Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 8d520ff1dc2da35cdca849e982051b86468016d8 / . / src / crypto / tls_openssl.c
blob: bf92a1133d862d67558416312cf6dc49d021d2a0 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame^]1/*
2 * SSL/TLS interface functions for OpenSSL
3 * Copyright (c) 2004-2010, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15#include "includes.h"
16
17#ifndef CONFIG_SMARTCARD
18#ifndef OPENSSL_NO_ENGINE
19#define OPENSSL_NO_ENGINE
20#endif
21#endif
22
23#include <openssl/ssl.h>
24#include <openssl/err.h>
25#include <openssl/pkcs12.h>
26#include <openssl/x509v3.h>
27#ifndef OPENSSL_NO_ENGINE
28#include <openssl/engine.h>
29#endif /* OPENSSL_NO_ENGINE */
30
31#ifdef ANDROID
32#include <openssl/pem.h>
33#include "keystore_get.h"
34#endif /* ANDROID */
35
36#include "common.h"
37#include "crypto.h"
38#include "tls.h"
39
40#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
41#define OPENSSL_d2i_TYPE const unsigned char **
42#else
43#define OPENSSL_d2i_TYPE unsigned char **
44#endif
45
46#ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
47#ifdef SSL_OP_NO_TICKET
48/*
49 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on
50 * 2008-11-15. This version uses a bit different API compared to the old patch.
51 */
52#define CONFIG_OPENSSL_TICKET_OVERRIDE
53#endif
54#endif
55
56static int tls_openssl_ref_count = 0;
57
58struct tls_global {
59 void (*event_cb)(void *ctx, enum tls_event ev,
60 union tls_event_data *data);
61 void *cb_ctx;
62};
63
64static struct tls_global *tls_global = NULL;
65
66
67struct tls_connection {
68 SSL *ssl;
69 BIO *ssl_in, *ssl_out;
70#ifndef OPENSSL_NO_ENGINE
71 ENGINE *engine; /* functional reference to the engine */
72 EVP_PKEY *private_key; /* the private key if using engine */
73#endif /* OPENSSL_NO_ENGINE */
74 char *subject_match, *altsubject_match;
75 int read_alerts, write_alerts, failed;
76
77 tls_session_ticket_cb session_ticket_cb;
78 void *session_ticket_cb_ctx;
79
80 /* SessionTicket received from OpenSSL hello_extension_cb (server) */
81 u8 *session_ticket;
82 size_t session_ticket_len;
83
84 unsigned int ca_cert_verify:1;
85 unsigned int cert_probe:1;
86 unsigned int server_cert_only:1;
87
88 u8 srv_cert_hash[32];
89};
90
91
92#ifdef CONFIG_NO_STDOUT_DEBUG
93
94static void _tls_show_errors(void)
95{
96 unsigned long err;
97
98 while ((err = ERR_get_error())) {
99 /* Just ignore the errors, since stdout is disabled */
100 }
101}
102#define tls_show_errors(l, f, t) _tls_show_errors()
103
104#else /* CONFIG_NO_STDOUT_DEBUG */
105
106static void tls_show_errors(int level, const char *func, const char *txt)
107{
108 unsigned long err;
109
110 wpa_printf(level, "OpenSSL: %s - %s %s",
111 func, txt, ERR_error_string(ERR_get_error(), NULL));
112
113 while ((err = ERR_get_error())) {
114 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
115 ERR_error_string(err, NULL));
116 }
117}
118
119#endif /* CONFIG_NO_STDOUT_DEBUG */
120
121
122#ifdef CONFIG_NATIVE_WINDOWS
123
124/* Windows CryptoAPI and access to certificate stores */
125#include <wincrypt.h>
126
127#ifdef __MINGW32_VERSION
128/*
129 * MinGW does not yet include all the needed definitions for CryptoAPI, so
130 * define here whatever extra is needed.
131 */
132#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
133#define CERT_STORE_READONLY_FLAG 0x00008000
134#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
135
136#endif /* __MINGW32_VERSION */
137
138
139struct cryptoapi_rsa_data {
140 const CERT_CONTEXT *cert;
141 HCRYPTPROV crypt_prov;
142 DWORD key_spec;
143 BOOL free_crypt_prov;
144};
145
146
147static void cryptoapi_error(const char *msg)
148{
149 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u",
150 msg, (unsigned int) GetLastError());
151}
152
153
154static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from,
155 unsigned char *to, RSA *rsa, int padding)
156{
157 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
158 return 0;
159}
160
161
162static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from,
163 unsigned char *to, RSA *rsa, int padding)
164{
165 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
166 return 0;
167}
168
169
170static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
171 unsigned char *to, RSA *rsa, int padding)
172{
173 struct cryptoapi_rsa_data *priv =
174 (struct cryptoapi_rsa_data *) rsa->meth->app_data;
175 HCRYPTHASH hash;
176 DWORD hash_size, len, i;
177 unsigned char *buf = NULL;
178 int ret = 0;
179
180 if (priv == NULL) {
181 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
182 ERR_R_PASSED_NULL_PARAMETER);
183 return 0;
184 }
185
186 if (padding != RSA_PKCS1_PADDING) {
187 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
188 RSA_R_UNKNOWN_PADDING_TYPE);
189 return 0;
190 }
191
192 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
193 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
194 __func__);
195 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
196 RSA_R_INVALID_MESSAGE_LENGTH);
197 return 0;
198 }
199
200 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
201 {
202 cryptoapi_error("CryptCreateHash failed");
203 return 0;
204 }
205
206 len = sizeof(hash_size);
207 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len,
208 0)) {
209 cryptoapi_error("CryptGetHashParam failed");
210 goto err;
211 }
212
213 if ((int) hash_size != flen) {
214 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)",
215 (unsigned) hash_size, flen);
216 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
217 RSA_R_INVALID_MESSAGE_LENGTH);
218 goto err;
219 }
220 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) {
221 cryptoapi_error("CryptSetHashParam failed");
222 goto err;
223 }
224
225 len = RSA_size(rsa);
226 buf = os_malloc(len);
227 if (buf == NULL) {
228 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
229 goto err;
230 }
231
232 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
233 cryptoapi_error("CryptSignHash failed");
234 goto err;
235 }
236
237 for (i = 0; i < len; i++)
238 to[i] = buf[len - i - 1];
239 ret = len;
240
241err:
242 os_free(buf);
243 CryptDestroyHash(hash);
244
245 return ret;
246}
247
248
249static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from,
250 unsigned char *to, RSA *rsa, int padding)
251{
252 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
253 return 0;
254}
255
256
257static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv)
258{
259 if (priv == NULL)
260 return;
261 if (priv->crypt_prov && priv->free_crypt_prov)
262 CryptReleaseContext(priv->crypt_prov, 0);
263 if (priv->cert)
264 CertFreeCertificateContext(priv->cert);
265 os_free(priv);
266}
267
268
269static int cryptoapi_finish(RSA *rsa)
270{
271 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
272 os_free((void *) rsa->meth);
273 rsa->meth = NULL;
274 return 1;
275}
276
277
278static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store)
279{
280 HCERTSTORE cs;
281 const CERT_CONTEXT *ret = NULL;
282
283 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0,
284 store | CERT_STORE_OPEN_EXISTING_FLAG |
285 CERT_STORE_READONLY_FLAG, L"MY");
286 if (cs == NULL) {
287 cryptoapi_error("Failed to open 'My system store'");
288 return NULL;
289 }
290
291 if (strncmp(name, "cert://", 7) == 0) {
292 unsigned short wbuf[255];
293 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
294 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING |
295 PKCS_7_ASN_ENCODING,
296 0, CERT_FIND_SUBJECT_STR,
297 wbuf, NULL);
298 } else if (strncmp(name, "hash://", 7) == 0) {
299 CRYPT_HASH_BLOB blob;
300 int len;
301 const char *hash = name + 7;
302 unsigned char *buf;
303
304 len = os_strlen(hash) / 2;
305 buf = os_malloc(len);
306 if (buf && hexstr2bin(hash, buf, len) == 0) {
307 blob.cbData = len;
308 blob.pbData = buf;
309 ret = CertFindCertificateInStore(cs,
310 X509_ASN_ENCODING |
311 PKCS_7_ASN_ENCODING,
312 0, CERT_FIND_HASH,
313 &blob, NULL);
314 }
315 os_free(buf);
316 }
317
318 CertCloseStore(cs, 0);
319
320 return ret;
321}
322
323
324static int tls_cryptoapi_cert(SSL *ssl, const char *name)
325{
326 X509 *cert = NULL;
327 RSA *rsa = NULL, *pub_rsa;
328 struct cryptoapi_rsa_data *priv;
329 RSA_METHOD *rsa_meth;
330
331 if (name == NULL ||
332 (strncmp(name, "cert://", 7) != 0 &&
333 strncmp(name, "hash://", 7) != 0))
334 return -1;
335
336 priv = os_zalloc(sizeof(*priv));
337 rsa_meth = os_zalloc(sizeof(*rsa_meth));
338 if (priv == NULL || rsa_meth == NULL) {
339 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory "
340 "for CryptoAPI RSA method");
341 os_free(priv);
342 os_free(rsa_meth);
343 return -1;
344 }
345
346 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
347 if (priv->cert == NULL) {
348 priv->cert = cryptoapi_find_cert(
349 name, CERT_SYSTEM_STORE_LOCAL_MACHINE);
350 }
351 if (priv->cert == NULL) {
352 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate "
353 "'%s'", name);
354 goto err;
355 }
356
357 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
358 priv->cert->cbCertEncoded);
359 if (cert == NULL) {
360 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
361 "encoding");
362 goto err;
363 }
364
365 if (!CryptAcquireCertificatePrivateKey(priv->cert,
366 CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
367 NULL, &priv->crypt_prov,
368 &priv->key_spec,
369 &priv->free_crypt_prov)) {
370 cryptoapi_error("Failed to acquire a private key for the "
371 "certificate");
372 goto err;
373 }
374
375 rsa_meth->name = "Microsoft CryptoAPI RSA Method";
376 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
377 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
378 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
379 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
380 rsa_meth->finish = cryptoapi_finish;
381 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
382 rsa_meth->app_data = (char *) priv;
383
384 rsa = RSA_new();
385 if (rsa == NULL) {
386 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,
387 ERR_R_MALLOC_FAILURE);
388 goto err;
389 }
390
391 if (!SSL_use_certificate(ssl, cert)) {
392 RSA_free(rsa);
393 rsa = NULL;
394 goto err;
395 }
396 pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
397 X509_free(cert);
398 cert = NULL;
399
400 rsa->n = BN_dup(pub_rsa->n);
401 rsa->e = BN_dup(pub_rsa->e);
402 if (!RSA_set_method(rsa, rsa_meth))
403 goto err;
404
405 if (!SSL_use_RSAPrivateKey(ssl, rsa))
406 goto err;
407 RSA_free(rsa);
408
409 return 0;
410
411err:
412 if (cert)
413 X509_free(cert);
414 if (rsa)
415 RSA_free(rsa);
416 else {
417 os_free(rsa_meth);
418 cryptoapi_free_data(priv);
419 }
420 return -1;
421}
422
423
424static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
425{
426 HCERTSTORE cs;
427 PCCERT_CONTEXT ctx = NULL;
428 X509 *cert;
429 char buf[128];
430 const char *store;
431#ifdef UNICODE
432 WCHAR *wstore;
433#endif /* UNICODE */
434
435 if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
436 return -1;
437
438 store = name + 13;
439#ifdef UNICODE
440 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR));
441 if (wstore == NULL)
442 return -1;
443 wsprintf(wstore, L"%S", store);
444 cs = CertOpenSystemStore(0, wstore);
445 os_free(wstore);
446#else /* UNICODE */
447 cs = CertOpenSystemStore(0, store);
448#endif /* UNICODE */
449 if (cs == NULL) {
450 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
451 "'%s': error=%d", __func__, store,
452 (int) GetLastError());
453 return -1;
454 }
455
456 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
457 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
458 ctx->cbCertEncoded);
459 if (cert == NULL) {
460 wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
461 "X509 DER encoding for CA cert");
462 continue;
463 }
464
465 X509_NAME_oneline(X509_get_subject_name(cert), buf,
466 sizeof(buf));
467 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for "
468 "system certificate store: subject='%s'", buf);
469
470 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
471 tls_show_errors(MSG_WARNING, __func__,
472 "Failed to add ca_cert to OpenSSL "
473 "certificate store");
474 }
475
476 X509_free(cert);
477 }
478
479 if (!CertCloseStore(cs, 0)) {
480 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
481 "'%s': error=%d", __func__, name + 13,
482 (int) GetLastError());
483 }
484
485 return 0;
486}
487
488
489#else /* CONFIG_NATIVE_WINDOWS */
490
491static int tls_cryptoapi_cert(SSL *ssl, const char *name)
492{
493 return -1;
494}
495
496#endif /* CONFIG_NATIVE_WINDOWS */
497
498
499static void ssl_info_cb(const SSL *ssl, int where, int ret)
500{
501 const char *str;
502 int w;
503
504 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
505 w = where & ~SSL_ST_MASK;
506 if (w & SSL_ST_CONNECT)
507 str = "SSL_connect";
508 else if (w & SSL_ST_ACCEPT)
509 str = "SSL_accept";
510 else
511 str = "undefined";
512
513 if (where & SSL_CB_LOOP) {
514 wpa_printf(MSG_DEBUG, "SSL: %s:%s",
515 str, SSL_state_string_long(ssl));
516 } else if (where & SSL_CB_ALERT) {
517 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
518 where & SSL_CB_READ ?
519 "read (remote end reported an error)" :
520 "write (local SSL3 detected an error)",
521 SSL_alert_type_string_long(ret),
522 SSL_alert_desc_string_long(ret));
523 if ((ret >> 8) == SSL3_AL_FATAL) {
524 struct tls_connection *conn =
525 SSL_get_app_data((SSL *) ssl);
526 if (where & SSL_CB_READ)
527 conn->read_alerts++;
528 else
529 conn->write_alerts++;
530 }
531 } else if (where & SSL_CB_EXIT && ret <= 0) {
532 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
533 str, ret == 0 ? "failed" : "error",
534 SSL_state_string_long(ssl));
535 }
536}
537
538
539#ifndef OPENSSL_NO_ENGINE
540/**
541 * tls_engine_load_dynamic_generic - load any openssl engine
542 * @pre: an array of commands and values that load an engine initialized
543 * in the engine specific function
544 * @post: an array of commands and values that initialize an already loaded
545 * engine (or %NULL if not required)
546 * @id: the engine id of the engine to load (only required if post is not %NULL
547 *
548 * This function is a generic function that loads any openssl engine.
549 *
550 * Returns: 0 on success, -1 on failure
551 */
552static int tls_engine_load_dynamic_generic(const char *pre[],
553 const char *post[], const char *id)
554{
555 ENGINE *engine;
556 const char *dynamic_id = "dynamic";
557
558 engine = ENGINE_by_id(id);
559 if (engine) {
560 ENGINE_free(engine);
561 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
562 "available", id);
563 return 0;
564 }
565 ERR_clear_error();
566
567 engine = ENGINE_by_id(dynamic_id);
568 if (engine == NULL) {
569 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
570 dynamic_id,
571 ERR_error_string(ERR_get_error(), NULL));
572 return -1;
573 }
574
575 /* Perform the pre commands. This will load the engine. */
576 while (pre && pre[0]) {
577 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
578 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
579 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
580 "%s %s [%s]", pre[0], pre[1],
581 ERR_error_string(ERR_get_error(), NULL));
582 ENGINE_free(engine);
583 return -1;
584 }
585 pre += 2;
586 }
587
588 /*
589 * Free the reference to the "dynamic" engine. The loaded engine can
590 * now be looked up using ENGINE_by_id().
591 */
592 ENGINE_free(engine);
593
594 engine = ENGINE_by_id(id);
595 if (engine == NULL) {
596 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
597 id, ERR_error_string(ERR_get_error(), NULL));
598 return -1;
599 }
600
601 while (post && post[0]) {
602 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
603 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
604 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
605 " %s %s [%s]", post[0], post[1],
606 ERR_error_string(ERR_get_error(), NULL));
607 ENGINE_remove(engine);
608 ENGINE_free(engine);
609 return -1;
610 }
611 post += 2;
612 }
613 ENGINE_free(engine);
614
615 return 0;
616}
617
618
619/**
620 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
621 * @pkcs11_so_path: pksc11_so_path from the configuration
622 * @pcks11_module_path: pkcs11_module_path from the configuration
623 */
624static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
625 const char *pkcs11_module_path)
626{
627 char *engine_id = "pkcs11";
628 const char *pre_cmd[] = {
629 "SO_PATH", NULL /* pkcs11_so_path */,
630 "ID", NULL /* engine_id */,
631 "LIST_ADD", "1",
632 /* "NO_VCHECK", "1", */
633 "LOAD", NULL,
634 NULL, NULL
635 };
636 const char *post_cmd[] = {
637 "MODULE_PATH", NULL /* pkcs11_module_path */,
638 NULL, NULL
639 };
640
641 if (!pkcs11_so_path || !pkcs11_module_path)
642 return 0;
643
644 pre_cmd[1] = pkcs11_so_path;
645 pre_cmd[3] = engine_id;
646 post_cmd[1] = pkcs11_module_path;
647
648 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
649 pkcs11_so_path);
650
651 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id);
652}
653
654
655/**
656 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
657 * @opensc_so_path: opensc_so_path from the configuration
658 */
659static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
660{
661 char *engine_id = "opensc";
662 const char *pre_cmd[] = {
663 "SO_PATH", NULL /* opensc_so_path */,
664 "ID", NULL /* engine_id */,
665 "LIST_ADD", "1",
666 "LOAD", NULL,
667 NULL, NULL
668 };
669
670 if (!opensc_so_path)
671 return 0;
672
673 pre_cmd[1] = opensc_so_path;
674 pre_cmd[3] = engine_id;
675
676 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s",
677 opensc_so_path);
678
679 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id);
680}
681#endif /* OPENSSL_NO_ENGINE */
682
683
684void * tls_init(const struct tls_config *conf)
685{
686 SSL_CTX *ssl;
687
688 if (tls_openssl_ref_count == 0) {
689 tls_global = os_zalloc(sizeof(*tls_global));
690 if (tls_global == NULL)
691 return NULL;
692 if (conf) {
693 tls_global->event_cb = conf->event_cb;
694 tls_global->cb_ctx = conf->cb_ctx;
695 }
696
697#ifdef CONFIG_FIPS
698#ifdef OPENSSL_FIPS
699 if (conf && conf->fips_mode) {
700 if (!FIPS_mode_set(1)) {
701 wpa_printf(MSG_ERROR, "Failed to enable FIPS "
702 "mode");
703 ERR_load_crypto_strings();
704 ERR_print_errors_fp(stderr);
705 return NULL;
706 } else
707 wpa_printf(MSG_INFO, "Running in FIPS mode");
708 }
709#else /* OPENSSL_FIPS */
710 if (conf && conf->fips_mode) {
711 wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
712 "supported");
713 return NULL;
714 }
715#endif /* OPENSSL_FIPS */
716#endif /* CONFIG_FIPS */
717 SSL_load_error_strings();
718 SSL_library_init();
719#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
720 EVP_add_digest(EVP_sha256());
721#endif /* OPENSSL_NO_SHA256 */
722 /* TODO: if /dev/urandom is available, PRNG is seeded
723 * automatically. If this is not the case, random data should
724 * be added here. */
725
726#ifdef PKCS12_FUNCS
727#ifndef OPENSSL_NO_RC2
728 /*
729 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
730 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
731 * versions, but it looks like OpenSSL 1.0.0 does not do that
732 * anymore.
733 */
734 EVP_add_cipher(EVP_rc2_40_cbc());
735#endif /* OPENSSL_NO_RC2 */
736 PKCS12_PBE_add();
737#endif /* PKCS12_FUNCS */
738 }
739 tls_openssl_ref_count++;
740
741 ssl = SSL_CTX_new(TLSv1_method());
742 if (ssl == NULL)
743 return NULL;
744
745 SSL_CTX_set_info_callback(ssl, ssl_info_cb);
746
747#ifndef OPENSSL_NO_ENGINE
748 if (conf &&
749 (conf->opensc_engine_path || conf->pkcs11_engine_path ||
750 conf->pkcs11_module_path)) {
751 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
752 ERR_load_ENGINE_strings();
753 ENGINE_load_dynamic();
754
755 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
756 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
757 conf->pkcs11_module_path)) {
758 tls_deinit(ssl);
759 return NULL;
760 }
761 }
762#endif /* OPENSSL_NO_ENGINE */
763
764 return ssl;
765}
766
767
768void tls_deinit(void *ssl_ctx)
769{
770 SSL_CTX *ssl = ssl_ctx;
771 SSL_CTX_free(ssl);
772
773 tls_openssl_ref_count--;
774 if (tls_openssl_ref_count == 0) {
775#ifndef OPENSSL_NO_ENGINE
776 ENGINE_cleanup();
777#endif /* OPENSSL_NO_ENGINE */
778 CRYPTO_cleanup_all_ex_data();
779 ERR_remove_state(0);
780 ERR_free_strings();
781 EVP_cleanup();
782 os_free(tls_global);
783 tls_global = NULL;
784 }
785}
786
787
788static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
789 const char *pin, const char *key_id,
790 const char *cert_id, const char *ca_cert_id)
791{
792#ifndef OPENSSL_NO_ENGINE
793 int ret = -1;
794 if (engine_id == NULL) {
795 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
796 return -1;
797 }
798 if (pin == NULL) {
799 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
800 return -1;
801 }
802 if (key_id == NULL) {
803 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set");
804 return -1;
805 }
806
807 ERR_clear_error();
808 conn->engine = ENGINE_by_id(engine_id);
809 if (!conn->engine) {
810 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
811 engine_id, ERR_error_string(ERR_get_error(), NULL));
812 goto err;
813 }
814 if (ENGINE_init(conn->engine) != 1) {
815 wpa_printf(MSG_ERROR, "ENGINE: engine init failed "
816 "(engine: %s) [%s]", engine_id,
817 ERR_error_string(ERR_get_error(), NULL));
818 goto err;
819 }
820 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
821
822 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
823 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
824 ERR_error_string(ERR_get_error(), NULL));
825 goto err;
826 }
827 /* load private key first in-case PIN is required for cert */
828 conn->private_key = ENGINE_load_private_key(conn->engine,
829 key_id, NULL, NULL);
830 if (!conn->private_key) {
831 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id"
832 " '%s' [%s]", key_id,
833 ERR_error_string(ERR_get_error(), NULL));
834 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
835 goto err;
836 }
837
838 /* handle a certificate and/or CA certificate */
839 if (cert_id || ca_cert_id) {
840 const char *cmd_name = "LOAD_CERT_CTRL";
841
842 /* test if the engine supports a LOAD_CERT_CTRL */
843 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
844 0, (void *)cmd_name, NULL)) {
845 wpa_printf(MSG_ERROR, "ENGINE: engine does not support"
846 " loading certificates");
847 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
848 goto err;
849 }
850 }
851
852 return 0;
853
854err:
855 if (conn->engine) {
856 ENGINE_free(conn->engine);
857 conn->engine = NULL;
858 }
859
860 if (conn->private_key) {
861 EVP_PKEY_free(conn->private_key);
862 conn->private_key = NULL;
863 }
864
865 return ret;
866#else /* OPENSSL_NO_ENGINE */
867 return 0;
868#endif /* OPENSSL_NO_ENGINE */
869}
870
871
872static void tls_engine_deinit(struct tls_connection *conn)
873{
874#ifndef OPENSSL_NO_ENGINE
875 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit");
876 if (conn->private_key) {
877 EVP_PKEY_free(conn->private_key);
878 conn->private_key = NULL;
879 }
880 if (conn->engine) {
881 ENGINE_finish(conn->engine);
882 conn->engine = NULL;
883 }
884#endif /* OPENSSL_NO_ENGINE */
885}
886
887
888int tls_get_errors(void *ssl_ctx)
889{
890 int count = 0;
891 unsigned long err;
892
893 while ((err = ERR_get_error())) {
894 wpa_printf(MSG_INFO, "TLS - SSL error: %s",
895 ERR_error_string(err, NULL));
896 count++;
897 }
898
899 return count;
900}
901
902struct tls_connection * tls_connection_init(void *ssl_ctx)
903{
904 SSL_CTX *ssl = ssl_ctx;
905 struct tls_connection *conn;
906 long options;
907
908 conn = os_zalloc(sizeof(*conn));
909 if (conn == NULL)
910 return NULL;
911 conn->ssl = SSL_new(ssl);
912 if (conn->ssl == NULL) {
913 tls_show_errors(MSG_INFO, __func__,
914 "Failed to initialize new SSL connection");
915 os_free(conn);
916 return NULL;
917 }
918
919 SSL_set_app_data(conn->ssl, conn);
920 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
921 SSL_OP_SINGLE_DH_USE;
922#ifdef SSL_OP_NO_COMPRESSION
923 options |= SSL_OP_NO_COMPRESSION;
924#endif /* SSL_OP_NO_COMPRESSION */
925 SSL_set_options(conn->ssl, options);
926
927 conn->ssl_in = BIO_new(BIO_s_mem());
928 if (!conn->ssl_in) {
929 tls_show_errors(MSG_INFO, __func__,
930 "Failed to create a new BIO for ssl_in");
931 SSL_free(conn->ssl);
932 os_free(conn);
933 return NULL;
934 }
935
936 conn->ssl_out = BIO_new(BIO_s_mem());
937 if (!conn->ssl_out) {
938 tls_show_errors(MSG_INFO, __func__,
939 "Failed to create a new BIO for ssl_out");
940 SSL_free(conn->ssl);
941 BIO_free(conn->ssl_in);
942 os_free(conn);
943 return NULL;
944 }
945
946 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
947
948 return conn;
949}
950
951
952void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
953{
954 if (conn == NULL)
955 return;
956 SSL_free(conn->ssl);
957 tls_engine_deinit(conn);
958 os_free(conn->subject_match);
959 os_free(conn->altsubject_match);
960 os_free(conn->session_ticket);
961 os_free(conn);
962}
963
964
965int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
966{
967 return conn ? SSL_is_init_finished(conn->ssl) : 0;
968}
969
970
971int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
972{
973 if (conn == NULL)
974 return -1;
975
976 /* Shutdown previous TLS connection without notifying the peer
977 * because the connection was already terminated in practice
978 * and "close notify" shutdown alert would confuse AS. */
979 SSL_set_quiet_shutdown(conn->ssl, 1);
980 SSL_shutdown(conn->ssl);
981 return 0;
982}
983
984
985static int tls_match_altsubject_component(X509 *cert, int type,
986 const char *value, size_t len)
987{
988 GENERAL_NAME *gen;
989 void *ext;
990 int i, found = 0;
991
992 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
993
994 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
995 gen = sk_GENERAL_NAME_value(ext, i);
996 if (gen->type != type)
997 continue;
998 if (os_strlen((char *) gen->d.ia5->data) == len &&
999 os_memcmp(value, gen->d.ia5->data, len) == 0)
1000 found++;
1001 }
1002
1003 return found;
1004}
1005
1006
1007static int tls_match_altsubject(X509 *cert, const char *match)
1008{
1009 int type;
1010 const char *pos, *end;
1011 size_t len;
1012
1013 pos = match;
1014 do {
1015 if (os_strncmp(pos, "EMAIL:", 6) == 0) {
1016 type = GEN_EMAIL;
1017 pos += 6;
1018 } else if (os_strncmp(pos, "DNS:", 4) == 0) {
1019 type = GEN_DNS;
1020 pos += 4;
1021 } else if (os_strncmp(pos, "URI:", 4) == 0) {
1022 type = GEN_URI;
1023 pos += 4;
1024 } else {
1025 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName "
1026 "match '%s'", pos);
1027 return 0;
1028 }
1029 end = os_strchr(pos, ';');
1030 while (end) {
1031 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 ||
1032 os_strncmp(end + 1, "DNS:", 4) == 0 ||
1033 os_strncmp(end + 1, "URI:", 4) == 0)
1034 break;
1035 end = os_strchr(end + 1, ';');
1036 }
1037 if (end)
1038 len = end - pos;
1039 else
1040 len = os_strlen(pos);
1041 if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1042 return 1;
1043 pos = end + 1;
1044 } while (end);
1045
1046 return 0;
1047}
1048
1049
1050static enum tls_fail_reason openssl_tls_fail_reason(int err)
1051{
1052 switch (err) {
1053 case X509_V_ERR_CERT_REVOKED:
1054 return TLS_FAIL_REVOKED;
1055 case X509_V_ERR_CERT_NOT_YET_VALID:
1056 case X509_V_ERR_CRL_NOT_YET_VALID:
1057 return TLS_FAIL_NOT_YET_VALID;
1058 case X509_V_ERR_CERT_HAS_EXPIRED:
1059 case X509_V_ERR_CRL_HAS_EXPIRED:
1060 return TLS_FAIL_EXPIRED;
1061 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1062 case X509_V_ERR_UNABLE_TO_GET_CRL:
1063 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1064 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1065 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1066 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1067 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1068 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1069 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1070 case X509_V_ERR_INVALID_CA:
1071 return TLS_FAIL_UNTRUSTED;
1072 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1073 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1074 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1075 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1076 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1077 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1078 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1079 case X509_V_ERR_CERT_UNTRUSTED:
1080 case X509_V_ERR_CERT_REJECTED:
1081 return TLS_FAIL_BAD_CERTIFICATE;
1082 default:
1083 return TLS_FAIL_UNSPECIFIED;
1084 }
1085}
1086
1087
1088static struct wpabuf * get_x509_cert(X509 *cert)
1089{
1090 struct wpabuf *buf;
1091 u8 *tmp;
1092
1093 int cert_len = i2d_X509(cert, NULL);
1094 if (cert_len <= 0)
1095 return NULL;
1096
1097 buf = wpabuf_alloc(cert_len);
1098 if (buf == NULL)
1099 return NULL;
1100
1101 tmp = wpabuf_put(buf, cert_len);
1102 i2d_X509(cert, &tmp);
1103 return buf;
1104}
1105
1106
1107static void openssl_tls_fail_event(struct tls_connection *conn,
1108 X509 *err_cert, int err, int depth,
1109 const char *subject, const char *err_str,
1110 enum tls_fail_reason reason)
1111{
1112 union tls_event_data ev;
1113 struct wpabuf *cert = NULL;
1114
1115 if (tls_global->event_cb == NULL)
1116 return;
1117
1118 cert = get_x509_cert(err_cert);
1119 os_memset(&ev, 0, sizeof(ev));
1120 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ?
1121 reason : openssl_tls_fail_reason(err);
1122 ev.cert_fail.depth = depth;
1123 ev.cert_fail.subject = subject;
1124 ev.cert_fail.reason_txt = err_str;
1125 ev.cert_fail.cert = cert;
1126 tls_global->event_cb(tls_global->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev);
1127 wpabuf_free(cert);
1128}
1129
1130
1131static void openssl_tls_cert_event(struct tls_connection *conn,
1132 X509 *err_cert, int depth,
1133 const char *subject)
1134{
1135 struct wpabuf *cert = NULL;
1136 union tls_event_data ev;
1137#ifdef CONFIG_SHA256
1138 u8 hash[32];
1139#endif /* CONFIG_SHA256 */
1140
1141 if (tls_global->event_cb == NULL)
1142 return;
1143
1144 os_memset(&ev, 0, sizeof(ev));
1145 if (conn->cert_probe) {
1146 cert = get_x509_cert(err_cert);
1147 ev.peer_cert.cert = cert;
1148 }
1149#ifdef CONFIG_SHA256
1150 if (cert) {
1151 const u8 *addr[1];
1152 size_t len[1];
1153 addr[0] = wpabuf_head(cert);
1154 len[0] = wpabuf_len(cert);
1155 if (sha256_vector(1, addr, len, hash) == 0) {
1156 ev.peer_cert.hash = hash;
1157 ev.peer_cert.hash_len = sizeof(hash);
1158 }
1159 }
1160#endif /* CONFIG_SHA256 */
1161 ev.peer_cert.depth = depth;
1162 ev.peer_cert.subject = subject;
1163 tls_global->event_cb(tls_global->cb_ctx, TLS_PEER_CERTIFICATE, &ev);
1164 wpabuf_free(cert);
1165}
1166
1167
1168static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
1169{
1170 char buf[256];
1171 X509 *err_cert;
1172 int err, depth;
1173 SSL *ssl;
1174 struct tls_connection *conn;
1175 char *match, *altmatch;
1176 const char *err_str;
1177
1178 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
1179 err = X509_STORE_CTX_get_error(x509_ctx);
1180 depth = X509_STORE_CTX_get_error_depth(x509_ctx);
1181 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1182 SSL_get_ex_data_X509_STORE_CTX_idx());
1183 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
1184
1185 conn = SSL_get_app_data(ssl);
1186 if (conn == NULL)
1187 return 0;
1188 match = conn->subject_match;
1189 altmatch = conn->altsubject_match;
1190
1191 if (!preverify_ok && !conn->ca_cert_verify)
1192 preverify_ok = 1;
1193 if (!preverify_ok && depth > 0 && conn->server_cert_only)
1194 preverify_ok = 1;
1195
1196 err_str = X509_verify_cert_error_string(err);
1197
1198#ifdef CONFIG_SHA256
1199 if (preverify_ok && depth == 0 && conn->server_cert_only) {
1200 struct wpabuf *cert;
1201 cert = get_x509_cert(err_cert);
1202 if (!cert) {
1203 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch "
1204 "server certificate data");
1205 preverify_ok = 0;
1206 } else {
1207 u8 hash[32];
1208 const u8 *addr[1];
1209 size_t len[1];
1210 addr[0] = wpabuf_head(cert);
1211 len[0] = wpabuf_len(cert);
1212 if (sha256_vector(1, addr, len, hash) < 0 ||
1213 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1214 err_str = "Server certificate mismatch";
1215 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
1216 preverify_ok = 0;
1217 }
1218 wpabuf_free(cert);
1219 }
1220 }
1221#endif /* CONFIG_SHA256 */
1222
1223 if (!preverify_ok) {
1224 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
1225 " error %d (%s) depth %d for '%s'", err, err_str,
1226 depth, buf);
1227 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1228 err_str, TLS_FAIL_UNSPECIFIED);
1229 return preverify_ok;
1230 }
1231
1232 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d "
1233 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'",
1234 preverify_ok, err, err_str,
1235 conn->ca_cert_verify, depth, buf);
1236 if (depth == 0 && match && os_strstr(buf, match) == NULL) {
1237 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
1238 "match with '%s'", buf, match);
1239 preverify_ok = 0;
1240 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1241 "Subject mismatch",
1242 TLS_FAIL_SUBJECT_MISMATCH);
1243 } else if (depth == 0 && altmatch &&
1244 !tls_match_altsubject(err_cert, altmatch)) {
1245 wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
1246 "'%s' not found", altmatch);
1247 preverify_ok = 0;
1248 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1249 "AltSubject mismatch",
1250 TLS_FAIL_ALTSUBJECT_MISMATCH);
1251 } else
1252 openssl_tls_cert_event(conn, err_cert, depth, buf);
1253
1254 if (conn->cert_probe && preverify_ok && depth == 0) {
1255 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
1256 "on probe-only run");
1257 preverify_ok = 0;
1258 openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1259 "Server certificate chain probe",
1260 TLS_FAIL_SERVER_CHAIN_PROBE);
1261 }
1262
1263 return preverify_ok;
1264}
1265
1266
1267#ifndef OPENSSL_NO_STDIO
1268static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
1269{
1270 SSL_CTX *ssl_ctx = _ssl_ctx;
1271 X509_LOOKUP *lookup;
1272 int ret = 0;
1273
1274 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store,
1275 X509_LOOKUP_file());
1276 if (lookup == NULL) {
1277 tls_show_errors(MSG_WARNING, __func__,
1278 "Failed add lookup for X509 store");
1279 return -1;
1280 }
1281
1282 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
1283 unsigned long err = ERR_peek_error();
1284 tls_show_errors(MSG_WARNING, __func__,
1285 "Failed load CA in DER format");
1286 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1287 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1288 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1289 "cert already in hash table error",
1290 __func__);
1291 } else
1292 ret = -1;
1293 }
1294
1295 return ret;
1296}
1297#endif /* OPENSSL_NO_STDIO */
1298
1299
1300#ifdef ANDROID
1301static BIO * BIO_from_keystore(const char *key)
1302{
1303 BIO *bio = NULL;
1304 char value[KEYSTORE_MESSAGE_SIZE];
1305 int length = keystore_get(key, strlen(key), value);
1306 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL)
1307 BIO_write(bio, value, length);
1308 return bio;
1309}
1310#endif /* ANDROID */
1311
1312
1313static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
1314 const char *ca_cert, const u8 *ca_cert_blob,
1315 size_t ca_cert_blob_len, const char *ca_path)
1316{
1317 SSL_CTX *ssl_ctx = _ssl_ctx;
1318
1319 /*
1320 * Remove previously configured trusted CA certificates before adding
1321 * new ones.
1322 */
1323 X509_STORE_free(ssl_ctx->cert_store);
1324 ssl_ctx->cert_store = X509_STORE_new();
1325 if (ssl_ctx->cert_store == NULL) {
1326 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
1327 "certificate store", __func__);
1328 return -1;
1329 }
1330
1331 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1332 conn->ca_cert_verify = 1;
1333
1334 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) {
1335 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate "
1336 "chain");
1337 conn->cert_probe = 1;
1338 conn->ca_cert_verify = 0;
1339 return 0;
1340 }
1341
1342 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) {
1343#ifdef CONFIG_SHA256
1344 const char *pos = ca_cert + 7;
1345 if (os_strncmp(pos, "server/sha256/", 14) != 0) {
1346 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert "
1347 "hash value '%s'", ca_cert);
1348 return -1;
1349 }
1350 pos += 14;
1351 if (os_strlen(pos) != 32 * 2) {
1352 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 "
1353 "hash length in ca_cert '%s'", ca_cert);
1354 return -1;
1355 }
1356 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
1357 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash "
1358 "value in ca_cert '%s'", ca_cert);
1359 return -1;
1360 }
1361 conn->server_cert_only = 1;
1362 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server "
1363 "certificate match");
1364 return 0;
1365#else /* CONFIG_SHA256 */
1366 wpa_printf(MSG_INFO, "No SHA256 included in the build - "
1367 "cannot validate server certificate hash");
1368 return -1;
1369#endif /* CONFIG_SHA256 */
1370 }
1371
1372 if (ca_cert_blob) {
1373 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
1374 ca_cert_blob_len);
1375 if (cert == NULL) {
1376 tls_show_errors(MSG_WARNING, __func__,
1377 "Failed to parse ca_cert_blob");
1378 return -1;
1379 }
1380
1381 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1382 unsigned long err = ERR_peek_error();
1383 tls_show_errors(MSG_WARNING, __func__,
1384 "Failed to add ca_cert_blob to "
1385 "certificate store");
1386 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1387 ERR_GET_REASON(err) ==
1388 X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1389 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1390 "cert already in hash table error",
1391 __func__);
1392 } else {
1393 X509_free(cert);
1394 return -1;
1395 }
1396 }
1397 X509_free(cert);
1398 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
1399 "to certificate store", __func__);
1400 return 0;
1401 }
1402
1403#ifdef ANDROID
1404 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) {
1405 BIO *bio = BIO_from_keystore(&ca_cert[11]);
1406 STACK_OF(X509_INFO) *stack = NULL;
1407 int i;
1408
1409 if (bio) {
1410 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
1411 BIO_free(bio);
1412 }
1413 if (!stack)
1414 return -1;
1415
1416 for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
1417 X509_INFO *info = sk_X509_INFO_value(stack, i);
1418 if (info->x509) {
1419 X509_STORE_add_cert(ssl_ctx->cert_store,
1420 info->x509);
1421 }
1422 if (info->crl) {
1423 X509_STORE_add_crl(ssl_ctx->cert_store,
1424 info->crl);
1425 }
1426 }
1427 sk_X509_INFO_pop_free(stack, X509_INFO_free);
1428 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1429 return 0;
1430 }
1431#endif /* ANDROID */
1432
1433#ifdef CONFIG_NATIVE_WINDOWS
1434 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1435 0) {
1436 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from "
1437 "system certificate store");
1438 return 0;
1439 }
1440#endif /* CONFIG_NATIVE_WINDOWS */
1441
1442 if (ca_cert || ca_path) {
1443#ifndef OPENSSL_NO_STDIO
1444 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
1445 1) {
1446 tls_show_errors(MSG_WARNING, __func__,
1447 "Failed to load root certificates");
1448 if (ca_cert &&
1449 tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
1450 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
1451 "DER format CA certificate",
1452 __func__);
1453 } else
1454 return -1;
1455 } else {
1456 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1457 "certificate(s) loaded");
1458 tls_get_errors(ssl_ctx);
1459 }
1460#else /* OPENSSL_NO_STDIO */
1461 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
1462 __func__);
1463 return -1;
1464#endif /* OPENSSL_NO_STDIO */
1465 } else {
1466 /* No ca_cert configured - do not try to verify server
1467 * certificate */
1468 conn->ca_cert_verify = 0;
1469 }
1470
1471 return 0;
1472}
1473
1474
1475static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
1476{
1477 if (ca_cert) {
1478 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
1479 {
1480 tls_show_errors(MSG_WARNING, __func__,
1481 "Failed to load root certificates");
1482 return -1;
1483 }
1484
1485 wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1486 "certificate(s) loaded");
1487
1488#ifndef OPENSSL_NO_STDIO
1489 /* Add the same CAs to the client certificate requests */
1490 SSL_CTX_set_client_CA_list(ssl_ctx,
1491 SSL_load_client_CA_file(ca_cert));
1492#endif /* OPENSSL_NO_STDIO */
1493 }
1494
1495 return 0;
1496}
1497
1498
1499int tls_global_set_verify(void *ssl_ctx, int check_crl)
1500{
1501 int flags;
1502
1503 if (check_crl) {
1504 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
1505 if (cs == NULL) {
1506 tls_show_errors(MSG_INFO, __func__, "Failed to get "
1507 "certificate store when enabling "
1508 "check_crl");
1509 return -1;
1510 }
1511 flags = X509_V_FLAG_CRL_CHECK;
1512 if (check_crl == 2)
1513 flags |= X509_V_FLAG_CRL_CHECK_ALL;
1514 X509_STORE_set_flags(cs, flags);
1515 }
1516 return 0;
1517}
1518
1519
1520static int tls_connection_set_subject_match(struct tls_connection *conn,
1521 const char *subject_match,
1522 const char *altsubject_match)
1523{
1524 os_free(conn->subject_match);
1525 conn->subject_match = NULL;
1526 if (subject_match) {
1527 conn->subject_match = os_strdup(subject_match);
1528 if (conn->subject_match == NULL)
1529 return -1;
1530 }
1531
1532 os_free(conn->altsubject_match);
1533 conn->altsubject_match = NULL;
1534 if (altsubject_match) {
1535 conn->altsubject_match = os_strdup(altsubject_match);
1536 if (conn->altsubject_match == NULL)
1537 return -1;
1538 }
1539
1540 return 0;
1541}
1542
1543
1544int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1545 int verify_peer)
1546{
1547 static int counter = 0;
1548
1549 if (conn == NULL)
1550 return -1;
1551
1552 if (verify_peer) {
1553 conn->ca_cert_verify = 1;
1554 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1555 SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
1556 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb);
1557 } else {
1558 conn->ca_cert_verify = 0;
1559 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1560 }
1561
1562 SSL_set_accept_state(conn->ssl);
1563
1564 /*
1565 * Set session id context in order to avoid fatal errors when client
1566 * tries to resume a session. However, set the context to a unique
1567 * value in order to effectively disable session resumption for now
1568 * since not all areas of the server code are ready for it (e.g.,
1569 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS
1570 * handshake).
1571 */
1572 counter++;
1573 SSL_set_session_id_context(conn->ssl,
1574 (const unsigned char *) &counter,
1575 sizeof(counter));
1576
1577 return 0;
1578}
1579
1580
1581static int tls_connection_client_cert(struct tls_connection *conn,
1582 const char *client_cert,
1583 const u8 *client_cert_blob,
1584 size_t client_cert_blob_len)
1585{
1586 if (client_cert == NULL && client_cert_blob == NULL)
1587 return 0;
1588
1589 if (client_cert_blob &&
1590 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1591 client_cert_blob_len) == 1) {
1592 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
1593 "OK");
1594 return 0;
1595 } else if (client_cert_blob) {
1596 tls_show_errors(MSG_DEBUG, __func__,
1597 "SSL_use_certificate_ASN1 failed");
1598 }
1599
1600 if (client_cert == NULL)
1601 return -1;
1602
1603#ifdef ANDROID
1604 if (os_strncmp("keystore://", client_cert, 11) == 0) {
1605 BIO *bio = BIO_from_keystore(&client_cert[11]);
1606 X509 *x509 = NULL;
1607 int ret = -1;
1608 if (bio) {
1609 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
1610 BIO_free(bio);
1611 }
1612 if (x509) {
1613 if (SSL_use_certificate(conn->ssl, x509) == 1)
1614 ret = 0;
1615 X509_free(x509);
1616 }
1617 return ret;
1618 }
1619#endif /* ANDROID */
1620
1621#ifndef OPENSSL_NO_STDIO
1622 if (SSL_use_certificate_file(conn->ssl, client_cert,
1623 SSL_FILETYPE_ASN1) == 1) {
1624 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
1625 " --> OK");
1626 return 0;
1627 }
1628
1629 if (SSL_use_certificate_file(conn->ssl, client_cert,
1630 SSL_FILETYPE_PEM) == 1) {
1631 ERR_clear_error();
1632 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
1633 " --> OK");
1634 return 0;
1635 }
1636
1637 tls_show_errors(MSG_DEBUG, __func__,
1638 "SSL_use_certificate_file failed");
1639#else /* OPENSSL_NO_STDIO */
1640 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
1641#endif /* OPENSSL_NO_STDIO */
1642
1643 return -1;
1644}
1645
1646
1647static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
1648{
1649#ifndef OPENSSL_NO_STDIO
1650 if (client_cert == NULL)
1651 return 0;
1652
1653 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1654 SSL_FILETYPE_ASN1) != 1 &&
1655 SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
1656 SSL_FILETYPE_PEM) != 1) {
1657 tls_show_errors(MSG_INFO, __func__,
1658 "Failed to load client certificate");
1659 return -1;
1660 }
1661 return 0;
1662#else /* OPENSSL_NO_STDIO */
1663 if (client_cert == NULL)
1664 return 0;
1665 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
1666 return -1;
1667#endif /* OPENSSL_NO_STDIO */
1668}
1669
1670
1671static int tls_passwd_cb(char *buf, int size, int rwflag, void *password)
1672{
1673 if (password == NULL) {
1674 return 0;
1675 }
1676 os_strlcpy(buf, (char *) password, size);
1677 return os_strlen(buf);
1678}
1679
1680
1681#ifdef PKCS12_FUNCS
1682static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
1683 const char *passwd)
1684{
1685 EVP_PKEY *pkey;
1686 X509 *cert;
1687 STACK_OF(X509) *certs;
1688 int res = 0;
1689 char buf[256];
1690
1691 pkey = NULL;
1692 cert = NULL;
1693 certs = NULL;
1694 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
1695 tls_show_errors(MSG_DEBUG, __func__,
1696 "Failed to parse PKCS12 file");
1697 PKCS12_free(p12);
1698 return -1;
1699 }
1700 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
1701
1702 if (cert) {
1703 X509_NAME_oneline(X509_get_subject_name(cert), buf,
1704 sizeof(buf));
1705 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: "
1706 "subject='%s'", buf);
1707 if (ssl) {
1708 if (SSL_use_certificate(ssl, cert) != 1)
1709 res = -1;
1710 } else {
1711 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
1712 res = -1;
1713 }
1714 X509_free(cert);
1715 }
1716
1717 if (pkey) {
1718 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12");
1719 if (ssl) {
1720 if (SSL_use_PrivateKey(ssl, pkey) != 1)
1721 res = -1;
1722 } else {
1723 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
1724 res = -1;
1725 }
1726 EVP_PKEY_free(pkey);
1727 }
1728
1729 if (certs) {
1730 while ((cert = sk_X509_pop(certs)) != NULL) {
1731 X509_NAME_oneline(X509_get_subject_name(cert), buf,
1732 sizeof(buf));
1733 wpa_printf(MSG_DEBUG, "TLS: additional certificate"
1734 " from PKCS12: subject='%s'", buf);
1735 /*
1736 * There is no SSL equivalent for the chain cert - so
1737 * always add it to the context...
1738 */
1739 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
1740 res = -1;
1741 break;
1742 }
1743 }
1744 sk_X509_free(certs);
1745 }
1746
1747 PKCS12_free(p12);
1748
1749 if (res < 0)
1750 tls_get_errors(ssl_ctx);
1751
1752 return res;
1753}
1754#endif /* PKCS12_FUNCS */
1755
1756
1757static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
1758 const char *passwd)
1759{
1760#ifdef PKCS12_FUNCS
1761 FILE *f;
1762 PKCS12 *p12;
1763
1764 f = fopen(private_key, "rb");
1765 if (f == NULL)
1766 return -1;
1767
1768 p12 = d2i_PKCS12_fp(f, NULL);
1769 fclose(f);
1770
1771 if (p12 == NULL) {
1772 tls_show_errors(MSG_INFO, __func__,
1773 "Failed to use PKCS#12 file");
1774 return -1;
1775 }
1776
1777 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1778
1779#else /* PKCS12_FUNCS */
1780 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
1781 "p12/pfx files");
1782 return -1;
1783#endif /* PKCS12_FUNCS */
1784}
1785
1786
1787static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
1788 const u8 *blob, size_t len, const char *passwd)
1789{
1790#ifdef PKCS12_FUNCS
1791 PKCS12 *p12;
1792
1793 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len);
1794 if (p12 == NULL) {
1795 tls_show_errors(MSG_INFO, __func__,
1796 "Failed to use PKCS#12 blob");
1797 return -1;
1798 }
1799
1800 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
1801
1802#else /* PKCS12_FUNCS */
1803 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
1804 "p12/pfx blobs");
1805 return -1;
1806#endif /* PKCS12_FUNCS */
1807}
1808
1809
1810#ifndef OPENSSL_NO_ENGINE
1811static int tls_engine_get_cert(struct tls_connection *conn,
1812 const char *cert_id,
1813 X509 **cert)
1814{
1815 /* this runs after the private key is loaded so no PIN is required */
1816 struct {
1817 const char *cert_id;
1818 X509 *cert;
1819 } params;
1820 params.cert_id = cert_id;
1821 params.cert = NULL;
1822
1823 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
1824 0, &params, NULL, 1)) {
1825 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
1826 " '%s' [%s]", cert_id,
1827 ERR_error_string(ERR_get_error(), NULL));
1828 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
1829 }
1830 if (!params.cert) {
1831 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
1832 " '%s'", cert_id);
1833 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
1834 }
1835 *cert = params.cert;
1836 return 0;
1837}
1838#endif /* OPENSSL_NO_ENGINE */
1839
1840
1841static int tls_connection_engine_client_cert(struct tls_connection *conn,
1842 const char *cert_id)
1843{
1844#ifndef OPENSSL_NO_ENGINE
1845 X509 *cert;
1846
1847 if (tls_engine_get_cert(conn, cert_id, &cert))
1848 return -1;
1849
1850 if (!SSL_use_certificate(conn->ssl, cert)) {
1851 tls_show_errors(MSG_ERROR, __func__,
1852 "SSL_use_certificate failed");
1853 X509_free(cert);
1854 return -1;
1855 }
1856 X509_free(cert);
1857 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> "
1858 "OK");
1859 return 0;
1860
1861#else /* OPENSSL_NO_ENGINE */
1862 return -1;
1863#endif /* OPENSSL_NO_ENGINE */
1864}
1865
1866
1867static int tls_connection_engine_ca_cert(void *_ssl_ctx,
1868 struct tls_connection *conn,
1869 const char *ca_cert_id)
1870{
1871#ifndef OPENSSL_NO_ENGINE
1872 X509 *cert;
1873 SSL_CTX *ssl_ctx = _ssl_ctx;
1874
1875 if (tls_engine_get_cert(conn, ca_cert_id, &cert))
1876 return -1;
1877
1878 /* start off the same as tls_connection_ca_cert */
1879 X509_STORE_free(ssl_ctx->cert_store);
1880 ssl_ctx->cert_store = X509_STORE_new();
1881 if (ssl_ctx->cert_store == NULL) {
1882 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
1883 "certificate store", __func__);
1884 X509_free(cert);
1885 return -1;
1886 }
1887 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1888 unsigned long err = ERR_peek_error();
1889 tls_show_errors(MSG_WARNING, __func__,
1890 "Failed to add CA certificate from engine "
1891 "to certificate store");
1892 if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1893 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1894 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
1895 " already in hash table error",
1896 __func__);
1897 } else {
1898 X509_free(cert);
1899 return -1;
1900 }
1901 }
1902 X509_free(cert);
1903 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
1904 "to certificate store", __func__);
1905 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1906 return 0;
1907
1908#else /* OPENSSL_NO_ENGINE */
1909 return -1;
1910#endif /* OPENSSL_NO_ENGINE */
1911}
1912
1913
1914static int tls_connection_engine_private_key(struct tls_connection *conn)
1915{
1916#ifndef OPENSSL_NO_ENGINE
1917 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
1918 tls_show_errors(MSG_ERROR, __func__,
1919 "ENGINE: cannot use private key for TLS");
1920 return -1;
1921 }
1922 if (!SSL_check_private_key(conn->ssl)) {
1923 tls_show_errors(MSG_INFO, __func__,
1924 "Private key failed verification");
1925 return -1;
1926 }
1927 return 0;
1928#else /* OPENSSL_NO_ENGINE */
1929 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
1930 "engine support was not compiled in");
1931 return -1;
1932#endif /* OPENSSL_NO_ENGINE */
1933}
1934
1935
1936static int tls_connection_private_key(void *_ssl_ctx,
1937 struct tls_connection *conn,
1938 const char *private_key,
1939 const char *private_key_passwd,
1940 const u8 *private_key_blob,
1941 size_t private_key_blob_len)
1942{
1943 SSL_CTX *ssl_ctx = _ssl_ctx;
1944 char *passwd;
1945 int ok;
1946
1947 if (private_key == NULL && private_key_blob == NULL)
1948 return 0;
1949
1950 if (private_key_passwd) {
1951 passwd = os_strdup(private_key_passwd);
1952 if (passwd == NULL)
1953 return -1;
1954 } else
1955 passwd = NULL;
1956
1957 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
1958 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
1959
1960 ok = 0;
1961 while (private_key_blob) {
1962 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
1963 (u8 *) private_key_blob,
1964 private_key_blob_len) == 1) {
1965 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
1966 "ASN1(EVP_PKEY_RSA) --> OK");
1967 ok = 1;
1968 break;
1969 }
1970
1971 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
1972 (u8 *) private_key_blob,
1973 private_key_blob_len) == 1) {
1974 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
1975 "ASN1(EVP_PKEY_DSA) --> OK");
1976 ok = 1;
1977 break;
1978 }
1979
1980 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
1981 (u8 *) private_key_blob,
1982 private_key_blob_len) == 1) {
1983 wpa_printf(MSG_DEBUG, "OpenSSL: "
1984 "SSL_use_RSAPrivateKey_ASN1 --> OK");
1985 ok = 1;
1986 break;
1987 }
1988
1989 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
1990 private_key_blob_len, passwd) == 0) {
1991 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
1992 "OK");
1993 ok = 1;
1994 break;
1995 }
1996
1997 break;
1998 }
1999
2000#ifdef ANDROID
2001 if (!ok && private_key &&
2002 os_strncmp("keystore://", private_key, 11) == 0) {
2003 BIO *bio = BIO_from_keystore(&private_key[11]);
2004 EVP_PKEY *pkey = NULL;
2005 if (bio) {
2006 pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
2007 BIO_free(bio);
2008 }
2009 if (pkey) {
2010 if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
2011 wpa_printf(MSG_DEBUG, "OpenSSL: Private key "
2012 "from keystore");
2013 ok = 1;
2014 }
2015 EVP_PKEY_free(pkey);
2016 }
2017 }
2018#endif /* ANDROID */
2019
2020 while (!ok && private_key) {
2021#ifndef OPENSSL_NO_STDIO
2022 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2023 SSL_FILETYPE_ASN1) == 1) {
2024 wpa_printf(MSG_DEBUG, "OpenSSL: "
2025 "SSL_use_PrivateKey_File (DER) --> OK");
2026 ok = 1;
2027 break;
2028 }
2029
2030 if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2031 SSL_FILETYPE_PEM) == 1) {
2032 wpa_printf(MSG_DEBUG, "OpenSSL: "
2033 "SSL_use_PrivateKey_File (PEM) --> OK");
2034 ok = 1;
2035 break;
2036 }
2037#else /* OPENSSL_NO_STDIO */
2038 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
2039 __func__);
2040#endif /* OPENSSL_NO_STDIO */
2041
2042 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2043 == 0) {
2044 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
2045 "--> OK");
2046 ok = 1;
2047 break;
2048 }
2049
2050 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2051 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to "
2052 "access certificate store --> OK");
2053 ok = 1;
2054 break;
2055 }
2056
2057 break;
2058 }
2059
2060 if (!ok) {
2061 tls_show_errors(MSG_INFO, __func__,
2062 "Failed to load private key");
2063 os_free(passwd);
2064 return -1;
2065 }
2066 ERR_clear_error();
2067 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2068 os_free(passwd);
2069
2070 if (!SSL_check_private_key(conn->ssl)) {
2071 tls_show_errors(MSG_INFO, __func__, "Private key failed "
2072 "verification");
2073 return -1;
2074 }
2075
2076 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
2077 return 0;
2078}
2079
2080
2081static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
2082 const char *private_key_passwd)
2083{
2084 char *passwd;
2085
2086 if (private_key == NULL)
2087 return 0;
2088
2089 if (private_key_passwd) {
2090 passwd = os_strdup(private_key_passwd);
2091 if (passwd == NULL)
2092 return -1;
2093 } else
2094 passwd = NULL;
2095
2096 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2097 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2098 if (
2099#ifndef OPENSSL_NO_STDIO
2100 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2101 SSL_FILETYPE_ASN1) != 1 &&
2102 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2103 SSL_FILETYPE_PEM) != 1 &&
2104#endif /* OPENSSL_NO_STDIO */
2105 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
2106 tls_show_errors(MSG_INFO, __func__,
2107 "Failed to load private key");
2108 os_free(passwd);
2109 ERR_clear_error();
2110 return -1;
2111 }
2112 os_free(passwd);
2113 ERR_clear_error();
2114 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2115
2116 if (!SSL_CTX_check_private_key(ssl_ctx)) {
2117 tls_show_errors(MSG_INFO, __func__,
2118 "Private key failed verification");
2119 return -1;
2120 }
2121
2122 return 0;
2123}
2124
2125
2126static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
2127{
2128#ifdef OPENSSL_NO_DH
2129 if (dh_file == NULL)
2130 return 0;
2131 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2132 "dh_file specified");
2133 return -1;
2134#else /* OPENSSL_NO_DH */
2135 DH *dh;
2136 BIO *bio;
2137
2138 /* TODO: add support for dh_blob */
2139 if (dh_file == NULL)
2140 return 0;
2141 if (conn == NULL)
2142 return -1;
2143
2144 bio = BIO_new_file(dh_file, "r");
2145 if (bio == NULL) {
2146 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2147 dh_file, ERR_error_string(ERR_get_error(), NULL));
2148 return -1;
2149 }
2150 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2151 BIO_free(bio);
2152#ifndef OPENSSL_NO_DSA
2153 while (dh == NULL) {
2154 DSA *dsa;
2155 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2156 " trying to parse as DSA params", dh_file,
2157 ERR_error_string(ERR_get_error(), NULL));
2158 bio = BIO_new_file(dh_file, "r");
2159 if (bio == NULL)
2160 break;
2161 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2162 BIO_free(bio);
2163 if (!dsa) {
2164 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2165 "'%s': %s", dh_file,
2166 ERR_error_string(ERR_get_error(), NULL));
2167 break;
2168 }
2169
2170 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2171 dh = DSA_dup_DH(dsa);
2172 DSA_free(dsa);
2173 if (dh == NULL) {
2174 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2175 "params into DH params");
2176 break;
2177 }
2178 break;
2179 }
2180#endif /* !OPENSSL_NO_DSA */
2181 if (dh == NULL) {
2182 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2183 "'%s'", dh_file);
2184 return -1;
2185 }
2186
2187 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2188 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2189 "%s", dh_file,
2190 ERR_error_string(ERR_get_error(), NULL));
2191 DH_free(dh);
2192 return -1;
2193 }
2194 DH_free(dh);
2195 return 0;
2196#endif /* OPENSSL_NO_DH */
2197}
2198
2199
2200static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
2201{
2202#ifdef OPENSSL_NO_DH
2203 if (dh_file == NULL)
2204 return 0;
2205 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2206 "dh_file specified");
2207 return -1;
2208#else /* OPENSSL_NO_DH */
2209 DH *dh;
2210 BIO *bio;
2211
2212 /* TODO: add support for dh_blob */
2213 if (dh_file == NULL)
2214 return 0;
2215 if (ssl_ctx == NULL)
2216 return -1;
2217
2218 bio = BIO_new_file(dh_file, "r");
2219 if (bio == NULL) {
2220 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2221 dh_file, ERR_error_string(ERR_get_error(), NULL));
2222 return -1;
2223 }
2224 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2225 BIO_free(bio);
2226#ifndef OPENSSL_NO_DSA
2227 while (dh == NULL) {
2228 DSA *dsa;
2229 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2230 " trying to parse as DSA params", dh_file,
2231 ERR_error_string(ERR_get_error(), NULL));
2232 bio = BIO_new_file(dh_file, "r");
2233 if (bio == NULL)
2234 break;
2235 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2236 BIO_free(bio);
2237 if (!dsa) {
2238 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2239 "'%s': %s", dh_file,
2240 ERR_error_string(ERR_get_error(), NULL));
2241 break;
2242 }
2243
2244 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2245 dh = DSA_dup_DH(dsa);
2246 DSA_free(dsa);
2247 if (dh == NULL) {
2248 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2249 "params into DH params");
2250 break;
2251 }
2252 break;
2253 }
2254#endif /* !OPENSSL_NO_DSA */
2255 if (dh == NULL) {
2256 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2257 "'%s'", dh_file);
2258 return -1;
2259 }
2260
2261 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
2262 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2263 "%s", dh_file,
2264 ERR_error_string(ERR_get_error(), NULL));
2265 DH_free(dh);
2266 return -1;
2267 }
2268 DH_free(dh);
2269 return 0;
2270#endif /* OPENSSL_NO_DH */
2271}
2272
2273
2274int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
2275 struct tls_keys *keys)
2276{
2277 SSL *ssl;
2278
2279 if (conn == NULL || keys == NULL)
2280 return -1;
2281 ssl = conn->ssl;
2282 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
2283 return -1;
2284
2285 os_memset(keys, 0, sizeof(*keys));
2286 keys->master_key = ssl->session->master_key;
2287 keys->master_key_len = ssl->session->master_key_length;
2288 keys->client_random = ssl->s3->client_random;
2289 keys->client_random_len = SSL3_RANDOM_SIZE;
2290 keys->server_random = ssl->s3->server_random;
2291 keys->server_random_len = SSL3_RANDOM_SIZE;
2292
2293 return 0;
2294}
2295
2296
2297int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
2298 const char *label, int server_random_first,
2299 u8 *out, size_t out_len)
2300{
2301 return -1;
2302}
2303
2304
2305static struct wpabuf *
2306openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
2307 int server)
2308{
2309 int res;
2310 struct wpabuf *out_data;
2311
2312 /*
2313 * Give TLS handshake data from the server (if available) to OpenSSL
2314 * for processing.
2315 */
2316 if (in_data &&
2317 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
2318 < 0) {
2319 tls_show_errors(MSG_INFO, __func__,
2320 "Handshake failed - BIO_write");
2321 return NULL;
2322 }
2323
2324 /* Initiate TLS handshake or continue the existing handshake */
2325 if (server)
2326 res = SSL_accept(conn->ssl);
2327 else
2328 res = SSL_connect(conn->ssl);
2329 if (res != 1) {
2330 int err = SSL_get_error(conn->ssl, res);
2331 if (err == SSL_ERROR_WANT_READ)
2332 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
2333 "more data");
2334 else if (err == SSL_ERROR_WANT_WRITE)
2335 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
2336 "write");
2337 else {
2338 tls_show_errors(MSG_INFO, __func__, "SSL_connect");
2339 conn->failed++;
2340 }
2341 }
2342
2343 /* Get the TLS handshake data to be sent to the server */
2344 res = BIO_ctrl_pending(conn->ssl_out);
2345 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
2346 out_data = wpabuf_alloc(res);
2347 if (out_data == NULL) {
2348 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
2349 "handshake output (%d bytes)", res);
2350 if (BIO_reset(conn->ssl_out) < 0) {
2351 tls_show_errors(MSG_INFO, __func__,
2352 "BIO_reset failed");
2353 }
2354 return NULL;
2355 }
2356 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
2357 res);
2358 if (res < 0) {
2359 tls_show_errors(MSG_INFO, __func__,
2360 "Handshake failed - BIO_read");
2361 if (BIO_reset(conn->ssl_out) < 0) {
2362 tls_show_errors(MSG_INFO, __func__,
2363 "BIO_reset failed");
2364 }
2365 wpabuf_free(out_data);
2366 return NULL;
2367 }
2368 wpabuf_put(out_data, res);
2369
2370 return out_data;
2371}
2372
2373
2374static struct wpabuf *
2375openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
2376{
2377 struct wpabuf *appl_data;
2378 int res;
2379
2380 appl_data = wpabuf_alloc(max_len + 100);
2381 if (appl_data == NULL)
2382 return NULL;
2383
2384 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2385 wpabuf_size(appl_data));
2386 if (res < 0) {
2387 int err = SSL_get_error(conn->ssl, res);
2388 if (err == SSL_ERROR_WANT_READ ||
2389 err == SSL_ERROR_WANT_WRITE) {
2390 wpa_printf(MSG_DEBUG, "SSL: No Application Data "
2391 "included");
2392 } else {
2393 tls_show_errors(MSG_INFO, __func__,
2394 "Failed to read possible "
2395 "Application Data");
2396 }
2397 wpabuf_free(appl_data);
2398 return NULL;
2399 }
2400
2401 wpabuf_put(appl_data, res);
2402 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
2403 "message", appl_data);
2404
2405 return appl_data;
2406}
2407
2408
2409static struct wpabuf *
2410openssl_connection_handshake(struct tls_connection *conn,
2411 const struct wpabuf *in_data,
2412 struct wpabuf **appl_data, int server)
2413{
2414 struct wpabuf *out_data;
2415
2416 if (appl_data)
2417 *appl_data = NULL;
2418
2419 out_data = openssl_handshake(conn, in_data, server);
2420 if (out_data == NULL)
2421 return NULL;
2422
2423 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2424 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
2425
2426 return out_data;
2427}
2428
2429
2430struct wpabuf *
2431tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
2432 const struct wpabuf *in_data,
2433 struct wpabuf **appl_data)
2434{
2435 return openssl_connection_handshake(conn, in_data, appl_data, 0);
2436}
2437
2438
2439struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
2440 struct tls_connection *conn,
2441 const struct wpabuf *in_data,
2442 struct wpabuf **appl_data)
2443{
2444 return openssl_connection_handshake(conn, in_data, appl_data, 1);
2445}
2446
2447
2448struct wpabuf * tls_connection_encrypt(void *tls_ctx,
2449 struct tls_connection *conn,
2450 const struct wpabuf *in_data)
2451{
2452 int res;
2453 struct wpabuf *buf;
2454
2455 if (conn == NULL)
2456 return NULL;
2457
2458 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */
2459 if ((res = BIO_reset(conn->ssl_in)) < 0 ||
2460 (res = BIO_reset(conn->ssl_out)) < 0) {
2461 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
2462 return NULL;
2463 }
2464 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
2465 if (res < 0) {
2466 tls_show_errors(MSG_INFO, __func__,
2467 "Encryption failed - SSL_write");
2468 return NULL;
2469 }
2470
2471 /* Read encrypted data to be sent to the server */
2472 buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
2473 if (buf == NULL)
2474 return NULL;
2475 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
2476 if (res < 0) {
2477 tls_show_errors(MSG_INFO, __func__,
2478 "Encryption failed - BIO_read");
2479 wpabuf_free(buf);
2480 return NULL;
2481 }
2482 wpabuf_put(buf, res);
2483
2484 return buf;
2485}
2486
2487
2488struct wpabuf * tls_connection_decrypt(void *tls_ctx,
2489 struct tls_connection *conn,
2490 const struct wpabuf *in_data)
2491{
2492 int res;
2493 struct wpabuf *buf;
2494
2495 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */
2496 res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
2497 wpabuf_len(in_data));
2498 if (res < 0) {
2499 tls_show_errors(MSG_INFO, __func__,
2500 "Decryption failed - BIO_write");
2501 return NULL;
2502 }
2503 if (BIO_reset(conn->ssl_out) < 0) {
2504 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
2505 return NULL;
2506 }
2507
2508 /* Read decrypted data for further processing */
2509 /*
2510 * Even though we try to disable TLS compression, it is possible that
2511 * this cannot be done with all TLS libraries. Add extra buffer space
2512 * to handle the possibility of the decrypted data being longer than
2513 * input data.
2514 */
2515 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
2516 if (buf == NULL)
2517 return NULL;
2518 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
2519 if (res < 0) {
2520 tls_show_errors(MSG_INFO, __func__,
2521 "Decryption failed - SSL_read");
2522 wpabuf_free(buf);
2523 return NULL;
2524 }
2525 wpabuf_put(buf, res);
2526
2527 return buf;
2528}
2529
2530
2531int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
2532{
2533 return conn ? conn->ssl->hit : 0;
2534}
2535
2536
2537int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
2538 u8 *ciphers)
2539{
2540 char buf[100], *pos, *end;
2541 u8 *c;
2542 int ret;
2543
2544 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2545 return -1;
2546
2547 buf[0] = '\0';
2548 pos = buf;
2549 end = pos + sizeof(buf);
2550
2551 c = ciphers;
2552 while (*c != TLS_CIPHER_NONE) {
2553 const char *suite;
2554
2555 switch (*c) {
2556 case TLS_CIPHER_RC4_SHA:
2557 suite = "RC4-SHA";
2558 break;
2559 case TLS_CIPHER_AES128_SHA:
2560 suite = "AES128-SHA";
2561 break;
2562 case TLS_CIPHER_RSA_DHE_AES128_SHA:
2563 suite = "DHE-RSA-AES128-SHA";
2564 break;
2565 case TLS_CIPHER_ANON_DH_AES128_SHA:
2566 suite = "ADH-AES128-SHA";
2567 break;
2568 default:
2569 wpa_printf(MSG_DEBUG, "TLS: Unsupported "
2570 "cipher selection: %d", *c);
2571 return -1;
2572 }
2573 ret = os_snprintf(pos, end - pos, ":%s", suite);
2574 if (ret < 0 || ret >= end - pos)
2575 break;
2576 pos += ret;
2577
2578 c++;
2579 }
2580
2581 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
2582
2583 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2584 tls_show_errors(MSG_INFO, __func__,
2585 "Cipher suite configuration failed");
2586 return -1;
2587 }
2588
2589 return 0;
2590}
2591
2592
2593int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
2594 char *buf, size_t buflen)
2595{
2596 const char *name;
2597 if (conn == NULL || conn->ssl == NULL)
2598 return -1;
2599
2600 name = SSL_get_cipher(conn->ssl);
2601 if (name == NULL)
2602 return -1;
2603
2604 os_strlcpy(buf, name, buflen);
2605 return 0;
2606}
2607
2608
2609int tls_connection_enable_workaround(void *ssl_ctx,
2610 struct tls_connection *conn)
2611{
2612 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
2613
2614 return 0;
2615}
2616
2617
2618#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
2619/* ClientHello TLS extensions require a patch to openssl, so this function is
2620 * commented out unless explicitly needed for EAP-FAST in order to be able to
2621 * build this file with unmodified openssl. */
2622int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
2623 int ext_type, const u8 *data,
2624 size_t data_len)
2625{
2626 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
2627 return -1;
2628
2629#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
2630 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
2631 data_len) != 1)
2632 return -1;
2633#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2634 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
2635 data_len) != 1)
2636 return -1;
2637#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2638
2639 return 0;
2640}
2641#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
2642
2643
2644int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
2645{
2646 if (conn == NULL)
2647 return -1;
2648 return conn->failed;
2649}
2650
2651
2652int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
2653{
2654 if (conn == NULL)
2655 return -1;
2656 return conn->read_alerts;
2657}
2658
2659
2660int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
2661{
2662 if (conn == NULL)
2663 return -1;
2664 return conn->write_alerts;
2665}
2666
2667
2668int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
2669 const struct tls_connection_params *params)
2670{
2671 int ret;
2672 unsigned long err;
2673
2674 if (conn == NULL)
2675 return -1;
2676
2677 while ((err = ERR_get_error())) {
2678 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
2679 __func__, ERR_error_string(err, NULL));
2680 }
2681
2682 if (params->engine) {
2683 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
2684 ret = tls_engine_init(conn, params->engine_id, params->pin,
2685 params->key_id, params->cert_id,
2686 params->ca_cert_id);
2687 if (ret)
2688 return ret;
2689 }
2690 if (tls_connection_set_subject_match(conn,
2691 params->subject_match,
2692 params->altsubject_match))
2693 return -1;
2694
2695 if (params->engine && params->ca_cert_id) {
2696 if (tls_connection_engine_ca_cert(tls_ctx, conn,
2697 params->ca_cert_id))
2698 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
2699 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
2700 params->ca_cert_blob,
2701 params->ca_cert_blob_len,
2702 params->ca_path))
2703 return -1;
2704
2705 if (params->engine && params->cert_id) {
2706 if (tls_connection_engine_client_cert(conn, params->cert_id))
2707 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
2708 } else if (tls_connection_client_cert(conn, params->client_cert,
2709 params->client_cert_blob,
2710 params->client_cert_blob_len))
2711 return -1;
2712
2713 if (params->engine && params->key_id) {
2714 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine");
2715 if (tls_connection_engine_private_key(conn))
2716 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
2717 } else if (tls_connection_private_key(tls_ctx, conn,
2718 params->private_key,
2719 params->private_key_passwd,
2720 params->private_key_blob,
2721 params->private_key_blob_len)) {
2722 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'",
2723 params->private_key);
2724 return -1;
2725 }
2726
2727 if (tls_connection_dh(conn, params->dh_file)) {
2728 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
2729 params->dh_file);
2730 return -1;
2731 }
2732
2733 tls_get_errors(tls_ctx);
2734
2735 return 0;
2736}
2737
2738
2739int tls_global_set_params(void *tls_ctx,
2740 const struct tls_connection_params *params)
2741{
2742 SSL_CTX *ssl_ctx = tls_ctx;
2743 unsigned long err;
2744
2745 while ((err = ERR_get_error())) {
2746 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
2747 __func__, ERR_error_string(err, NULL));
2748 }
2749
2750 if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
2751 return -1;
2752
2753 if (tls_global_client_cert(ssl_ctx, params->client_cert))
2754 return -1;
2755
2756 if (tls_global_private_key(ssl_ctx, params->private_key,
2757 params->private_key_passwd))
2758 return -1;
2759
2760 if (tls_global_dh(ssl_ctx, params->dh_file)) {
2761 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
2762 params->dh_file);
2763 return -1;
2764 }
2765
2766 return 0;
2767}
2768
2769
2770int tls_connection_get_keyblock_size(void *tls_ctx,
2771 struct tls_connection *conn)
2772{
2773 const EVP_CIPHER *c;
2774 const EVP_MD *h;
2775
2776 if (conn == NULL || conn->ssl == NULL ||
2777 conn->ssl->enc_read_ctx == NULL ||
2778 conn->ssl->enc_read_ctx->cipher == NULL ||
2779 conn->ssl->read_hash == NULL)
2780 return -1;
2781
2782 c = conn->ssl->enc_read_ctx->cipher;
2783#if OPENSSL_VERSION_NUMBER >= 0x00909000L
2784 h = EVP_MD_CTX_md(conn->ssl->read_hash);
2785#else
2786 h = conn->ssl->read_hash;
2787#endif
2788
2789 return 2 * (EVP_CIPHER_key_length(c) +
2790 EVP_MD_size(h) +
2791 EVP_CIPHER_iv_length(c));
2792}
2793
2794
2795unsigned int tls_capabilities(void *tls_ctx)
2796{
2797 return 0;
2798}
2799
2800
2801int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn,
2802 int tls_ia)
2803{
2804 return -1;
2805}
2806
2807
2808struct wpabuf * tls_connection_ia_send_phase_finished(
2809 void *tls_ctx, struct tls_connection *conn, int final)
2810{
2811 return NULL;
2812}
2813
2814
2815int tls_connection_ia_final_phase_finished(void *tls_ctx,
2816 struct tls_connection *conn)
2817{
2818 return -1;
2819}
2820
2821
2822int tls_connection_ia_permute_inner_secret(void *tls_ctx,
2823 struct tls_connection *conn,
2824 const u8 *key, size_t key_len)
2825{
2826 return -1;
2827}
2828
2829
2830#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
2831/* Pre-shared secred requires a patch to openssl, so this function is
2832 * commented out unless explicitly needed for EAP-FAST in order to be able to
2833 * build this file with unmodified openssl. */
2834
2835static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
2836 STACK_OF(SSL_CIPHER) *peer_ciphers,
2837 SSL_CIPHER **cipher, void *arg)
2838{
2839 struct tls_connection *conn = arg;
2840 int ret;
2841
2842 if (conn == NULL || conn->session_ticket_cb == NULL)
2843 return 0;
2844
2845 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
2846 conn->session_ticket,
2847 conn->session_ticket_len,
2848 s->s3->client_random,
2849 s->s3->server_random, secret);
2850 os_free(conn->session_ticket);
2851 conn->session_ticket = NULL;
2852
2853 if (ret <= 0)
2854 return 0;
2855
2856 *secret_len = SSL_MAX_MASTER_KEY_LENGTH;
2857 return 1;
2858}
2859
2860
2861#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
2862static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
2863 int len, void *arg)
2864{
2865 struct tls_connection *conn = arg;
2866
2867 if (conn == NULL || conn->session_ticket_cb == NULL)
2868 return 0;
2869
2870 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len);
2871
2872 os_free(conn->session_ticket);
2873 conn->session_ticket = NULL;
2874
2875 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
2876 "extension", data, len);
2877
2878 conn->session_ticket = os_malloc(len);
2879 if (conn->session_ticket == NULL)
2880 return 0;
2881
2882 os_memcpy(conn->session_ticket, data, len);
2883 conn->session_ticket_len = len;
2884
2885 return 1;
2886}
2887#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2888#ifdef SSL_OP_NO_TICKET
2889static void tls_hello_ext_cb(SSL *s, int client_server, int type,
2890 unsigned char *data, int len, void *arg)
2891{
2892 struct tls_connection *conn = arg;
2893
2894 if (conn == NULL || conn->session_ticket_cb == NULL)
2895 return;
2896
2897 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__,
2898 type, len);
2899
2900 if (type == TLSEXT_TYPE_session_ticket && !client_server) {
2901 os_free(conn->session_ticket);
2902 conn->session_ticket = NULL;
2903
2904 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
2905 "extension", data, len);
2906 conn->session_ticket = os_malloc(len);
2907 if (conn->session_ticket == NULL)
2908 return;
2909
2910 os_memcpy(conn->session_ticket, data, len);
2911 conn->session_ticket_len = len;
2912 }
2913}
2914#else /* SSL_OP_NO_TICKET */
2915static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg)
2916{
2917 struct tls_connection *conn = arg;
2918
2919 if (conn == NULL || conn->session_ticket_cb == NULL)
2920 return 0;
2921
2922 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__,
2923 ext->type, ext->length);
2924
2925 os_free(conn->session_ticket);
2926 conn->session_ticket = NULL;
2927
2928 if (ext->type == 35) {
2929 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
2930 "extension", ext->data, ext->length);
2931 conn->session_ticket = os_malloc(ext->length);
2932 if (conn->session_ticket == NULL)
2933 return SSL_AD_INTERNAL_ERROR;
2934
2935 os_memcpy(conn->session_ticket, ext->data, ext->length);
2936 conn->session_ticket_len = ext->length;
2937 }
2938
2939 return 0;
2940}
2941#endif /* SSL_OP_NO_TICKET */
2942#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2943#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
2944
2945
2946int tls_connection_set_session_ticket_cb(void *tls_ctx,
2947 struct tls_connection *conn,
2948 tls_session_ticket_cb cb,
2949 void *ctx)
2950{
2951#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
2952 conn->session_ticket_cb = cb;
2953 conn->session_ticket_cb_ctx = ctx;
2954
2955 if (cb) {
2956 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
2957 conn) != 1)
2958 return -1;
2959#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
2960 SSL_set_session_ticket_ext_cb(conn->ssl,
2961 tls_session_ticket_ext_cb, conn);
2962#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2963#ifdef SSL_OP_NO_TICKET
2964 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
2965 SSL_set_tlsext_debug_arg(conn->ssl, conn);
2966#else /* SSL_OP_NO_TICKET */
2967 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
2968 conn) != 1)
2969 return -1;
2970#endif /* SSL_OP_NO_TICKET */
2971#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2972 } else {
2973 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
2974 return -1;
2975#ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
2976 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
2977#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2978#ifdef SSL_OP_NO_TICKET
2979 SSL_set_tlsext_debug_callback(conn->ssl, NULL);
2980 SSL_set_tlsext_debug_arg(conn->ssl, conn);
2981#else /* SSL_OP_NO_TICKET */
2982 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
2983 return -1;
2984#endif /* SSL_OP_NO_TICKET */
2985#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
2986 }
2987
2988 return 0;
2989#else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
2990 return -1;
2991#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
2992}