Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 3b7e16d414e38c8856c4712f3a0768c89689cbc3 / . / src / crypto / tls_openssl.c
blob: 18e0e789595582c7af15f204826c73dcd28dec01 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * SSL/TLS interface functions for OpenSSL
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 */
8
9#include "includes.h"
10
11#ifndef CONFIG_SMARTCARD
12#ifndef OPENSSL_NO_ENGINE
Kenny Rootdb3c5a42012-03-20 17:00:47 -0700[diff] [blame]13#ifndef ANDROID
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]14#define OPENSSL_NO_ENGINE
15#endif
16#endif
Kenny Rootdb3c5a42012-03-20 17:00:47 -0700[diff] [blame]17#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]18
19#include <openssl/ssl.h>
20#include <openssl/err.h>
21#include <openssl/pkcs12.h>
22#include <openssl/x509v3.h>
23#ifndef OPENSSL_NO_ENGINE
24#include <openssl/engine.h>
25#endif /* OPENSSL_NO_ENGINE */
26
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]27#include "common.h"
28#include "crypto.h"
29#include "tls.h"
30
31#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
32#define OPENSSL_d2i_TYPE const unsigned char **
33#else
34#define OPENSSL_d2i_TYPE unsigned char **
35#endif
36
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]37#if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data)
38#define OPENSSL_SUPPORTS_CTX_APP_DATA
39#endif
40
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]41#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
42#ifdef SSL_OP_NO_TICKET
43/*
44 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on
45 * 2008-11-15. This version uses a bit different API compared to the old patch.
46 */
47#define CONFIG_OPENSSL_TICKET_OVERRIDE
48#endif
49#endif
50
Kenny Root3f3ca3b2012-11-12 16:33:36 -0800[diff] [blame]51#ifdef ANDROID
52#include <openssl/pem.h>
53#include <keystore/keystore_get.h>
54
55static BIO * BIO_from_keystore(const char *key)
56{
57 BIO *bio = NULL;
58 uint8_t *value = NULL;
59 int length = keystore_get(key, strlen(key), &value);
60 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) {
61 BIO_write(bio, value, length);
62 }
63 free(value);
64 return bio;
65}
66#endif /* ANDROID */
67
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]68#ifdef SSL_set_tlsext_status_type
69#ifndef OPENSSL_NO_TLSEXT
70#define HAVE_OCSP
71#include <openssl/ocsp.h>
72#endif /* OPENSSL_NO_TLSEXT */
73#endif /* SSL_set_tlsext_status_type */
74
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]75static int tls_openssl_ref_count = 0;
76
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]77struct tls_context {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]78 void (*event_cb)(void *ctx, enum tls_event ev,
79 union tls_event_data *data);
80 void *cb_ctx;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]81 int cert_in_cb;
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]82 char *ocsp_stapling_response;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]83};
84
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]85static struct tls_context *tls_global = NULL;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]86
87
88struct tls_connection {
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]89 struct tls_context *context;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]90 SSL *ssl;
91 BIO *ssl_in, *ssl_out;
92#ifndef OPENSSL_NO_ENGINE
93 ENGINE *engine; /* functional reference to the engine */
94 EVP_PKEY *private_key; /* the private key if using engine */
95#endif /* OPENSSL_NO_ENGINE */
96 char *subject_match, *altsubject_match;
97 int read_alerts, write_alerts, failed;
98
99 tls_session_ticket_cb session_ticket_cb;
100 void *session_ticket_cb_ctx;
101
102 /* SessionTicket received from OpenSSL hello_extension_cb (server) */
103 u8 *session_ticket;
104 size_t session_ticket_len;
105
106 unsigned int ca_cert_verify:1;
107 unsigned int cert_probe:1;
108 unsigned int server_cert_only:1;
109
110 u8 srv_cert_hash[32];
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]111
112 unsigned int flags;
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]113
114 X509 *peer_cert;
115 X509 *peer_issuer;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]116};
117
118
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]119static struct tls_context * tls_context_new(const struct tls_config *conf)
120{
121 struct tls_context *context = os_zalloc(sizeof(*context));
122 if (context == NULL)
123 return NULL;
124 if (conf) {
125 context->event_cb = conf->event_cb;
126 context->cb_ctx = conf->cb_ctx;
127 context->cert_in_cb = conf->cert_in_cb;
128 }
129 return context;
130}
131
132
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]133#ifdef CONFIG_NO_STDOUT_DEBUG
134
135static void _tls_show_errors(void)
136{
137 unsigned long err;
138
139 while ((err = ERR_get_error())) {
140 /* Just ignore the errors, since stdout is disabled */
141 }
142}
143#define tls_show_errors(l, f, t) _tls_show_errors()
144
145#else /* CONFIG_NO_STDOUT_DEBUG */
146
147static void tls_show_errors(int level, const char *func, const char *txt)
148{
149 unsigned long err;
150
151 wpa_printf(level, "OpenSSL: %s - %s %s",
152 func, txt, ERR_error_string(ERR_get_error(), NULL));
153
154 while ((err = ERR_get_error())) {
155 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
156 ERR_error_string(err, NULL));
157 }
158}
159
160#endif /* CONFIG_NO_STDOUT_DEBUG */
161
162
163#ifdef CONFIG_NATIVE_WINDOWS
164
165/* Windows CryptoAPI and access to certificate stores */
166#include <wincrypt.h>
167
168#ifdef __MINGW32_VERSION
169/*
170 * MinGW does not yet include all the needed definitions for CryptoAPI, so
171 * define here whatever extra is needed.
172 */
173#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
174#define CERT_STORE_READONLY_FLAG 0x00008000
175#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
176
177#endif /* __MINGW32_VERSION */
178
179
180struct cryptoapi_rsa_data {
181 const CERT_CONTEXT *cert;
182 HCRYPTPROV crypt_prov;
183 DWORD key_spec;
184 BOOL free_crypt_prov;
185};
186
187
188static void cryptoapi_error(const char *msg)
189{
190 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u",
191 msg, (unsigned int) GetLastError());
192}
193
194
195static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from,
196 unsigned char *to, RSA *rsa, int padding)
197{
198 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
199 return 0;
200}
201
202
203static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from,
204 unsigned char *to, RSA *rsa, int padding)
205{
206 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
207 return 0;
208}
209
210
211static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
212 unsigned char *to, RSA *rsa, int padding)
213{
214 struct cryptoapi_rsa_data *priv =
215 (struct cryptoapi_rsa_data *) rsa->meth->app_data;
216 HCRYPTHASH hash;
217 DWORD hash_size, len, i;
218 unsigned char *buf = NULL;
219 int ret = 0;
220
221 if (priv == NULL) {
222 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
223 ERR_R_PASSED_NULL_PARAMETER);
224 return 0;
225 }
226
227 if (padding != RSA_PKCS1_PADDING) {
228 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
229 RSA_R_UNKNOWN_PADDING_TYPE);
230 return 0;
231 }
232
233 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
234 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
235 __func__);
236 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
237 RSA_R_INVALID_MESSAGE_LENGTH);
238 return 0;
239 }
240
241 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
242 {
243 cryptoapi_error("CryptCreateHash failed");
244 return 0;
245 }
246
247 len = sizeof(hash_size);
248 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len,
249 0)) {
250 cryptoapi_error("CryptGetHashParam failed");
251 goto err;
252 }
253
254 if ((int) hash_size != flen) {
255 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)",
256 (unsigned) hash_size, flen);
257 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
258 RSA_R_INVALID_MESSAGE_LENGTH);
259 goto err;
260 }
261 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) {
262 cryptoapi_error("CryptSetHashParam failed");
263 goto err;
264 }
265
266 len = RSA_size(rsa);
267 buf = os_malloc(len);
268 if (buf == NULL) {
269 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
270 goto err;
271 }
272
273 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
274 cryptoapi_error("CryptSignHash failed");
275 goto err;
276 }
277
278 for (i = 0; i < len; i++)
279 to[i] = buf[len - i - 1];
280 ret = len;
281
282err:
283 os_free(buf);
284 CryptDestroyHash(hash);
285
286 return ret;
287}
288
289
290static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from,
291 unsigned char *to, RSA *rsa, int padding)
292{
293 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
294 return 0;
295}
296
297
298static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv)
299{
300 if (priv == NULL)
301 return;
302 if (priv->crypt_prov && priv->free_crypt_prov)
303 CryptReleaseContext(priv->crypt_prov, 0);
304 if (priv->cert)
305 CertFreeCertificateContext(priv->cert);
306 os_free(priv);
307}
308
309
310static int cryptoapi_finish(RSA *rsa)
311{
312 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
313 os_free((void *) rsa->meth);
314 rsa->meth = NULL;
315 return 1;
316}
317
318
319static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store)
320{
321 HCERTSTORE cs;
322 const CERT_CONTEXT *ret = NULL;
323
324 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0,
325 store | CERT_STORE_OPEN_EXISTING_FLAG |
326 CERT_STORE_READONLY_FLAG, L"MY");
327 if (cs == NULL) {
328 cryptoapi_error("Failed to open 'My system store'");
329 return NULL;
330 }
331
332 if (strncmp(name, "cert://", 7) == 0) {
333 unsigned short wbuf[255];
334 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
335 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING |
336 PKCS_7_ASN_ENCODING,
337 0, CERT_FIND_SUBJECT_STR,
338 wbuf, NULL);
339 } else if (strncmp(name, "hash://", 7) == 0) {
340 CRYPT_HASH_BLOB blob;
341 int len;
342 const char *hash = name + 7;
343 unsigned char *buf;
344
345 len = os_strlen(hash) / 2;
346 buf = os_malloc(len);
347 if (buf && hexstr2bin(hash, buf, len) == 0) {
348 blob.cbData = len;
349 blob.pbData = buf;
350 ret = CertFindCertificateInStore(cs,
351 X509_ASN_ENCODING |
352 PKCS_7_ASN_ENCODING,
353 0, CERT_FIND_HASH,
354 &blob, NULL);
355 }
356 os_free(buf);
357 }
358
359 CertCloseStore(cs, 0);
360
361 return ret;
362}
363
364
365static int tls_cryptoapi_cert(SSL *ssl, const char *name)
366{
367 X509 *cert = NULL;
368 RSA *rsa = NULL, *pub_rsa;
369 struct cryptoapi_rsa_data *priv;
370 RSA_METHOD *rsa_meth;
371
372 if (name == NULL ||
373 (strncmp(name, "cert://", 7) != 0 &&
374 strncmp(name, "hash://", 7) != 0))
375 return -1;
376
377 priv = os_zalloc(sizeof(*priv));
378 rsa_meth = os_zalloc(sizeof(*rsa_meth));
379 if (priv == NULL || rsa_meth == NULL) {
380 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory "
381 "for CryptoAPI RSA method");
382 os_free(priv);
383 os_free(rsa_meth);
384 return -1;
385 }
386
387 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
388 if (priv->cert == NULL) {
389 priv->cert = cryptoapi_find_cert(
390 name, CERT_SYSTEM_STORE_LOCAL_MACHINE);
391 }
392 if (priv->cert == NULL) {
393 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate "
394 "'%s'", name);
395 goto err;
396 }
397
398 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
399 priv->cert->cbCertEncoded);
400 if (cert == NULL) {
401 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
402 "encoding");
403 goto err;
404 }
405
406 if (!CryptAcquireCertificatePrivateKey(priv->cert,
407 CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
408 NULL, &priv->crypt_prov,
409 &priv->key_spec,
410 &priv->free_crypt_prov)) {
411 cryptoapi_error("Failed to acquire a private key for the "
412 "certificate");
413 goto err;
414 }
415
416 rsa_meth->name = "Microsoft CryptoAPI RSA Method";
417 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
418 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
419 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
420 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
421 rsa_meth->finish = cryptoapi_finish;
422 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
423 rsa_meth->app_data = (char *) priv;
424
425 rsa = RSA_new();
426 if (rsa == NULL) {
427 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,
428 ERR_R_MALLOC_FAILURE);
429 goto err;
430 }
431
432 if (!SSL_use_certificate(ssl, cert)) {
433 RSA_free(rsa);
434 rsa = NULL;
435 goto err;
436 }
437 pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
438 X509_free(cert);
439 cert = NULL;
440
441 rsa->n = BN_dup(pub_rsa->n);
442 rsa->e = BN_dup(pub_rsa->e);
443 if (!RSA_set_method(rsa, rsa_meth))
444 goto err;
445
446 if (!SSL_use_RSAPrivateKey(ssl, rsa))
447 goto err;
448 RSA_free(rsa);
449
450 return 0;
451
452err:
453 if (cert)
454 X509_free(cert);
455 if (rsa)
456 RSA_free(rsa);
457 else {
458 os_free(rsa_meth);
459 cryptoapi_free_data(priv);
460 }
461 return -1;
462}
463
464
465static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
466{
467 HCERTSTORE cs;
468 PCCERT_CONTEXT ctx = NULL;
469 X509 *cert;
470 char buf[128];
471 const char *store;
472#ifdef UNICODE
473 WCHAR *wstore;
474#endif /* UNICODE */
475
476 if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
477 return -1;
478
479 store = name + 13;
480#ifdef UNICODE
481 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR));
482 if (wstore == NULL)
483 return -1;
484 wsprintf(wstore, L"%S", store);
485 cs = CertOpenSystemStore(0, wstore);
486 os_free(wstore);
487#else /* UNICODE */
488 cs = CertOpenSystemStore(0, store);
489#endif /* UNICODE */
490 if (cs == NULL) {
491 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
492 "'%s': error=%d", __func__, store,
493 (int) GetLastError());
494 return -1;
495 }
496
497 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
498 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
499 ctx->cbCertEncoded);
500 if (cert == NULL) {
501 wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
502 "X509 DER encoding for CA cert");
503 continue;
504 }
505
506 X509_NAME_oneline(X509_get_subject_name(cert), buf,
507 sizeof(buf));
508 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for "
509 "system certificate store: subject='%s'", buf);
510
511 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
512 tls_show_errors(MSG_WARNING, __func__,
513 "Failed to add ca_cert to OpenSSL "
514 "certificate store");
515 }
516
517 X509_free(cert);
518 }
519
520 if (!CertCloseStore(cs, 0)) {
521 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
522 "'%s': error=%d", __func__, name + 13,
523 (int) GetLastError());
524 }
525
526 return 0;
527}
528
529
530#else /* CONFIG_NATIVE_WINDOWS */
531
532static int tls_cryptoapi_cert(SSL *ssl, const char *name)
533{
534 return -1;
535}
536
537#endif /* CONFIG_NATIVE_WINDOWS */
538
539
540static void ssl_info_cb(const SSL *ssl, int where, int ret)
541{
542 const char *str;
543 int w;
544
545 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
546 w = where & ~SSL_ST_MASK;
547 if (w & SSL_ST_CONNECT)
548 str = "SSL_connect";
549 else if (w & SSL_ST_ACCEPT)
550 str = "SSL_accept";
551 else
552 str = "undefined";
553
554 if (where & SSL_CB_LOOP) {
555 wpa_printf(MSG_DEBUG, "SSL: %s:%s",
556 str, SSL_state_string_long(ssl));
557 } else if (where & SSL_CB_ALERT) {
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]558 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]559 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
560 where & SSL_CB_READ ?
561 "read (remote end reported an error)" :
562 "write (local SSL3 detected an error)",
563 SSL_alert_type_string_long(ret),
564 SSL_alert_desc_string_long(ret));
565 if ((ret >> 8) == SSL3_AL_FATAL) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]566 if (where & SSL_CB_READ)
567 conn->read_alerts++;
568 else
569 conn->write_alerts++;
570 }
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]571 if (conn->context->event_cb != NULL) {
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]572 union tls_event_data ev;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]573 struct tls_context *context = conn->context;
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]574 os_memset(&ev, 0, sizeof(ev));
575 ev.alert.is_local = !(where & SSL_CB_READ);
576 ev.alert.type = SSL_alert_type_string_long(ret);
577 ev.alert.description = SSL_alert_desc_string_long(ret);
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]578 context->event_cb(context->cb_ctx, TLS_ALERT, &ev);
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]579 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]580 } else if (where & SSL_CB_EXIT && ret <= 0) {
581 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
582 str, ret == 0 ? "failed" : "error",
583 SSL_state_string_long(ssl));
584 }
585}
586
587
588#ifndef OPENSSL_NO_ENGINE
589/**
590 * tls_engine_load_dynamic_generic - load any openssl engine
591 * @pre: an array of commands and values that load an engine initialized
592 * in the engine specific function
593 * @post: an array of commands and values that initialize an already loaded
594 * engine (or %NULL if not required)
595 * @id: the engine id of the engine to load (only required if post is not %NULL
596 *
597 * This function is a generic function that loads any openssl engine.
598 *
599 * Returns: 0 on success, -1 on failure
600 */
601static int tls_engine_load_dynamic_generic(const char *pre[],
602 const char *post[], const char *id)
603{
604 ENGINE *engine;
605 const char *dynamic_id = "dynamic";
606
607 engine = ENGINE_by_id(id);
608 if (engine) {
609 ENGINE_free(engine);
610 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
611 "available", id);
612 return 0;
613 }
614 ERR_clear_error();
615
616 engine = ENGINE_by_id(dynamic_id);
617 if (engine == NULL) {
618 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
619 dynamic_id,
620 ERR_error_string(ERR_get_error(), NULL));
621 return -1;
622 }
623
624 /* Perform the pre commands. This will load the engine. */
625 while (pre && pre[0]) {
626 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
627 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
628 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
629 "%s %s [%s]", pre[0], pre[1],
630 ERR_error_string(ERR_get_error(), NULL));
631 ENGINE_free(engine);
632 return -1;
633 }
634 pre += 2;
635 }
636
637 /*
638 * Free the reference to the "dynamic" engine. The loaded engine can
639 * now be looked up using ENGINE_by_id().
640 */
641 ENGINE_free(engine);
642
643 engine = ENGINE_by_id(id);
644 if (engine == NULL) {
645 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
646 id, ERR_error_string(ERR_get_error(), NULL));
647 return -1;
648 }
649
650 while (post && post[0]) {
651 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
652 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
653 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
654 " %s %s [%s]", post[0], post[1],
655 ERR_error_string(ERR_get_error(), NULL));
656 ENGINE_remove(engine);
657 ENGINE_free(engine);
658 return -1;
659 }
660 post += 2;
661 }
662 ENGINE_free(engine);
663
664 return 0;
665}
666
667
668/**
669 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
670 * @pkcs11_so_path: pksc11_so_path from the configuration
671 * @pcks11_module_path: pkcs11_module_path from the configuration
672 */
673static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
674 const char *pkcs11_module_path)
675{
676 char *engine_id = "pkcs11";
677 const char *pre_cmd[] = {
678 "SO_PATH", NULL /* pkcs11_so_path */,
679 "ID", NULL /* engine_id */,
680 "LIST_ADD", "1",
681 /* "NO_VCHECK", "1", */
682 "LOAD", NULL,
683 NULL, NULL
684 };
685 const char *post_cmd[] = {
686 "MODULE_PATH", NULL /* pkcs11_module_path */,
687 NULL, NULL
688 };
689
690 if (!pkcs11_so_path || !pkcs11_module_path)
691 return 0;
692
693 pre_cmd[1] = pkcs11_so_path;
694 pre_cmd[3] = engine_id;
695 post_cmd[1] = pkcs11_module_path;
696
697 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
698 pkcs11_so_path);
699
700 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id);
701}
702
703
704/**
705 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
706 * @opensc_so_path: opensc_so_path from the configuration
707 */
708static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
709{
710 char *engine_id = "opensc";
711 const char *pre_cmd[] = {
712 "SO_PATH", NULL /* opensc_so_path */,
713 "ID", NULL /* engine_id */,
714 "LIST_ADD", "1",
715 "LOAD", NULL,
716 NULL, NULL
717 };
718
719 if (!opensc_so_path)
720 return 0;
721
722 pre_cmd[1] = opensc_so_path;
723 pre_cmd[3] = engine_id;
724
725 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s",
726 opensc_so_path);
727
728 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id);
729}
730#endif /* OPENSSL_NO_ENGINE */
731
732
733void * tls_init(const struct tls_config *conf)
734{
735 SSL_CTX *ssl;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]736 struct tls_context *context;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]737
738 if (tls_openssl_ref_count == 0) {
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]739 tls_global = context = tls_context_new(conf);
740 if (context == NULL)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]741 return NULL;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]742#ifdef CONFIG_FIPS
743#ifdef OPENSSL_FIPS
744 if (conf && conf->fips_mode) {
745 if (!FIPS_mode_set(1)) {
746 wpa_printf(MSG_ERROR, "Failed to enable FIPS "
747 "mode");
748 ERR_load_crypto_strings();
749 ERR_print_errors_fp(stderr);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]750 os_free(tls_global);
751 tls_global = NULL;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]752 return NULL;
753 } else
754 wpa_printf(MSG_INFO, "Running in FIPS mode");
755 }
756#else /* OPENSSL_FIPS */
757 if (conf && conf->fips_mode) {
758 wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
759 "supported");
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]760 os_free(tls_global);
761 tls_global = NULL;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]762 return NULL;
763 }
764#endif /* OPENSSL_FIPS */
765#endif /* CONFIG_FIPS */
766 SSL_load_error_strings();
767 SSL_library_init();
768#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
769 EVP_add_digest(EVP_sha256());
770#endif /* OPENSSL_NO_SHA256 */
771 /* TODO: if /dev/urandom is available, PRNG is seeded
772 * automatically. If this is not the case, random data should
773 * be added here. */
774
775#ifdef PKCS12_FUNCS
776#ifndef OPENSSL_NO_RC2
777 /*
778 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
779 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
780 * versions, but it looks like OpenSSL 1.0.0 does not do that
781 * anymore.
782 */
783 EVP_add_cipher(EVP_rc2_40_cbc());
784#endif /* OPENSSL_NO_RC2 */
785 PKCS12_PBE_add();
786#endif /* PKCS12_FUNCS */
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]787 } else {
788 context = tls_global;
789#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
790 /* Newer OpenSSL can store app-data per-SSL */
791 context = tls_context_new(conf);
792 if (context == NULL)
793 return NULL;
794#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]795 }
796 tls_openssl_ref_count++;
797
798 ssl = SSL_CTX_new(TLSv1_method());
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]799 if (ssl == NULL) {
800 tls_openssl_ref_count--;
801 if (tls_openssl_ref_count == 0) {
802 os_free(tls_global);
803 tls_global = NULL;
804 } else if (context != tls_global) {
805 os_free(context);
806 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]807 return NULL;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]808 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]809
810 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]811#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
812 SSL_CTX_set_app_data(ssl, context);
813#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]814
815#ifndef OPENSSL_NO_ENGINE
816 if (conf &&
817 (conf->opensc_engine_path || conf->pkcs11_engine_path ||
818 conf->pkcs11_module_path)) {
819 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
820 ERR_load_ENGINE_strings();
821 ENGINE_load_dynamic();
822
823 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
824 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
825 conf->pkcs11_module_path)) {
826 tls_deinit(ssl);
827 return NULL;
828 }
829 }
830#endif /* OPENSSL_NO_ENGINE */
831
832 return ssl;
833}
834
835
836void tls_deinit(void *ssl_ctx)
837{
838 SSL_CTX *ssl = ssl_ctx;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]839#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
840 struct tls_context *context = SSL_CTX_get_app_data(ssl);
841 if (context != tls_global)
842 os_free(context);
843#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]844 SSL_CTX_free(ssl);
845
846 tls_openssl_ref_count--;
847 if (tls_openssl_ref_count == 0) {
848#ifndef OPENSSL_NO_ENGINE
849 ENGINE_cleanup();
850#endif /* OPENSSL_NO_ENGINE */
851 CRYPTO_cleanup_all_ex_data();
852 ERR_remove_state(0);
853 ERR_free_strings();
854 EVP_cleanup();
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]855 os_free(tls_global->ocsp_stapling_response);
856 tls_global->ocsp_stapling_response = NULL;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]857 os_free(tls_global);
858 tls_global = NULL;
859 }
860}
861
862
863static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
864 const char *pin, const char *key_id,
865 const char *cert_id, const char *ca_cert_id)
866{
867#ifndef OPENSSL_NO_ENGINE
868 int ret = -1;
869 if (engine_id == NULL) {
870 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
871 return -1;
872 }
Kenny Rootdb3c5a42012-03-20 17:00:47 -0700[diff] [blame]873#ifndef ANDROID
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]874 if (pin == NULL) {
875 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
876 return -1;
877 }
Kenny Rootdb3c5a42012-03-20 17:00:47 -0700[diff] [blame]878#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]879 if (key_id == NULL) {
880 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set");
881 return -1;
882 }
883
884 ERR_clear_error();
Kenny Rootdb3c5a42012-03-20 17:00:47 -0700[diff] [blame]885#ifdef ANDROID
886 ENGINE_load_dynamic();
887#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]888 conn->engine = ENGINE_by_id(engine_id);
889 if (!conn->engine) {
890 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
891 engine_id, ERR_error_string(ERR_get_error(), NULL));
892 goto err;
893 }
894 if (ENGINE_init(conn->engine) != 1) {
895 wpa_printf(MSG_ERROR, "ENGINE: engine init failed "
896 "(engine: %s) [%s]", engine_id,
897 ERR_error_string(ERR_get_error(), NULL));
898 goto err;
899 }
900 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
901
Kenny Rootdb3c5a42012-03-20 17:00:47 -0700[diff] [blame]902#ifndef ANDROID
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]903 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
904 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
905 ERR_error_string(ERR_get_error(), NULL));
906 goto err;
907 }
Kenny Rootdb3c5a42012-03-20 17:00:47 -0700[diff] [blame]908#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]909 /* load private key first in-case PIN is required for cert */
910 conn->private_key = ENGINE_load_private_key(conn->engine,
911 key_id, NULL, NULL);
912 if (!conn->private_key) {
913 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id"
914 " '%s' [%s]", key_id,
915 ERR_error_string(ERR_get_error(), NULL));
916 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
917 goto err;
918 }
919
920 /* handle a certificate and/or CA certificate */
921 if (cert_id || ca_cert_id) {
922 const char *cmd_name = "LOAD_CERT_CTRL";
923
924 /* test if the engine supports a LOAD_CERT_CTRL */
925 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
926 0, (void *)cmd_name, NULL)) {
927 wpa_printf(MSG_ERROR, "ENGINE: engine does not support"
928 " loading certificates");
929 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
930 goto err;
931 }
932 }
933
934 return 0;
935
936err:
937 if (conn->engine) {
938 ENGINE_free(conn->engine);
939 conn->engine = NULL;
940 }
941
942 if (conn->private_key) {
943 EVP_PKEY_free(conn->private_key);
944 conn->private_key = NULL;
945 }
946
947 return ret;
948#else /* OPENSSL_NO_ENGINE */
949 return 0;
950#endif /* OPENSSL_NO_ENGINE */
951}
952
953
954static void tls_engine_deinit(struct tls_connection *conn)
955{
956#ifndef OPENSSL_NO_ENGINE
957 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit");
958 if (conn->private_key) {
959 EVP_PKEY_free(conn->private_key);
960 conn->private_key = NULL;
961 }
962 if (conn->engine) {
963 ENGINE_finish(conn->engine);
964 conn->engine = NULL;
965 }
966#endif /* OPENSSL_NO_ENGINE */
967}
968
969
970int tls_get_errors(void *ssl_ctx)
971{
972 int count = 0;
973 unsigned long err;
974
975 while ((err = ERR_get_error())) {
976 wpa_printf(MSG_INFO, "TLS - SSL error: %s",
977 ERR_error_string(err, NULL));
978 count++;
979 }
980
981 return count;
982}
983
984struct tls_connection * tls_connection_init(void *ssl_ctx)
985{
986 SSL_CTX *ssl = ssl_ctx;
987 struct tls_connection *conn;
988 long options;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]989 struct tls_context *context = tls_global;
990#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
991 context = SSL_CTX_get_app_data(ssl);
992#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]993
994 conn = os_zalloc(sizeof(*conn));
995 if (conn == NULL)
996 return NULL;
997 conn->ssl = SSL_new(ssl);
998 if (conn->ssl == NULL) {
999 tls_show_errors(MSG_INFO, __func__,
1000 "Failed to initialize new SSL connection");
1001 os_free(conn);
1002 return NULL;
1003 }
1004
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1005 conn->context = context;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1006 SSL_set_app_data(conn->ssl, conn);
1007 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
1008 SSL_OP_SINGLE_DH_USE;
1009#ifdef SSL_OP_NO_COMPRESSION
1010 options |= SSL_OP_NO_COMPRESSION;
1011#endif /* SSL_OP_NO_COMPRESSION */
Brian Carlstrom27bf1072012-07-25 23:11:44 -0700[diff] [blame]1012#ifdef ANDROID
1013 options |= SSL_OP_NO_TLSv1_1;
1014 options |= SSL_OP_NO_TLSv1_2;
1015 options |= SSL_OP_NO_TICKET;
1016#endif /* ANDROID */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1017 SSL_set_options(conn->ssl, options);
1018
1019 conn->ssl_in = BIO_new(BIO_s_mem());
1020 if (!conn->ssl_in) {
1021 tls_show_errors(MSG_INFO, __func__,
1022 "Failed to create a new BIO for ssl_in");
1023 SSL_free(conn->ssl);
1024 os_free(conn);
1025 return NULL;
1026 }
1027
1028 conn->ssl_out = BIO_new(BIO_s_mem());
1029 if (!conn->ssl_out) {
1030 tls_show_errors(MSG_INFO, __func__,
1031 "Failed to create a new BIO for ssl_out");
1032 SSL_free(conn->ssl);
1033 BIO_free(conn->ssl_in);
1034 os_free(conn);
1035 return NULL;
1036 }
1037
1038 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1039
1040 return conn;
1041}
1042
1043
1044void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
1045{
1046 if (conn == NULL)
1047 return;
1048 SSL_free(conn->ssl);
1049 tls_engine_deinit(conn);
1050 os_free(conn->subject_match);
1051 os_free(conn->altsubject_match);
1052 os_free(conn->session_ticket);
1053 os_free(conn);
1054}
1055
1056
1057int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
1058{
1059 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1060}
1061
1062
1063int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
1064{
1065 if (conn == NULL)
1066 return -1;
1067
1068 /* Shutdown previous TLS connection without notifying the peer
1069 * because the connection was already terminated in practice
1070 * and "close notify" shutdown alert would confuse AS. */
1071 SSL_set_quiet_shutdown(conn->ssl, 1);
1072 SSL_shutdown(conn->ssl);
1073 return 0;
1074}
1075
1076
1077static int tls_match_altsubject_component(X509 *cert, int type,
1078 const char *value, size_t len)
1079{
1080 GENERAL_NAME *gen;
1081 void *ext;
1082 int i, found = 0;
1083
1084 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1085
1086 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1087 gen = sk_GENERAL_NAME_value(ext, i);
1088 if (gen->type != type)
1089 continue;
1090 if (os_strlen((char *) gen->d.ia5->data) == len &&
1091 os_memcmp(value, gen->d.ia5->data, len) == 0)
1092 found++;
1093 }
1094
1095 return found;
1096}
1097
1098
1099static int tls_match_altsubject(X509 *cert, const char *match)
1100{
1101 int type;
1102 const char *pos, *end;
1103 size_t len;
1104
1105 pos = match;
1106 do {
1107 if (os_strncmp(pos, "EMAIL:", 6) == 0) {
1108 type = GEN_EMAIL;
1109 pos += 6;
1110 } else if (os_strncmp(pos, "DNS:", 4) == 0) {
1111 type = GEN_DNS;
1112 pos += 4;
1113 } else if (os_strncmp(pos, "URI:", 4) == 0) {
1114 type = GEN_URI;
1115 pos += 4;
1116 } else {
1117 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName "
1118 "match '%s'", pos);
1119 return 0;
1120 }
1121 end = os_strchr(pos, ';');
1122 while (end) {
1123 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 ||
1124 os_strncmp(end + 1, "DNS:", 4) == 0 ||
1125 os_strncmp(end + 1, "URI:", 4) == 0)
1126 break;
1127 end = os_strchr(end + 1, ';');
1128 }
1129 if (end)
1130 len = end - pos;
1131 else
1132 len = os_strlen(pos);
1133 if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1134 return 1;
1135 pos = end + 1;
1136 } while (end);
1137
1138 return 0;
1139}
1140
1141
1142static enum tls_fail_reason openssl_tls_fail_reason(int err)
1143{
1144 switch (err) {
1145 case X509_V_ERR_CERT_REVOKED:
1146 return TLS_FAIL_REVOKED;
1147 case X509_V_ERR_CERT_NOT_YET_VALID:
1148 case X509_V_ERR_CRL_NOT_YET_VALID:
1149 return TLS_FAIL_NOT_YET_VALID;
1150 case X509_V_ERR_CERT_HAS_EXPIRED:
1151 case X509_V_ERR_CRL_HAS_EXPIRED:
1152 return TLS_FAIL_EXPIRED;
1153 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1154 case X509_V_ERR_UNABLE_TO_GET_CRL:
1155 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1156 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1157 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1158 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1159 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1160 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1161 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1162 case X509_V_ERR_INVALID_CA:
1163 return TLS_FAIL_UNTRUSTED;
1164 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1165 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1166 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1167 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1168 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1169 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1170 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1171 case X509_V_ERR_CERT_UNTRUSTED:
1172 case X509_V_ERR_CERT_REJECTED:
1173 return TLS_FAIL_BAD_CERTIFICATE;
1174 default:
1175 return TLS_FAIL_UNSPECIFIED;
1176 }
1177}
1178
1179
1180static struct wpabuf * get_x509_cert(X509 *cert)
1181{
1182 struct wpabuf *buf;
1183 u8 *tmp;
1184
1185 int cert_len = i2d_X509(cert, NULL);
1186 if (cert_len <= 0)
1187 return NULL;
1188
1189 buf = wpabuf_alloc(cert_len);
1190 if (buf == NULL)
1191 return NULL;
1192
1193 tmp = wpabuf_put(buf, cert_len);
1194 i2d_X509(cert, &tmp);
1195 return buf;
1196}
1197
1198
1199static void openssl_tls_fail_event(struct tls_connection *conn,
1200 X509 *err_cert, int err, int depth,
1201 const char *subject, const char *err_str,
1202 enum tls_fail_reason reason)
1203{
1204 union tls_event_data ev;
1205 struct wpabuf *cert = NULL;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1206 struct tls_context *context = conn->context;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1207
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1208 if (context->event_cb == NULL)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1209 return;
1210
1211 cert = get_x509_cert(err_cert);
1212 os_memset(&ev, 0, sizeof(ev));
1213 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ?
1214 reason : openssl_tls_fail_reason(err);
1215 ev.cert_fail.depth = depth;
1216 ev.cert_fail.subject = subject;
1217 ev.cert_fail.reason_txt = err_str;
1218 ev.cert_fail.cert = cert;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1219 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1220 wpabuf_free(cert);
1221}
1222
1223
1224static void openssl_tls_cert_event(struct tls_connection *conn,
1225 X509 *err_cert, int depth,
1226 const char *subject)
1227{
1228 struct wpabuf *cert = NULL;
1229 union tls_event_data ev;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1230 struct tls_context *context = conn->context;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1231#ifdef CONFIG_SHA256
1232 u8 hash[32];
1233#endif /* CONFIG_SHA256 */
1234
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1235 if (context->event_cb == NULL)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1236 return;
1237
1238 os_memset(&ev, 0, sizeof(ev));
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1239 if (conn->cert_probe || context->cert_in_cb) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1240 cert = get_x509_cert(err_cert);
1241 ev.peer_cert.cert = cert;
1242 }
1243#ifdef CONFIG_SHA256
1244 if (cert) {
1245 const u8 *addr[1];
1246 size_t len[1];
1247 addr[0] = wpabuf_head(cert);
1248 len[0] = wpabuf_len(cert);
1249 if (sha256_vector(1, addr, len, hash) == 0) {
1250 ev.peer_cert.hash = hash;
1251 ev.peer_cert.hash_len = sizeof(hash);
1252 }
1253 }
1254#endif /* CONFIG_SHA256 */
1255 ev.peer_cert.depth = depth;
1256 ev.peer_cert.subject = subject;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1257 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1258 wpabuf_free(cert);
1259}
1260
1261
1262static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
1263{
1264 char buf[256];
1265 X509 *err_cert;
1266 int err, depth;
1267 SSL *ssl;
1268 struct tls_connection *conn;
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1269 struct tls_context *context;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1270 char *match, *altmatch;
1271 const char *err_str;
1272
1273 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
1274 err = X509_STORE_CTX_get_error(x509_ctx);
1275 depth = X509_STORE_CTX_get_error_depth(x509_ctx);
1276 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1277 SSL_get_ex_data_X509_STORE_CTX_idx());
1278 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
1279
1280 conn = SSL_get_app_data(ssl);
1281 if (conn == NULL)
1282 return 0;
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]1283
1284 if (depth == 0)
1285 conn->peer_cert = err_cert;
1286 else if (depth == 1)
1287 conn->peer_issuer = err_cert;
1288
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1289 context = conn->context;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1290 match = conn->subject_match;
1291 altmatch = conn->altsubject_match;
1292
1293 if (!preverify_ok && !conn->ca_cert_verify)
1294 preverify_ok = 1;
1295 if (!preverify_ok && depth > 0 && conn->server_cert_only)
1296 preverify_ok = 1;
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]1297 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
1298 (err == X509_V_ERR_CERT_HAS_EXPIRED ||
1299 err == X509_V_ERR_CERT_NOT_YET_VALID)) {
1300 wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity "
1301 "time mismatch");
1302 preverify_ok = 1;
1303 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1304
1305 err_str = X509_verify_cert_error_string(err);
1306
1307#ifdef CONFIG_SHA256
1308 if (preverify_ok && depth == 0 && conn->server_cert_only) {
1309 struct wpabuf *cert;
1310 cert = get_x509_cert(err_cert);
1311 if (!cert) {
1312 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch "
1313 "server certificate data");
1314 preverify_ok = 0;
1315 } else {
1316 u8 hash[32];
1317 const u8 *addr[1];
1318 size_t len[1];
1319 addr[0] = wpabuf_head(cert);
1320 len[0] = wpabuf_len(cert);
1321 if (sha256_vector(1, addr, len, hash) < 0 ||
1322 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1323 err_str = "Server certificate mismatch";
1324 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
1325 preverify_ok = 0;
1326 }
1327 wpabuf_free(cert);
1328 }
1329 }
1330#endif /* CONFIG_SHA256 */
1331
1332 if (!preverify_ok) {
1333 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
1334 " error %d (%s) depth %d for '%s'", err, err_str,
1335 depth, buf);
1336 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1337 err_str, TLS_FAIL_UNSPECIFIED);
1338 return preverify_ok;
1339 }
1340
1341 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d "
1342 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'",
1343 preverify_ok, err, err_str,
1344 conn->ca_cert_verify, depth, buf);
1345 if (depth == 0 && match && os_strstr(buf, match) == NULL) {
1346 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
1347 "match with '%s'", buf, match);
1348 preverify_ok = 0;
1349 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1350 "Subject mismatch",
1351 TLS_FAIL_SUBJECT_MISMATCH);
1352 } else if (depth == 0 && altmatch &&
1353 !tls_match_altsubject(err_cert, altmatch)) {
1354 wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
1355 "'%s' not found", altmatch);
1356 preverify_ok = 0;
1357 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1358 "AltSubject mismatch",
1359 TLS_FAIL_ALTSUBJECT_MISMATCH);
1360 } else
1361 openssl_tls_cert_event(conn, err_cert, depth, buf);
1362
1363 if (conn->cert_probe && preverify_ok && depth == 0) {
1364 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
1365 "on probe-only run");
1366 preverify_ok = 0;
1367 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1368 "Server certificate chain probe",
1369 TLS_FAIL_SERVER_CHAIN_PROBE);
1370 }
1371
Dmitry Shmidtea69e842013-05-13 14:52:28 -0700[diff] [blame]1372 if (preverify_ok && context->event_cb != NULL)
1373 context->event_cb(context->cb_ctx,
1374 TLS_CERT_CHAIN_SUCCESS, NULL);
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]1375
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1376 return preverify_ok;
1377}
1378
1379
1380#ifndef OPENSSL_NO_STDIO
1381static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
1382{
1383 SSL_CTX *ssl_ctx = _ssl_ctx;
1384 X509_LOOKUP *lookup;
1385 int ret = 0;
1386
1387 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store,
1388 X509_LOOKUP_file());
1389 if (lookup == NULL) {
1390 tls_show_errors(MSG_WARNING, __func__,
1391 "Failed add lookup for X509 store");
1392 return -1;
1393 }
1394
1395 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
1396 unsigned long err = ERR_peek_error();
1397 tls_show_errors(MSG_WARNING, __func__,
1398 "Failed load CA in DER format");
1399 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1400 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1401 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1402 "cert already in hash table error",
1403 __func__);
1404 } else
1405 ret = -1;
1406 }
1407
1408 return ret;
1409}
1410#endif /* OPENSSL_NO_STDIO */
1411
1412
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1413static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
1414 const char *ca_cert, const u8 *ca_cert_blob,
1415 size_t ca_cert_blob_len, const char *ca_path)
1416{
1417 SSL_CTX *ssl_ctx = _ssl_ctx;
1418
1419 /*
1420 * Remove previously configured trusted CA certificates before adding
1421 * new ones.
1422 */
1423 X509_STORE_free(ssl_ctx->cert_store);
1424 ssl_ctx->cert_store = X509_STORE_new();
1425 if (ssl_ctx->cert_store == NULL) {
1426 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
1427 "certificate store", __func__);
1428 return -1;
1429 }
1430
1431 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1432 conn->ca_cert_verify = 1;
1433
1434 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) {
1435 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate "
1436 "chain");
1437 conn->cert_probe = 1;
1438 conn->ca_cert_verify = 0;
1439 return 0;
1440 }
1441
1442 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) {
1443#ifdef CONFIG_SHA256
1444 const char *pos = ca_cert + 7;
1445 if (os_strncmp(pos, "server/sha256/", 14) != 0) {
1446 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert "
1447 "hash value '%s'", ca_cert);
1448 return -1;
1449 }
1450 pos += 14;
1451 if (os_strlen(pos) != 32 * 2) {
1452 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 "
1453 "hash length in ca_cert '%s'", ca_cert);
1454 return -1;
1455 }
1456 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
1457 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash "
1458 "value in ca_cert '%s'", ca_cert);
1459 return -1;
1460 }
1461 conn->server_cert_only = 1;
1462 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server "
1463 "certificate match");
1464 return 0;
1465#else /* CONFIG_SHA256 */
1466 wpa_printf(MSG_INFO, "No SHA256 included in the build - "
1467 "cannot validate server certificate hash");
1468 return -1;
1469#endif /* CONFIG_SHA256 */
1470 }
1471
1472 if (ca_cert_blob) {
1473 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
1474 ca_cert_blob_len);
1475 if (cert == NULL) {
1476 tls_show_errors(MSG_WARNING, __func__,
1477 "Failed to parse ca_cert_blob");
1478 return -1;
1479 }
1480
1481 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1482 unsigned long err = ERR_peek_error();
1483 tls_show_errors(MSG_WARNING, __func__,
1484 "Failed to add ca_cert_blob to "
1485 "certificate store");
1486 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1487 ERR_GET_REASON(err) ==
1488 X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1489 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1490 "cert already in hash table error",
1491 __func__);
1492 } else {
1493 X509_free(cert);
1494 return -1;
1495 }
1496 }
1497 X509_free(cert);
1498 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
1499 "to certificate store", __func__);
1500 return 0;
1501 }
1502
1503#ifdef ANDROID
1504 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) {
1505 BIO *bio = BIO_from_keystore(&ca_cert[11]);
1506 STACK_OF(X509_INFO) *stack = NULL;
1507 int i;
1508
1509 if (bio) {
1510 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
1511 BIO_free(bio);
1512 }
1513 if (!stack)
1514 return -1;
1515
1516 for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
1517 X509_INFO *info = sk_X509_INFO_value(stack, i);
1518 if (info->x509) {
1519 X509_STORE_add_cert(ssl_ctx->cert_store,
1520 info->x509);
1521 }
1522 if (info->crl) {
1523 X509_STORE_add_crl(ssl_ctx->cert_store,
1524 info->crl);
1525 }
1526 }
1527 sk_X509_INFO_pop_free(stack, X509_INFO_free);
1528 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1529 return 0;
1530 }
1531#endif /* ANDROID */
1532
1533#ifdef CONFIG_NATIVE_WINDOWS
1534 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1535 0) {
1536 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from "
1537 "system certificate store");
1538 return 0;
1539 }
1540#endif /* CONFIG_NATIVE_WINDOWS */
1541
1542 if (ca_cert || ca_path) {
1543#ifndef OPENSSL_NO_STDIO
1544 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
1545 1) {
1546 tls_show_errors(MSG_WARNING, __func__,
1547 "Failed to load root certificates");
1548 if (ca_cert &&
1549 tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
1550 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
1551 "DER format CA certificate",
1552 __func__);
1553 } else
1554 return -1;
1555 } else {
1556 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1557 "certificate(s) loaded");
1558 tls_get_errors(ssl_ctx);
1559 }
1560#else /* OPENSSL_NO_STDIO */
1561 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
1562 __func__);
1563 return -1;
1564#endif /* OPENSSL_NO_STDIO */
1565 } else {
1566 /* No ca_cert configured - do not try to verify server
1567 * certificate */
1568 conn->ca_cert_verify = 0;
1569 }
1570
1571 return 0;
1572}
1573
1574
1575static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
1576{
1577 if (ca_cert) {
1578 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
1579 {
1580 tls_show_errors(MSG_WARNING, __func__,
1581 "Failed to load root certificates");
1582 return -1;
1583 }
1584
1585 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1586 "certificate(s) loaded");
1587
1588#ifndef OPENSSL_NO_STDIO
1589 /* Add the same CAs to the client certificate requests */
1590 SSL_CTX_set_client_CA_list(ssl_ctx,
1591 SSL_load_client_CA_file(ca_cert));
1592#endif /* OPENSSL_NO_STDIO */
1593 }
1594
1595 return 0;
1596}
1597
1598
1599int tls_global_set_verify(void *ssl_ctx, int check_crl)
1600{
1601 int flags;
1602
1603 if (check_crl) {
1604 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
1605 if (cs == NULL) {
1606 tls_show_errors(MSG_INFO, __func__, "Failed to get "
1607 "certificate store when enabling "
1608 "check_crl");
1609 return -1;
1610 }
1611 flags = X509_V_FLAG_CRL_CHECK;
1612 if (check_crl == 2)
1613 flags |= X509_V_FLAG_CRL_CHECK_ALL;
1614 X509_STORE_set_flags(cs, flags);
1615 }
1616 return 0;
1617}
1618
1619
1620static int tls_connection_set_subject_match(struct tls_connection *conn,
1621 const char *subject_match,
1622 const char *altsubject_match)
1623{
1624 os_free(conn->subject_match);
1625 conn->subject_match = NULL;
1626 if (subject_match) {
1627 conn->subject_match = os_strdup(subject_match);
1628 if (conn->subject_match == NULL)
1629 return -1;
1630 }
1631
1632 os_free(conn->altsubject_match);
1633 conn->altsubject_match = NULL;
1634 if (altsubject_match) {
1635 conn->altsubject_match = os_strdup(altsubject_match);
1636 if (conn->altsubject_match == NULL)
1637 return -1;
1638 }
1639
1640 return 0;
1641}
1642
1643
1644int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1645 int verify_peer)
1646{
1647 static int counter = 0;
1648
1649 if (conn == NULL)
1650 return -1;
1651
1652 if (verify_peer) {
1653 conn->ca_cert_verify = 1;
1654 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1655 SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
1656 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb);
1657 } else {
1658 conn->ca_cert_verify = 0;
1659 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1660 }
1661
1662 SSL_set_accept_state(conn->ssl);
1663
1664 /*
1665 * Set session id context in order to avoid fatal errors when client
1666 * tries to resume a session. However, set the context to a unique
1667 * value in order to effectively disable session resumption for now
1668 * since not all areas of the server code are ready for it (e.g.,
1669 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS
1670 * handshake).
1671 */
1672 counter++;
1673 SSL_set_session_id_context(conn->ssl,
1674 (const unsigned char *) &counter,
1675 sizeof(counter));
1676
1677 return 0;
1678}
1679
1680
1681static int tls_connection_client_cert(struct tls_connection *conn,
1682 const char *client_cert,
1683 const u8 *client_cert_blob,
1684 size_t client_cert_blob_len)
1685{
1686 if (client_cert == NULL && client_cert_blob == NULL)
1687 return 0;
1688
1689 if (client_cert_blob &&
1690 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1691 client_cert_blob_len) == 1) {
1692 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
1693 "OK");
1694 return 0;
1695 } else if (client_cert_blob) {
1696 tls_show_errors(MSG_DEBUG, __func__,
1697 "SSL_use_certificate_ASN1 failed");
1698 }
1699
1700 if (client_cert == NULL)
1701 return -1;
1702
1703#ifdef ANDROID
1704 if (os_strncmp("keystore://", client_cert, 11) == 0) {
1705 BIO *bio = BIO_from_keystore(&client_cert[11]);
1706 X509 *x509 = NULL;
1707 int ret = -1;
1708 if (bio) {
1709 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
1710 BIO_free(bio);
1711 }
1712 if (x509) {
1713 if (SSL_use_certificate(conn->ssl, x509) == 1)
1714 ret = 0;
1715 X509_free(x509);
1716 }
1717 return ret;
1718 }
1719#endif /* ANDROID */
1720
1721#ifndef OPENSSL_NO_STDIO
1722 if (SSL_use_certificate_file(conn->ssl, client_cert,
1723 SSL_FILETYPE_ASN1) == 1) {
1724 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
1725 " --> OK");
1726 return 0;
1727 }
1728
1729 if (SSL_use_certificate_file(conn->ssl, client_cert,
1730 SSL_FILETYPE_PEM) == 1) {
1731 ERR_clear_error();
1732 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
1733 " --> OK");
1734 return 0;
1735 }
1736
1737 tls_show_errors(MSG_DEBUG, __func__,
1738 "SSL_use_certificate_file failed");
1739#else /* OPENSSL_NO_STDIO */
1740 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
1741#endif /* OPENSSL_NO_STDIO */
1742
1743 return -1;
1744}
1745
1746
1747static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
1748{
1749#ifndef OPENSSL_NO_STDIO
1750 if (client_cert == NULL)
1751 return 0;
1752
1753 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1754 SSL_FILETYPE_ASN1) != 1 &&
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1755 SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1756 SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1757 SSL_FILETYPE_PEM) != 1) {
1758 tls_show_errors(MSG_INFO, __func__,
1759 "Failed to load client certificate");
1760 return -1;
1761 }
1762 return 0;
1763#else /* OPENSSL_NO_STDIO */
1764 if (client_cert == NULL)
1765 return 0;
1766 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
1767 return -1;
1768#endif /* OPENSSL_NO_STDIO */
1769}
1770
1771
1772static int tls_passwd_cb(char *buf, int size, int rwflag, void *password)
1773{
1774 if (password == NULL) {
1775 return 0;
1776 }
1777 os_strlcpy(buf, (char *) password, size);
1778 return os_strlen(buf);
1779}
1780
1781
1782#ifdef PKCS12_FUNCS
1783static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
1784 const char *passwd)
1785{
1786 EVP_PKEY *pkey;
1787 X509 *cert;
1788 STACK_OF(X509) *certs;
1789 int res = 0;
1790 char buf[256];
1791
1792 pkey = NULL;
1793 cert = NULL;
1794 certs = NULL;
1795 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
1796 tls_show_errors(MSG_DEBUG, __func__,
1797 "Failed to parse PKCS12 file");
1798 PKCS12_free(p12);
1799 return -1;
1800 }
1801 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
1802
1803 if (cert) {
1804 X509_NAME_oneline(X509_get_subject_name(cert), buf,
1805 sizeof(buf));
1806 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: "
1807 "subject='%s'", buf);
1808 if (ssl) {
1809 if (SSL_use_certificate(ssl, cert) != 1)
1810 res = -1;
1811 } else {
1812 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
1813 res = -1;
1814 }
1815 X509_free(cert);
1816 }
1817
1818 if (pkey) {
1819 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12");
1820 if (ssl) {
1821 if (SSL_use_PrivateKey(ssl, pkey) != 1)
1822 res = -1;
1823 } else {
1824 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
1825 res = -1;
1826 }
1827 EVP_PKEY_free(pkey);
1828 }
1829
1830 if (certs) {
1831 while ((cert = sk_X509_pop(certs)) != NULL) {
1832 X509_NAME_oneline(X509_get_subject_name(cert), buf,
1833 sizeof(buf));
1834 wpa_printf(MSG_DEBUG, "TLS: additional certificate"
1835 " from PKCS12: subject='%s'", buf);
1836 /*
1837 * There is no SSL equivalent for the chain cert - so
1838 * always add it to the context...
1839 */
1840 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
1841 res = -1;
1842 break;
1843 }
1844 }
1845 sk_X509_free(certs);
1846 }
1847
1848 PKCS12_free(p12);
1849
1850 if (res < 0)
1851 tls_get_errors(ssl_ctx);
1852
1853 return res;
1854}
1855#endif /* PKCS12_FUNCS */
1856
1857
1858static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
1859 const char *passwd)
1860{
1861#ifdef PKCS12_FUNCS
1862 FILE *f;
1863 PKCS12 *p12;
1864
1865 f = fopen(private_key, "rb");
1866 if (f == NULL)
1867 return -1;
1868
1869 p12 = d2i_PKCS12_fp(f, NULL);
1870 fclose(f);
1871
1872 if (p12 == NULL) {
1873 tls_show_errors(MSG_INFO, __func__,
1874 "Failed to use PKCS#12 file");
1875 return -1;
1876 }
1877
1878 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1879
1880#else /* PKCS12_FUNCS */
1881 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
1882 "p12/pfx files");
1883 return -1;
1884#endif /* PKCS12_FUNCS */
1885}
1886
1887
1888static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
1889 const u8 *blob, size_t len, const char *passwd)
1890{
1891#ifdef PKCS12_FUNCS
1892 PKCS12 *p12;
1893
1894 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len);
1895 if (p12 == NULL) {
1896 tls_show_errors(MSG_INFO, __func__,
1897 "Failed to use PKCS#12 blob");
1898 return -1;
1899 }
1900
1901 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1902
1903#else /* PKCS12_FUNCS */
1904 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
1905 "p12/pfx blobs");
1906 return -1;
1907#endif /* PKCS12_FUNCS */
1908}
1909
1910
1911#ifndef OPENSSL_NO_ENGINE
1912static int tls_engine_get_cert(struct tls_connection *conn,
1913 const char *cert_id,
1914 X509 **cert)
1915{
1916 /* this runs after the private key is loaded so no PIN is required */
1917 struct {
1918 const char *cert_id;
1919 X509 *cert;
1920 } params;
1921 params.cert_id = cert_id;
1922 params.cert = NULL;
1923
1924 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
1925 0, &params, NULL, 1)) {
1926 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
1927 " '%s' [%s]", cert_id,
1928 ERR_error_string(ERR_get_error(), NULL));
1929 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
1930 }
1931 if (!params.cert) {
1932 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
1933 " '%s'", cert_id);
1934 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
1935 }
1936 *cert = params.cert;
1937 return 0;
1938}
1939#endif /* OPENSSL_NO_ENGINE */
1940
1941
1942static int tls_connection_engine_client_cert(struct tls_connection *conn,
1943 const char *cert_id)
1944{
1945#ifndef OPENSSL_NO_ENGINE
1946 X509 *cert;
1947
1948 if (tls_engine_get_cert(conn, cert_id, &cert))
1949 return -1;
1950
1951 if (!SSL_use_certificate(conn->ssl, cert)) {
1952 tls_show_errors(MSG_ERROR, __func__,
1953 "SSL_use_certificate failed");
1954 X509_free(cert);
1955 return -1;
1956 }
1957 X509_free(cert);
1958 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> "
1959 "OK");
1960 return 0;
1961
1962#else /* OPENSSL_NO_ENGINE */
1963 return -1;
1964#endif /* OPENSSL_NO_ENGINE */
1965}
1966
1967
1968static int tls_connection_engine_ca_cert(void *_ssl_ctx,
1969 struct tls_connection *conn,
1970 const char *ca_cert_id)
1971{
1972#ifndef OPENSSL_NO_ENGINE
1973 X509 *cert;
1974 SSL_CTX *ssl_ctx = _ssl_ctx;
1975
1976 if (tls_engine_get_cert(conn, ca_cert_id, &cert))
1977 return -1;
1978
1979 /* start off the same as tls_connection_ca_cert */
1980 X509_STORE_free(ssl_ctx->cert_store);
1981 ssl_ctx->cert_store = X509_STORE_new();
1982 if (ssl_ctx->cert_store == NULL) {
1983 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
1984 "certificate store", __func__);
1985 X509_free(cert);
1986 return -1;
1987 }
1988 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1989 unsigned long err = ERR_peek_error();
1990 tls_show_errors(MSG_WARNING, __func__,
1991 "Failed to add CA certificate from engine "
1992 "to certificate store");
1993 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1994 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1995 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
1996 " already in hash table error",
1997 __func__);
1998 } else {
1999 X509_free(cert);
2000 return -1;
2001 }
2002 }
2003 X509_free(cert);
2004 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
2005 "to certificate store", __func__);
2006 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2007 conn->ca_cert_verify = 1;
2008
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2009 return 0;
2010
2011#else /* OPENSSL_NO_ENGINE */
2012 return -1;
2013#endif /* OPENSSL_NO_ENGINE */
2014}
2015
2016
2017static int tls_connection_engine_private_key(struct tls_connection *conn)
2018{
2019#ifndef OPENSSL_NO_ENGINE
2020 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
2021 tls_show_errors(MSG_ERROR, __func__,
2022 "ENGINE: cannot use private key for TLS");
2023 return -1;
2024 }
2025 if (!SSL_check_private_key(conn->ssl)) {
2026 tls_show_errors(MSG_INFO, __func__,
2027 "Private key failed verification");
2028 return -1;
2029 }
2030 return 0;
2031#else /* OPENSSL_NO_ENGINE */
2032 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
2033 "engine support was not compiled in");
2034 return -1;
2035#endif /* OPENSSL_NO_ENGINE */
2036}
2037
2038
2039static int tls_connection_private_key(void *_ssl_ctx,
2040 struct tls_connection *conn,
2041 const char *private_key,
2042 const char *private_key_passwd,
2043 const u8 *private_key_blob,
2044 size_t private_key_blob_len)
2045{
2046 SSL_CTX *ssl_ctx = _ssl_ctx;
2047 char *passwd;
2048 int ok;
2049
2050 if (private_key == NULL && private_key_blob == NULL)
2051 return 0;
2052
2053 if (private_key_passwd) {
2054 passwd = os_strdup(private_key_passwd);
2055 if (passwd == NULL)
2056 return -1;
2057 } else
2058 passwd = NULL;
2059
2060 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2061 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2062
2063 ok = 0;
2064 while (private_key_blob) {
2065 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
2066 (u8 *) private_key_blob,
2067 private_key_blob_len) == 1) {
2068 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2069 "ASN1(EVP_PKEY_RSA) --> OK");
2070 ok = 1;
2071 break;
2072 }
2073
2074 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2075 (u8 *) private_key_blob,
2076 private_key_blob_len) == 1) {
2077 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2078 "ASN1(EVP_PKEY_DSA) --> OK");
2079 ok = 1;
2080 break;
2081 }
2082
2083 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2084 (u8 *) private_key_blob,
2085 private_key_blob_len) == 1) {
2086 wpa_printf(MSG_DEBUG, "OpenSSL: "
2087 "SSL_use_RSAPrivateKey_ASN1 --> OK");
2088 ok = 1;
2089 break;
2090 }
2091
2092 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2093 private_key_blob_len, passwd) == 0) {
2094 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
2095 "OK");
2096 ok = 1;
2097 break;
2098 }
2099
2100 break;
2101 }
2102
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2103 while (!ok && private_key) {
2104#ifndef OPENSSL_NO_STDIO
2105 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2106 SSL_FILETYPE_ASN1) == 1) {
2107 wpa_printf(MSG_DEBUG, "OpenSSL: "
2108 "SSL_use_PrivateKey_File (DER) --> OK");
2109 ok = 1;
2110 break;
2111 }
2112
2113 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2114 SSL_FILETYPE_PEM) == 1) {
2115 wpa_printf(MSG_DEBUG, "OpenSSL: "
2116 "SSL_use_PrivateKey_File (PEM) --> OK");
2117 ok = 1;
2118 break;
2119 }
2120#else /* OPENSSL_NO_STDIO */
2121 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
2122 __func__);
2123#endif /* OPENSSL_NO_STDIO */
2124
2125 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2126 == 0) {
2127 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
2128 "--> OK");
2129 ok = 1;
2130 break;
2131 }
2132
2133 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2134 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to "
2135 "access certificate store --> OK");
2136 ok = 1;
2137 break;
2138 }
2139
2140 break;
2141 }
2142
2143 if (!ok) {
2144 tls_show_errors(MSG_INFO, __func__,
2145 "Failed to load private key");
2146 os_free(passwd);
2147 return -1;
2148 }
2149 ERR_clear_error();
2150 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2151 os_free(passwd);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2152
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2153 if (!SSL_check_private_key(conn->ssl)) {
2154 tls_show_errors(MSG_INFO, __func__, "Private key failed "
2155 "verification");
2156 return -1;
2157 }
2158
2159 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
2160 return 0;
2161}
2162
2163
2164static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
2165 const char *private_key_passwd)
2166{
2167 char *passwd;
2168
2169 if (private_key == NULL)
2170 return 0;
2171
2172 if (private_key_passwd) {
2173 passwd = os_strdup(private_key_passwd);
2174 if (passwd == NULL)
2175 return -1;
2176 } else
2177 passwd = NULL;
2178
2179 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2180 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2181 if (
2182#ifndef OPENSSL_NO_STDIO
2183 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2184 SSL_FILETYPE_ASN1) != 1 &&
2185 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2186 SSL_FILETYPE_PEM) != 1 &&
2187#endif /* OPENSSL_NO_STDIO */
2188 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
2189 tls_show_errors(MSG_INFO, __func__,
2190 "Failed to load private key");
2191 os_free(passwd);
2192 ERR_clear_error();
2193 return -1;
2194 }
2195 os_free(passwd);
2196 ERR_clear_error();
2197 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2198
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2199 if (!SSL_CTX_check_private_key(ssl_ctx)) {
2200 tls_show_errors(MSG_INFO, __func__,
2201 "Private key failed verification");
2202 return -1;
2203 }
2204
2205 return 0;
2206}
2207
2208
2209static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
2210{
2211#ifdef OPENSSL_NO_DH
2212 if (dh_file == NULL)
2213 return 0;
2214 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2215 "dh_file specified");
2216 return -1;
2217#else /* OPENSSL_NO_DH */
2218 DH *dh;
2219 BIO *bio;
2220
2221 /* TODO: add support for dh_blob */
2222 if (dh_file == NULL)
2223 return 0;
2224 if (conn == NULL)
2225 return -1;
2226
2227 bio = BIO_new_file(dh_file, "r");
2228 if (bio == NULL) {
2229 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2230 dh_file, ERR_error_string(ERR_get_error(), NULL));
2231 return -1;
2232 }
2233 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2234 BIO_free(bio);
2235#ifndef OPENSSL_NO_DSA
2236 while (dh == NULL) {
2237 DSA *dsa;
2238 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2239 " trying to parse as DSA params", dh_file,
2240 ERR_error_string(ERR_get_error(), NULL));
2241 bio = BIO_new_file(dh_file, "r");
2242 if (bio == NULL)
2243 break;
2244 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2245 BIO_free(bio);
2246 if (!dsa) {
2247 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2248 "'%s': %s", dh_file,
2249 ERR_error_string(ERR_get_error(), NULL));
2250 break;
2251 }
2252
2253 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2254 dh = DSA_dup_DH(dsa);
2255 DSA_free(dsa);
2256 if (dh == NULL) {
2257 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2258 "params into DH params");
2259 break;
2260 }
2261 break;
2262 }
2263#endif /* !OPENSSL_NO_DSA */
2264 if (dh == NULL) {
2265 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2266 "'%s'", dh_file);
2267 return -1;
2268 }
2269
2270 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2271 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2272 "%s", dh_file,
2273 ERR_error_string(ERR_get_error(), NULL));
2274 DH_free(dh);
2275 return -1;
2276 }
2277 DH_free(dh);
2278 return 0;
2279#endif /* OPENSSL_NO_DH */
2280}
2281
2282
2283static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
2284{
2285#ifdef OPENSSL_NO_DH
2286 if (dh_file == NULL)
2287 return 0;
2288 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2289 "dh_file specified");
2290 return -1;
2291#else /* OPENSSL_NO_DH */
2292 DH *dh;
2293 BIO *bio;
2294
2295 /* TODO: add support for dh_blob */
2296 if (dh_file == NULL)
2297 return 0;
2298 if (ssl_ctx == NULL)
2299 return -1;
2300
2301 bio = BIO_new_file(dh_file, "r");
2302 if (bio == NULL) {
2303 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2304 dh_file, ERR_error_string(ERR_get_error(), NULL));
2305 return -1;
2306 }
2307 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2308 BIO_free(bio);
2309#ifndef OPENSSL_NO_DSA
2310 while (dh == NULL) {
2311 DSA *dsa;
2312 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2313 " trying to parse as DSA params", dh_file,
2314 ERR_error_string(ERR_get_error(), NULL));
2315 bio = BIO_new_file(dh_file, "r");
2316 if (bio == NULL)
2317 break;
2318 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2319 BIO_free(bio);
2320 if (!dsa) {
2321 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2322 "'%s': %s", dh_file,
2323 ERR_error_string(ERR_get_error(), NULL));
2324 break;
2325 }
2326
2327 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2328 dh = DSA_dup_DH(dsa);
2329 DSA_free(dsa);
2330 if (dh == NULL) {
2331 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2332 "params into DH params");
2333 break;
2334 }
2335 break;
2336 }
2337#endif /* !OPENSSL_NO_DSA */
2338 if (dh == NULL) {
2339 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2340 "'%s'", dh_file);
2341 return -1;
2342 }
2343
2344 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
2345 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2346 "%s", dh_file,
2347 ERR_error_string(ERR_get_error(), NULL));
2348 DH_free(dh);
2349 return -1;
2350 }
2351 DH_free(dh);
2352 return 0;
2353#endif /* OPENSSL_NO_DH */
2354}
2355
2356
2357int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
2358 struct tls_keys *keys)
2359{
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2360#ifdef CONFIG_FIPS
2361 wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS "
2362 "mode");
2363 return -1;
2364#else /* CONFIG_FIPS */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2365 SSL *ssl;
2366
2367 if (conn == NULL || keys == NULL)
2368 return -1;
2369 ssl = conn->ssl;
2370 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
2371 return -1;
2372
2373 os_memset(keys, 0, sizeof(*keys));
2374 keys->master_key = ssl->session->master_key;
2375 keys->master_key_len = ssl->session->master_key_length;
2376 keys->client_random = ssl->s3->client_random;
2377 keys->client_random_len = SSL3_RANDOM_SIZE;
2378 keys->server_random = ssl->s3->server_random;
2379 keys->server_random_len = SSL3_RANDOM_SIZE;
2380
2381 return 0;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2382#endif /* CONFIG_FIPS */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2383}
2384
2385
2386int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
2387 const char *label, int server_random_first,
2388 u8 *out, size_t out_len)
2389{
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]2390#if OPENSSL_VERSION_NUMBER >= 0x10001000L
2391 SSL *ssl;
2392 if (conn == NULL)
2393 return -1;
2394 if (server_random_first)
2395 return -1;
2396 ssl = conn->ssl;
2397 if (SSL_export_keying_material(ssl, out, out_len, label,
2398 os_strlen(label), NULL, 0, 0) == 1) {
2399 wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF");
2400 return 0;
2401 }
2402#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2403 return -1;
2404}
2405
2406
2407static struct wpabuf *
2408openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
2409 int server)
2410{
2411 int res;
2412 struct wpabuf *out_data;
2413
2414 /*
2415 * Give TLS handshake data from the server (if available) to OpenSSL
2416 * for processing.
2417 */
2418 if (in_data &&
2419 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
2420 < 0) {
2421 tls_show_errors(MSG_INFO, __func__,
2422 "Handshake failed - BIO_write");
2423 return NULL;
2424 }
2425
2426 /* Initiate TLS handshake or continue the existing handshake */
2427 if (server)
2428 res = SSL_accept(conn->ssl);
2429 else
2430 res = SSL_connect(conn->ssl);
2431 if (res != 1) {
2432 int err = SSL_get_error(conn->ssl, res);
2433 if (err == SSL_ERROR_WANT_READ)
2434 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
2435 "more data");
2436 else if (err == SSL_ERROR_WANT_WRITE)
2437 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
2438 "write");
2439 else {
2440 tls_show_errors(MSG_INFO, __func__, "SSL_connect");
2441 conn->failed++;
2442 }
2443 }
2444
2445 /* Get the TLS handshake data to be sent to the server */
2446 res = BIO_ctrl_pending(conn->ssl_out);
2447 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
2448 out_data = wpabuf_alloc(res);
2449 if (out_data == NULL) {
2450 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
2451 "handshake output (%d bytes)", res);
2452 if (BIO_reset(conn->ssl_out) < 0) {
2453 tls_show_errors(MSG_INFO, __func__,
2454 "BIO_reset failed");
2455 }
2456 return NULL;
2457 }
2458 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
2459 res);
2460 if (res < 0) {
2461 tls_show_errors(MSG_INFO, __func__,
2462 "Handshake failed - BIO_read");
2463 if (BIO_reset(conn->ssl_out) < 0) {
2464 tls_show_errors(MSG_INFO, __func__,
2465 "BIO_reset failed");
2466 }
2467 wpabuf_free(out_data);
2468 return NULL;
2469 }
2470 wpabuf_put(out_data, res);
2471
2472 return out_data;
2473}
2474
2475
2476static struct wpabuf *
2477openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
2478{
2479 struct wpabuf *appl_data;
2480 int res;
2481
2482 appl_data = wpabuf_alloc(max_len + 100);
2483 if (appl_data == NULL)
2484 return NULL;
2485
2486 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2487 wpabuf_size(appl_data));
2488 if (res < 0) {
2489 int err = SSL_get_error(conn->ssl, res);
2490 if (err == SSL_ERROR_WANT_READ ||
2491 err == SSL_ERROR_WANT_WRITE) {
2492 wpa_printf(MSG_DEBUG, "SSL: No Application Data "
2493 "included");
2494 } else {
2495 tls_show_errors(MSG_INFO, __func__,
2496 "Failed to read possible "
2497 "Application Data");
2498 }
2499 wpabuf_free(appl_data);
2500 return NULL;
2501 }
2502
2503 wpabuf_put(appl_data, res);
2504 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
2505 "message", appl_data);
2506
2507 return appl_data;
2508}
2509
2510
2511static struct wpabuf *
2512openssl_connection_handshake(struct tls_connection *conn,
2513 const struct wpabuf *in_data,
2514 struct wpabuf **appl_data, int server)
2515{
2516 struct wpabuf *out_data;
2517
2518 if (appl_data)
2519 *appl_data = NULL;
2520
2521 out_data = openssl_handshake(conn, in_data, server);
2522 if (out_data == NULL)
2523 return NULL;
2524
2525 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2526 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
2527
2528 return out_data;
2529}
2530
2531
2532struct wpabuf *
2533tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
2534 const struct wpabuf *in_data,
2535 struct wpabuf **appl_data)
2536{
2537 return openssl_connection_handshake(conn, in_data, appl_data, 0);
2538}
2539
2540
2541struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
2542 struct tls_connection *conn,
2543 const struct wpabuf *in_data,
2544 struct wpabuf **appl_data)
2545{
2546 return openssl_connection_handshake(conn, in_data, appl_data, 1);
2547}
2548
2549
2550struct wpabuf * tls_connection_encrypt(void *tls_ctx,
2551 struct tls_connection *conn,
2552 const struct wpabuf *in_data)
2553{
2554 int res;
2555 struct wpabuf *buf;
2556
2557 if (conn == NULL)
2558 return NULL;
2559
2560 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */
2561 if ((res = BIO_reset(conn->ssl_in)) < 0 ||
2562 (res = BIO_reset(conn->ssl_out)) < 0) {
2563 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
2564 return NULL;
2565 }
2566 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
2567 if (res < 0) {
2568 tls_show_errors(MSG_INFO, __func__,
2569 "Encryption failed - SSL_write");
2570 return NULL;
2571 }
2572
2573 /* Read encrypted data to be sent to the server */
2574 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
2575 if (buf == NULL)
2576 return NULL;
2577 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
2578 if (res < 0) {
2579 tls_show_errors(MSG_INFO, __func__,
2580 "Encryption failed - BIO_read");
2581 wpabuf_free(buf);
2582 return NULL;
2583 }
2584 wpabuf_put(buf, res);
2585
2586 return buf;
2587}
2588
2589
2590struct wpabuf * tls_connection_decrypt(void *tls_ctx,
2591 struct tls_connection *conn,
2592 const struct wpabuf *in_data)
2593{
2594 int res;
2595 struct wpabuf *buf;
2596
2597 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */
2598 res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
2599 wpabuf_len(in_data));
2600 if (res < 0) {
2601 tls_show_errors(MSG_INFO, __func__,
2602 "Decryption failed - BIO_write");
2603 return NULL;
2604 }
2605 if (BIO_reset(conn->ssl_out) < 0) {
2606 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
2607 return NULL;
2608 }
2609
2610 /* Read decrypted data for further processing */
2611 /*
2612 * Even though we try to disable TLS compression, it is possible that
2613 * this cannot be done with all TLS libraries. Add extra buffer space
2614 * to handle the possibility of the decrypted data being longer than
2615 * input data.
2616 */
2617 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
2618 if (buf == NULL)
2619 return NULL;
2620 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
2621 if (res < 0) {
2622 tls_show_errors(MSG_INFO, __func__,
2623 "Decryption failed - SSL_read");
2624 wpabuf_free(buf);
2625 return NULL;
2626 }
2627 wpabuf_put(buf, res);
2628
2629 return buf;
2630}
2631
2632
2633int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
2634{
2635 return conn ? conn->ssl->hit : 0;
2636}
2637
2638
2639int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
2640 u8 *ciphers)
2641{
2642 char buf[100], *pos, *end;
2643 u8 *c;
2644 int ret;
2645
2646 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2647 return -1;
2648
2649 buf[0] = '\0';
2650 pos = buf;
2651 end = pos + sizeof(buf);
2652
2653 c = ciphers;
2654 while (*c != TLS_CIPHER_NONE) {
2655 const char *suite;
2656
2657 switch (*c) {
2658 case TLS_CIPHER_RC4_SHA:
2659 suite = "RC4-SHA";
2660 break;
2661 case TLS_CIPHER_AES128_SHA:
2662 suite = "AES128-SHA";
2663 break;
2664 case TLS_CIPHER_RSA_DHE_AES128_SHA:
2665 suite = "DHE-RSA-AES128-SHA";
2666 break;
2667 case TLS_CIPHER_ANON_DH_AES128_SHA:
2668 suite = "ADH-AES128-SHA";
2669 break;
2670 default:
2671 wpa_printf(MSG_DEBUG, "TLS: Unsupported "
2672 "cipher selection: %d", *c);
2673 return -1;
2674 }
2675 ret = os_snprintf(pos, end - pos, ":%s", suite);
2676 if (ret < 0 || ret >= end - pos)
2677 break;
2678 pos += ret;
2679
2680 c++;
2681 }
2682
2683 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
2684
2685 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2686 tls_show_errors(MSG_INFO, __func__,
2687 "Cipher suite configuration failed");
2688 return -1;
2689 }
2690
2691 return 0;
2692}
2693
2694
2695int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
2696 char *buf, size_t buflen)
2697{
2698 const char *name;
2699 if (conn == NULL || conn->ssl == NULL)
2700 return -1;
2701
2702 name = SSL_get_cipher(conn->ssl);
2703 if (name == NULL)
2704 return -1;
2705
2706 os_strlcpy(buf, name, buflen);
2707 return 0;
2708}
2709
2710
2711int tls_connection_enable_workaround(void *ssl_ctx,
2712 struct tls_connection *conn)
2713{
2714 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
2715
2716 return 0;
2717}
2718
2719
2720#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
2721/* ClientHello TLS extensions require a patch to openssl, so this function is
2722 * commented out unless explicitly needed for EAP-FAST in order to be able to
2723 * build this file with unmodified openssl. */
2724int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
2725 int ext_type, const u8 *data,
2726 size_t data_len)
2727{
2728 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
2729 return -1;
2730
2731#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
2732 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
2733 data_len) != 1)
2734 return -1;
2735#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2736 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
2737 data_len) != 1)
2738 return -1;
2739#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2740
2741 return 0;
2742}
2743#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
2744
2745
2746int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
2747{
2748 if (conn == NULL)
2749 return -1;
2750 return conn->failed;
2751}
2752
2753
2754int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
2755{
2756 if (conn == NULL)
2757 return -1;
2758 return conn->read_alerts;
2759}
2760
2761
2762int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
2763{
2764 if (conn == NULL)
2765 return -1;
2766 return conn->write_alerts;
2767}
2768
2769
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]2770#ifdef HAVE_OCSP
2771
2772static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp)
2773{
2774#ifndef CONFIG_NO_STDOUT_DEBUG
2775 extern int wpa_debug_level;
2776 BIO *out;
2777 size_t rlen;
2778 char *txt;
2779 int res;
2780
2781 if (wpa_debug_level > MSG_DEBUG)
2782 return;
2783
2784 out = BIO_new(BIO_s_mem());
2785 if (!out)
2786 return;
2787
2788 OCSP_RESPONSE_print(out, rsp, 0);
2789 rlen = BIO_ctrl_pending(out);
2790 txt = os_malloc(rlen + 1);
2791 if (!txt) {
2792 BIO_free(out);
2793 return;
2794 }
2795
2796 res = BIO_read(out, txt, rlen);
2797 if (res > 0) {
2798 txt[res] = '\0';
2799 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt);
2800 }
2801 os_free(txt);
2802 BIO_free(out);
2803#endif /* CONFIG_NO_STDOUT_DEBUG */
2804}
2805
2806
2807static int ocsp_resp_cb(SSL *s, void *arg)
2808{
2809 struct tls_connection *conn = arg;
2810 const unsigned char *p;
2811 int len, status, reason;
2812 OCSP_RESPONSE *rsp;
2813 OCSP_BASICRESP *basic;
2814 OCSP_CERTID *id;
2815 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update;
2816
2817 len = SSL_get_tlsext_status_ocsp_resp(s, &p);
2818 if (!p) {
2819 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
2820 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
2821 }
2822
2823 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len);
2824
2825 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
2826 if (!rsp) {
2827 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response");
2828 return 0;
2829 }
2830
2831 ocsp_debug_print_resp(rsp);
2832
2833 status = OCSP_response_status(rsp);
2834 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
2835 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)",
2836 status, OCSP_response_status_str(status));
2837 return 0;
2838 }
2839
2840 basic = OCSP_response_get1_basic(rsp);
2841 if (!basic) {
2842 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse");
2843 return 0;
2844 }
2845
2846 status = OCSP_basic_verify(basic, NULL, SSL_CTX_get_cert_store(s->ctx),
2847 0);
2848 if (status <= 0) {
2849 tls_show_errors(MSG_INFO, __func__,
2850 "OpenSSL: OCSP response failed verification");
2851 OCSP_BASICRESP_free(basic);
2852 OCSP_RESPONSE_free(rsp);
2853 return 0;
2854 }
2855
2856 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded");
2857
Dmitry Shmidt56052862013-10-04 10:23:25 -0700[diff] [blame]2858 if (!conn->peer_cert) {
2859 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check");
2860 OCSP_BASICRESP_free(basic);
2861 OCSP_RESPONSE_free(rsp);
2862 return 0;
2863 }
2864
2865 if (!conn->peer_issuer) {
2866 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check");
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]2867 OCSP_BASICRESP_free(basic);
2868 OCSP_RESPONSE_free(rsp);
2869 return 0;
2870 }
2871
2872 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer);
2873 if (!id) {
2874 wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier");
2875 OCSP_BASICRESP_free(basic);
2876 OCSP_RESPONSE_free(rsp);
2877 return 0;
2878 }
2879
2880 if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at,
2881 &this_update, &next_update)) {
2882 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s",
2883 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" :
2884 " (OCSP not required)");
2885 OCSP_BASICRESP_free(basic);
2886 OCSP_RESPONSE_free(rsp);
2887 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
2888 }
2889
2890 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) {
2891 tls_show_errors(MSG_INFO, __func__,
2892 "OpenSSL: OCSP status times invalid");
2893 OCSP_BASICRESP_free(basic);
2894 OCSP_RESPONSE_free(rsp);
2895 return 0;
2896 }
2897
2898 OCSP_BASICRESP_free(basic);
2899 OCSP_RESPONSE_free(rsp);
2900
2901 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s",
2902 OCSP_cert_status_str(status));
2903
2904 if (status == V_OCSP_CERTSTATUS_GOOD)
2905 return 1;
2906 if (status == V_OCSP_CERTSTATUS_REVOKED)
2907 return 0;
2908 if (conn->flags & TLS_CONN_REQUIRE_OCSP) {
2909 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required");
2910 return 0;
2911 }
2912 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue");
2913 return 1;
2914}
2915
2916
2917static int ocsp_status_cb(SSL *s, void *arg)
2918{
2919 char *tmp;
2920 char *resp;
2921 size_t len;
2922
2923 if (tls_global->ocsp_stapling_response == NULL) {
2924 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured");
2925 return SSL_TLSEXT_ERR_OK;
2926 }
2927
2928 resp = os_readfile(tls_global->ocsp_stapling_response, &len);
2929 if (resp == NULL) {
2930 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file");
2931 /* TODO: Build OCSPResponse with responseStatus = internalError
2932 */
2933 return SSL_TLSEXT_ERR_OK;
2934 }
2935 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response");
2936 tmp = OPENSSL_malloc(len);
2937 if (tmp == NULL) {
2938 os_free(resp);
2939 return SSL_TLSEXT_ERR_ALERT_FATAL;
2940 }
2941
2942 os_memcpy(tmp, resp, len);
2943 os_free(resp);
2944 SSL_set_tlsext_status_ocsp_resp(s, tmp, len);
2945
2946 return SSL_TLSEXT_ERR_OK;
2947}
2948
2949#endif /* HAVE_OCSP */
2950
2951
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2952int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
2953 const struct tls_connection_params *params)
2954{
2955 int ret;
2956 unsigned long err;
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]2957 SSL_CTX *ssl_ctx = tls_ctx;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2958
2959 if (conn == NULL)
2960 return -1;
2961
2962 while ((err = ERR_get_error())) {
2963 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
2964 __func__, ERR_error_string(err, NULL));
2965 }
2966
2967 if (params->engine) {
2968 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
2969 ret = tls_engine_init(conn, params->engine_id, params->pin,
2970 params->key_id, params->cert_id,
2971 params->ca_cert_id);
2972 if (ret)
2973 return ret;
2974 }
2975 if (tls_connection_set_subject_match(conn,
2976 params->subject_match,
2977 params->altsubject_match))
2978 return -1;
2979
2980 if (params->engine && params->ca_cert_id) {
2981 if (tls_connection_engine_ca_cert(tls_ctx, conn,
2982 params->ca_cert_id))
2983 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
2984 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
2985 params->ca_cert_blob,
2986 params->ca_cert_blob_len,
2987 params->ca_path))
2988 return -1;
2989
2990 if (params->engine && params->cert_id) {
2991 if (tls_connection_engine_client_cert(conn, params->cert_id))
2992 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
2993 } else if (tls_connection_client_cert(conn, params->client_cert,
2994 params->client_cert_blob,
2995 params->client_cert_blob_len))
2996 return -1;
2997
2998 if (params->engine && params->key_id) {
2999 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine");
3000 if (tls_connection_engine_private_key(conn))
3001 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3002 } else if (tls_connection_private_key(tls_ctx, conn,
3003 params->private_key,
3004 params->private_key_passwd,
3005 params->private_key_blob,
3006 params->private_key_blob_len)) {
3007 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'",
3008 params->private_key);
3009 return -1;
3010 }
3011
3012 if (tls_connection_dh(conn, params->dh_file)) {
3013 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
3014 params->dh_file);
3015 return -1;
3016 }
3017
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3018#ifdef SSL_OP_NO_TICKET
3019 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3020 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]3021#ifdef SSL_clear_options
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3022 else
3023 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]3024#endif /* SSL_clear_options */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3025#endif /* SSL_OP_NO_TICKET */
3026
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]3027#ifdef HAVE_OCSP
3028 if (params->flags & TLS_CONN_REQUEST_OCSP) {
3029 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
3030 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
3031 SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn);
3032 }
3033#endif /* HAVE_OCSP */
3034
Dmitry Shmidtc55524a2011-07-07 11:18:38 -0700[diff] [blame]3035 conn->flags = params->flags;
3036
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]3037 tls_get_errors(tls_ctx);
3038
3039 return 0;
3040}
3041
3042
3043int tls_global_set_params(void *tls_ctx,
3044 const struct tls_connection_params *params)
3045{
3046 SSL_CTX *ssl_ctx = tls_ctx;
3047 unsigned long err;
3048
3049 while ((err = ERR_get_error())) {
3050 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3051 __func__, ERR_error_string(err, NULL));
3052 }
3053
3054 if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
3055 return -1;
3056
3057 if (tls_global_client_cert(ssl_ctx, params->client_cert))
3058 return -1;
3059
3060 if (tls_global_private_key(ssl_ctx, params->private_key,
3061 params->private_key_passwd))
3062 return -1;
3063
3064 if (tls_global_dh(ssl_ctx, params->dh_file)) {
3065 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
3066 params->dh_file);
3067 return -1;
3068 }
3069
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3070#ifdef SSL_OP_NO_TICKET
3071 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3072 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]3073#ifdef SSL_CTX_clear_options
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3074 else
3075 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET);
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]3076#endif /* SSL_clear_options */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3077#endif /* SSL_OP_NO_TICKET */
3078
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]3079#ifdef HAVE_OCSP
3080 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb);
3081 SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx);
3082 os_free(tls_global->ocsp_stapling_response);
3083 if (params->ocsp_stapling_response)
3084 tls_global->ocsp_stapling_response =
3085 os_strdup(params->ocsp_stapling_response);
3086 else
3087 tls_global->ocsp_stapling_response = NULL;
3088#endif /* HAVE_OCSP */
3089
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]3090 return 0;
3091}
3092
3093
3094int tls_connection_get_keyblock_size(void *tls_ctx,
3095 struct tls_connection *conn)
3096{
3097 const EVP_CIPHER *c;
3098 const EVP_MD *h;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3099 int md_size;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]3100
3101 if (conn == NULL || conn->ssl == NULL ||
3102 conn->ssl->enc_read_ctx == NULL ||
3103 conn->ssl->enc_read_ctx->cipher == NULL ||
3104 conn->ssl->read_hash == NULL)
3105 return -1;
3106
3107 c = conn->ssl->enc_read_ctx->cipher;
3108#if OPENSSL_VERSION_NUMBER >= 0x00909000L
3109 h = EVP_MD_CTX_md(conn->ssl->read_hash);
3110#else
3111 h = conn->ssl->read_hash;
3112#endif
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3113 if (h)
3114 md_size = EVP_MD_size(h);
3115#if OPENSSL_VERSION_NUMBER >= 0x10000000L
3116 else if (conn->ssl->s3)
3117 md_size = conn->ssl->s3->tmp.new_mac_secret_size;
3118#endif
3119 else
3120 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]3121
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3122 wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
3123 "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
3124 EVP_CIPHER_iv_length(c));
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]3125 return 2 * (EVP_CIPHER_key_length(c) +
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]3126 md_size +
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]3127 EVP_CIPHER_iv_length(c));
3128}
3129
3130
3131unsigned int tls_capabilities(void *tls_ctx)
3132{
3133 return 0;
3134}
3135
3136
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]3137#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
3138/* Pre-shared secred requires a patch to openssl, so this function is
3139 * commented out unless explicitly needed for EAP-FAST in order to be able to
3140 * build this file with unmodified openssl. */
3141
3142static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3143 STACK_OF(SSL_CIPHER) *peer_ciphers,
3144 SSL_CIPHER **cipher, void *arg)
3145{
3146 struct tls_connection *conn = arg;
3147 int ret;
3148
3149 if (conn == NULL || conn->session_ticket_cb == NULL)
3150 return 0;
3151
3152 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
3153 conn->session_ticket,
3154 conn->session_ticket_len,
3155 s->s3->client_random,
3156 s->s3->server_random, secret);
3157 os_free(conn->session_ticket);
3158 conn->session_ticket = NULL;
3159
3160 if (ret <= 0)
3161 return 0;
3162
3163 *secret_len = SSL_MAX_MASTER_KEY_LENGTH;
3164 return 1;
3165}
3166
3167
3168#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
3169static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
3170 int len, void *arg)
3171{
3172 struct tls_connection *conn = arg;
3173
3174 if (conn == NULL || conn->session_ticket_cb == NULL)
3175 return 0;
3176
3177 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len);
3178
3179 os_free(conn->session_ticket);
3180 conn->session_ticket = NULL;
3181
3182 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
3183 "extension", data, len);
3184
3185 conn->session_ticket = os_malloc(len);
3186 if (conn->session_ticket == NULL)
3187 return 0;
3188
3189 os_memcpy(conn->session_ticket, data, len);
3190 conn->session_ticket_len = len;
3191
3192 return 1;
3193}
3194#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3195#ifdef SSL_OP_NO_TICKET
3196static void tls_hello_ext_cb(SSL *s, int client_server, int type,
3197 unsigned char *data, int len, void *arg)
3198{
3199 struct tls_connection *conn = arg;
3200
3201 if (conn == NULL || conn->session_ticket_cb == NULL)
3202 return;
3203
3204 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__,
3205 type, len);
3206
3207 if (type == TLSEXT_TYPE_session_ticket && !client_server) {
3208 os_free(conn->session_ticket);
3209 conn->session_ticket = NULL;
3210
3211 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
3212 "extension", data, len);
3213 conn->session_ticket = os_malloc(len);
3214 if (conn->session_ticket == NULL)
3215 return;
3216
3217 os_memcpy(conn->session_ticket, data, len);
3218 conn->session_ticket_len = len;
3219 }
3220}
3221#else /* SSL_OP_NO_TICKET */
3222static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg)
3223{
3224 struct tls_connection *conn = arg;
3225
3226 if (conn == NULL || conn->session_ticket_cb == NULL)
3227 return 0;
3228
3229 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__,
3230 ext->type, ext->length);
3231
3232 os_free(conn->session_ticket);
3233 conn->session_ticket = NULL;
3234
3235 if (ext->type == 35) {
3236 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
3237 "extension", ext->data, ext->length);
3238 conn->session_ticket = os_malloc(ext->length);
3239 if (conn->session_ticket == NULL)
3240 return SSL_AD_INTERNAL_ERROR;
3241
3242 os_memcpy(conn->session_ticket, ext->data, ext->length);
3243 conn->session_ticket_len = ext->length;
3244 }
3245
3246 return 0;
3247}
3248#endif /* SSL_OP_NO_TICKET */
3249#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3250#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3251
3252
3253int tls_connection_set_session_ticket_cb(void *tls_ctx,
3254 struct tls_connection *conn,
3255 tls_session_ticket_cb cb,
3256 void *ctx)
3257{
3258#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
3259 conn->session_ticket_cb = cb;
3260 conn->session_ticket_cb_ctx = ctx;
3261
3262 if (cb) {
3263 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
3264 conn) != 1)
3265 return -1;
3266#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
3267 SSL_set_session_ticket_ext_cb(conn->ssl,
3268 tls_session_ticket_ext_cb, conn);
3269#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3270#ifdef SSL_OP_NO_TICKET
3271 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
3272 SSL_set_tlsext_debug_arg(conn->ssl, conn);
3273#else /* SSL_OP_NO_TICKET */
3274 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
3275 conn) != 1)
3276 return -1;
3277#endif /* SSL_OP_NO_TICKET */
3278#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3279 } else {
3280 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
3281 return -1;
3282#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
3283 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
3284#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3285#ifdef SSL_OP_NO_TICKET
3286 SSL_set_tlsext_debug_callback(conn->ssl, NULL);
3287 SSL_set_tlsext_debug_arg(conn->ssl, conn);
3288#else /* SSL_OP_NO_TICKET */
3289 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
3290 return -1;
3291#endif /* SSL_OP_NO_TICKET */
3292#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
3293 }
3294
3295 return 0;
3296#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3297 return -1;
3298#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3299}