520 openssl_tls_cert_event(conn, err_cert, depth, buf);
1521
1522 if (conn->cert_probe && preverify_ok && depth == 0) {
1523 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
1524 "on probe-only run");
1525 preverify_ok = 0;
1526 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1527 "Server certificate chain probe",
1528 TLS_FAIL_SERVER_CHAIN_PROBE);
1529 }
6fc6879b 1530
7c0e1e27
PS		 1531 if (preverify_ok && context->event_cb != NULL)
1532 context->event_cb(context->cb_ctx,
1533 TLS_CERT_CHAIN_SUCCESS, NULL);
dd7fec1f 1534
6fc6879b
JM		 1535 return preverify_ok;
1536}
1537
1538
1539#ifndef OPENSSL_NO_STDIO
1540static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
1541{
1542 SSL_CTX *ssl_ctx = _ssl_ctx;
1543 X509_LOOKUP *lookup;
1544 int ret = 0;
1545
1546 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store,
1547 X509_LOOKUP_file());
1548 if (lookup == NULL) {
1549 tls_show_errors(MSG_WARNING, __func__,
1550 "Failed add lookup for X509 store");
1551 return -1;
1552 }
1553
1554 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
1555 unsigned long err = ERR_peek_error();
1556 tls_show_errors(MSG_WARNING, __func__,
1557 "Failed load CA in DER format");
1558 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1559 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1560 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1561 "cert already in hash table error",
1562 __func__);
1563 } else
1564 ret = -1;
1565 }
1566
1567 return ret;
1568}
1569#endif /* OPENSSL_NO_STDIO */
1570
1571
1572static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
1573 const char *ca_cert, const u8 *ca_cert_blob,
1574 size_t ca_cert_blob_len, const char *ca_path)
1575{
1576 SSL_CTX *ssl_ctx = _ssl_ctx;
1577
1578 /*
1579 * Remove previously configured trusted CA certificates before adding
1580 * new ones.
1581 */
1582 X509_STORE_free(ssl_ctx->cert_store);
1583 ssl_ctx->cert_store = X509_STORE_new();
1584 if (ssl_ctx->cert_store == NULL) {
1585 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
1586 "certificate store", __func__);
1587 return -1;
1588 }
1589
00468b46
JM		 1590 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1591 conn->ca_cert_verify = 1;
1592
1593 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) {
1594 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate "
1595 "chain");
1596 conn->cert_probe = 1;
1597 conn->ca_cert_verify = 0;
1598 return 0;
1599 }
1600
1601 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) {
1602#ifdef CONFIG_SHA256
1603 const char *pos = ca_cert + 7;
1604 if (os_strncmp(pos, "server/sha256/", 14) != 0) {
1605 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert "
1606 "hash value '%s'", ca_cert);
1607 return -1;
1608 }
1609 pos += 14;
1610 if (os_strlen(pos) != 32 * 2) {
1611 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 "
1612 "hash length in ca_cert '%s'", ca_cert);
1613 return -1;
1614 }
1615 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
1616 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash "
1617 "value in ca_cert '%s'", ca_cert);
1618 return -1;
1619 }
1620 conn->server_cert_only = 1;
1621 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server "
1622 "certificate match");
1623 return 0;
1624#else /* CONFIG_SHA256 */
1625 wpa_printf(MSG_INFO, "No SHA256 included in the build - "
1626 "cannot validate server certificate hash");
1627 return -1;
1628#endif /* CONFIG_SHA256 */
1629 }
1630
6fc6879b
JM		 1631 if (ca_cert_blob) {
1632 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
1633 ca_cert_blob_len);
1634 if (cert == NULL) {
1635 tls_show_errors(MSG_WARNING, __func__,
1636 "Failed to parse ca_cert_blob");
1637 return -1;
1638 }
1639
1640 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1641 unsigned long err = ERR_peek_error();
1642 tls_show_errors(MSG_WARNING, __func__,
1643 "Failed to add ca_cert_blob to "
1644 "certificate store");
1645 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1646 ERR_GET_REASON(err) ==
1647 X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1648 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1649 "cert already in hash table error",
1650 __func__);
1651 } else {
1652 X509_free(cert);
1653 return -1;
1654 }
1655 }
1656 X509_free(cert);
1657 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
1658 "to certificate store", __func__);
6fc6879b
JM		 1659 return 0;
1660 }
1661
2a0cd067
DS		 1662#ifdef ANDROID
1663 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) {
1664 BIO *bio = BIO_from_keystore(&ca_cert[11]);
1665 STACK_OF(X509_INFO) *stack = NULL;
a8572960 1666 stack_index_t i;
2a0cd067
DS		 1667
1668 if (bio) {
1669 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
1670 BIO_free(bio);
1671 }
1672 if (!stack)
1673 return -1;
1674
1675 for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
1676 X509_INFO *info = sk_X509_INFO_value(stack, i);
1677 if (info->x509) {
1678 X509_STORE_add_cert(ssl_ctx->cert_store,
1679 info->x509);
1680 }
1681 if (info->crl) {
1682 X509_STORE_add_crl(ssl_ctx->cert_store,
1683 info->crl);
1684 }
1685 }
1686 sk_X509_INFO_pop_free(stack, X509_INFO_free);
1687 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1688 return 0;
1689 }
1690#endif /* ANDROID */
1691
6fc6879b
JM		 1692#ifdef CONFIG_NATIVE_WINDOWS
1693 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1694 0) {
1695 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from "
1696 "system certificate store");
6fc6879b
JM		 1697 return 0;
1698 }
1699#endif /* CONFIG_NATIVE_WINDOWS */
1700
1701 if (ca_cert || ca_path) {
1702#ifndef OPENSSL_NO_STDIO
1703 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
1704 1) {
1705 tls_show_errors(MSG_WARNING, __func__,
1706 "Failed to load root certificates");
1707 if (ca_cert &&
1708 tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
1709 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
1710 "DER format CA certificate",
1711 __func__);
1712 } else
1713 return -1;
1714 } else {
1715 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1716 "certificate(s) loaded");
1717 tls_get_errors(ssl_ctx);
1718 }
6fc6879b
JM		 1719#else /* OPENSSL_NO_STDIO */
1720 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
1721 __func__);
1722 return -1;
1723#endif /* OPENSSL_NO_STDIO */
1724 } else {
1725 /* No ca_cert configured - do not try to verify server
1726 * certificate */
00468b46 1727 conn->ca_cert_verify = 0;
6fc6879b
JM		 1728 }
1729
1730 return 0;
1731}
1732
1733
1734static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
1735{
1736 if (ca_cert) {
1737 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
1738 {
1739 tls_show_errors(MSG_WARNING, __func__,
1740 "Failed to load root certificates");
1741 return -1;
1742 }
1743
1744 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1745 "certificate(s) loaded");
1746
1747#ifndef OPENSSL_NO_STDIO
1748 /* Add the same CAs to the client certificate requests */
1749 SSL_CTX_set_client_CA_list(ssl_ctx,
1750 SSL_load_client_CA_file(ca_cert));
1751#endif /* OPENSSL_NO_STDIO */
1752 }
1753
1754 return 0;
1755}
1756
1757
1758int tls_global_set_verify(void *ssl_ctx, int check_crl)
1759{
1760 int flags;
1761
1762 if (check_crl) {
1763 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
1764 if (cs == NULL) {
1765 tls_show_errors(MSG_INFO, __func__, "Failed to get "
1766 "certificate store when enabling "
1767 "check_crl");
1768 return -1;
1769 }
1770 flags = X509_V_FLAG_CRL_CHECK;
1771 if (check_crl == 2)
1772 flags |= X509_V_FLAG_CRL_CHECK_ALL;
1773 X509_STORE_set_flags(cs, flags);
1774 }
1775 return 0;
1776}
1777
1778
1779static int tls_connection_set_subject_match(struct tls_connection *conn,
1780 const char *subject_match,
01f809c7
JM		 1781 const char *altsubject_match,
1782 const char *suffix_match)
6fc6879b
JM		 1783{
1784 os_free(conn->subject_match);
1785 conn->subject_match = NULL;
1786 if (subject_match) {
1787 conn->subject_match = os_strdup(subject_match);
1788 if (conn->subject_match == NULL)
1789 return -1;
1790 }
1791
1792 os_free(conn->altsubject_match);
1793 conn->altsubject_match = NULL;
1794 if (altsubject_match) {
1795 conn->altsubject_match = os_strdup(altsubject_match);
1796 if (conn->altsubject_match == NULL)
1797 return -1;
1798 }
1799
01f809c7
JM		 1800 os_free(conn->suffix_match);
1801 conn->suffix_match = NULL;
1802 if (suffix_match) {
1803 conn->suffix_match = os_strdup(suffix_match);
1804 if (conn->suffix_match == NULL)
1805 return -1;
1806 }
1807
6fc6879b
JM		 1808 return 0;
1809}
1810
1811
1812int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1813 int verify_peer)
1814{
bf206cad
JM		 1815 static int counter = 0;
1816
6fc6879b
JM		 1817 if (conn == NULL)
1818 return -1;
1819
1820 if (verify_peer) {
00468b46 1821 conn->ca_cert_verify = 1;
6fc6879b
JM		 1822 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1823 SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
1824 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb);
1825 } else {
00468b46 1826 conn->ca_cert_verify = 0;
6fc6879b
JM		 1827 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1828 }
1829
1830 SSL_set_accept_state(conn->ssl);
1831
bf206cad
JM		 1832 /*
1833 * Set session id context in order to avoid fatal errors when client
1834 * tries to resume a session. However, set the context to a unique
1835 * value in order to effectively disable session resumption for now
1836 * since not all areas of the server code are ready for it (e.g.,
1837 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS
1838 * handshake).
1839 */
1840 counter++;
1841 SSL_set_session_id_context(conn->ssl,
1842 (const unsigned char *) &counter,
1843 sizeof(counter));
1844
6fc6879b
JM		 1845 return 0;
1846}
1847
1848
1849static int tls_connection_client_cert(struct tls_connection *conn,
1850 const char *client_cert,
1851 const u8 *client_cert_blob,
1852 size_t client_cert_blob_len)
1853{
1854 if (client_cert == NULL && client_cert_blob == NULL)
1855 return 0;
1856
1857 if (client_cert_blob &&
1858 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1859 client_cert_blob_len) == 1) {
1860 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
1861 "OK");
1862 return 0;
1863 } else if (client_cert_blob) {
1864 tls_show_errors(MSG_DEBUG, __func__,
1865 "SSL_use_certificate_ASN1 failed");
1866 }
1867
1868 if (client_cert == NULL)
1869 return -1;
1870
2a0cd067
DS		 1871#ifdef ANDROID
1872 if (os_strncmp("keystore://", client_cert, 11) == 0) {
1873 BIO *bio = BIO_from_keystore(&client_cert[11]);
1874 X509 *x509 = NULL;
1875 int ret = -1;
1876 if (bio) {
1877 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
1878 BIO_free(bio);
1879 }
1880 if (x509) {
1881 if (SSL_use_certificate(conn->ssl, x509) == 1)
1882 ret = 0;
1883 X509_free(x509);
1884 }
1885 return ret;
1886 }
1887#endif /* ANDROID */
1888
6fc6879b
JM		 1889#ifndef OPENSSL_NO_STDIO
1890 if (SSL_use_certificate_file(conn->ssl, client_cert,
1891 SSL_FILETYPE_ASN1) == 1) {
1892 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
1893 " --> OK");
1894 return 0;
6fc6879b
JM		 1895 }
1896
1897 if (SSL_use_certificate_file(conn->ssl, client_cert,
1898 SSL_FILETYPE_PEM) == 1) {
effab86f 1899 ERR_clear_error();
6fc6879b
JM		 1900 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
1901 " --> OK");
1902 return 0;
6fc6879b 1903 }
effab86f
JM		 1904
1905 tls_show_errors(MSG_DEBUG, __func__,
1906 "SSL_use_certificate_file failed");
6fc6879b
JM		 1907#else /* OPENSSL_NO_STDIO */
1908 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
1909#endif /* OPENSSL_NO_STDIO */
1910
1911 return -1;
1912}
1913
1914
1915static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
1916{
1917#ifndef OPENSSL_NO_STDIO
1918 if (client_cert == NULL)
1919 return 0;
1920
1921 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1922 SSL_FILETYPE_ASN1) != 1 &&
65897747 1923 SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
6fc6879b
JM		 1924 SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1925 SSL_FILETYPE_PEM) != 1) {
1926 tls_show_errors(MSG_INFO, __func__,
1927 "Failed to load client certificate");
1928 return -1;
1929 }
1930 return 0;
1931#else /* OPENSSL_NO_STDIO */
1932 if (client_cert == NULL)
1933 return 0;
1934 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
1935 return -1;
1936#endif /* OPENSSL_NO_STDIO */
1937}
1938
1939
1940static int tls_passwd_cb(char *buf, int size, int rwflag, void *password)
1941{
1942 if (password == NULL) {
1943 return 0;
1944 }
1945 os_strlcpy(buf, (char *) password, size);
1946 return os_strlen(buf);
1947}
1948
1949
1950#ifdef PKCS12_FUNCS
1951static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
1952 const char *passwd)
1953{
1954 EVP_PKEY *pkey;
1955 X509 *cert;
1956 STACK_OF(X509) *certs;
1957 int res = 0;
1958 char buf[256];
1959
1960 pkey = NULL;
1961 cert = NULL;
1962 certs = NULL;
1963 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
1964 tls_show_errors(MSG_DEBUG, __func__,
1965 "Failed to parse PKCS12 file");
1966 PKCS12_free(p12);
1967 return -1;
1968 }
1969 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
1970
1971 if (cert) {
1972 X509_NAME_oneline(X509_get_subject_name(cert), buf,
1973 sizeof(buf));
1974 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: "
1975 "subject='%s'", buf);
1976 if (ssl) {
1977 if (SSL_use_certificate(ssl, cert) != 1)
1978 res = -1;
1979 } else {
1980 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
1981 res = -1;
1982 }
1983 X509_free(cert);
1984 }
1985
1986 if (pkey) {
1987 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12");
1988 if (ssl) {
1989 if (SSL_use_PrivateKey(ssl, pkey) != 1)
1990 res = -1;
1991 } else {
1992 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
1993 res = -1;
1994 }
1995 EVP_PKEY_free(pkey);
1996 }
1997
1998 if (certs) {
1999 while ((cert = sk_X509_pop(certs)) != NULL) {
2000 X509_NAME_oneline(X509_get_subject_name(cert), buf,
2001 sizeof(buf));
2002 wpa_printf(MSG_DEBUG, "TLS: additional certificate"
2003 " from PKCS12: subject='%s'", buf);
2004 /*
2005 * There is no SSL equivalent for the chain cert - so
2006 * always add it to the context...
2007 */
2008 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
2009 res = -1;
2010 break;
2011 }
2012 }
2013 sk_X509_free(certs);
2014 }
2015
2016 PKCS12_free(p12);
2017
2018 if (res < 0)
2019 tls_get_errors(ssl_ctx);
2020
2021 return res;
2022}
2023#endif /* PKCS12_FUNCS */
2024
2025
2026static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
2027 const char *passwd)
2028{
2029#ifdef PKCS12_FUNCS
2030 FILE *f;
2031 PKCS12 *p12;
2032
2033 f = fopen(private_key, "rb");
2034 if (f == NULL)
2035 return -1;
2036
2037 p12 = d2i_PKCS12_fp(f, NULL);
2038 fclose(f);
2039
2040 if (p12 == NULL) {
2041 tls_show_errors(MSG_INFO, __func__,
2042 "Failed to use PKCS#12 file");
2043 return -1;
2044 }
2045
2046 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
2047
2048#else /* PKCS12_FUNCS */
2049 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
2050 "p12/pfx files");
2051 return -1;
2052#endif /* PKCS12_FUNCS */
2053}
2054
2055
2056static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
2057 const u8 *blob, size_t len, const char *passwd)
2058{
2059#ifdef PKCS12_FUNCS
2060 PKCS12 *p12;
2061
2062 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len);
2063 if (p12 == NULL) {
2064 tls_show_errors(MSG_INFO, __func__,
2065 "Failed to use PKCS#12 blob");
2066 return -1;
2067 }
2068
2069 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
2070
2071#else /* PKCS12_FUNCS */
2072 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
2073 "p12/pfx blobs");
2074 return -1;
2075#endif /* PKCS12_FUNCS */
2076}
2077
2078
e572cb63 2079#ifndef OPENSSL_NO_ENGINE
e59c91af
DS		 2080static int tls_engine_get_cert(struct tls_connection *conn,
2081 const char *cert_id,
2082 X509 **cert)
2083{
e59c91af
DS		 2084 /* this runs after the private key is loaded so no PIN is required */
2085 struct {
2086 const char *cert_id;
2087 X509 *cert;
2088 } params;
2089 params.cert_id = cert_id;
2090 params.cert = NULL;
2091
2092 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
2093 0, &params, NULL, 1)) {
2094 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
2095 " '%s' [%s]", cert_id,
2096 ERR_error_string(ERR_get_error(), NULL));
2097 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
2098 }
2099 if (!params.cert) {
2100 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
2101 " '%s'", cert_id);
2102 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
2103 }
2104 *cert = params.cert;
2105 return 0;
e59c91af 2106}
e572cb63 2107#endif /* OPENSSL_NO_ENGINE */
e59c91af
DS		 2108
2109
2110static int tls_connection_engine_client_cert(struct tls_connection *conn,
2111 const char *cert_id)
2112{
2113#ifndef OPENSSL_NO_ENGINE
2114 X509 *cert;
2115
2116 if (tls_engine_get_cert(conn, cert_id, &cert))
2117 return -1;
2118
2119 if (!SSL_use_certificate(conn->ssl, cert)) {
2120 tls_show_errors(MSG_ERROR, __func__,
2121 "SSL_use_certificate failed");
2122 X509_free(cert);
2123 return -1;
2124 }
2125 X509_free(cert);
2126 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> "
2127 "OK");
2128 return 0;
2129
2130#else /* OPENSSL_NO_ENGINE */
2131 return -1;
2132#endif /* OPENSSL_NO_ENGINE */
2133}
2134
2135
2136static int tls_connection_engine_ca_cert(void *_ssl_ctx,
2137 struct tls_connection *conn,
2138 const char *ca_cert_id)
2139{
2140#ifndef OPENSSL_NO_ENGINE
2141 X509 *cert;
2142 SSL_CTX *ssl_ctx = _ssl_ctx;
2143
2144 if (tls_engine_get_cert(conn, ca_cert_id, &cert))
2145 return -1;
2146
2147 /* start off the same as tls_connection_ca_cert */
2148 X509_STORE_free(ssl_ctx->cert_store);
2149 ssl_ctx->cert_store = X509_STORE_new();
2150 if (ssl_ctx->cert_store == NULL) {
2151 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
2152 "certificate store", __func__);
2153 X509_free(cert);
2154 return -1;
2155 }
2156 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
2157 unsigned long err = ERR_peek_error();
2158 tls_show_errors(MSG_WARNING, __func__,
2159 "Failed to add CA certificate from engine "
2160 "to certificate store");
2161 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
2162 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
2163 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
2164 " already in hash table error",
2165 __func__);
2166 } else {
2167 X509_free(cert);
2168 return -1;
2169 }
2170 }
2171 X509_free(cert);
2172 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
2173 "to certificate store", __func__);
2174 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
d8858cad
CW		 2175 conn->ca_cert_verify = 1;
2176
e59c91af
DS		 2177 return 0;
2178
2179#else /* OPENSSL_NO_ENGINE */
2180 return -1;
2181#endif /* OPENSSL_NO_ENGINE */
2182}
2183
2184
6fc6879b
JM		 2185static int tls_connection_engine_private_key(struct tls_connection *conn)
2186{
2187#ifndef OPENSSL_NO_ENGINE
2188 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
2189 tls_show_errors(MSG_ERROR, __func__,
2190 "ENGINE: cannot use private key for TLS");
2191 return -1;
2192 }
2193 if (!SSL_check_private_key(conn->ssl)) {
2194 tls_show_errors(MSG_INFO, __func__,
2195 "Private key failed verification");
2196 return -1;
2197 }
2198 return 0;
2199#else /* OPENSSL_NO_ENGINE */
2200 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
2201 "engine support was not compiled in");
2202 return -1;
2203#endif /* OPENSSL_NO_ENGINE */
2204}
2205
2206
2207static int tls_connection_private_key(void *_ssl_ctx,
2208 struct tls_connection *conn,
2209 const char *private_key,
2210 const char *private_key_passwd,
2211 const u8 *private_key_blob,
2212 size_t private_key_blob_len)
2213{
2214 SSL_CTX *ssl_ctx = _ssl_ctx;
2215 char *passwd;
2216 int ok;
2217
2218 if (private_key == NULL && private_key_blob == NULL)
2219 return 0;
2220
2221 if (private_key_passwd) {
2222 passwd = os_strdup(private_key_passwd);
2223 if (passwd == NULL)
2224 return -1;
2225 } else
2226 passwd = NULL;
2227
2228 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2229 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2230
2231 ok = 0;
2232 while (private_key_blob) {
2233 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
2234 (u8 *) private_key_blob,
2235 private_key_blob_len) == 1) {
2236 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2237 "ASN1(EVP_PKEY_RSA) --> OK");
2238 ok = 1;
2239 break;
6fc6879b
JM		 2240 }
2241
2242 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2243 (u8 *) private_key_blob,
2244 private_key_blob_len) == 1) {
2245 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2246 "ASN1(EVP_PKEY_DSA) --> OK");
2247 ok = 1;
2248 break;
6fc6879b
JM		 2249 }
2250
2251 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2252 (u8 *) private_key_blob,
2253 private_key_blob_len) == 1) {
2254 wpa_printf(MSG_DEBUG, "OpenSSL: "
2255 "SSL_use_RSAPrivateKey_ASN1 --> OK");
2256 ok = 1;
2257 break;
6fc6879b
JM		 2258 }
2259
2260 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2261 private_key_blob_len, passwd) == 0) {
2262 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
2263 "OK");
2264 ok = 1;
2265 break;
2266 }
2267
2268 break;
2269 }
2270
2271 while (!ok && private_key) {
2272#ifndef OPENSSL_NO_STDIO
2273 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2274 SSL_FILETYPE_ASN1) == 1) {
2275 wpa_printf(MSG_DEBUG, "OpenSSL: "
2276 "SSL_use_PrivateKey_File (DER) --> OK");
2277 ok = 1;
2278 break;
6fc6879b
JM		 2279 }
2280
2281 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2282 SSL_FILETYPE_PEM) == 1) {
2283 wpa_printf(MSG_DEBUG, "OpenSSL: "
2284 "SSL_use_PrivateKey_File (PEM) --> OK");
2285 ok = 1;
2286 break;
6fc6879b
JM		 2287 }
2288#else /* OPENSSL_NO_STDIO */
2289 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
2290 __func__);
2291#endif /* OPENSSL_NO_STDIO */
2292
2293 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2294 == 0) {
2295 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
2296 "--> OK");
2297 ok = 1;
2298 break;
2299 }
2300
2301 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2302 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to "
2303 "access certificate store --> OK");
2304 ok = 1;
2305 break;
2306 }
2307
2308 break;
2309 }
2310
2311 if (!ok) {
effab86f
JM		 2312 tls_show_errors(MSG_INFO, __func__,
2313 "Failed to load private key");
6fc6879b 2314 os_free(passwd);
6fc6879b
JM		 2315 return -1;
2316 }
2317 ERR_clear_error();
2318 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2319 os_free(passwd);
55651a4b 2320
6fc6879b
JM		 2321 if (!SSL_check_private_key(conn->ssl)) {
2322 tls_show_errors(MSG_INFO, __func__, "Private key failed "
2323 "verification");
2324 return -1;
2325 }
2326
2327 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
2328 return 0;
2329}
2330
2331
2332static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
2333 const char *private_key_passwd)
2334{
2335 char *passwd;
2336
2337 if (private_key == NULL)
2338 return 0;
2339
2340 if (private_key_passwd) {
2341 passwd = os_strdup(private_key_passwd);
2342 if (passwd == NULL)
2343 return -1;
2344 } else
2345 passwd = NULL;
2346
2347 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2348 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2349 if (
2350#ifndef OPENSSL_NO_STDIO
2351 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2352 SSL_FILETYPE_ASN1) != 1 &&
2353 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2354 SSL_FILETYPE_PEM) != 1 &&
2355#endif /* OPENSSL_NO_STDIO */
2356 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
2357 tls_show_errors(MSG_INFO, __func__,
2358 "Failed to load private key");
2359 os_free(passwd);
2360 ERR_clear_error();
2361 return -1;
2362 }
2363 os_free(passwd);
2364 ERR_clear_error();
2365 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
55651a4b 2366
6fc6879b
JM		 2367 if (!SSL_CTX_check_private_key(ssl_ctx)) {
2368 tls_show_errors(MSG_INFO, __func__,
2369 "Private key failed verification");
2370 return -1;
2371 }
2372
2373 return 0;
2374}
2375
2376
2377static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
2378{
2379#ifdef OPENSSL_NO_DH
2380 if (dh_file == NULL)
2381 return 0;
2382 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2383 "dh_file specified");
2384 return -1;
2385#else /* OPENSSL_NO_DH */
2386 DH *dh;
2387 BIO *bio;
2388
2389 /* TODO: add support for dh_blob */
2390 if (dh_file == NULL)
2391 return 0;
2392 if (conn == NULL)
2393 return -1;
2394
2395 bio = BIO_new_file(dh_file, "r");
2396 if (bio == NULL) {
2397 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2398 dh_file, ERR_error_string(ERR_get_error(), NULL));
2399 return -1;
2400 }
2401 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2402 BIO_free(bio);
2403#ifndef OPENSSL_NO_DSA
2404 while (dh == NULL) {
2405 DSA *dsa;
2406 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2407 " trying to parse as DSA params", dh_file,
2408 ERR_error_string(ERR_get_error(), NULL));
2409 bio = BIO_new_file(dh_file, "r");
2410 if (bio == NULL)
2411 break;
2412 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2413 BIO_free(bio);
2414 if (!dsa) {
2415 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2416 "'%s': %s", dh_file,
2417 ERR_error_string(ERR_get_error(), NULL));
2418 break;
2419 }
2420
2421 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2422 dh = DSA_dup_DH(dsa);
2423 DSA_free(dsa);
2424 if (dh == NULL) {
2425 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2426 "params into DH params");
2427 break;
2428 }
2429 break;
2430 }
2431#endif /* !OPENSSL_NO_DSA */
2432 if (dh == NULL) {
2433 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2434 "'%s'", dh_file);
2435 return -1;
2436 }
2437
2438 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2439 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2440 "%s", dh_file,
2441 ERR_error_string(ERR_get_error(), NULL));
2442 DH_free(dh);
2443 return -1;
2444 }
2445 DH_free(dh);
2446 return 0;
2447#endif /* OPENSSL_NO_DH */
2448}
2449
2450
2451static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
2452{
2453#ifdef OPENSSL_NO_DH
2454 if (dh_file == NULL)
2455 return 0;
2456 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2457 "dh_file specified");
2458 return -1;
2459#else /* OPENSSL_NO_DH */
2460 DH *dh;
2461 BIO *bio;
2462
2463 /* TODO: add support for dh_blob */
2464 if (dh_file == NULL)
2465 return 0;
2466 if (ssl_ctx == NULL)
2467 return -1;
2468
2469 bio = BIO_new_file(dh_file, "r");
2470 if (bio == NULL) {
2471 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2472 dh_file, ERR_error_string(ERR_get_error(), NULL));
2473 return -1;
2474 }
2475 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2476 BIO_free(bio);
2477#ifndef OPENSSL_NO_DSA
2478 while (dh == NULL) {
2479 DSA *dsa;
2480 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2481 " trying to parse as DSA params", dh_file,
2482 ERR_error_string(ERR_get_error(), NULL));
2483 bio = BIO_new_file(dh_file, "r");
2484 if (bio == NULL)
2485 break;
2486 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2487 BIO_free(bio);
2488 if (!dsa) {
2489 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2490 "'%s': %s", dh_file,
2491 ERR_error_string(ERR_get_error(), NULL));
2492 break;
2493 }
2494
2495 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2496 dh = DSA_dup_DH(dsa);
2497 DSA_free(dsa);
2498 if (dh == NULL) {
2499 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2500 "params into DH params");
2501 break;
2502 }
2503 break;
2504 }
2505#endif /* !OPENSSL_NO_DSA */
2506 if (dh == NULL) {
2507 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2508 "'%s'", dh_file);
2509 return -1;
2510 }
2511
2512 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
2513 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2514 "%s", dh_file,
2515 ERR_error_string(ERR_get_error(), NULL));
2516 DH_free(dh);
2517 return -1;
2518 }
2519 DH_free(dh);
2520 return 0;
2521#endif /* OPENSSL_NO_DH */
2522}
2523
2524
2525int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
2526 struct tls_keys *keys)
2527{
c9e08af2
JM		 2528#ifdef CONFIG_FIPS
2529 wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS "
2530 "mode");
2531 return -1;
2532#else /* CONFIG_FIPS */
6fc6879b
JM		 2533 SSL *ssl;
2534
2535 if (conn == NULL || keys == NULL)
2536 return -1;
2537 ssl = conn->ssl;
2538 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
2539 return -1;
2540
2541 os_memset(keys, 0, sizeof(*keys));
2542 keys->master_key = ssl->session->master_key;
2543 keys->master_key_len = ssl->session->master_key_length;
2544 keys->client_random = ssl->s3->client_random;
2545 keys->client_random_len = SSL3_RANDOM_SIZE;
2546 keys->server_random = ssl->s3->server_random;
2547 keys->server_random_len = SSL3_RANDOM_SIZE;
2548
2549 return 0;
c9e08af2 2550#endif /* CONFIG_FIPS */
6fc6879b
JM		 2551}
2552
2553
2554int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
2555 const char *label, int server_random_first,
2556 u8 *out, size_t out_len)
2557{
68770ccd
JM		 2558#if OPENSSL_VERSION_NUMBER >= 0x10001000L
2559 SSL *ssl;
2560 if (conn == NULL)
2561 return -1;
2562 if (server_random_first)
2563 return -1;
2564 ssl = conn->ssl;
2565 if (SSL_export_keying_material(ssl, out, out_len, label,
2566 os_strlen(label), NULL, 0, 0) == 1) {
2567 wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF");
2568 return 0;
2569 }
2570#endif
6fc6879b
JM		 2571 return -1;
2572}
2573
2574
81c85c06
JM		 2575static struct wpabuf *
2576openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
2577 int server)
6fc6879b
JM		 2578{
2579 int res;
81c85c06 2580 struct wpabuf *out_data;
6fc6879b
JM		 2581
2582 /*
2583 * Give TLS handshake data from the server (if available) to OpenSSL
2584 * for processing.
2585 */
2586 if (in_data &&
81c85c06
JM		 2587 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
2588 < 0) {
6fc6879b
JM		 2589 tls_show_errors(MSG_INFO, __func__,
2590 "Handshake failed - BIO_write");
2591 return NULL;
2592 }
2593
2594 /* Initiate TLS handshake or continue the existing handshake */
81c85c06
JM		 2595 if (server)
2596 res = SSL_accept(conn->ssl);
2597 else
2598 res = SSL_connect(conn->ssl);
6fc6879b
JM		 2599 if (res != 1) {
2600 int err = SSL_get_error(conn->ssl, res);
2601 if (err == SSL_ERROR_WANT_READ)
2602 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
2603 "more data");
2604 else if (err == SSL_ERROR_WANT_WRITE)
2605 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
2606 "write");
2607 else {
2608 tls_show_errors(MSG_INFO, __func__, "SSL_connect");
2609 conn->failed++;
2610 }
2611 }
2612
2613 /* Get the TLS handshake data to be sent to the server */
2614 res = BIO_ctrl_pending(conn->ssl_out);
2615 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
81c85c06 2616 out_data = wpabuf_alloc(res);
6fc6879b
JM		 2617 if (out_data == NULL) {
2618 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
2619 "handshake output (%d bytes)", res);
2620 if (BIO_reset(conn->ssl_out) < 0) {
2621 tls_show_errors(MSG_INFO, __func__,
2622 "BIO_reset failed");
2623 }
6fc6879b
JM		 2624 return NULL;
2625 }
81c85c06
JM		 2626 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
2627 res);
6fc6879b
JM		 2628 if (res < 0) {
2629 tls_show_errors(MSG_INFO, __func__,
2630 "Handshake failed - BIO_read");
2631 if (BIO_reset(conn->ssl_out) < 0) {
2632 tls_show_errors(MSG_INFO, __func__,
2633 "BIO_reset failed");
2634 }
81c85c06 2635 wpabuf_free(out_data);
6fc6879b
JM		 2636 return NULL;
2637 }
81c85c06 2638 wpabuf_put(out_data, res);
6fc6879b
JM		 2639
2640 return out_data;
2641}
2642
2643
81c85c06
JM		 2644static struct wpabuf *
2645openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
6fc6879b 2646{
81c85c06 2647 struct wpabuf *appl_data;
6fc6879b 2648 int res;
6fc6879b 2649
81c85c06
JM		 2650 appl_data = wpabuf_alloc(max_len + 100);
2651 if (appl_data == NULL)
6fc6879b 2652 return NULL;
6fc6879b 2653
81c85c06
JM		 2654 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2655 wpabuf_size(appl_data));
2656 if (res < 0) {
bf206cad 2657 int err = SSL_get_error(conn->ssl, res);
81c85c06
JM		 2658 if (err == SSL_ERROR_WANT_READ ||
2659 err == SSL_ERROR_WANT_WRITE) {
2660 wpa_printf(MSG_DEBUG, "SSL: No Application Data "
2661 "included");
2662 } else {
6fc6879b 2663 tls_show_errors(MSG_INFO, __func__,
81c85c06
JM		 2664 "Failed to read possible "
2665 "Application Data");
6fc6879b 2666 }
81c85c06 2667 wpabuf_free(appl_data);
6fc6879b
JM		 2668 return NULL;
2669 }
81c85c06
JM		 2670
2671 wpabuf_put(appl_data, res);
2672 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
2673 "message", appl_data);
2674
2675 return appl_data;
2676}
2677
2678
2679static struct wpabuf *
2680openssl_connection_handshake(struct tls_connection *conn,
2681 const struct wpabuf *in_data,
2682 struct wpabuf **appl_data, int server)
2683{
2684 struct wpabuf *out_data;
2685
2686 if (appl_data)
2687 *appl_data = NULL;
2688
2689 out_data = openssl_handshake(conn, in_data, server);
2690 if (out_data == NULL)
6fc6879b 2691 return NULL;
bb52293e
JM		 2692 if (conn->invalid_hb_used) {
2693 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
2694 wpabuf_free(out_data);
2695 return NULL;
2696 }
81c85c06
JM		 2697
2698 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2699 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
2700
bb52293e
JM		 2701 if (conn->invalid_hb_used) {
2702 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
2703 if (appl_data) {
2704 wpabuf_free(*appl_data);
2705 *appl_data = NULL;
2706 }
2707 wpabuf_free(out_data);
2708 return NULL;
2709 }
2710
6fc6879b
JM		 2711 return out_data;
2712}
2713
2714
81c85c06
JM		 2715struct wpabuf *
2716tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
2717 const struct wpabuf *in_data,
2718 struct wpabuf **appl_data)
2719{
2720 return openssl_connection_handshake(conn, in_data, appl_data, 0);
2721}
2722
2723
2724struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
2725 struct tls_connection *conn,
2726 const struct wpabuf *in_data,
2727 struct wpabuf **appl_data)
2728{
2729 return openssl_connection_handshake(conn, in_data, appl_data, 1);
2730}
2731
2732
2733struct wpabuf * tls_connection_encrypt(void *tls_ctx,
2734 struct tls_connection *conn,
2735 const struct wpabuf *in_data)
6fc6879b
JM		 2736{
2737 int res;
81c85c06 2738 struct wpabuf *buf;
6fc6879b
JM		 2739
2740 if (conn == NULL)
81c85c06 2741 return NULL;
6fc6879b
JM		 2742
2743 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */
2744 if ((res = BIO_reset(conn->ssl_in)) < 0 ||
2745 (res = BIO_reset(conn->ssl_out)) < 0) {
2746 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
81c85c06 2747 return NULL;
6fc6879b 2748 }
81c85c06 2749 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
6fc6879b
JM		 2750 if (res < 0) {
2751 tls_show_errors(MSG_INFO, __func__,
2752 "Encryption failed - SSL_write");
81c85c06 2753 return NULL;
6fc6879b
JM		 2754 }
2755
2756 /* Read encrypted data to be sent to the server */
81c85c06
JM		 2757 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
2758 if (buf == NULL)
2759 return NULL;
2760 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
6fc6879b
JM		 2761 if (res < 0) {
2762 tls_show_errors(MSG_INFO, __func__,
2763 "Encryption failed - BIO_read");
81c85c06
JM		 2764 wpabuf_free(buf);
2765 return NULL;
6fc6879b 2766 }
81c85c06 2767 wpabuf_put(buf, res);
6fc6879b 2768
81c85c06 2769 return buf;
6fc6879b
JM		 2770}
2771
2772
81c85c06
JM		 2773struct wpabuf * tls_connection_decrypt(void *tls_ctx,
2774 struct tls_connection *conn,
2775 const struct wpabuf *in_data)
6fc6879b
JM		 2776{
2777 int res;
81c85c06 2778 struct wpabuf *buf;
6fc6879b
JM		 2779
2780 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */
81c85c06
JM		 2781 res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
2782 wpabuf_len(in_data));
6fc6879b
JM		 2783 if (res < 0) {
2784 tls_show_errors(MSG_INFO, __func__,
2785 "Decryption failed - BIO_write");
81c85c06 2786 return NULL;
6fc6879b
JM		 2787 }
2788 if (BIO_reset(conn->ssl_out) < 0) {
2789 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
81c85c06 2790 return NULL;
6fc6879b
JM		 2791 }
2792
2793 /* Read decrypted data for further processing */
81c85c06
JM		 2794 /*
2795 * Even though we try to disable TLS compression, it is possible that
2796 * this cannot be done with all TLS libraries. Add extra buffer space
2797 * to handle the possibility of the decrypted data being longer than
2798 * input data.
2799 */
2800 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
2801 if (buf == NULL)
2802 return NULL;
2803 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
6fc6879b
JM		 2804 if (res < 0) {
2805 tls_show_errors(MSG_INFO, __func__,
2806 "Decryption failed - SSL_read");
a86a7316 2807 wpabuf_free(buf);
81c85c06 2808 return NULL;
6fc6879b 2809 }
81c85c06 2810 wpabuf_put(buf, res);
6fc6879b 2811
bb52293e
JM		 2812 if (conn->invalid_hb_used) {
2813 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
2814 wpabuf_free(buf);
2815 return NULL;
2816 }
2817
81c85c06 2818 return buf;
6fc6879b
JM		 2819}
2820
2821
2822int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
2823{
2824 return conn ? conn->ssl->hit : 0;
2825}
2826
2827
2828int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
2829 u8 *ciphers)
2830{
2831 char buf[100], *pos, *end;
2832 u8 *c;
2833 int ret;
2834
2835 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2836 return -1;
2837
2838 buf[0] = '\0';
2839 pos = buf;
2840 end = pos + sizeof(buf);
2841
2842 c = ciphers;
2843 while (*c != TLS_CIPHER_NONE) {
2844 const char *suite;
2845
2846 switch (*c) {
2847 case TLS_CIPHER_RC4_SHA:
2848 suite = "RC4-SHA";
2849 break;
2850 case TLS_CIPHER_AES128_SHA:
2851 suite = "AES128-SHA";
2852 break;
2853 case TLS_CIPHER_RSA_DHE_AES128_SHA:
2854 suite = "DHE-RSA-AES128-SHA";
2855 break;
2856 case TLS_CIPHER_ANON_DH_AES128_SHA:
2857 suite = "ADH-AES128-SHA";
2858 break;
2859 default:
2860 wpa_printf(MSG_DEBUG, "TLS: Unsupported "
2861 "cipher selection: %d", *c);
2862 return -1;
2863 }
2864 ret = os_snprintf(pos, end - pos, ":%s", suite);
d85e1fc8 2865 if (os_snprintf_error(end - pos, ret))
6fc6879b
JM		 2866 break;
2867 pos += ret;
2868
2869 c++;
2870 }
2871
2872 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
2873
2874 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2875 tls_show_errors(MSG_INFO, __func__,
2876 "Cipher suite configuration failed");
2877 return -1;
2878 }
2879
2880 return 0;
2881}
2882
2883
2884int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
2885 char *buf, size_t buflen)
2886{
2887 const char *name;
2888 if (conn == NULL || conn->ssl == NULL)
2889 return -1;
2890
2891 name = SSL_get_cipher(conn->ssl);
2892 if (name == NULL)
2893 return -1;
2894
2895 os_strlcpy(buf, name, buflen);
2896 return 0;
2897}
2898
2899
2900int tls_connection_enable_workaround(void *ssl_ctx,
2901 struct tls_connection *conn)
2902{
2903 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
2904
2905 return 0;
2906}
2907
2908
1e5839e0 2909#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
6fc6879b
JM		 2910/* ClientHello TLS extensions require a patch to openssl, so this function is
2911 * commented out unless explicitly needed for EAP-FAST in order to be able to
2912 * build this file with unmodified openssl. */
2913int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
2914 int ext_type, const u8 *data,
2915 size_t data_len)
2916{
0cf03892 2917 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
6fc6879b
JM		 2918 return -1;
2919
0cf03892
JM		 2920 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
2921 data_len) != 1)
2922 return -1;
6fc6879b
JM		 2923
2924 return 0;
2925}
1e5839e0 2926#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
6fc6879b
JM		 2927
2928
2929int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
2930{
2931 if (conn == NULL)
2932 return -1;
2933 return conn->failed;
2934}
2935
2936
2937int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
2938{
2939 if (conn == NULL)
2940 return -1;
2941 return conn->read_alerts;
2942}
2943
2944
2945int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
2946{
2947 if (conn == NULL)
2948 return -1;
2949 return conn->write_alerts;
2950}
2951
2952
080585c0
JM		 2953#ifdef HAVE_OCSP
2954
2955static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp)
2956{
2957#ifndef CONFIG_NO_STDOUT_DEBUG
080585c0
JM		 2958 BIO *out;
2959 size_t rlen;
2960 char *txt;
2961 int res;
2962
2963 if (wpa_debug_level > MSG_DEBUG)
2964 return;
2965
2966 out = BIO_new(BIO_s_mem());
2967 if (!out)
2968 return;
2969
2970 OCSP_RESPONSE_print(out, rsp, 0);
2971 rlen = BIO_ctrl_pending(out);
2972 txt = os_malloc(rlen + 1);
2973 if (!txt) {
2974 BIO_free(out);
2975 return;
2976 }
2977
2978 res = BIO_read(out, txt, rlen);
2979 if (res > 0) {
2980 txt[res] = '\0';
2981 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt);
2982 }
2983 os_free(txt);
2984 BIO_free(out);
2985#endif /* CONFIG_NO_STDOUT_DEBUG */
2986}
2987
2988
4eb3b76b
JM		 2989static void debug_print_cert(X509 *cert, const char *title)
2990{
2991#ifndef CONFIG_NO_STDOUT_DEBUG
2992 BIO *out;
2993 size_t rlen;
2994 char *txt;
2995 int res;
2996
2997 if (wpa_debug_level > MSG_DEBUG)
2998 return;
2999
3000 out = BIO_new(BIO_s_mem());
3001 if (!out)
3002 return;
3003
3004 X509_print(out, cert);
3005 rlen = BIO_ctrl_pending(out);
3006 txt = os_malloc(rlen + 1);
3007 if (!txt) {
3008 BIO_free(out);
3009 return;
3010 }
3011
3012 res = BIO_read(out, txt, rlen);
3013 if (res > 0) {
3014 txt[res] = '\0';
3015 wpa_printf(MSG_DEBUG, "OpenSSL: %s\n%s", title, txt);
3016 }
3017 os_free(txt);
3018
3019 BIO_free(out);
3020#endif /* CONFIG_NO_STDOUT_DEBUG */
3021}
3022
3023
080585c0
JM		 3024static int ocsp_resp_cb(SSL *s, void *arg)
3025{
3026 struct tls_connection *conn = arg;
3027 const unsigned char *p;
3028 int len, status, reason;
3029 OCSP_RESPONSE *rsp;
3030 OCSP_BASICRESP *basic;
3031 OCSP_CERTID *id;
3032 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update;
6bf61fb2
JM		 3033 X509_STORE *store;
3034 STACK_OF(X509) *certs = NULL;
080585c0
JM		 3035
3036 len = SSL_get_tlsext_status_ocsp_resp(s, &p);
3037 if (!p) {
3038 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
3039 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
3040 }
3041
3042 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len);
3043
3044 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
3045 if (!rsp) {
3046 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response");
3047 return 0;
3048 }
3049
3050 ocsp_debug_print_resp(rsp);
3051
3052 status = OCSP_response_status(rsp);
3053 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
3054 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)",
3055 status, OCSP_response_status_str(status));
3056 return 0;
3057 }
3058
3059 basic = OCSP_response_get1_basic(rsp);
3060 if (!basic) {
3061 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse");
3062 return 0;
3063 }
3064
6bf61fb2
JM		 3065 store = SSL_CTX_get_cert_store(s->ctx);
3066 if (conn->peer_issuer) {
4eb3b76b 3067 debug_print_cert(conn->peer_issuer, "Add OCSP issuer");
6bf61fb2
JM		 3068
3069 if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) {
3070 tls_show_errors(MSG_INFO, __func__,
3071 "OpenSSL: Could not add issuer to certificate store\n");
3072 }
3073 certs = sk_X509_new_null();
3074 if (certs) {
3075 X509 *cert;
3076 cert = X509_dup(conn->peer_issuer);
3077 if (cert && !sk_X509_push(certs, cert)) {
3078 tls_show_errors(
3079 MSG_INFO, __func__,
3080 "OpenSSL: Could not add issuer to OCSP responder trust store\n");
3081 X509_free(cert);
3082 sk_X509_free(certs);
3083 certs = NULL;
3084 }
3085 if (conn->peer_issuer_issuer) {
3086 cert = X509_dup(conn->peer_issuer_issuer);
3087 if (cert && !sk_X509_push(certs, cert)) {
3088 tls_show_errors(
3089 MSG_INFO, __func__,
3090 "OpenSSL: Could not add issuer to OCSP responder trust store\n");
3091 X509_free(cert);
3092 }
3093 }
3094 }
3095 }
3096
3097 status = OCSP_basic_verify(basic, certs, store, OCSP_TRUSTOTHER);
3098 sk_X509_pop_free(certs, X509_free);
080585c0
JM		 3099 if (status <= 0) {
3100 tls_show_errors(MSG_INFO, __func__,
3101 "OpenSSL: OCSP response failed verification");
3102 OCSP_BASICRESP_free(basic);
3103 OCSP_RESPONSE_free(rsp);
3104 return 0;
3105 }
3106
3107 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded");
3108
762c92a4
JM		 3109 if (!conn->peer_cert) {
3110 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check");
3111 OCSP_BASICRESP_free(basic);
3112 OCSP_RESPONSE_free(rsp);
3113 return 0;
3114 }
3115
3116 if (!conn->peer_issuer) {
3117 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check");
080585c0
JM		 3118 OCSP_BASICRESP_free(basic);
3119 OCSP_RESPONSE_free(rsp);
3120 return 0;
3121 }
3122
3123 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer);
3124 if (!id) {
3125 wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier");
3126 OCSP_BASICRESP_free(basic);
3127 OCSP_RESPONSE_free(rsp);
3128 return 0;
3129 }
3130
3131 if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at,
3132 &this_update, &next_update)) {
3133 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s",
3134 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" :
3135 " (OCSP not required)");
3136 OCSP_BASICRESP_free(basic);
3137 OCSP_RESPONSE_free(rsp);
3138 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
3139 }
3140
3141 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) {
3142 tls_show_errors(MSG_INFO, __func__,
3143 "OpenSSL: OCSP status times invalid");
3144 OCSP_BASICRESP_free(basic);
3145 OCSP_RESPONSE_free(rsp);
3146 return 0;
3147 }
3148
3149 OCSP_BASICRESP_free(basic);
3150 OCSP_RESPONSE_free(rsp);
3151
3152 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s",
3153 OCSP_cert_status_str(status));
3154
3155 if (status == V_OCSP_CERTSTATUS_GOOD)
3156 return 1;
3157 if (status == V_OCSP_CERTSTATUS_REVOKED)
3158 return 0;
3159 if (conn->flags & TLS_CONN_REQUIRE_OCSP) {
3160 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required");
3161 return 0;
3162 }
be7963b3 3163 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue");
080585c0
JM		 3164 return 1;
3165}
3166
3167
3168static int ocsp_status_cb(SSL *s, void *arg)
3169{
3170 char *tmp;
3171 char *resp;
3172 size_t len;
3173
3174 if (tls_global->ocsp_stapling_response == NULL) {
3175 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured");
3176 return SSL_TLSEXT_ERR_OK;
3177 }
3178
3179 resp = os_readfile(tls_global->ocsp_stapling_response, &len);
3180 if (resp == NULL) {
3181 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file");
3182 /* TODO: Build OCSPResponse with responseStatus = internalError
3183 */
3184 return SSL_TLSEXT_ERR_OK;
3185 }
3186 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response");
3187 tmp = OPENSSL_malloc(len);
3188 if (tmp == NULL) {
3189 os_free(resp);
3190 return SSL_TLSEXT_ERR_ALERT_FATAL;
3191 }
3192
3193 os_memcpy(tmp, resp, len);
3194 os_free(resp);
3195 SSL_set_tlsext_status_ocsp_resp(s, tmp, len);
3196
3197 return SSL_TLSEXT_ERR_OK;
3198}
3199
3200#endif /* HAVE_OCSP */
3201
3202
6fc6879b
JM		 3203int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
3204 const struct tls_connection_params *params)
3205{
3206 int ret;
3207 unsigned long err;
3208
3209 if (conn == NULL)
3210 return -1;
3211
6a31a31d
JM		 3212 if (params->flags & TLS_CONN_EAP_FAST) {
3213 wpa_printf(MSG_DEBUG,
3214 "OpenSSL: Use TLSv1_method() for EAP-FAST");
3215 if (SSL_set_ssl_method(conn->ssl, TLSv1_method()) != 1) {
3216 tls_show_errors(MSG_INFO, __func__,
3217 "Failed to set TLSv1_method() for EAP-FAST");
3218 return -1;
3219 }
3220 }
d4913c58 3221
6fc6879b
JM		 3222 while ((err = ERR_get_error())) {
3223 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3224 __func__, ERR_error_string(err, NULL));
3225 }
3226
e59c91af
DS		 3227 if (params->engine) {
3228 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
3229 ret = tls_engine_init(conn, params->engine_id, params->pin,
3230 params->key_id, params->cert_id,
3231 params->ca_cert_id);
3232 if (ret)
3233 return ret;
3234 }
6fc6879b
JM		 3235 if (tls_connection_set_subject_match(conn,
3236 params->subject_match,
01f809c7
JM		 3237 params->altsubject_match,
3238 params->suffix_match))
6fc6879b 3239 return -1;
e59c91af
DS		 3240
3241 if (params->engine && params->ca_cert_id) {
3242 if (tls_connection_engine_ca_cert(tls_ctx, conn,
3243 params->ca_cert_id))
3244 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3245 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
3246 params->ca_cert_blob,
3247 params->ca_cert_blob_len,
3248 params->ca_path))
6fc6879b 3249 return -1;
e59c91af
DS		 3250
3251 if (params->engine && params->cert_id) {
3252 if (tls_connection_engine_client_cert(conn, params->cert_id))
3253 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3254 } else if (tls_connection_client_cert(conn, params->client_cert,
3255 params->client_cert_blob,
3256 params->client_cert_blob_len))
6fc6879b
JM		 3257 return -1;
3258
e59c91af
DS		 3259 if (params->engine && params->key_id) {
3260 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine");
6fc6879b
JM		 3261 if (tls_connection_engine_private_key(conn))
3262 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3263 } else if (tls_connection_private_key(tls_ctx, conn,
3264 params->private_key,
3265 params->private_key_passwd,
3266 params->private_key_blob,
3267 params->private_key_blob_len)) {
3268 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'",
3269 params->private_key);
3270 return -1;
3271 }
3272
3273 if (tls_connection_dh(conn, params->dh_file)) {
3274 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
3275 params->dh_file);
3276 return -1;
3277 }
3278
b7328434
JM		 3279 if (params->openssl_ciphers &&
3280 SSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
3281 wpa_printf(MSG_INFO,
3282 "OpenSSL: Failed to set cipher string '%s'",
3283 params->openssl_ciphers);
3284 return -1;
3285 }
3286
e866f39f
JM		 3287#ifdef SSL_OP_NO_TICKET
3288 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3289 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
d53d2596 3290#ifdef SSL_clear_options
e866f39f
JM		 3291 else
3292 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
d53d2596 3293#endif /* SSL_clear_options */
e866f39f
JM		 3294#endif /* SSL_OP_NO_TICKET */
3295
e9a6f183
DS		 3296#ifdef SSL_OP_NO_TLSv1_1
3297 if (params->flags & TLS_CONN_DISABLE_TLSv1_1)
3298 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1);
3299 else
3300 SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1);
3301#endif /* SSL_OP_NO_TLSv1_1 */
3302#ifdef SSL_OP_NO_TLSv1_2
3303 if (params->flags & TLS_CONN_DISABLE_TLSv1_2)
3304 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2);
3305 else
3306 SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2);
3307#endif /* SSL_OP_NO_TLSv1_2 */
3308
080585c0
JM		 3309#ifdef HAVE_OCSP
3310 if (params->flags & TLS_CONN_REQUEST_OCSP) {
81cbc046 3311 SSL_CTX *ssl_ctx = tls_ctx;
080585c0
JM		 3312 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
3313 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
3314 SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn);
3315 }
3316#endif /* HAVE_OCSP */
3317
235279e7
JM		 3318 conn->flags = params->flags;
3319
6fc6879b
JM		 3320 tls_get_errors(tls_ctx);
3321
3322 return 0;
3323}
3324
3325
3326int tls_global_set_params(void *tls_ctx,
3327 const struct tls_connection_params *params)
3328{
3329 SSL_CTX *ssl_ctx = tls_ctx;
3330 unsigned long err;
3331
3332 while ((err = ERR_get_error())) {
3333 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3334 __func__, ERR_error_string(err, NULL));
3335 }
3336
3337 if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
3338 return -1;
3339
3340 if (tls_global_client_cert(ssl_ctx, params->client_cert))
3341 return -1;
3342
3343 if (tls_global_private_key(ssl_ctx, params->private_key,
3344 params->private_key_passwd))
3345 return -1;
3346
3347 if (tls_global_dh(ssl_ctx, params->dh_file)) {
3348 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
3349 params->dh_file);
3350 return -1;
3351 }
3352
b7328434
JM		 3353 if (params->openssl_ciphers &&
3354 SSL_CTX_set_cipher_list(ssl_ctx, params->openssl_ciphers) != 1) {
3355 wpa_printf(MSG_INFO,
3356 "OpenSSL: Failed to set cipher string '%s'",
3357 params->openssl_ciphers);
3358 return -1;
3359 }
3360
e866f39f
JM		 3361#ifdef SSL_OP_NO_TICKET
3362 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3363 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
d53d2596 3364#ifdef SSL_CTX_clear_options
e866f39f
JM		 3365 else
3366 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET);
d53d2596 3367#endif /* SSL_clear_options */
e866f39f
JM		 3368#endif /* SSL_OP_NO_TICKET */
3369
080585c0
JM		 3370#ifdef HAVE_OCSP
3371 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb);
3372 SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx);
3373 os_free(tls_global->ocsp_stapling_response);
3374 if (params->ocsp_stapling_response)
3375 tls_global->ocsp_stapling_response =
3376 os_strdup(params->ocsp_stapling_response);
3377 else
3378 tls_global->ocsp_stapling_response = NULL;
3379#endif /* HAVE_OCSP */
3380
6fc6879b
JM		 3381 return 0;
3382}
3383
3384
3385int tls_connection_get_keyblock_size(void *tls_ctx,
3386 struct tls_connection *conn)
3387{
3388 const EVP_CIPHER *c;
3389 const EVP_MD *h;
7f996409 3390 int md_size;
6fc6879b
JM		 3391
3392 if (conn == NULL || conn->ssl == NULL ||
3393 conn->ssl->enc_read_ctx == NULL ||
3394 conn->ssl->enc_read_ctx->cipher == NULL ||
3395 conn->ssl->read_hash == NULL)
3396 return -1;
3397
3398 c = conn->ssl->enc_read_ctx->cipher;
3399#if OPENSSL_VERSION_NUMBER >= 0x00909000L
3400 h = EVP_MD_CTX_md(conn->ssl->read_hash);
3401#else
3402 h = conn->ssl->read_hash;
3403#endif
7f996409
JM		 3404 if (h)
3405 md_size = EVP_MD_size(h);
3406#if OPENSSL_VERSION_NUMBER >= 0x10000000L
3407 else if (conn->ssl->s3)
3408 md_size = conn->ssl->s3->tmp.new_mac_secret_size;
3409#endif
3410 else
3411 return -1;
6fc6879b 3412
7f996409
JM		 3413 wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
3414 "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
3415 EVP_CIPHER_iv_length(c));
6fc6879b 3416 return 2 * (EVP_CIPHER_key_length(c) +
7f996409 3417 md_size +
6fc6879b
JM		 3418 EVP_CIPHER_iv_length(c));
3419}
3420
3421
3422unsigned int tls_capabilities(void *tls_ctx)
3423{
3424 return 0;
3425}
3426
3427
1e5839e0 3428#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
6fc6879b
JM		 3429/* Pre-shared secred requires a patch to openssl, so this function is
3430 * commented out unless explicitly needed for EAP-FAST in order to be able to
3431 * build this file with unmodified openssl. */
3432
a8572960
AL		 3433#ifdef OPENSSL_IS_BORINGSSL
3434static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3435 STACK_OF(SSL_CIPHER) *peer_ciphers,
3436 const SSL_CIPHER **cipher, void *arg)
3437#else /* OPENSSL_IS_BORINGSSL */
6fc6879b
JM		 3438static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3439 STACK_OF(SSL_CIPHER) *peer_ciphers,
3440 SSL_CIPHER **cipher, void *arg)
a8572960 3441#endif /* OPENSSL_IS_BORINGSSL */
6fc6879b
JM		 3442{
3443 struct tls_connection *conn = arg;
3444 int ret;
3445
3446 if (conn == NULL || conn->session_ticket_cb == NULL)
3447 return 0;
3448
3449 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
3450 conn->session_ticket,
3451 conn->session_ticket_len,
3452 s->s3->client_random,
3453 s->s3->server_random, secret);
3454 os_free(conn->session_ticket);
3455 conn->session_ticket = NULL;
3456
3457 if (ret <= 0)
3458 return 0;
3459
3460 *secret_len = SSL_MAX_MASTER_KEY_LENGTH;
3461 return 1;
3462}
3463
3464
0cf03892
JM		 3465static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
3466 int len, void *arg)
3467{
3468 struct tls_connection *conn = arg;
3469
3470 if (conn == NULL || conn->session_ticket_cb == NULL)
3471 return 0;
3472
3473 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len);
3474
3475 os_free(conn->session_ticket);
3476 conn->session_ticket = NULL;
3477
3478 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
3479 "extension", data, len);
3480
3481 conn->session_ticket = os_malloc(len);
3482 if (conn->session_ticket == NULL)
3483 return 0;
3484
3485 os_memcpy(conn->session_ticket, data, len);
3486 conn->session_ticket_len = len;
3487
3488 return 1;
3489}
1e5839e0 3490#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
6fc6879b
JM		 3491
3492
3493int tls_connection_set_session_ticket_cb(void *tls_ctx,
3494 struct tls_connection *conn,
3495 tls_session_ticket_cb cb,
3496 void *ctx)
3497{
1e5839e0 3498#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
6fc6879b
JM		 3499 conn->session_ticket_cb = cb;
3500 conn->session_ticket_cb_ctx = ctx;
3501
3502 if (cb) {
3503 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
3504 conn) != 1)
3505 return -1;
0cf03892
JM		 3506 SSL_set_session_ticket_ext_cb(conn->ssl,
3507 tls_session_ticket_ext_cb, conn);
6fc6879b
JM		 3508 } else {
3509 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
3510 return -1;
0cf03892 3511 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
6fc6879b
JM		 3512 }
3513
3514 return 0;
1e5839e0 3515#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
6fc6879b 3516 return -1;
1e5839e0 3517#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
6fc6879b 3518}
Unnamed repository; edit this file 'description' to name the repository.