Disconnect hostapd from building in base
[dragonfly.git] / contrib / hostapd / src / crypto / tls_openssl.c
CommitLineData
ebfa2275 1/*
4781064b
JM
2 * SSL/TLS interface functions for OpenSSL
3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
ebfa2275 4 *
4781064b
JM
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
ebfa2275
SZ
7 */
8
9#include "includes.h"
10
11#ifndef CONFIG_SMARTCARD
12#ifndef OPENSSL_NO_ENGINE
4781064b 13#ifndef ANDROID
ebfa2275
SZ
14#define OPENSSL_NO_ENGINE
15#endif
16#endif
4781064b 17#endif
ebfa2275
SZ
18
19#include <openssl/ssl.h>
20#include <openssl/err.h>
21#include <openssl/pkcs12.h>
22#include <openssl/x509v3.h>
23#ifndef OPENSSL_NO_ENGINE
24#include <openssl/engine.h>
25#endif /* OPENSSL_NO_ENGINE */
26
27#include "common.h"
4781064b 28#include "crypto.h"
ebfa2275
SZ
29#include "tls.h"
30
31#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
32#define OPENSSL_d2i_TYPE const unsigned char **
33#else
34#define OPENSSL_d2i_TYPE unsigned char **
35#endif
36
4781064b
JM
37#if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data)
38#define OPENSSL_SUPPORTS_CTX_APP_DATA
39#endif
40
a875087d
JL
41#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
42#ifdef SSL_OP_NO_TICKET
43/*
44 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on
45 * 2008-11-15. This version uses a bit different API compared to the old patch.
46 */
47#define CONFIG_OPENSSL_TICKET_OVERRIDE
48#endif
49#endif
50
4781064b
JM
51#ifdef SSL_set_tlsext_status_type
52#ifndef OPENSSL_NO_TLSEXT
53#define HAVE_OCSP
54#include <openssl/ocsp.h>
55#endif /* OPENSSL_NO_TLSEXT */
56#endif /* SSL_set_tlsext_status_type */
57
58#ifdef ANDROID
59#include <openssl/pem.h>
60#include <keystore/keystore_get.h>
61
62static BIO * BIO_from_keystore(const char *key)
63{
64 BIO *bio = NULL;
65 uint8_t *value = NULL;
66 int length = keystore_get(key, strlen(key), &value);
67 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL)
68 BIO_write(bio, value, length);
69 free(value);
70 return bio;
71}
72#endif /* ANDROID */
73
ebfa2275
SZ
74static int tls_openssl_ref_count = 0;
75
4781064b
JM
76struct tls_context {
77 void (*event_cb)(void *ctx, enum tls_event ev,
78 union tls_event_data *data);
79 void *cb_ctx;
80 int cert_in_cb;
81 char *ocsp_stapling_response;
82};
83
84static struct tls_context *tls_global = NULL;
85
86
ebfa2275 87struct tls_connection {
4781064b 88 struct tls_context *context;
ebfa2275
SZ
89 SSL *ssl;
90 BIO *ssl_in, *ssl_out;
91#ifndef OPENSSL_NO_ENGINE
92 ENGINE *engine; /* functional reference to the engine */
93 EVP_PKEY *private_key; /* the private key if using engine */
94#endif /* OPENSSL_NO_ENGINE */
4781064b 95 char *subject_match, *altsubject_match, *suffix_match;
ebfa2275
SZ
96 int read_alerts, write_alerts, failed;
97
a875087d
JL
98 tls_session_ticket_cb session_ticket_cb;
99 void *session_ticket_cb_ctx;
100
101 /* SessionTicket received from OpenSSL hello_extension_cb (server) */
102 u8 *session_ticket;
103 size_t session_ticket_len;
4781064b
JM
104
105 unsigned int ca_cert_verify:1;
106 unsigned int cert_probe:1;
107 unsigned int server_cert_only:1;
108 unsigned int server:1;
109
110 u8 srv_cert_hash[32];
111
112 unsigned int flags;
113
114 X509 *peer_cert;
115 X509 *peer_issuer;
116 X509 *peer_issuer_issuer;
ebfa2275
SZ
117};
118
119
4781064b
JM
120static struct tls_context * tls_context_new(const struct tls_config *conf)
121{
122 struct tls_context *context = os_zalloc(sizeof(*context));
123 if (context == NULL)
124 return NULL;
125 if (conf) {
126 context->event_cb = conf->event_cb;
127 context->cb_ctx = conf->cb_ctx;
128 context->cert_in_cb = conf->cert_in_cb;
129 }
130 return context;
131}
132
133
ebfa2275
SZ
134#ifdef CONFIG_NO_STDOUT_DEBUG
135
136static void _tls_show_errors(void)
137{
138 unsigned long err;
139
140 while ((err = ERR_get_error())) {
141 /* Just ignore the errors, since stdout is disabled */
142 }
143}
144#define tls_show_errors(l, f, t) _tls_show_errors()
145
146#else /* CONFIG_NO_STDOUT_DEBUG */
147
148static void tls_show_errors(int level, const char *func, const char *txt)
149{
150 unsigned long err;
151
152 wpa_printf(level, "OpenSSL: %s - %s %s",
153 func, txt, ERR_error_string(ERR_get_error(), NULL));
154
155 while ((err = ERR_get_error())) {
156 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
157 ERR_error_string(err, NULL));
158 }
159}
160
161#endif /* CONFIG_NO_STDOUT_DEBUG */
162
163
164#ifdef CONFIG_NATIVE_WINDOWS
165
166/* Windows CryptoAPI and access to certificate stores */
167#include <wincrypt.h>
168
169#ifdef __MINGW32_VERSION
170/*
171 * MinGW does not yet include all the needed definitions for CryptoAPI, so
172 * define here whatever extra is needed.
173 */
ebfa2275
SZ
174#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
175#define CERT_STORE_READONLY_FLAG 0x00008000
176#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
ebfa2275
SZ
177
178#endif /* __MINGW32_VERSION */
179
180
181struct cryptoapi_rsa_data {
182 const CERT_CONTEXT *cert;
183 HCRYPTPROV crypt_prov;
184 DWORD key_spec;
185 BOOL free_crypt_prov;
186};
187
188
189static void cryptoapi_error(const char *msg)
190{
191 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u",
192 msg, (unsigned int) GetLastError());
193}
194
195
196static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from,
197 unsigned char *to, RSA *rsa, int padding)
198{
199 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
200 return 0;
201}
202
203
204static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from,
205 unsigned char *to, RSA *rsa, int padding)
206{
207 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
208 return 0;
209}
210
211
212static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
213 unsigned char *to, RSA *rsa, int padding)
214{
215 struct cryptoapi_rsa_data *priv =
216 (struct cryptoapi_rsa_data *) rsa->meth->app_data;
217 HCRYPTHASH hash;
218 DWORD hash_size, len, i;
219 unsigned char *buf = NULL;
220 int ret = 0;
221
222 if (priv == NULL) {
223 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
224 ERR_R_PASSED_NULL_PARAMETER);
225 return 0;
226 }
227
228 if (padding != RSA_PKCS1_PADDING) {
229 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
230 RSA_R_UNKNOWN_PADDING_TYPE);
231 return 0;
232 }
233
234 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
235 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
236 __func__);
237 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
238 RSA_R_INVALID_MESSAGE_LENGTH);
239 return 0;
240 }
241
242 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
243 {
244 cryptoapi_error("CryptCreateHash failed");
245 return 0;
246 }
247
248 len = sizeof(hash_size);
249 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len,
250 0)) {
251 cryptoapi_error("CryptGetHashParam failed");
252 goto err;
253 }
254
255 if ((int) hash_size != flen) {
256 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)",
257 (unsigned) hash_size, flen);
258 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
259 RSA_R_INVALID_MESSAGE_LENGTH);
260 goto err;
261 }
262 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) {
263 cryptoapi_error("CryptSetHashParam failed");
264 goto err;
265 }
266
267 len = RSA_size(rsa);
268 buf = os_malloc(len);
269 if (buf == NULL) {
270 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
271 goto err;
272 }
273
274 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
275 cryptoapi_error("CryptSignHash failed");
276 goto err;
277 }
278
279 for (i = 0; i < len; i++)
280 to[i] = buf[len - i - 1];
281 ret = len;
282
283err:
284 os_free(buf);
285 CryptDestroyHash(hash);
286
287 return ret;
288}
289
290
291static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from,
292 unsigned char *to, RSA *rsa, int padding)
293{
294 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
295 return 0;
296}
297
298
299static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv)
300{
301 if (priv == NULL)
302 return;
303 if (priv->crypt_prov && priv->free_crypt_prov)
304 CryptReleaseContext(priv->crypt_prov, 0);
305 if (priv->cert)
306 CertFreeCertificateContext(priv->cert);
307 os_free(priv);
308}
309
310
311static int cryptoapi_finish(RSA *rsa)
312{
313 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
314 os_free((void *) rsa->meth);
315 rsa->meth = NULL;
316 return 1;
317}
318
319
320static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store)
321{
322 HCERTSTORE cs;
323 const CERT_CONTEXT *ret = NULL;
324
325 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0,
326 store | CERT_STORE_OPEN_EXISTING_FLAG |
327 CERT_STORE_READONLY_FLAG, L"MY");
328 if (cs == NULL) {
329 cryptoapi_error("Failed to open 'My system store'");
330 return NULL;
331 }
332
333 if (strncmp(name, "cert://", 7) == 0) {
334 unsigned short wbuf[255];
335 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
336 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING |
337 PKCS_7_ASN_ENCODING,
338 0, CERT_FIND_SUBJECT_STR,
339 wbuf, NULL);
340 } else if (strncmp(name, "hash://", 7) == 0) {
341 CRYPT_HASH_BLOB blob;
342 int len;
343 const char *hash = name + 7;
344 unsigned char *buf;
345
346 len = os_strlen(hash) / 2;
347 buf = os_malloc(len);
348 if (buf && hexstr2bin(hash, buf, len) == 0) {
349 blob.cbData = len;
350 blob.pbData = buf;
351 ret = CertFindCertificateInStore(cs,
352 X509_ASN_ENCODING |
353 PKCS_7_ASN_ENCODING,
354 0, CERT_FIND_HASH,
355 &blob, NULL);
356 }
357 os_free(buf);
358 }
359
360 CertCloseStore(cs, 0);
361
362 return ret;
363}
364
365
366static int tls_cryptoapi_cert(SSL *ssl, const char *name)
367{
368 X509 *cert = NULL;
369 RSA *rsa = NULL, *pub_rsa;
370 struct cryptoapi_rsa_data *priv;
371 RSA_METHOD *rsa_meth;
372
373 if (name == NULL ||
374 (strncmp(name, "cert://", 7) != 0 &&
375 strncmp(name, "hash://", 7) != 0))
376 return -1;
377
378 priv = os_zalloc(sizeof(*priv));
379 rsa_meth = os_zalloc(sizeof(*rsa_meth));
380 if (priv == NULL || rsa_meth == NULL) {
381 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory "
382 "for CryptoAPI RSA method");
383 os_free(priv);
384 os_free(rsa_meth);
385 return -1;
386 }
387
388 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
389 if (priv->cert == NULL) {
390 priv->cert = cryptoapi_find_cert(
391 name, CERT_SYSTEM_STORE_LOCAL_MACHINE);
392 }
393 if (priv->cert == NULL) {
394 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate "
395 "'%s'", name);
396 goto err;
397 }
398
399 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
400 priv->cert->cbCertEncoded);
401 if (cert == NULL) {
402 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
403 "encoding");
404 goto err;
405 }
406
ebfa2275
SZ
407 if (!CryptAcquireCertificatePrivateKey(priv->cert,
408 CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
409 NULL, &priv->crypt_prov,
410 &priv->key_spec,
411 &priv->free_crypt_prov)) {
412 cryptoapi_error("Failed to acquire a private key for the "
413 "certificate");
414 goto err;
415 }
416
417 rsa_meth->name = "Microsoft CryptoAPI RSA Method";
418 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
419 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
420 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
421 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
422 rsa_meth->finish = cryptoapi_finish;
423 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
424 rsa_meth->app_data = (char *) priv;
425
426 rsa = RSA_new();
427 if (rsa == NULL) {
428 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,
429 ERR_R_MALLOC_FAILURE);
430 goto err;
431 }
432
433 if (!SSL_use_certificate(ssl, cert)) {
434 RSA_free(rsa);
435 rsa = NULL;
436 goto err;
437 }
438 pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
439 X509_free(cert);
440 cert = NULL;
441
442 rsa->n = BN_dup(pub_rsa->n);
443 rsa->e = BN_dup(pub_rsa->e);
444 if (!RSA_set_method(rsa, rsa_meth))
445 goto err;
446
447 if (!SSL_use_RSAPrivateKey(ssl, rsa))
448 goto err;
449 RSA_free(rsa);
450
451 return 0;
452
453err:
454 if (cert)
455 X509_free(cert);
456 if (rsa)
457 RSA_free(rsa);
458 else {
459 os_free(rsa_meth);
460 cryptoapi_free_data(priv);
461 }
462 return -1;
463}
464
465
466static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
467{
468 HCERTSTORE cs;
469 PCCERT_CONTEXT ctx = NULL;
470 X509 *cert;
471 char buf[128];
472 const char *store;
473#ifdef UNICODE
474 WCHAR *wstore;
475#endif /* UNICODE */
476
ebfa2275
SZ
477 if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
478 return -1;
479
480 store = name + 13;
481#ifdef UNICODE
482 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR));
483 if (wstore == NULL)
484 return -1;
485 wsprintf(wstore, L"%S", store);
486 cs = CertOpenSystemStore(0, wstore);
487 os_free(wstore);
488#else /* UNICODE */
489 cs = CertOpenSystemStore(0, store);
490#endif /* UNICODE */
491 if (cs == NULL) {
492 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
493 "'%s': error=%d", __func__, store,
494 (int) GetLastError());
495 return -1;
496 }
497
498 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
499 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
500 ctx->cbCertEncoded);
501 if (cert == NULL) {
502 wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
503 "X509 DER encoding for CA cert");
504 continue;
505 }
506
507 X509_NAME_oneline(X509_get_subject_name(cert), buf,
508 sizeof(buf));
509 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for "
510 "system certificate store: subject='%s'", buf);
511
512 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
513 tls_show_errors(MSG_WARNING, __func__,
514 "Failed to add ca_cert to OpenSSL "
515 "certificate store");
516 }
517
518 X509_free(cert);
519 }
520
521 if (!CertCloseStore(cs, 0)) {
522 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
523 "'%s': error=%d", __func__, name + 13,
524 (int) GetLastError());
525 }
526
527 return 0;
528}
529
530
531#else /* CONFIG_NATIVE_WINDOWS */
532
533static int tls_cryptoapi_cert(SSL *ssl, const char *name)
534{
535 return -1;
536}
537
538#endif /* CONFIG_NATIVE_WINDOWS */
539
540
541static void ssl_info_cb(const SSL *ssl, int where, int ret)
542{
543 const char *str;
544 int w;
545
546 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
547 w = where & ~SSL_ST_MASK;
548 if (w & SSL_ST_CONNECT)
549 str = "SSL_connect";
550 else if (w & SSL_ST_ACCEPT)
551 str = "SSL_accept";
552 else
553 str = "undefined";
554
555 if (where & SSL_CB_LOOP) {
556 wpa_printf(MSG_DEBUG, "SSL: %s:%s",
557 str, SSL_state_string_long(ssl));
558 } else if (where & SSL_CB_ALERT) {
4781064b 559 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
ebfa2275
SZ
560 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
561 where & SSL_CB_READ ?
562 "read (remote end reported an error)" :
563 "write (local SSL3 detected an error)",
564 SSL_alert_type_string_long(ret),
565 SSL_alert_desc_string_long(ret));
566 if ((ret >> 8) == SSL3_AL_FATAL) {
ebfa2275
SZ
567 if (where & SSL_CB_READ)
568 conn->read_alerts++;
569 else
570 conn->write_alerts++;
571 }
4781064b
JM
572 if (conn->context->event_cb != NULL) {
573 union tls_event_data ev;
574 struct tls_context *context = conn->context;
575 os_memset(&ev, 0, sizeof(ev));
576 ev.alert.is_local = !(where & SSL_CB_READ);
577 ev.alert.type = SSL_alert_type_string_long(ret);
578 ev.alert.description = SSL_alert_desc_string_long(ret);
579 context->event_cb(context->cb_ctx, TLS_ALERT, &ev);
580 }
ebfa2275
SZ
581 } else if (where & SSL_CB_EXIT && ret <= 0) {
582 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
583 str, ret == 0 ? "failed" : "error",
584 SSL_state_string_long(ssl));
585 }
586}
587
588
589#ifndef OPENSSL_NO_ENGINE
590/**
591 * tls_engine_load_dynamic_generic - load any openssl engine
592 * @pre: an array of commands and values that load an engine initialized
593 * in the engine specific function
594 * @post: an array of commands and values that initialize an already loaded
595 * engine (or %NULL if not required)
596 * @id: the engine id of the engine to load (only required if post is not %NULL
597 *
598 * This function is a generic function that loads any openssl engine.
599 *
600 * Returns: 0 on success, -1 on failure
601 */
602static int tls_engine_load_dynamic_generic(const char *pre[],
603 const char *post[], const char *id)
604{
605 ENGINE *engine;
606 const char *dynamic_id = "dynamic";
607
608 engine = ENGINE_by_id(id);
609 if (engine) {
610 ENGINE_free(engine);
611 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
612 "available", id);
613 return 0;
614 }
615 ERR_clear_error();
616
617 engine = ENGINE_by_id(dynamic_id);
618 if (engine == NULL) {
619 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
620 dynamic_id,
621 ERR_error_string(ERR_get_error(), NULL));
622 return -1;
623 }
624
625 /* Perform the pre commands. This will load the engine. */
626 while (pre && pre[0]) {
627 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
628 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
629 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
630 "%s %s [%s]", pre[0], pre[1],
631 ERR_error_string(ERR_get_error(), NULL));
632 ENGINE_free(engine);
633 return -1;
634 }
635 pre += 2;
636 }
637
638 /*
639 * Free the reference to the "dynamic" engine. The loaded engine can
640 * now be looked up using ENGINE_by_id().
641 */
642 ENGINE_free(engine);
643
644 engine = ENGINE_by_id(id);
645 if (engine == NULL) {
646 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
647 id, ERR_error_string(ERR_get_error(), NULL));
648 return -1;
649 }
650
651 while (post && post[0]) {
652 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
653 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
654 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
655 " %s %s [%s]", post[0], post[1],
656 ERR_error_string(ERR_get_error(), NULL));
657 ENGINE_remove(engine);
658 ENGINE_free(engine);
659 return -1;
660 }
661 post += 2;
662 }
663 ENGINE_free(engine);
664
665 return 0;
666}
667
668
669/**
670 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
671 * @pkcs11_so_path: pksc11_so_path from the configuration
672 * @pcks11_module_path: pkcs11_module_path from the configuration
673 */
674static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
675 const char *pkcs11_module_path)
676{
677 char *engine_id = "pkcs11";
678 const char *pre_cmd[] = {
679 "SO_PATH", NULL /* pkcs11_so_path */,
680 "ID", NULL /* engine_id */,
681 "LIST_ADD", "1",
682 /* "NO_VCHECK", "1", */
683 "LOAD", NULL,
684 NULL, NULL
685 };
686 const char *post_cmd[] = {
687 "MODULE_PATH", NULL /* pkcs11_module_path */,
688 NULL, NULL
689 };
690
691 if (!pkcs11_so_path || !pkcs11_module_path)
692 return 0;
693
694 pre_cmd[1] = pkcs11_so_path;
695 pre_cmd[3] = engine_id;
696 post_cmd[1] = pkcs11_module_path;
697
698 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
699 pkcs11_so_path);
700
701 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id);
702}
703
704
705/**
706 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
707 * @opensc_so_path: opensc_so_path from the configuration
708 */
709static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
710{
711 char *engine_id = "opensc";
712 const char *pre_cmd[] = {
713 "SO_PATH", NULL /* opensc_so_path */,
714 "ID", NULL /* engine_id */,
715 "LIST_ADD", "1",
716 "LOAD", NULL,
717 NULL, NULL
718 };
719
720 if (!opensc_so_path)
721 return 0;
722
723 pre_cmd[1] = opensc_so_path;
724 pre_cmd[3] = engine_id;
725
726 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s",
727 opensc_so_path);
728
729 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id);
730}
731#endif /* OPENSSL_NO_ENGINE */
732
733
734void * tls_init(const struct tls_config *conf)
735{
736 SSL_CTX *ssl;
4781064b 737 struct tls_context *context;
ebfa2275
SZ
738
739 if (tls_openssl_ref_count == 0) {
4781064b
JM
740 tls_global = context = tls_context_new(conf);
741 if (context == NULL)
742 return NULL;
743#ifdef CONFIG_FIPS
744#ifdef OPENSSL_FIPS
745 if (conf && conf->fips_mode) {
746 if (!FIPS_mode_set(1)) {
747 wpa_printf(MSG_ERROR, "Failed to enable FIPS "
748 "mode");
749 ERR_load_crypto_strings();
750 ERR_print_errors_fp(stderr);
751 os_free(tls_global);
752 tls_global = NULL;
753 return NULL;
754 } else
755 wpa_printf(MSG_INFO, "Running in FIPS mode");
756 }
757#else /* OPENSSL_FIPS */
758 if (conf && conf->fips_mode) {
759 wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
760 "supported");
761 os_free(tls_global);
762 tls_global = NULL;
763 return NULL;
764 }
765#endif /* OPENSSL_FIPS */
766#endif /* CONFIG_FIPS */
ebfa2275
SZ
767 SSL_load_error_strings();
768 SSL_library_init();
4781064b 769#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
a875087d
JL
770 EVP_add_digest(EVP_sha256());
771#endif /* OPENSSL_NO_SHA256 */
ebfa2275
SZ
772 /* TODO: if /dev/urandom is available, PRNG is seeded
773 * automatically. If this is not the case, random data should
774 * be added here. */
775
776#ifdef PKCS12_FUNCS
a875087d
JL
777#ifndef OPENSSL_NO_RC2
778 /*
779 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
780 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
781 * versions, but it looks like OpenSSL 1.0.0 does not do that
782 * anymore.
783 */
784 EVP_add_cipher(EVP_rc2_40_cbc());
785#endif /* OPENSSL_NO_RC2 */
ebfa2275
SZ
786 PKCS12_PBE_add();
787#endif /* PKCS12_FUNCS */
4781064b
JM
788 } else {
789 context = tls_global;
790#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
791 /* Newer OpenSSL can store app-data per-SSL */
792 context = tls_context_new(conf);
793 if (context == NULL)
794 return NULL;
795#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
ebfa2275
SZ
796 }
797 tls_openssl_ref_count++;
798
799 ssl = SSL_CTX_new(TLSv1_method());
4781064b
JM
800 if (ssl == NULL) {
801 tls_openssl_ref_count--;
802#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
803 if (context != tls_global)
804 os_free(context);
805#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
806 if (tls_openssl_ref_count == 0) {
807 os_free(tls_global);
808 tls_global = NULL;
809 }
ebfa2275 810 return NULL;
4781064b 811 }
ebfa2275
SZ
812
813 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
4781064b
JM
814#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
815 SSL_CTX_set_app_data(ssl, context);
816#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
ebfa2275
SZ
817
818#ifndef OPENSSL_NO_ENGINE
819 if (conf &&
820 (conf->opensc_engine_path || conf->pkcs11_engine_path ||
821 conf->pkcs11_module_path)) {
822 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
823 ERR_load_ENGINE_strings();
824 ENGINE_load_dynamic();
825
826 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
827 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
828 conf->pkcs11_module_path)) {
829 tls_deinit(ssl);
830 return NULL;
831 }
832 }
833#endif /* OPENSSL_NO_ENGINE */
834
835 return ssl;
836}
837
838
839void tls_deinit(void *ssl_ctx)
840{
841 SSL_CTX *ssl = ssl_ctx;
4781064b
JM
842#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
843 struct tls_context *context = SSL_CTX_get_app_data(ssl);
844 if (context != tls_global)
845 os_free(context);
846#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
ebfa2275
SZ
847 SSL_CTX_free(ssl);
848
849 tls_openssl_ref_count--;
850 if (tls_openssl_ref_count == 0) {
851#ifndef OPENSSL_NO_ENGINE
852 ENGINE_cleanup();
853#endif /* OPENSSL_NO_ENGINE */
a875087d
JL
854 CRYPTO_cleanup_all_ex_data();
855 ERR_remove_state(0);
ebfa2275
SZ
856 ERR_free_strings();
857 EVP_cleanup();
4781064b
JM
858 os_free(tls_global->ocsp_stapling_response);
859 tls_global->ocsp_stapling_response = NULL;
860 os_free(tls_global);
861 tls_global = NULL;
ebfa2275
SZ
862 }
863}
864
865
866static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
a875087d
JL
867 const char *pin, const char *key_id,
868 const char *cert_id, const char *ca_cert_id)
ebfa2275
SZ
869{
870#ifndef OPENSSL_NO_ENGINE
871 int ret = -1;
872 if (engine_id == NULL) {
873 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
874 return -1;
875 }
4781064b 876#ifndef ANDROID
ebfa2275
SZ
877 if (pin == NULL) {
878 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
879 return -1;
880 }
4781064b 881#endif
ebfa2275
SZ
882 if (key_id == NULL) {
883 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set");
884 return -1;
885 }
886
887 ERR_clear_error();
4781064b
JM
888#ifdef ANDROID
889 ENGINE_load_dynamic();
890#endif
ebfa2275
SZ
891 conn->engine = ENGINE_by_id(engine_id);
892 if (!conn->engine) {
893 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
894 engine_id, ERR_error_string(ERR_get_error(), NULL));
895 goto err;
896 }
897 if (ENGINE_init(conn->engine) != 1) {
898 wpa_printf(MSG_ERROR, "ENGINE: engine init failed "
899 "(engine: %s) [%s]", engine_id,
900 ERR_error_string(ERR_get_error(), NULL));
901 goto err;
902 }
903 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
904
4781064b 905#ifndef ANDROID
ebfa2275
SZ
906 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
907 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
908 ERR_error_string(ERR_get_error(), NULL));
909 goto err;
910 }
4781064b 911#endif
a875087d 912 /* load private key first in-case PIN is required for cert */
ebfa2275
SZ
913 conn->private_key = ENGINE_load_private_key(conn->engine,
914 key_id, NULL, NULL);
915 if (!conn->private_key) {
916 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id"
917 " '%s' [%s]", key_id,
918 ERR_error_string(ERR_get_error(), NULL));
919 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
920 goto err;
921 }
a875087d
JL
922
923 /* handle a certificate and/or CA certificate */
924 if (cert_id || ca_cert_id) {
925 const char *cmd_name = "LOAD_CERT_CTRL";
926
927 /* test if the engine supports a LOAD_CERT_CTRL */
928 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
929 0, (void *)cmd_name, NULL)) {
930 wpa_printf(MSG_ERROR, "ENGINE: engine does not support"
931 " loading certificates");
932 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
933 goto err;
934 }
935 }
936
ebfa2275
SZ
937 return 0;
938
939err:
940 if (conn->engine) {
941 ENGINE_free(conn->engine);
942 conn->engine = NULL;
943 }
944
945 if (conn->private_key) {
946 EVP_PKEY_free(conn->private_key);
947 conn->private_key = NULL;
948 }
949
950 return ret;
951#else /* OPENSSL_NO_ENGINE */
952 return 0;
953#endif /* OPENSSL_NO_ENGINE */
954}
955
956
957static void tls_engine_deinit(struct tls_connection *conn)
958{
959#ifndef OPENSSL_NO_ENGINE
960 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit");
961 if (conn->private_key) {
962 EVP_PKEY_free(conn->private_key);
963 conn->private_key = NULL;
964 }
965 if (conn->engine) {
966 ENGINE_finish(conn->engine);
967 conn->engine = NULL;
968 }
969#endif /* OPENSSL_NO_ENGINE */
970}
971
972
973int tls_get_errors(void *ssl_ctx)
974{
975 int count = 0;
976 unsigned long err;
977
978 while ((err = ERR_get_error())) {
979 wpa_printf(MSG_INFO, "TLS - SSL error: %s",
980 ERR_error_string(err, NULL));
981 count++;
982 }
983
984 return count;
985}
986
987struct tls_connection * tls_connection_init(void *ssl_ctx)
988{
989 SSL_CTX *ssl = ssl_ctx;
990 struct tls_connection *conn;
a875087d 991 long options;
4781064b
JM
992 struct tls_context *context = tls_global;
993#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
994 context = SSL_CTX_get_app_data(ssl);
995#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
ebfa2275
SZ
996
997 conn = os_zalloc(sizeof(*conn));
998 if (conn == NULL)
999 return NULL;
1000 conn->ssl = SSL_new(ssl);
1001 if (conn->ssl == NULL) {
1002 tls_show_errors(MSG_INFO, __func__,
1003 "Failed to initialize new SSL connection");
1004 os_free(conn);
1005 return NULL;
1006 }
1007
4781064b 1008 conn->context = context;
ebfa2275 1009 SSL_set_app_data(conn->ssl, conn);
a875087d
JL
1010 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
1011 SSL_OP_SINGLE_DH_USE;
1012#ifdef SSL_OP_NO_COMPRESSION
1013 options |= SSL_OP_NO_COMPRESSION;
1014#endif /* SSL_OP_NO_COMPRESSION */
1015 SSL_set_options(conn->ssl, options);
ebfa2275
SZ
1016
1017 conn->ssl_in = BIO_new(BIO_s_mem());
1018 if (!conn->ssl_in) {
1019 tls_show_errors(MSG_INFO, __func__,
1020 "Failed to create a new BIO for ssl_in");
1021 SSL_free(conn->ssl);
1022 os_free(conn);
1023 return NULL;
1024 }
1025
1026 conn->ssl_out = BIO_new(BIO_s_mem());
1027 if (!conn->ssl_out) {
1028 tls_show_errors(MSG_INFO, __func__,
1029 "Failed to create a new BIO for ssl_out");
1030 SSL_free(conn->ssl);
1031 BIO_free(conn->ssl_in);
1032 os_free(conn);
1033 return NULL;
1034 }
1035
1036 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1037
1038 return conn;
1039}
1040
1041
1042void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
1043{
1044 if (conn == NULL)
1045 return;
ebfa2275
SZ
1046 SSL_free(conn->ssl);
1047 tls_engine_deinit(conn);
1048 os_free(conn->subject_match);
1049 os_free(conn->altsubject_match);
4781064b 1050 os_free(conn->suffix_match);
a875087d 1051 os_free(conn->session_ticket);
ebfa2275
SZ
1052 os_free(conn);
1053}
1054
1055
1056int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
1057{
1058 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1059}
1060
1061
1062int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
1063{
1064 if (conn == NULL)
1065 return -1;
1066
1067 /* Shutdown previous TLS connection without notifying the peer
1068 * because the connection was already terminated in practice
1069 * and "close notify" shutdown alert would confuse AS. */
1070 SSL_set_quiet_shutdown(conn->ssl, 1);
1071 SSL_shutdown(conn->ssl);
1072 return 0;
1073}
1074
1075
1076static int tls_match_altsubject_component(X509 *cert, int type,
1077 const char *value, size_t len)
1078{
1079 GENERAL_NAME *gen;
1080 void *ext;
1081 int i, found = 0;
1082
1083 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1084
1085 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1086 gen = sk_GENERAL_NAME_value(ext, i);
1087 if (gen->type != type)
1088 continue;
1089 if (os_strlen((char *) gen->d.ia5->data) == len &&
1090 os_memcmp(value, gen->d.ia5->data, len) == 0)
1091 found++;
1092 }
1093
1094 return found;
1095}
1096
1097
1098static int tls_match_altsubject(X509 *cert, const char *match)
1099{
1100 int type;
1101 const char *pos, *end;
1102 size_t len;
1103
1104 pos = match;
1105 do {
1106 if (os_strncmp(pos, "EMAIL:", 6) == 0) {
1107 type = GEN_EMAIL;
1108 pos += 6;
1109 } else if (os_strncmp(pos, "DNS:", 4) == 0) {
1110 type = GEN_DNS;
1111 pos += 4;
1112 } else if (os_strncmp(pos, "URI:", 4) == 0) {
1113 type = GEN_URI;
1114 pos += 4;
1115 } else {
1116 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName "
1117 "match '%s'", pos);
1118 return 0;
1119 }
1120 end = os_strchr(pos, ';');
1121 while (end) {
1122 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 ||
1123 os_strncmp(end + 1, "DNS:", 4) == 0 ||
1124 os_strncmp(end + 1, "URI:", 4) == 0)
1125 break;
1126 end = os_strchr(end + 1, ';');
1127 }
1128 if (end)
1129 len = end - pos;
1130 else
1131 len = os_strlen(pos);
1132 if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1133 return 1;
1134 pos = end + 1;
1135 } while (end);
1136
1137 return 0;
1138}
1139
1140
4781064b
JM
1141#ifndef CONFIG_NATIVE_WINDOWS
1142static int domain_suffix_match(const u8 *val, size_t len, const char *match)
1143{
1144 size_t i, match_len;
1145
1146 /* Check for embedded nuls that could mess up suffix matching */
1147 for (i = 0; i < len; i++) {
1148 if (val[i] == '\0') {
1149 wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject");
1150 return 0;
1151 }
1152 }
1153
1154 match_len = os_strlen(match);
1155 if (match_len > len)
1156 return 0;
1157
1158 if (os_strncasecmp((const char *) val + len - match_len, match,
1159 match_len) != 0)
1160 return 0; /* no match */
1161
1162 if (match_len == len)
1163 return 1; /* exact match */
1164
1165 if (val[len - match_len - 1] == '.')
1166 return 1; /* full label match completes suffix match */
1167
1168 wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match");
1169 return 0;
1170}
1171#endif /* CONFIG_NATIVE_WINDOWS */
1172
1173
1174static int tls_match_suffix(X509 *cert, const char *match)
1175{
1176#ifdef CONFIG_NATIVE_WINDOWS
1177 /* wincrypt.h has conflicting X509_NAME definition */
1178 return -1;
1179#else /* CONFIG_NATIVE_WINDOWS */
1180 GENERAL_NAME *gen;
1181 void *ext;
1182 int i;
1183 int dns_name = 0;
1184 X509_NAME *name;
1185
1186 wpa_printf(MSG_DEBUG, "TLS: Match domain against suffix %s", match);
1187
1188 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1189
1190 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1191 gen = sk_GENERAL_NAME_value(ext, i);
1192 if (gen->type != GEN_DNS)
1193 continue;
1194 dns_name++;
1195 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
1196 gen->d.dNSName->data,
1197 gen->d.dNSName->length);
1198 if (domain_suffix_match(gen->d.dNSName->data,
1199 gen->d.dNSName->length, match) == 1) {
1200 wpa_printf(MSG_DEBUG, "TLS: Suffix match in dNSName found");
1201 return 1;
1202 }
1203 }
1204
1205 if (dns_name) {
1206 wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched");
1207 return 0;
1208 }
1209
1210 name = X509_get_subject_name(cert);
1211 i = -1;
1212 for (;;) {
1213 X509_NAME_ENTRY *e;
1214 ASN1_STRING *cn;
1215
1216 i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
1217 if (i == -1)
1218 break;
1219 e = X509_NAME_get_entry(name, i);
1220 if (e == NULL)
1221 continue;
1222 cn = X509_NAME_ENTRY_get_data(e);
1223 if (cn == NULL)
1224 continue;
1225 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName",
1226 cn->data, cn->length);
1227 if (domain_suffix_match(cn->data, cn->length, match) == 1) {
1228 wpa_printf(MSG_DEBUG, "TLS: Suffix match in commonName found");
1229 return 1;
1230 }
1231 }
1232
1233 wpa_printf(MSG_DEBUG, "TLS: No CommonName suffix match found");
1234 return 0;
1235#endif /* CONFIG_NATIVE_WINDOWS */
1236}
1237
1238
1239static enum tls_fail_reason openssl_tls_fail_reason(int err)
1240{
1241 switch (err) {
1242 case X509_V_ERR_CERT_REVOKED:
1243 return TLS_FAIL_REVOKED;
1244 case X509_V_ERR_CERT_NOT_YET_VALID:
1245 case X509_V_ERR_CRL_NOT_YET_VALID:
1246 return TLS_FAIL_NOT_YET_VALID;
1247 case X509_V_ERR_CERT_HAS_EXPIRED:
1248 case X509_V_ERR_CRL_HAS_EXPIRED:
1249 return TLS_FAIL_EXPIRED;
1250 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1251 case X509_V_ERR_UNABLE_TO_GET_CRL:
1252 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1253 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1254 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1255 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1256 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1257 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1258 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1259 case X509_V_ERR_INVALID_CA:
1260 return TLS_FAIL_UNTRUSTED;
1261 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1262 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1263 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1264 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1265 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1266 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1267 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1268 case X509_V_ERR_CERT_UNTRUSTED:
1269 case X509_V_ERR_CERT_REJECTED:
1270 return TLS_FAIL_BAD_CERTIFICATE;
1271 default:
1272 return TLS_FAIL_UNSPECIFIED;
1273 }
1274}
1275
1276
1277static struct wpabuf * get_x509_cert(X509 *cert)
1278{
1279 struct wpabuf *buf;
1280 u8 *tmp;
1281
1282 int cert_len = i2d_X509(cert, NULL);
1283 if (cert_len <= 0)
1284 return NULL;
1285
1286 buf = wpabuf_alloc(cert_len);
1287 if (buf == NULL)
1288 return NULL;
1289
1290 tmp = wpabuf_put(buf, cert_len);
1291 i2d_X509(cert, &tmp);
1292 return buf;
1293}
1294
1295
1296static void openssl_tls_fail_event(struct tls_connection *conn,
1297 X509 *err_cert, int err, int depth,
1298 const char *subject, const char *err_str,
1299 enum tls_fail_reason reason)
1300{
1301 union tls_event_data ev;
1302 struct wpabuf *cert = NULL;
1303 struct tls_context *context = conn->context;
1304
1305 if (context->event_cb == NULL)
1306 return;
1307
1308 cert = get_x509_cert(err_cert);
1309 os_memset(&ev, 0, sizeof(ev));
1310 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ?
1311 reason : openssl_tls_fail_reason(err);
1312 ev.cert_fail.depth = depth;
1313 ev.cert_fail.subject = subject;
1314 ev.cert_fail.reason_txt = err_str;
1315 ev.cert_fail.cert = cert;
1316 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev);
1317 wpabuf_free(cert);
1318}
1319
1320
1321static void openssl_tls_cert_event(struct tls_connection *conn,
1322 X509 *err_cert, int depth,
1323 const char *subject)
1324{
1325 struct wpabuf *cert = NULL;
1326 union tls_event_data ev;
1327 struct tls_context *context = conn->context;
1328#ifdef CONFIG_SHA256
1329 u8 hash[32];
1330#endif /* CONFIG_SHA256 */
1331
1332 if (context->event_cb == NULL)
1333 return;
1334
1335 os_memset(&ev, 0, sizeof(ev));
1336 if (conn->cert_probe || context->cert_in_cb) {
1337 cert = get_x509_cert(err_cert);
1338 ev.peer_cert.cert = cert;
1339 }
1340#ifdef CONFIG_SHA256
1341 if (cert) {
1342 const u8 *addr[1];
1343 size_t len[1];
1344 addr[0] = wpabuf_head(cert);
1345 len[0] = wpabuf_len(cert);
1346 if (sha256_vector(1, addr, len, hash) == 0) {
1347 ev.peer_cert.hash = hash;
1348 ev.peer_cert.hash_len = sizeof(hash);
1349 }
1350 }
1351#endif /* CONFIG_SHA256 */
1352 ev.peer_cert.depth = depth;
1353 ev.peer_cert.subject = subject;
1354 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev);
1355 wpabuf_free(cert);
1356}
1357
1358
ebfa2275
SZ
1359static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
1360{
1361 char buf[256];
1362 X509 *err_cert;
1363 int err, depth;
1364 SSL *ssl;
1365 struct tls_connection *conn;
4781064b
JM
1366 struct tls_context *context;
1367 char *match, *altmatch, *suffix_match;
1368 const char *err_str;
ebfa2275
SZ
1369
1370 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
1371 err = X509_STORE_CTX_get_error(x509_ctx);
1372 depth = X509_STORE_CTX_get_error_depth(x509_ctx);
1373 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1374 SSL_get_ex_data_X509_STORE_CTX_idx());
1375 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
1376
1377 conn = SSL_get_app_data(ssl);
4781064b
JM
1378 if (conn == NULL)
1379 return 0;
ebfa2275 1380
4781064b
JM
1381 if (depth == 0)
1382 conn->peer_cert = err_cert;
1383 else if (depth == 1)
1384 conn->peer_issuer = err_cert;
1385 else if (depth == 2)
1386 conn->peer_issuer_issuer = err_cert;
1387
1388 context = conn->context;
1389 match = conn->subject_match;
1390 altmatch = conn->altsubject_match;
1391 suffix_match = conn->suffix_match;
1392
1393 if (!preverify_ok && !conn->ca_cert_verify)
1394 preverify_ok = 1;
1395 if (!preverify_ok && depth > 0 && conn->server_cert_only)
1396 preverify_ok = 1;
1397 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
1398 (err == X509_V_ERR_CERT_HAS_EXPIRED ||
1399 err == X509_V_ERR_CERT_NOT_YET_VALID)) {
1400 wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity "
1401 "time mismatch");
1402 preverify_ok = 1;
1403 }
1404
1405 err_str = X509_verify_cert_error_string(err);
1406
1407#ifdef CONFIG_SHA256
1408 if (preverify_ok && depth == 0 && conn->server_cert_only) {
1409 struct wpabuf *cert;
1410 cert = get_x509_cert(err_cert);
1411 if (!cert) {
1412 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch "
1413 "server certificate data");
ebfa2275 1414 preverify_ok = 0;
4781064b
JM
1415 } else {
1416 u8 hash[32];
1417 const u8 *addr[1];
1418 size_t len[1];
1419 addr[0] = wpabuf_head(cert);
1420 len[0] = wpabuf_len(cert);
1421 if (sha256_vector(1, addr, len, hash) < 0 ||
1422 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1423 err_str = "Server certificate mismatch";
1424 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
1425 preverify_ok = 0;
1426 }
1427 wpabuf_free(cert);
ebfa2275
SZ
1428 }
1429 }
4781064b
JM
1430#endif /* CONFIG_SHA256 */
1431
1432 if (!preverify_ok) {
1433 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
1434 " error %d (%s) depth %d for '%s'", err, err_str,
1435 depth, buf);
1436 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1437 err_str, TLS_FAIL_UNSPECIFIED);
1438 return preverify_ok;
1439 }
1440
1441 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d "
1442 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'",
1443 preverify_ok, err, err_str,
1444 conn->ca_cert_verify, depth, buf);
1445 if (depth == 0 && match && os_strstr(buf, match) == NULL) {
1446 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
1447 "match with '%s'", buf, match);
1448 preverify_ok = 0;
1449 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1450 "Subject mismatch",
1451 TLS_FAIL_SUBJECT_MISMATCH);
1452 } else if (depth == 0 && altmatch &&
1453 !tls_match_altsubject(err_cert, altmatch)) {
1454 wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
1455 "'%s' not found", altmatch);
1456 preverify_ok = 0;
1457 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1458 "AltSubject mismatch",
1459 TLS_FAIL_ALTSUBJECT_MISMATCH);
1460 } else if (depth == 0 && suffix_match &&
1461 !tls_match_suffix(err_cert, suffix_match)) {
1462 wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found",
1463 suffix_match);
1464 preverify_ok = 0;
1465 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1466 "Domain suffix mismatch",
1467 TLS_FAIL_DOMAIN_SUFFIX_MISMATCH);
1468 } else
1469 openssl_tls_cert_event(conn, err_cert, depth, buf);
1470
1471 if (conn->cert_probe && preverify_ok && depth == 0) {
1472 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
1473 "on probe-only run");
1474 preverify_ok = 0;
1475 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1476 "Server certificate chain probe",
1477 TLS_FAIL_SERVER_CHAIN_PROBE);
1478 }
1479
1480 if (!conn->server && err_cert && preverify_ok && depth == 0 &&
1481 (err_cert->ex_flags & EXFLAG_XKUSAGE) &&
1482 (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
1483 wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
1484 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1485 "Server used client certificate",
1486 TLS_FAIL_SERVER_USED_CLIENT_CERT);
1487 preverify_ok = 0;
1488 }
1489
1490 if (preverify_ok && context->event_cb != NULL)
1491 context->event_cb(context->cb_ctx,
1492 TLS_CERT_CHAIN_SUCCESS, NULL);
ebfa2275
SZ
1493
1494 return preverify_ok;
1495}
1496
1497
1498#ifndef OPENSSL_NO_STDIO
1499static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
1500{
1501 SSL_CTX *ssl_ctx = _ssl_ctx;
1502 X509_LOOKUP *lookup;
1503 int ret = 0;
1504
1505 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store,
1506 X509_LOOKUP_file());
1507 if (lookup == NULL) {
1508 tls_show_errors(MSG_WARNING, __func__,
1509 "Failed add lookup for X509 store");
1510 return -1;
1511 }
1512
1513 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
1514 unsigned long err = ERR_peek_error();
1515 tls_show_errors(MSG_WARNING, __func__,
1516 "Failed load CA in DER format");
1517 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1518 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1519 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1520 "cert already in hash table error",
1521 __func__);
1522 } else
1523 ret = -1;
1524 }
1525
1526 return ret;
1527}
1528#endif /* OPENSSL_NO_STDIO */
1529
1530
1531static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
1532 const char *ca_cert, const u8 *ca_cert_blob,
1533 size_t ca_cert_blob_len, const char *ca_path)
1534{
1535 SSL_CTX *ssl_ctx = _ssl_ctx;
1536
a875087d
JL
1537 /*
1538 * Remove previously configured trusted CA certificates before adding
1539 * new ones.
1540 */
1541 X509_STORE_free(ssl_ctx->cert_store);
1542 ssl_ctx->cert_store = X509_STORE_new();
1543 if (ssl_ctx->cert_store == NULL) {
1544 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
1545 "certificate store", __func__);
1546 return -1;
1547 }
1548
4781064b
JM
1549 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1550 conn->ca_cert_verify = 1;
1551
1552 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) {
1553 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate "
1554 "chain");
1555 conn->cert_probe = 1;
1556 conn->ca_cert_verify = 0;
1557 return 0;
1558 }
1559
1560 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) {
1561#ifdef CONFIG_SHA256
1562 const char *pos = ca_cert + 7;
1563 if (os_strncmp(pos, "server/sha256/", 14) != 0) {
1564 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert "
1565 "hash value '%s'", ca_cert);
1566 return -1;
1567 }
1568 pos += 14;
1569 if (os_strlen(pos) != 32 * 2) {
1570 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 "
1571 "hash length in ca_cert '%s'", ca_cert);
1572 return -1;
1573 }
1574 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
1575 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash "
1576 "value in ca_cert '%s'", ca_cert);
1577 return -1;
1578 }
1579 conn->server_cert_only = 1;
1580 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server "
1581 "certificate match");
1582 return 0;
1583#else /* CONFIG_SHA256 */
1584 wpa_printf(MSG_INFO, "No SHA256 included in the build - "
1585 "cannot validate server certificate hash");
1586 return -1;
1587#endif /* CONFIG_SHA256 */
1588 }
1589
ebfa2275
SZ
1590 if (ca_cert_blob) {
1591 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
1592 ca_cert_blob_len);
1593 if (cert == NULL) {
1594 tls_show_errors(MSG_WARNING, __func__,
1595 "Failed to parse ca_cert_blob");
1596 return -1;
1597 }
1598
1599 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1600 unsigned long err = ERR_peek_error();
1601 tls_show_errors(MSG_WARNING, __func__,
1602 "Failed to add ca_cert_blob to "
1603 "certificate store");
1604 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1605 ERR_GET_REASON(err) ==
1606 X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1607 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1608 "cert already in hash table error",
1609 __func__);
1610 } else {
1611 X509_free(cert);
1612 return -1;
1613 }
1614 }
1615 X509_free(cert);
1616 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
1617 "to certificate store", __func__);
4781064b
JM
1618 return 0;
1619 }
1620
1621#ifdef ANDROID
1622 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) {
1623 BIO *bio = BIO_from_keystore(&ca_cert[11]);
1624 STACK_OF(X509_INFO) *stack = NULL;
1625 int i;
1626
1627 if (bio) {
1628 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
1629 BIO_free(bio);
1630 }
1631 if (!stack)
1632 return -1;
1633
1634 for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
1635 X509_INFO *info = sk_X509_INFO_value(stack, i);
1636 if (info->x509) {
1637 X509_STORE_add_cert(ssl_ctx->cert_store,
1638 info->x509);
1639 }
1640 if (info->crl) {
1641 X509_STORE_add_crl(ssl_ctx->cert_store,
1642 info->crl);
1643 }
1644 }
1645 sk_X509_INFO_pop_free(stack, X509_INFO_free);
ebfa2275
SZ
1646 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1647 return 0;
1648 }
4781064b 1649#endif /* ANDROID */
ebfa2275
SZ
1650
1651#ifdef CONFIG_NATIVE_WINDOWS
1652 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1653 0) {
1654 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from "
1655 "system certificate store");
ebfa2275
SZ
1656 return 0;
1657 }
1658#endif /* CONFIG_NATIVE_WINDOWS */
1659
1660 if (ca_cert || ca_path) {
1661#ifndef OPENSSL_NO_STDIO
1662 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
1663 1) {
1664 tls_show_errors(MSG_WARNING, __func__,
1665 "Failed to load root certificates");
1666 if (ca_cert &&
1667 tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
1668 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
1669 "DER format CA certificate",
1670 __func__);
1671 } else
1672 return -1;
1673 } else {
1674 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1675 "certificate(s) loaded");
1676 tls_get_errors(ssl_ctx);
1677 }
ebfa2275
SZ
1678#else /* OPENSSL_NO_STDIO */
1679 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
1680 __func__);
1681 return -1;
1682#endif /* OPENSSL_NO_STDIO */
1683 } else {
1684 /* No ca_cert configured - do not try to verify server
1685 * certificate */
4781064b 1686 conn->ca_cert_verify = 0;
ebfa2275
SZ
1687 }
1688
1689 return 0;
1690}
1691
1692
1693static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
1694{
1695 if (ca_cert) {
1696 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
1697 {
1698 tls_show_errors(MSG_WARNING, __func__,
1699 "Failed to load root certificates");
1700 return -1;
1701 }
1702
1703 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1704 "certificate(s) loaded");
1705
1706#ifndef OPENSSL_NO_STDIO
1707 /* Add the same CAs to the client certificate requests */
1708 SSL_CTX_set_client_CA_list(ssl_ctx,
1709 SSL_load_client_CA_file(ca_cert));
1710#endif /* OPENSSL_NO_STDIO */
1711 }
1712
1713 return 0;
1714}
1715
1716
1717int tls_global_set_verify(void *ssl_ctx, int check_crl)
1718{
1719 int flags;
1720
1721 if (check_crl) {
1722 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
1723 if (cs == NULL) {
1724 tls_show_errors(MSG_INFO, __func__, "Failed to get "
1725 "certificate store when enabling "
1726 "check_crl");
1727 return -1;
1728 }
1729 flags = X509_V_FLAG_CRL_CHECK;
1730 if (check_crl == 2)
1731 flags |= X509_V_FLAG_CRL_CHECK_ALL;
1732 X509_STORE_set_flags(cs, flags);
1733 }
1734 return 0;
1735}
1736
1737
1738static int tls_connection_set_subject_match(struct tls_connection *conn,
1739 const char *subject_match,
4781064b
JM
1740 const char *altsubject_match,
1741 const char *suffix_match)
ebfa2275
SZ
1742{
1743 os_free(conn->subject_match);
1744 conn->subject_match = NULL;
1745 if (subject_match) {
1746 conn->subject_match = os_strdup(subject_match);
1747 if (conn->subject_match == NULL)
1748 return -1;
1749 }
1750
1751 os_free(conn->altsubject_match);
1752 conn->altsubject_match = NULL;
1753 if (altsubject_match) {
1754 conn->altsubject_match = os_strdup(altsubject_match);
1755 if (conn->altsubject_match == NULL)
1756 return -1;
1757 }
1758
4781064b
JM
1759 os_free(conn->suffix_match);
1760 conn->suffix_match = NULL;
1761 if (suffix_match) {
1762 conn->suffix_match = os_strdup(suffix_match);
1763 if (conn->suffix_match == NULL)
1764 return -1;
1765 }
1766
ebfa2275
SZ
1767 return 0;
1768}
1769
1770
1771int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1772 int verify_peer)
1773{
a875087d
JL
1774 static int counter = 0;
1775
ebfa2275
SZ
1776 if (conn == NULL)
1777 return -1;
1778
1779 if (verify_peer) {
4781064b 1780 conn->ca_cert_verify = 1;
ebfa2275
SZ
1781 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1782 SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
1783 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb);
1784 } else {
4781064b 1785 conn->ca_cert_verify = 0;
ebfa2275
SZ
1786 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1787 }
1788
1789 SSL_set_accept_state(conn->ssl);
1790
a875087d
JL
1791 /*
1792 * Set session id context in order to avoid fatal errors when client
1793 * tries to resume a session. However, set the context to a unique
1794 * value in order to effectively disable session resumption for now
1795 * since not all areas of the server code are ready for it (e.g.,
1796 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS
1797 * handshake).
1798 */
1799 counter++;
1800 SSL_set_session_id_context(conn->ssl,
1801 (const unsigned char *) &counter,
1802 sizeof(counter));
1803
ebfa2275
SZ
1804 return 0;
1805}
1806
1807
1808static int tls_connection_client_cert(struct tls_connection *conn,
1809 const char *client_cert,
1810 const u8 *client_cert_blob,
1811 size_t client_cert_blob_len)
1812{
1813 if (client_cert == NULL && client_cert_blob == NULL)
1814 return 0;
1815
1816 if (client_cert_blob &&
1817 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1818 client_cert_blob_len) == 1) {
1819 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
1820 "OK");
1821 return 0;
1822 } else if (client_cert_blob) {
1823 tls_show_errors(MSG_DEBUG, __func__,
1824 "SSL_use_certificate_ASN1 failed");
1825 }
1826
1827 if (client_cert == NULL)
1828 return -1;
1829
4781064b
JM
1830#ifdef ANDROID
1831 if (os_strncmp("keystore://", client_cert, 11) == 0) {
1832 BIO *bio = BIO_from_keystore(&client_cert[11]);
1833 X509 *x509 = NULL;
1834 int ret = -1;
1835 if (bio) {
1836 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
1837 BIO_free(bio);
1838 }
1839 if (x509) {
1840 if (SSL_use_certificate(conn->ssl, x509) == 1)
1841 ret = 0;
1842 X509_free(x509);
1843 }
1844 return ret;
1845 }
1846#endif /* ANDROID */
1847
ebfa2275
SZ
1848#ifndef OPENSSL_NO_STDIO
1849 if (SSL_use_certificate_file(conn->ssl, client_cert,
1850 SSL_FILETYPE_ASN1) == 1) {
1851 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
1852 " --> OK");
1853 return 0;
ebfa2275
SZ
1854 }
1855
1856 if (SSL_use_certificate_file(conn->ssl, client_cert,
1857 SSL_FILETYPE_PEM) == 1) {
4781064b 1858 ERR_clear_error();
ebfa2275
SZ
1859 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
1860 " --> OK");
1861 return 0;
ebfa2275 1862 }
4781064b
JM
1863
1864 tls_show_errors(MSG_DEBUG, __func__,
1865 "SSL_use_certificate_file failed");
ebfa2275
SZ
1866#else /* OPENSSL_NO_STDIO */
1867 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
1868#endif /* OPENSSL_NO_STDIO */
1869
1870 return -1;
1871}
1872
1873
1874static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
1875{
1876#ifndef OPENSSL_NO_STDIO
1877 if (client_cert == NULL)
1878 return 0;
1879
1880 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1881 SSL_FILETYPE_ASN1) != 1 &&
4781064b 1882 SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
ebfa2275
SZ
1883 SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1884 SSL_FILETYPE_PEM) != 1) {
1885 tls_show_errors(MSG_INFO, __func__,
1886 "Failed to load client certificate");
1887 return -1;
1888 }
1889 return 0;
1890#else /* OPENSSL_NO_STDIO */
1891 if (client_cert == NULL)
1892 return 0;
1893 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
1894 return -1;
1895#endif /* OPENSSL_NO_STDIO */
1896}
1897
1898
1899static int tls_passwd_cb(char *buf, int size, int rwflag, void *password)
1900{
1901 if (password == NULL) {
1902 return 0;
1903 }
a875087d 1904 os_strlcpy(buf, (char *) password, size);
ebfa2275
SZ
1905 return os_strlen(buf);
1906}
1907
1908
1909#ifdef PKCS12_FUNCS
1910static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
1911 const char *passwd)
1912{
1913 EVP_PKEY *pkey;
1914 X509 *cert;
1915 STACK_OF(X509) *certs;
1916 int res = 0;
1917 char buf[256];
1918
1919 pkey = NULL;
1920 cert = NULL;
1921 certs = NULL;
1922 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
1923 tls_show_errors(MSG_DEBUG, __func__,
1924 "Failed to parse PKCS12 file");
1925 PKCS12_free(p12);
1926 return -1;
1927 }
1928 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
1929
1930 if (cert) {
1931 X509_NAME_oneline(X509_get_subject_name(cert), buf,
1932 sizeof(buf));
1933 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: "
1934 "subject='%s'", buf);
1935 if (ssl) {
1936 if (SSL_use_certificate(ssl, cert) != 1)
1937 res = -1;
1938 } else {
1939 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
1940 res = -1;
1941 }
1942 X509_free(cert);
1943 }
1944
1945 if (pkey) {
1946 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12");
1947 if (ssl) {
1948 if (SSL_use_PrivateKey(ssl, pkey) != 1)
1949 res = -1;
1950 } else {
1951 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
1952 res = -1;
1953 }
1954 EVP_PKEY_free(pkey);
1955 }
1956
1957 if (certs) {
1958 while ((cert = sk_X509_pop(certs)) != NULL) {
1959 X509_NAME_oneline(X509_get_subject_name(cert), buf,
1960 sizeof(buf));
1961 wpa_printf(MSG_DEBUG, "TLS: additional certificate"
1962 " from PKCS12: subject='%s'", buf);
1963 /*
1964 * There is no SSL equivalent for the chain cert - so
1965 * always add it to the context...
1966 */
1967 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
1968 res = -1;
1969 break;
1970 }
1971 }
1972 sk_X509_free(certs);
1973 }
1974
1975 PKCS12_free(p12);
1976
1977 if (res < 0)
1978 tls_get_errors(ssl_ctx);
1979
1980 return res;
1981}
1982#endif /* PKCS12_FUNCS */
1983
1984
1985static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
1986 const char *passwd)
1987{
1988#ifdef PKCS12_FUNCS
1989 FILE *f;
1990 PKCS12 *p12;
1991
1992 f = fopen(private_key, "rb");
1993 if (f == NULL)
1994 return -1;
1995
1996 p12 = d2i_PKCS12_fp(f, NULL);
1997 fclose(f);
1998
1999 if (p12 == NULL) {
2000 tls_show_errors(MSG_INFO, __func__,
2001 "Failed to use PKCS#12 file");
2002 return -1;
2003 }
2004
2005 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
2006
2007#else /* PKCS12_FUNCS */
2008 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
2009 "p12/pfx files");
2010 return -1;
2011#endif /* PKCS12_FUNCS */
2012}
2013
2014
2015static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
2016 const u8 *blob, size_t len, const char *passwd)
2017{
2018#ifdef PKCS12_FUNCS
2019 PKCS12 *p12;
2020
2021 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len);
2022 if (p12 == NULL) {
2023 tls_show_errors(MSG_INFO, __func__,
2024 "Failed to use PKCS#12 blob");
2025 return -1;
2026 }
2027
2028 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
2029
2030#else /* PKCS12_FUNCS */
2031 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
2032 "p12/pfx blobs");
2033 return -1;
2034#endif /* PKCS12_FUNCS */
2035}
2036
2037
a875087d
JL
2038#ifndef OPENSSL_NO_ENGINE
2039static int tls_engine_get_cert(struct tls_connection *conn,
2040 const char *cert_id,
2041 X509 **cert)
2042{
2043 /* this runs after the private key is loaded so no PIN is required */
2044 struct {
2045 const char *cert_id;
2046 X509 *cert;
2047 } params;
2048 params.cert_id = cert_id;
2049 params.cert = NULL;
2050
2051 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
2052 0, &params, NULL, 1)) {
2053 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
2054 " '%s' [%s]", cert_id,
2055 ERR_error_string(ERR_get_error(), NULL));
2056 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
2057 }
2058 if (!params.cert) {
2059 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
2060 " '%s'", cert_id);
2061 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
2062 }
2063 *cert = params.cert;
2064 return 0;
2065}
2066#endif /* OPENSSL_NO_ENGINE */
2067
2068
2069static int tls_connection_engine_client_cert(struct tls_connection *conn,
2070 const char *cert_id)
2071{
2072#ifndef OPENSSL_NO_ENGINE
2073 X509 *cert;
2074
2075 if (tls_engine_get_cert(conn, cert_id, &cert))
2076 return -1;
2077
2078 if (!SSL_use_certificate(conn->ssl, cert)) {
2079 tls_show_errors(MSG_ERROR, __func__,
2080 "SSL_use_certificate failed");
2081 X509_free(cert);
2082 return -1;
2083 }
2084 X509_free(cert);
2085 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> "
2086 "OK");
2087 return 0;
2088
2089#else /* OPENSSL_NO_ENGINE */
2090 return -1;
2091#endif /* OPENSSL_NO_ENGINE */
2092}
2093
2094
2095static int tls_connection_engine_ca_cert(void *_ssl_ctx,
2096 struct tls_connection *conn,
2097 const char *ca_cert_id)
2098{
2099#ifndef OPENSSL_NO_ENGINE
2100 X509 *cert;
2101 SSL_CTX *ssl_ctx = _ssl_ctx;
2102
2103 if (tls_engine_get_cert(conn, ca_cert_id, &cert))
2104 return -1;
2105
2106 /* start off the same as tls_connection_ca_cert */
2107 X509_STORE_free(ssl_ctx->cert_store);
2108 ssl_ctx->cert_store = X509_STORE_new();
2109 if (ssl_ctx->cert_store == NULL) {
2110 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
2111 "certificate store", __func__);
2112 X509_free(cert);
2113 return -1;
2114 }
2115 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
2116 unsigned long err = ERR_peek_error();
2117 tls_show_errors(MSG_WARNING, __func__,
2118 "Failed to add CA certificate from engine "
2119 "to certificate store");
2120 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
2121 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
2122 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
2123 " already in hash table error",
2124 __func__);
2125 } else {
2126 X509_free(cert);
2127 return -1;
2128 }
2129 }
2130 X509_free(cert);
2131 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
2132 "to certificate store", __func__);
2133 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
4781064b
JM
2134 conn->ca_cert_verify = 1;
2135
a875087d
JL
2136 return 0;
2137
2138#else /* OPENSSL_NO_ENGINE */
2139 return -1;
2140#endif /* OPENSSL_NO_ENGINE */
2141}
2142
2143
ebfa2275
SZ
2144static int tls_connection_engine_private_key(struct tls_connection *conn)
2145{
2146#ifndef OPENSSL_NO_ENGINE
2147 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
2148 tls_show_errors(MSG_ERROR, __func__,
2149 "ENGINE: cannot use private key for TLS");
2150 return -1;
2151 }
2152 if (!SSL_check_private_key(conn->ssl)) {
2153 tls_show_errors(MSG_INFO, __func__,
2154 "Private key failed verification");
2155 return -1;
2156 }
2157 return 0;
2158#else /* OPENSSL_NO_ENGINE */
2159 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
2160 "engine support was not compiled in");
2161 return -1;
2162#endif /* OPENSSL_NO_ENGINE */
2163}
2164
2165
2166static int tls_connection_private_key(void *_ssl_ctx,
2167 struct tls_connection *conn,
2168 const char *private_key,
2169 const char *private_key_passwd,
2170 const u8 *private_key_blob,
2171 size_t private_key_blob_len)
2172{
2173 SSL_CTX *ssl_ctx = _ssl_ctx;
2174 char *passwd;
2175 int ok;
2176
2177 if (private_key == NULL && private_key_blob == NULL)
2178 return 0;
2179
2180 if (private_key_passwd) {
2181 passwd = os_strdup(private_key_passwd);
2182 if (passwd == NULL)
2183 return -1;
2184 } else
2185 passwd = NULL;
2186
2187 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2188 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2189
2190 ok = 0;
2191 while (private_key_blob) {
2192 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
2193 (u8 *) private_key_blob,
2194 private_key_blob_len) == 1) {
2195 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2196 "ASN1(EVP_PKEY_RSA) --> OK");
2197 ok = 1;
2198 break;
ebfa2275
SZ
2199 }
2200
2201 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2202 (u8 *) private_key_blob,
2203 private_key_blob_len) == 1) {
2204 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2205 "ASN1(EVP_PKEY_DSA) --> OK");
2206 ok = 1;
2207 break;
ebfa2275
SZ
2208 }
2209
2210 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2211 (u8 *) private_key_blob,
2212 private_key_blob_len) == 1) {
2213 wpa_printf(MSG_DEBUG, "OpenSSL: "
2214 "SSL_use_RSAPrivateKey_ASN1 --> OK");
2215 ok = 1;
2216 break;
ebfa2275
SZ
2217 }
2218
2219 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2220 private_key_blob_len, passwd) == 0) {
2221 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
2222 "OK");
2223 ok = 1;
2224 break;
2225 }
2226
2227 break;
2228 }
2229
2230 while (!ok && private_key) {
2231#ifndef OPENSSL_NO_STDIO
2232 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2233 SSL_FILETYPE_ASN1) == 1) {
2234 wpa_printf(MSG_DEBUG, "OpenSSL: "
2235 "SSL_use_PrivateKey_File (DER) --> OK");
2236 ok = 1;
2237 break;
ebfa2275
SZ
2238 }
2239
2240 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2241 SSL_FILETYPE_PEM) == 1) {
2242 wpa_printf(MSG_DEBUG, "OpenSSL: "
2243 "SSL_use_PrivateKey_File (PEM) --> OK");
2244 ok = 1;
2245 break;
ebfa2275
SZ
2246 }
2247#else /* OPENSSL_NO_STDIO */
2248 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
2249 __func__);
2250#endif /* OPENSSL_NO_STDIO */
2251
2252 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2253 == 0) {
2254 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
2255 "--> OK");
2256 ok = 1;
2257 break;
2258 }
2259
2260 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2261 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to "
2262 "access certificate store --> OK");
2263 ok = 1;
2264 break;
2265 }
2266
2267 break;
2268 }
2269
2270 if (!ok) {
4781064b
JM
2271 tls_show_errors(MSG_INFO, __func__,
2272 "Failed to load private key");
ebfa2275 2273 os_free(passwd);
ebfa2275
SZ
2274 return -1;
2275 }
2276 ERR_clear_error();
2277 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2278 os_free(passwd);
4781064b 2279
ebfa2275
SZ
2280 if (!SSL_check_private_key(conn->ssl)) {
2281 tls_show_errors(MSG_INFO, __func__, "Private key failed "
2282 "verification");
2283 return -1;
2284 }
2285
2286 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
2287 return 0;
2288}
2289
2290
2291static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
2292 const char *private_key_passwd)
2293{
2294 char *passwd;
2295
2296 if (private_key == NULL)
2297 return 0;
2298
2299 if (private_key_passwd) {
2300 passwd = os_strdup(private_key_passwd);
2301 if (passwd == NULL)
2302 return -1;
2303 } else
2304 passwd = NULL;
2305
2306 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2307 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2308 if (
2309#ifndef OPENSSL_NO_STDIO
2310 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2311 SSL_FILETYPE_ASN1) != 1 &&
2312 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2313 SSL_FILETYPE_PEM) != 1 &&
2314#endif /* OPENSSL_NO_STDIO */
2315 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
2316 tls_show_errors(MSG_INFO, __func__,
2317 "Failed to load private key");
2318 os_free(passwd);
2319 ERR_clear_error();
2320 return -1;
2321 }
2322 os_free(passwd);
2323 ERR_clear_error();
2324 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
4781064b 2325
ebfa2275
SZ
2326 if (!SSL_CTX_check_private_key(ssl_ctx)) {
2327 tls_show_errors(MSG_INFO, __func__,
2328 "Private key failed verification");
2329 return -1;
2330 }
2331
2332 return 0;
2333}
2334
2335
2336static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
2337{
2338#ifdef OPENSSL_NO_DH
2339 if (dh_file == NULL)
2340 return 0;
2341 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2342 "dh_file specified");
2343 return -1;
2344#else /* OPENSSL_NO_DH */
2345 DH *dh;
2346 BIO *bio;
2347
2348 /* TODO: add support for dh_blob */
2349 if (dh_file == NULL)
2350 return 0;
2351 if (conn == NULL)
2352 return -1;
2353
2354 bio = BIO_new_file(dh_file, "r");
2355 if (bio == NULL) {
2356 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2357 dh_file, ERR_error_string(ERR_get_error(), NULL));
2358 return -1;
2359 }
2360 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2361 BIO_free(bio);
2362#ifndef OPENSSL_NO_DSA
2363 while (dh == NULL) {
2364 DSA *dsa;
2365 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2366 " trying to parse as DSA params", dh_file,
2367 ERR_error_string(ERR_get_error(), NULL));
2368 bio = BIO_new_file(dh_file, "r");
2369 if (bio == NULL)
2370 break;
2371 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2372 BIO_free(bio);
2373 if (!dsa) {
2374 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2375 "'%s': %s", dh_file,
2376 ERR_error_string(ERR_get_error(), NULL));
2377 break;
2378 }
2379
2380 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2381 dh = DSA_dup_DH(dsa);
2382 DSA_free(dsa);
2383 if (dh == NULL) {
2384 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2385 "params into DH params");
2386 break;
2387 }
2388 break;
2389 }
2390#endif /* !OPENSSL_NO_DSA */
2391 if (dh == NULL) {
2392 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2393 "'%s'", dh_file);
2394 return -1;
2395 }
2396
2397 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2398 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2399 "%s", dh_file,
2400 ERR_error_string(ERR_get_error(), NULL));
2401 DH_free(dh);
2402 return -1;
2403 }
2404 DH_free(dh);
2405 return 0;
2406#endif /* OPENSSL_NO_DH */
2407}
2408
2409
a875087d
JL
2410static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
2411{
2412#ifdef OPENSSL_NO_DH
2413 if (dh_file == NULL)
2414 return 0;
2415 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2416 "dh_file specified");
2417 return -1;
2418#else /* OPENSSL_NO_DH */
2419 DH *dh;
2420 BIO *bio;
2421
2422 /* TODO: add support for dh_blob */
2423 if (dh_file == NULL)
2424 return 0;
2425 if (ssl_ctx == NULL)
2426 return -1;
2427
2428 bio = BIO_new_file(dh_file, "r");
2429 if (bio == NULL) {
2430 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2431 dh_file, ERR_error_string(ERR_get_error(), NULL));
2432 return -1;
2433 }
2434 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2435 BIO_free(bio);
2436#ifndef OPENSSL_NO_DSA
2437 while (dh == NULL) {
2438 DSA *dsa;
2439 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2440 " trying to parse as DSA params", dh_file,
2441 ERR_error_string(ERR_get_error(), NULL));
2442 bio = BIO_new_file(dh_file, "r");
2443 if (bio == NULL)
2444 break;
2445 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2446 BIO_free(bio);
2447 if (!dsa) {
2448 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2449 "'%s': %s", dh_file,
2450 ERR_error_string(ERR_get_error(), NULL));
2451 break;
2452 }
2453
2454 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2455 dh = DSA_dup_DH(dsa);
2456 DSA_free(dsa);
2457 if (dh == NULL) {
2458 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2459 "params into DH params");
2460 break;
2461 }
2462 break;
2463 }
2464#endif /* !OPENSSL_NO_DSA */
2465 if (dh == NULL) {
2466 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2467 "'%s'", dh_file);
2468 return -1;
2469 }
2470
2471 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
2472 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2473 "%s", dh_file,
2474 ERR_error_string(ERR_get_error(), NULL));
2475 DH_free(dh);
2476 return -1;
2477 }
2478 DH_free(dh);
2479 return 0;
2480#endif /* OPENSSL_NO_DH */
2481}
2482
2483
ebfa2275
SZ
2484int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
2485 struct tls_keys *keys)
2486{
4781064b
JM
2487#ifdef CONFIG_FIPS
2488 wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS "
2489 "mode");
2490 return -1;
2491#else /* CONFIG_FIPS */
ebfa2275
SZ
2492 SSL *ssl;
2493
2494 if (conn == NULL || keys == NULL)
2495 return -1;
2496 ssl = conn->ssl;
2497 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
2498 return -1;
2499
2500 os_memset(keys, 0, sizeof(*keys));
2501 keys->master_key = ssl->session->master_key;
2502 keys->master_key_len = ssl->session->master_key_length;
2503 keys->client_random = ssl->s3->client_random;
2504 keys->client_random_len = SSL3_RANDOM_SIZE;
2505 keys->server_random = ssl->s3->server_random;
2506 keys->server_random_len = SSL3_RANDOM_SIZE;
2507
2508 return 0;
4781064b 2509#endif /* CONFIG_FIPS */
ebfa2275
SZ
2510}
2511
2512
2513int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
2514 const char *label, int server_random_first,
2515 u8 *out, size_t out_len)
2516{
4781064b
JM
2517#if OPENSSL_VERSION_NUMBER >= 0x10001000L
2518 SSL *ssl;
2519 if (conn == NULL)
2520 return -1;
2521 if (server_random_first)
2522 return -1;
2523 ssl = conn->ssl;
2524 if (SSL_export_keying_material(ssl, out, out_len, label,
2525 os_strlen(label), NULL, 0, 0) == 1) {
2526 wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF");
2527 return 0;
2528 }
2529#endif
ebfa2275
SZ
2530 return -1;
2531}
2532
2533
4781064b
JM
2534static struct wpabuf *
2535openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
2536 int server)
ebfa2275
SZ
2537{
2538 int res;
4781064b 2539 struct wpabuf *out_data;
ebfa2275 2540
4781064b 2541 conn->server = !!server;
ebfa2275
SZ
2542
2543 /*
2544 * Give TLS handshake data from the server (if available) to OpenSSL
2545 * for processing.
2546 */
2547 if (in_data &&
4781064b
JM
2548 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
2549 < 0) {
ebfa2275
SZ
2550 tls_show_errors(MSG_INFO, __func__,
2551 "Handshake failed - BIO_write");
2552 return NULL;
2553 }
2554
2555 /* Initiate TLS handshake or continue the existing handshake */
4781064b
JM
2556 if (server)
2557 res = SSL_accept(conn->ssl);
2558 else
2559 res = SSL_connect(conn->ssl);
ebfa2275
SZ
2560 if (res != 1) {
2561 int err = SSL_get_error(conn->ssl, res);
2562 if (err == SSL_ERROR_WANT_READ)
2563 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
2564 "more data");
2565 else if (err == SSL_ERROR_WANT_WRITE)
2566 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
2567 "write");
2568 else {
2569 tls_show_errors(MSG_INFO, __func__, "SSL_connect");
2570 conn->failed++;
2571 }
2572 }
2573
2574 /* Get the TLS handshake data to be sent to the server */
2575 res = BIO_ctrl_pending(conn->ssl_out);
2576 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
4781064b 2577 out_data = wpabuf_alloc(res);
ebfa2275
SZ
2578 if (out_data == NULL) {
2579 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
2580 "handshake output (%d bytes)", res);
2581 if (BIO_reset(conn->ssl_out) < 0) {
2582 tls_show_errors(MSG_INFO, __func__,
2583 "BIO_reset failed");
2584 }
ebfa2275
SZ
2585 return NULL;
2586 }
4781064b
JM
2587 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
2588 res);
ebfa2275
SZ
2589 if (res < 0) {
2590 tls_show_errors(MSG_INFO, __func__,
2591 "Handshake failed - BIO_read");
2592 if (BIO_reset(conn->ssl_out) < 0) {
2593 tls_show_errors(MSG_INFO, __func__,
2594 "BIO_reset failed");
2595 }
4781064b 2596 wpabuf_free(out_data);
ebfa2275
SZ
2597 return NULL;
2598 }
4781064b 2599 wpabuf_put(out_data, res);
ebfa2275
SZ
2600
2601 return out_data;
2602}
2603
2604
4781064b
JM
2605static struct wpabuf *
2606openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
ebfa2275 2607{
4781064b 2608 struct wpabuf *appl_data;
ebfa2275 2609 int res;
ebfa2275 2610
4781064b
JM
2611 appl_data = wpabuf_alloc(max_len + 100);
2612 if (appl_data == NULL)
ebfa2275 2613 return NULL;
ebfa2275 2614
4781064b
JM
2615 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2616 wpabuf_size(appl_data));
2617 if (res < 0) {
a875087d 2618 int err = SSL_get_error(conn->ssl, res);
4781064b
JM
2619 if (err == SSL_ERROR_WANT_READ ||
2620 err == SSL_ERROR_WANT_WRITE) {
2621 wpa_printf(MSG_DEBUG, "SSL: No Application Data "
2622 "included");
2623 } else {
ebfa2275 2624 tls_show_errors(MSG_INFO, __func__,
4781064b
JM
2625 "Failed to read possible "
2626 "Application Data");
ebfa2275 2627 }
4781064b 2628 wpabuf_free(appl_data);
ebfa2275
SZ
2629 return NULL;
2630 }
4781064b
JM
2631
2632 wpabuf_put(appl_data, res);
2633 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
2634 "message", appl_data);
2635
2636 return appl_data;
2637}
2638
2639
2640static struct wpabuf *
2641openssl_connection_handshake(struct tls_connection *conn,
2642 const struct wpabuf *in_data,
2643 struct wpabuf **appl_data, int server)
2644{
2645 struct wpabuf *out_data;
2646
2647 if (appl_data)
2648 *appl_data = NULL;
2649
2650 out_data = openssl_handshake(conn, in_data, server);
2651 if (out_data == NULL)
ebfa2275 2652 return NULL;
4781064b
JM
2653
2654 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2655 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
2656
ebfa2275
SZ
2657 return out_data;
2658}
2659
2660
4781064b
JM
2661struct wpabuf *
2662tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
2663 const struct wpabuf *in_data,
2664 struct wpabuf **appl_data)
2665{
2666 return openssl_connection_handshake(conn, in_data, appl_data, 0);
2667}
2668
2669
2670struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
2671 struct tls_connection *conn,
2672 const struct wpabuf *in_data,
2673 struct wpabuf **appl_data)
2674{
2675 return openssl_connection_handshake(conn, in_data, appl_data, 1);
2676}
2677
2678
2679struct wpabuf * tls_connection_encrypt(void *tls_ctx,
2680 struct tls_connection *conn,
2681 const struct wpabuf *in_data)
ebfa2275
SZ
2682{
2683 int res;
4781064b 2684 struct wpabuf *buf;
ebfa2275
SZ
2685
2686 if (conn == NULL)
4781064b 2687 return NULL;
ebfa2275
SZ
2688
2689 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */
2690 if ((res = BIO_reset(conn->ssl_in)) < 0 ||
2691 (res = BIO_reset(conn->ssl_out)) < 0) {
2692 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
4781064b 2693 return NULL;
ebfa2275 2694 }
4781064b 2695 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
ebfa2275
SZ
2696 if (res < 0) {
2697 tls_show_errors(MSG_INFO, __func__,
2698 "Encryption failed - SSL_write");
4781064b 2699 return NULL;
ebfa2275
SZ
2700 }
2701
2702 /* Read encrypted data to be sent to the server */
4781064b
JM
2703 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
2704 if (buf == NULL)
2705 return NULL;
2706 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
ebfa2275
SZ
2707 if (res < 0) {
2708 tls_show_errors(MSG_INFO, __func__,
2709 "Encryption failed - BIO_read");
4781064b
JM
2710 wpabuf_free(buf);
2711 return NULL;
ebfa2275 2712 }
4781064b 2713 wpabuf_put(buf, res);
ebfa2275 2714
4781064b 2715 return buf;
ebfa2275
SZ
2716}
2717
2718
4781064b
JM
2719struct wpabuf * tls_connection_decrypt(void *tls_ctx,
2720 struct tls_connection *conn,
2721 const struct wpabuf *in_data)
ebfa2275
SZ
2722{
2723 int res;
4781064b 2724 struct wpabuf *buf;
ebfa2275
SZ
2725
2726 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */
4781064b
JM
2727 res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
2728 wpabuf_len(in_data));
ebfa2275
SZ
2729 if (res < 0) {
2730 tls_show_errors(MSG_INFO, __func__,
2731 "Decryption failed - BIO_write");
4781064b 2732 return NULL;
ebfa2275
SZ
2733 }
2734 if (BIO_reset(conn->ssl_out) < 0) {
2735 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
4781064b 2736 return NULL;
ebfa2275
SZ
2737 }
2738
2739 /* Read decrypted data for further processing */
4781064b
JM
2740 /*
2741 * Even though we try to disable TLS compression, it is possible that
2742 * this cannot be done with all TLS libraries. Add extra buffer space
2743 * to handle the possibility of the decrypted data being longer than
2744 * input data.
2745 */
2746 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
2747 if (buf == NULL)
2748 return NULL;
2749 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
ebfa2275
SZ
2750 if (res < 0) {
2751 tls_show_errors(MSG_INFO, __func__,
2752 "Decryption failed - SSL_read");
4781064b
JM
2753 wpabuf_free(buf);
2754 return NULL;
ebfa2275 2755 }
4781064b 2756 wpabuf_put(buf, res);
ebfa2275 2757
4781064b 2758 return buf;
ebfa2275
SZ
2759}
2760
2761
2762int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
2763{
2764 return conn ? conn->ssl->hit : 0;
2765}
2766
2767
ebfa2275
SZ
2768int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
2769 u8 *ciphers)
2770{
2771 char buf[100], *pos, *end;
2772 u8 *c;
2773 int ret;
2774
2775 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2776 return -1;
2777
2778 buf[0] = '\0';
2779 pos = buf;
2780 end = pos + sizeof(buf);
2781
2782 c = ciphers;
2783 while (*c != TLS_CIPHER_NONE) {
2784 const char *suite;
2785
2786 switch (*c) {
2787 case TLS_CIPHER_RC4_SHA:
2788 suite = "RC4-SHA";
2789 break;
2790 case TLS_CIPHER_AES128_SHA:
2791 suite = "AES128-SHA";
2792 break;
2793 case TLS_CIPHER_RSA_DHE_AES128_SHA:
2794 suite = "DHE-RSA-AES128-SHA";
2795 break;
2796 case TLS_CIPHER_ANON_DH_AES128_SHA:
2797 suite = "ADH-AES128-SHA";
2798 break;
2799 default:
2800 wpa_printf(MSG_DEBUG, "TLS: Unsupported "
2801 "cipher selection: %d", *c);
2802 return -1;
2803 }
2804 ret = os_snprintf(pos, end - pos, ":%s", suite);
2805 if (ret < 0 || ret >= end - pos)
2806 break;
2807 pos += ret;
2808
2809 c++;
2810 }
2811
2812 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
2813
2814 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2815 tls_show_errors(MSG_INFO, __func__,
2816 "Cipher suite configuration failed");
2817 return -1;
2818 }
2819
2820 return 0;
2821}
2822
2823
2824int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
2825 char *buf, size_t buflen)
2826{
2827 const char *name;
2828 if (conn == NULL || conn->ssl == NULL)
2829 return -1;
2830
2831 name = SSL_get_cipher(conn->ssl);
2832 if (name == NULL)
2833 return -1;
2834
a875087d 2835 os_strlcpy(buf, name, buflen);
ebfa2275
SZ
2836 return 0;
2837}
2838
2839
2840int tls_connection_enable_workaround(void *ssl_ctx,
2841 struct tls_connection *conn)
2842{
2843 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
2844
2845 return 0;
2846}
2847
2848
4781064b 2849#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
ebfa2275
SZ
2850/* ClientHello TLS extensions require a patch to openssl, so this function is
2851 * commented out unless explicitly needed for EAP-FAST in order to be able to
2852 * build this file with unmodified openssl. */
2853int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
2854 int ext_type, const u8 *data,
2855 size_t data_len)
2856{
a875087d 2857 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
ebfa2275
SZ
2858 return -1;
2859
a875087d
JL
2860#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
2861 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
2862 data_len) != 1)
2863 return -1;
2864#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
ebfa2275
SZ
2865 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
2866 data_len) != 1)
2867 return -1;
a875087d 2868#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
ebfa2275
SZ
2869
2870 return 0;
2871}
4781064b 2872#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
ebfa2275
SZ
2873
2874
2875int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
2876{
2877 if (conn == NULL)
2878 return -1;
2879 return conn->failed;
2880}
2881
2882
2883int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
2884{
2885 if (conn == NULL)
2886 return -1;
2887 return conn->read_alerts;
2888}
2889
2890
2891int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
2892{
2893 if (conn == NULL)
2894 return -1;
2895 return conn->write_alerts;
2896}
2897
2898
4781064b
JM
2899#ifdef HAVE_OCSP
2900
2901static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp)
2902{
2903#ifndef CONFIG_NO_STDOUT_DEBUG
2904 BIO *out;
2905 size_t rlen;
2906 char *txt;
2907 int res;
2908
2909 if (wpa_debug_level > MSG_DEBUG)
2910 return;
2911
2912 out = BIO_new(BIO_s_mem());
2913 if (!out)
2914 return;
2915
2916 OCSP_RESPONSE_print(out, rsp, 0);
2917 rlen = BIO_ctrl_pending(out);
2918 txt = os_malloc(rlen + 1);
2919 if (!txt) {
2920 BIO_free(out);
2921 return;
2922 }
2923
2924 res = BIO_read(out, txt, rlen);
2925 if (res > 0) {
2926 txt[res] = '\0';
2927 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt);
2928 }
2929 os_free(txt);
2930 BIO_free(out);
2931#endif /* CONFIG_NO_STDOUT_DEBUG */
2932}
2933
2934
2935static int ocsp_resp_cb(SSL *s, void *arg)
2936{
2937 struct tls_connection *conn = arg;
2938 const unsigned char *p;
2939 int len, status, reason;
2940 OCSP_RESPONSE *rsp;
2941 OCSP_BASICRESP *basic;
2942 OCSP_CERTID *id;
2943 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update;
2944 X509_STORE *store;
2945 STACK_OF(X509) *certs = NULL;
2946
2947 len = SSL_get_tlsext_status_ocsp_resp(s, &p);
2948 if (!p) {
2949 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
2950 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
2951 }
2952
2953 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len);
2954
2955 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
2956 if (!rsp) {
2957 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response");
2958 return 0;
2959 }
2960
2961 ocsp_debug_print_resp(rsp);
2962
2963 status = OCSP_response_status(rsp);
2964 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
2965 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)",
2966 status, OCSP_response_status_str(status));
2967 return 0;
2968 }
2969
2970 basic = OCSP_response_get1_basic(rsp);
2971 if (!basic) {
2972 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse");
2973 return 0;
2974 }
2975
2976 store = SSL_CTX_get_cert_store(s->ctx);
2977 if (conn->peer_issuer) {
2978 wpa_printf(MSG_DEBUG, "OpenSSL: Add issuer");
2979 X509_print_fp(stdout, conn->peer_issuer);
2980
2981 if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) {
2982 tls_show_errors(MSG_INFO, __func__,
2983 "OpenSSL: Could not add issuer to certificate store\n");
2984 }
2985 certs = sk_X509_new_null();
2986 if (certs) {
2987 X509 *cert;
2988 cert = X509_dup(conn->peer_issuer);
2989 if (cert && !sk_X509_push(certs, cert)) {
2990 tls_show_errors(
2991 MSG_INFO, __func__,
2992 "OpenSSL: Could not add issuer to OCSP responder trust store\n");
2993 X509_free(cert);
2994 sk_X509_free(certs);
2995 certs = NULL;
2996 }
2997 if (conn->peer_issuer_issuer) {
2998 cert = X509_dup(conn->peer_issuer_issuer);
2999 if (cert && !sk_X509_push(certs, cert)) {
3000 tls_show_errors(
3001 MSG_INFO, __func__,
3002 "OpenSSL: Could not add issuer to OCSP responder trust store\n");
3003 X509_free(cert);
3004 }
3005 }
3006 }
3007 }
3008
3009 status = OCSP_basic_verify(basic, certs, store, OCSP_TRUSTOTHER);
3010 sk_X509_pop_free(certs, X509_free);
3011 if (status <= 0) {
3012 tls_show_errors(MSG_INFO, __func__,
3013 "OpenSSL: OCSP response failed verification");
3014 OCSP_BASICRESP_free(basic);
3015 OCSP_RESPONSE_free(rsp);
3016 return 0;
3017 }
3018
3019 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded");
3020
3021 if (!conn->peer_cert) {
3022 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check");
3023 OCSP_BASICRESP_free(basic);
3024 OCSP_RESPONSE_free(rsp);
3025 return 0;
3026 }
3027
3028 if (!conn->peer_issuer) {
3029 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check");
3030 OCSP_BASICRESP_free(basic);
3031 OCSP_RESPONSE_free(rsp);
3032 return 0;
3033 }
3034
3035 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer);
3036 if (!id) {
3037 wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier");
3038 OCSP_BASICRESP_free(basic);
3039 OCSP_RESPONSE_free(rsp);
3040 return 0;
3041 }
3042
3043 if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at,
3044 &this_update, &next_update)) {
3045 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s",
3046 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" :
3047 " (OCSP not required)");
3048 OCSP_BASICRESP_free(basic);
3049 OCSP_RESPONSE_free(rsp);
3050 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
3051 }
3052
3053 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) {
3054 tls_show_errors(MSG_INFO, __func__,
3055 "OpenSSL: OCSP status times invalid");
3056 OCSP_BASICRESP_free(basic);
3057 OCSP_RESPONSE_free(rsp);
3058 return 0;
3059 }
3060
3061 OCSP_BASICRESP_free(basic);
3062 OCSP_RESPONSE_free(rsp);
3063
3064 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s",
3065 OCSP_cert_status_str(status));
3066
3067 if (status == V_OCSP_CERTSTATUS_GOOD)
3068 return 1;
3069 if (status == V_OCSP_CERTSTATUS_REVOKED)
3070 return 0;
3071 if (conn->flags & TLS_CONN_REQUIRE_OCSP) {
3072 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required");
3073 return 0;
3074 }
3075 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue");
3076 return 1;
3077}
3078
3079
3080static int ocsp_status_cb(SSL *s, void *arg)
3081{
3082 char *tmp;
3083 char *resp;
3084 size_t len;
3085
3086 if (tls_global->ocsp_stapling_response == NULL) {
3087 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured");
3088 return SSL_TLSEXT_ERR_OK;
3089 }
3090
3091 resp = os_readfile(tls_global->ocsp_stapling_response, &len);
3092 if (resp == NULL) {
3093 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file");
3094 /* TODO: Build OCSPResponse with responseStatus = internalError
3095 */
3096 return SSL_TLSEXT_ERR_OK;
3097 }
3098 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response");
3099 tmp = OPENSSL_malloc(len);
3100 if (tmp == NULL) {
3101 os_free(resp);
3102 return SSL_TLSEXT_ERR_ALERT_FATAL;
3103 }
3104
3105 os_memcpy(tmp, resp, len);
3106 os_free(resp);
3107 SSL_set_tlsext_status_ocsp_resp(s, tmp, len);
3108
3109 return SSL_TLSEXT_ERR_OK;
3110}
3111
3112#endif /* HAVE_OCSP */
3113
3114
ebfa2275
SZ
3115int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
3116 const struct tls_connection_params *params)
3117{
3118 int ret;
3119 unsigned long err;
3120
3121 if (conn == NULL)
3122 return -1;
3123
3124 while ((err = ERR_get_error())) {
3125 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3126 __func__, ERR_error_string(err, NULL));
3127 }
3128
a875087d
JL
3129 if (params->engine) {
3130 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
3131 ret = tls_engine_init(conn, params->engine_id, params->pin,
3132 params->key_id, params->cert_id,
3133 params->ca_cert_id);
3134 if (ret)
3135 return ret;
3136 }
ebfa2275
SZ
3137 if (tls_connection_set_subject_match(conn,
3138 params->subject_match,
4781064b
JM
3139 params->altsubject_match,
3140 params->suffix_match))
ebfa2275 3141 return -1;
a875087d
JL
3142
3143 if (params->engine && params->ca_cert_id) {
3144 if (tls_connection_engine_ca_cert(tls_ctx, conn,
3145 params->ca_cert_id))
3146 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3147 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
3148 params->ca_cert_blob,
3149 params->ca_cert_blob_len,
3150 params->ca_path))
ebfa2275 3151 return -1;
a875087d
JL
3152
3153 if (params->engine && params->cert_id) {
3154 if (tls_connection_engine_client_cert(conn, params->cert_id))
3155 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3156 } else if (tls_connection_client_cert(conn, params->client_cert,
3157 params->client_cert_blob,
3158 params->client_cert_blob_len))
ebfa2275
SZ
3159 return -1;
3160
a875087d
JL
3161 if (params->engine && params->key_id) {
3162 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine");
ebfa2275
SZ
3163 if (tls_connection_engine_private_key(conn))
3164 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3165 } else if (tls_connection_private_key(tls_ctx, conn,
3166 params->private_key,
3167 params->private_key_passwd,
3168 params->private_key_blob,
3169 params->private_key_blob_len)) {
3170 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'",
3171 params->private_key);
3172 return -1;
3173 }
3174
3175 if (tls_connection_dh(conn, params->dh_file)) {
3176 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
3177 params->dh_file);
3178 return -1;
3179 }
3180
4781064b
JM
3181#ifdef SSL_OP_NO_TICKET
3182 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3183 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
3184#ifdef SSL_clear_options
3185 else
3186 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
3187#endif /* SSL_clear_options */
3188#endif /* SSL_OP_NO_TICKET */
3189
3190#ifdef HAVE_OCSP
3191 if (params->flags & TLS_CONN_REQUEST_OCSP) {
3192 SSL_CTX *ssl_ctx = tls_ctx;
3193 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
3194 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
3195 SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn);
3196 }
3197#endif /* HAVE_OCSP */
3198
3199 conn->flags = params->flags;
3200
ebfa2275
SZ
3201 tls_get_errors(tls_ctx);
3202
3203 return 0;
3204}
3205
3206
3207int tls_global_set_params(void *tls_ctx,
3208 const struct tls_connection_params *params)
3209{
3210 SSL_CTX *ssl_ctx = tls_ctx;
3211 unsigned long err;
3212
3213 while ((err = ERR_get_error())) {
3214 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3215 __func__, ERR_error_string(err, NULL));
3216 }
3217
3218 if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
3219 return -1;
3220
3221 if (tls_global_client_cert(ssl_ctx, params->client_cert))
3222 return -1;
3223
3224 if (tls_global_private_key(ssl_ctx, params->private_key,
3225 params->private_key_passwd))
3226 return -1;
3227
a875087d
JL
3228 if (tls_global_dh(ssl_ctx, params->dh_file)) {
3229 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
3230 params->dh_file);
3231 return -1;
3232 }
3233
4781064b
JM
3234#ifdef SSL_OP_NO_TICKET
3235 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3236 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
3237#ifdef SSL_CTX_clear_options
3238 else
3239 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET);
3240#endif /* SSL_clear_options */
3241#endif /* SSL_OP_NO_TICKET */
3242
3243#ifdef HAVE_OCSP
3244 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb);
3245 SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx);
3246 os_free(tls_global->ocsp_stapling_response);
3247 if (params->ocsp_stapling_response)
3248 tls_global->ocsp_stapling_response =
3249 os_strdup(params->ocsp_stapling_response);
3250 else
3251 tls_global->ocsp_stapling_response = NULL;
3252#endif /* HAVE_OCSP */
3253
ebfa2275
SZ
3254 return 0;
3255}
3256
3257
3258int tls_connection_get_keyblock_size(void *tls_ctx,
3259 struct tls_connection *conn)
3260{
3261 const EVP_CIPHER *c;
3262 const EVP_MD *h;
4781064b 3263 int md_size;
ebfa2275
SZ
3264
3265 if (conn == NULL || conn->ssl == NULL ||
3266 conn->ssl->enc_read_ctx == NULL ||
3267 conn->ssl->enc_read_ctx->cipher == NULL ||
3268 conn->ssl->read_hash == NULL)
3269 return -1;
3270
3271 c = conn->ssl->enc_read_ctx->cipher;
a875087d
JL
3272#if OPENSSL_VERSION_NUMBER >= 0x00909000L
3273 h = EVP_MD_CTX_md(conn->ssl->read_hash);
3274#else
ebfa2275 3275 h = conn->ssl->read_hash;
a875087d 3276#endif
4781064b
JM
3277 if (h)
3278 md_size = EVP_MD_size(h);
3279#if OPENSSL_VERSION_NUMBER >= 0x10000000L
3280 else if (conn->ssl->s3)
3281 md_size = conn->ssl->s3->tmp.new_mac_secret_size;
3282#endif
3283 else
3284 return -1;
ebfa2275 3285
4781064b
JM
3286 wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
3287 "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
3288 EVP_CIPHER_iv_length(c));
ebfa2275 3289 return 2 * (EVP_CIPHER_key_length(c) +
4781064b 3290 md_size +
ebfa2275
SZ
3291 EVP_CIPHER_iv_length(c));
3292}
3293
3294
3295unsigned int tls_capabilities(void *tls_ctx)
3296{
3297 return 0;
3298}
3299
3300
4781064b 3301#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
a875087d
JL
3302/* Pre-shared secred requires a patch to openssl, so this function is
3303 * commented out unless explicitly needed for EAP-FAST in order to be able to
3304 * build this file with unmodified openssl. */
3305
3306static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3307 STACK_OF(SSL_CIPHER) *peer_ciphers,
3308 SSL_CIPHER **cipher, void *arg)
3309{
3310 struct tls_connection *conn = arg;
3311 int ret;
3312
3313 if (conn == NULL || conn->session_ticket_cb == NULL)
3314 return 0;
3315
3316 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
3317 conn->session_ticket,
3318 conn->session_ticket_len,
3319 s->s3->client_random,
3320 s->s3->server_random, secret);
3321 os_free(conn->session_ticket);
3322 conn->session_ticket = NULL;
3323
3324 if (ret <= 0)
3325 return 0;
3326
3327 *secret_len = SSL_MAX_MASTER_KEY_LENGTH;
3328 return 1;
3329}
3330
3331
3332#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
3333static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
3334 int len, void *arg)
3335{
3336 struct tls_connection *conn = arg;
3337
3338 if (conn == NULL || conn->session_ticket_cb == NULL)
3339 return 0;
3340
3341 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len);
3342
3343 os_free(conn->session_ticket);
3344 conn->session_ticket = NULL;
3345
3346 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
3347 "extension", data, len);
3348
3349 conn->session_ticket = os_malloc(len);
3350 if (conn->session_ticket == NULL)
3351 return 0;
3352
3353 os_memcpy(conn->session_ticket, data, len);
3354 conn->session_ticket_len = len;
3355
3356 return 1;
3357}
3358#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3359#ifdef SSL_OP_NO_TICKET
3360static void tls_hello_ext_cb(SSL *s, int client_server, int type,
3361 unsigned char *data, int len, void *arg)
3362{
3363 struct tls_connection *conn = arg;
3364
3365 if (conn == NULL || conn->session_ticket_cb == NULL)
3366 return;
3367
3368 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__,
3369 type, len);
3370
3371 if (type == TLSEXT_TYPE_session_ticket && !client_server) {
3372 os_free(conn->session_ticket);
3373 conn->session_ticket = NULL;
3374
3375 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
3376 "extension", data, len);
3377 conn->session_ticket = os_malloc(len);
3378 if (conn->session_ticket == NULL)
3379 return;
3380
3381 os_memcpy(conn->session_ticket, data, len);
3382 conn->session_ticket_len = len;
3383 }
3384}
3385#else /* SSL_OP_NO_TICKET */
3386static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg)
3387{
3388 struct tls_connection *conn = arg;
3389
3390 if (conn == NULL || conn->session_ticket_cb == NULL)
3391 return 0;
3392
3393 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__,
3394 ext->type, ext->length);
3395
3396 os_free(conn->session_ticket);
3397 conn->session_ticket = NULL;
3398
3399 if (ext->type == 35) {
3400 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
3401 "extension", ext->data, ext->length);
3402 conn->session_ticket = os_malloc(ext->length);
3403 if (conn->session_ticket == NULL)
3404 return SSL_AD_INTERNAL_ERROR;
3405
3406 os_memcpy(conn->session_ticket, ext->data, ext->length);
3407 conn->session_ticket_len = ext->length;
3408 }
3409
3410 return 0;
3411}
3412#endif /* SSL_OP_NO_TICKET */
3413#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
4781064b 3414#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
a875087d
JL
3415
3416
3417int tls_connection_set_session_ticket_cb(void *tls_ctx,
3418 struct tls_connection *conn,
3419 tls_session_ticket_cb cb,
3420 void *ctx)
3421{
4781064b 3422#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
a875087d
JL
3423 conn->session_ticket_cb = cb;
3424 conn->session_ticket_cb_ctx = ctx;
3425
3426 if (cb) {
3427 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
3428 conn) != 1)
3429 return -1;
3430#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
3431 SSL_set_session_ticket_ext_cb(conn->ssl,
3432 tls_session_ticket_ext_cb, conn);
3433#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3434#ifdef SSL_OP_NO_TICKET
3435 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
3436 SSL_set_tlsext_debug_arg(conn->ssl, conn);
3437#else /* SSL_OP_NO_TICKET */
3438 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
3439 conn) != 1)
3440 return -1;
3441#endif /* SSL_OP_NO_TICKET */
3442#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3443 } else {
3444 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
3445 return -1;
3446#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
3447 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
3448#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3449#ifdef SSL_OP_NO_TICKET
3450 SSL_set_tlsext_debug_callback(conn->ssl, NULL);
3451 SSL_set_tlsext_debug_arg(conn->ssl, conn);
3452#else /* SSL_OP_NO_TICKET */
3453 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
3454 return -1;
3455#endif /* SSL_OP_NO_TICKET */
3456#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3457 }
3458
3459 return 0;
4781064b 3460#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
a875087d 3461 return -1;
4781064b 3462#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
a875087d 3463}