1 /* 2 * WPA Supplicant / SSL/TLS interface functions for openssl 3 * Copyright (c) 2004-2008, Jouni Malinen <j (at) w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #ifndef CONFIG_SMARTCARD 18 #ifndef OPENSSL_NO_ENGINE 19 #define OPENSSL_NO_ENGINE 20 #endif 21 #endif 22 23 #include <openssl/ssl.h> 24 #include <openssl/err.h> 25 #include <openssl/pkcs12.h> 26 #include <openssl/x509v3.h> 27 #ifndef OPENSSL_NO_ENGINE 28 #include <openssl/engine.h> 29 #endif /* OPENSSL_NO_ENGINE */ 30 31 #include "common.h" 32 #include "tls.h" 33 34 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL 35 #define OPENSSL_d2i_TYPE const unsigned char ** 36 #else 37 #define OPENSSL_d2i_TYPE unsigned char ** 38 #endif 39 40 #ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT 41 #ifdef SSL_OP_NO_TICKET 42 /* 43 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on 44 * 2008-11-15. This version uses a bit different API compared to the old patch. 45 */ 46 #define CONFIG_OPENSSL_TICKET_OVERRIDE 47 #endif 48 #endif 49 50 #ifdef ANDROID 51 #include <openssl/pem.h> 52 #include "keystore_get.h" 53 54 static BIO *BIO_from_keystore(const char *key) 55 { 56 BIO *bio = NULL; 57 char value[KEYSTORE_MESSAGE_SIZE]; 58 int length = keystore_get(key, strlen(key), value); 59 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) { 60 BIO_write(bio, value, length); 61 } 62 return bio; 63 } 64 #endif 65 66 static int tls_openssl_ref_count = 0; 67 68 struct tls_connection { 69 SSL *ssl; 70 BIO *ssl_in, *ssl_out; 71 #ifndef OPENSSL_NO_ENGINE 72 ENGINE *engine; /* functional reference to the engine */ 73 EVP_PKEY *private_key; /* the private key if using engine */ 74 #endif /* OPENSSL_NO_ENGINE */ 75 char *subject_match, *altsubject_match; 76 int read_alerts, write_alerts, failed; 77 78 tls_session_ticket_cb session_ticket_cb; 79 void *session_ticket_cb_ctx; 80 81 /* SessionTicket received from OpenSSL hello_extension_cb (server) */ 82 u8 *session_ticket; 83 size_t session_ticket_len; 84 }; 85 86 87 #ifdef CONFIG_NO_STDOUT_DEBUG 88 89 static void _tls_show_errors(void) 90 { 91 unsigned long err; 92 93 while ((err = ERR_get_error())) { 94 /* Just ignore the errors, since stdout is disabled */ 95 } 96 } 97 #define tls_show_errors(l, f, t) _tls_show_errors() 98 99 #else /* CONFIG_NO_STDOUT_DEBUG */ 100 101 static void tls_show_errors(int level, const char *func, const char *txt) 102 { 103 unsigned long err; 104 105 wpa_printf(level, "OpenSSL: %s - %s %s", 106 func, txt, ERR_error_string(ERR_get_error(), NULL)); 107 108 while ((err = ERR_get_error())) { 109 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 110 ERR_error_string(err, NULL)); 111 } 112 } 113 114 #endif /* CONFIG_NO_STDOUT_DEBUG */ 115 116 117 #ifdef CONFIG_NATIVE_WINDOWS 118 119 /* Windows CryptoAPI and access to certificate stores */ 120 #include <wincrypt.h> 121 122 #ifdef __MINGW32_VERSION 123 /* 124 * MinGW does not yet include all the needed definitions for CryptoAPI, so 125 * define here whatever extra is needed. 126 */ 127 #define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16) 128 #define CERT_STORE_READONLY_FLAG 0x00008000 129 #define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 130 131 #endif /* __MINGW32_VERSION */ 132 133 134 struct cryptoapi_rsa_data { 135 const CERT_CONTEXT *cert; 136 HCRYPTPROV crypt_prov; 137 DWORD key_spec; 138 BOOL free_crypt_prov; 139 }; 140 141 142 static void cryptoapi_error(const char *msg) 143 { 144 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u", 145 msg, (unsigned int) GetLastError()); 146 } 147 148 149 static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from, 150 unsigned char *to, RSA *rsa, int padding) 151 { 152 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 153 return 0; 154 } 155 156 157 static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from, 158 unsigned char *to, RSA *rsa, int padding) 159 { 160 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 161 return 0; 162 } 163 164 165 static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from, 166 unsigned char *to, RSA *rsa, int padding) 167 { 168 struct cryptoapi_rsa_data *priv = 169 (struct cryptoapi_rsa_data *) rsa->meth->app_data; 170 HCRYPTHASH hash; 171 DWORD hash_size, len, i; 172 unsigned char *buf = NULL; 173 int ret = 0; 174 175 if (priv == NULL) { 176 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 177 ERR_R_PASSED_NULL_PARAMETER); 178 return 0; 179 } 180 181 if (padding != RSA_PKCS1_PADDING) { 182 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 183 RSA_R_UNKNOWN_PADDING_TYPE); 184 return 0; 185 } 186 187 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) { 188 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported", 189 __func__); 190 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 191 RSA_R_INVALID_MESSAGE_LENGTH); 192 return 0; 193 } 194 195 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash)) 196 { 197 cryptoapi_error("CryptCreateHash failed"); 198 return 0; 199 } 200 201 len = sizeof(hash_size); 202 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len, 203 0)) { 204 cryptoapi_error("CryptGetHashParam failed"); 205 goto err; 206 } 207 208 if ((int) hash_size != flen) { 209 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)", 210 (unsigned) hash_size, flen); 211 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 212 RSA_R_INVALID_MESSAGE_LENGTH); 213 goto err; 214 } 215 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) { 216 cryptoapi_error("CryptSetHashParam failed"); 217 goto err; 218 } 219 220 len = RSA_size(rsa); 221 buf = os_malloc(len); 222 if (buf == NULL) { 223 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 224 goto err; 225 } 226 227 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) { 228 cryptoapi_error("CryptSignHash failed"); 229 goto err; 230 } 231 232 for (i = 0; i < len; i++) 233 to[i] = buf[len - i - 1]; 234 ret = len; 235 236 err: 237 os_free(buf); 238 CryptDestroyHash(hash); 239 240 return ret; 241 } 242 243 244 static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from, 245 unsigned char *to, RSA *rsa, int padding) 246 { 247 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 248 return 0; 249 } 250 251 252 static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv) 253 { 254 if (priv == NULL) 255 return; 256 if (priv->crypt_prov && priv->free_crypt_prov) 257 CryptReleaseContext(priv->crypt_prov, 0); 258 if (priv->cert) 259 CertFreeCertificateContext(priv->cert); 260 os_free(priv); 261 } 262 263 264 static int cryptoapi_finish(RSA *rsa) 265 { 266 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data); 267 os_free((void *) rsa->meth); 268 rsa->meth = NULL; 269 return 1; 270 } 271 272 273 static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store) 274 { 275 HCERTSTORE cs; 276 const CERT_CONTEXT *ret = NULL; 277 278 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0, 279 store | CERT_STORE_OPEN_EXISTING_FLAG | 280 CERT_STORE_READONLY_FLAG, L"MY"); 281 if (cs == NULL) { 282 cryptoapi_error("Failed to open 'My system store'"); 283 return NULL; 284 } 285 286 if (strncmp(name, "cert://", 7) == 0) { 287 unsigned short wbuf[255]; 288 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255); 289 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING | 290 PKCS_7_ASN_ENCODING, 291 0, CERT_FIND_SUBJECT_STR, 292 wbuf, NULL); 293 } else if (strncmp(name, "hash://", 7) == 0) { 294 CRYPT_HASH_BLOB blob; 295 int len; 296 const char *hash = name + 7; 297 unsigned char *buf; 298 299 len = os_strlen(hash) / 2; 300 buf = os_malloc(len); 301 if (buf && hexstr2bin(hash, buf, len) == 0) { 302 blob.cbData = len; 303 blob.pbData = buf; 304 ret = CertFindCertificateInStore(cs, 305 X509_ASN_ENCODING | 306 PKCS_7_ASN_ENCODING, 307 0, CERT_FIND_HASH, 308 &blob, NULL); 309 } 310 os_free(buf); 311 } 312 313 CertCloseStore(cs, 0); 314 315 return ret; 316 } 317 318 319 static int tls_cryptoapi_cert(SSL *ssl, const char *name) 320 { 321 X509 *cert = NULL; 322 RSA *rsa = NULL, *pub_rsa; 323 struct cryptoapi_rsa_data *priv; 324 RSA_METHOD *rsa_meth; 325 326 if (name == NULL || 327 (strncmp(name, "cert://", 7) != 0 && 328 strncmp(name, "hash://", 7) != 0)) 329 return -1; 330 331 priv = os_zalloc(sizeof(*priv)); 332 rsa_meth = os_zalloc(sizeof(*rsa_meth)); 333 if (priv == NULL || rsa_meth == NULL) { 334 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory " 335 "for CryptoAPI RSA method"); 336 os_free(priv); 337 os_free(rsa_meth); 338 return -1; 339 } 340 341 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER); 342 if (priv->cert == NULL) { 343 priv->cert = cryptoapi_find_cert( 344 name, CERT_SYSTEM_STORE_LOCAL_MACHINE); 345 } 346 if (priv->cert == NULL) { 347 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate " 348 "'%s'", name); 349 goto err; 350 } 351 352 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded, 353 priv->cert->cbCertEncoded); 354 if (cert == NULL) { 355 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER " 356 "encoding"); 357 goto err; 358 } 359 360 if (!CryptAcquireCertificatePrivateKey(priv->cert, 361 CRYPT_ACQUIRE_COMPARE_KEY_FLAG, 362 NULL, &priv->crypt_prov, 363 &priv->key_spec, 364 &priv->free_crypt_prov)) { 365 cryptoapi_error("Failed to acquire a private key for the " 366 "certificate"); 367 goto err; 368 } 369 370 rsa_meth->name = "Microsoft CryptoAPI RSA Method"; 371 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc; 372 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec; 373 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc; 374 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec; 375 rsa_meth->finish = cryptoapi_finish; 376 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; 377 rsa_meth->app_data = (char *) priv; 378 379 rsa = RSA_new(); 380 if (rsa == NULL) { 381 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 382 ERR_R_MALLOC_FAILURE); 383 goto err; 384 } 385 386 if (!SSL_use_certificate(ssl, cert)) { 387 RSA_free(rsa); 388 rsa = NULL; 389 goto err; 390 } 391 pub_rsa = cert->cert_info->key->pkey->pkey.rsa; 392 X509_free(cert); 393 cert = NULL; 394 395 rsa->n = BN_dup(pub_rsa->n); 396 rsa->e = BN_dup(pub_rsa->e); 397 if (!RSA_set_method(rsa, rsa_meth)) 398 goto err; 399 400 if (!SSL_use_RSAPrivateKey(ssl, rsa)) 401 goto err; 402 RSA_free(rsa); 403 404 return 0; 405 406 err: 407 if (cert) 408 X509_free(cert); 409 if (rsa) 410 RSA_free(rsa); 411 else { 412 os_free(rsa_meth); 413 cryptoapi_free_data(priv); 414 } 415 return -1; 416 } 417 418 419 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name) 420 { 421 HCERTSTORE cs; 422 PCCERT_CONTEXT ctx = NULL; 423 X509 *cert; 424 char buf[128]; 425 const char *store; 426 #ifdef UNICODE 427 WCHAR *wstore; 428 #endif /* UNICODE */ 429 430 if (name == NULL || strncmp(name, "cert_store://", 13) != 0) 431 return -1; 432 433 store = name + 13; 434 #ifdef UNICODE 435 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR)); 436 if (wstore == NULL) 437 return -1; 438 wsprintf(wstore, L"%S", store); 439 cs = CertOpenSystemStore(0, wstore); 440 os_free(wstore); 441 #else /* UNICODE */ 442 cs = CertOpenSystemStore(0, store); 443 #endif /* UNICODE */ 444 if (cs == NULL) { 445 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store " 446 "'%s': error=%d", __func__, store, 447 (int) GetLastError()); 448 return -1; 449 } 450 451 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) { 452 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded, 453 ctx->cbCertEncoded); 454 if (cert == NULL) { 455 wpa_printf(MSG_INFO, "CryptoAPI: Could not process " 456 "X509 DER encoding for CA cert"); 457 continue; 458 } 459 460 X509_NAME_oneline(X509_get_subject_name(cert), buf, 461 sizeof(buf)); 462 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for " 463 "system certificate store: subject='%s'", buf); 464 465 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 466 tls_show_errors(MSG_WARNING, __func__, 467 "Failed to add ca_cert to OpenSSL " 468 "certificate store"); 469 } 470 471 X509_free(cert); 472 } 473 474 if (!CertCloseStore(cs, 0)) { 475 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store " 476 "'%s': error=%d", __func__, name + 13, 477 (int) GetLastError()); 478 } 479 480 return 0; 481 } 482 483 484 #else /* CONFIG_NATIVE_WINDOWS */ 485 486 static int tls_cryptoapi_cert(SSL *ssl, const char *name) 487 { 488 return -1; 489 } 490 491 #endif /* CONFIG_NATIVE_WINDOWS */ 492 493 494 static void ssl_info_cb(const SSL *ssl, int where, int ret) 495 { 496 const char *str; 497 int w; 498 499 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret); 500 w = where & ~SSL_ST_MASK; 501 if (w & SSL_ST_CONNECT) 502 str = "SSL_connect"; 503 else if (w & SSL_ST_ACCEPT) 504 str = "SSL_accept"; 505 else 506 str = "undefined"; 507 508 if (where & SSL_CB_LOOP) { 509 wpa_printf(MSG_DEBUG, "SSL: %s:%s", 510 str, SSL_state_string_long(ssl)); 511 } else if (where & SSL_CB_ALERT) { 512 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s", 513 where & SSL_CB_READ ? 514 "read (remote end reported an error)" : 515 "write (local SSL3 detected an error)", 516 SSL_alert_type_string_long(ret), 517 SSL_alert_desc_string_long(ret)); 518 if ((ret >> 8) == SSL3_AL_FATAL) { 519 struct tls_connection *conn = 520 SSL_get_app_data((SSL *) ssl); 521 if (where & SSL_CB_READ) 522 conn->read_alerts++; 523 else 524 conn->write_alerts++; 525 } 526 } else if (where & SSL_CB_EXIT && ret <= 0) { 527 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", 528 str, ret == 0 ? "failed" : "error", 529 SSL_state_string_long(ssl)); 530 } 531 } 532 533 534 #ifndef OPENSSL_NO_ENGINE 535 /** 536 * tls_engine_load_dynamic_generic - load any openssl engine 537 * @pre: an array of commands and values that load an engine initialized 538 * in the engine specific function 539 * @post: an array of commands and values that initialize an already loaded 540 * engine (or %NULL if not required) 541 * @id: the engine id of the engine to load (only required if post is not %NULL 542 * 543 * This function is a generic function that loads any openssl engine. 544 * 545 * Returns: 0 on success, -1 on failure 546 */ 547 static int tls_engine_load_dynamic_generic(const char *pre[], 548 const char *post[], const char *id) 549 { 550 ENGINE *engine; 551 const char *dynamic_id = "dynamic"; 552 553 engine = ENGINE_by_id(id); 554 if (engine) { 555 ENGINE_free(engine); 556 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " 557 "available", id); 558 return 0; 559 } 560 ERR_clear_error(); 561 562 engine = ENGINE_by_id(dynamic_id); 563 if (engine == NULL) { 564 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 565 dynamic_id, 566 ERR_error_string(ERR_get_error(), NULL)); 567 return -1; 568 } 569 570 /* Perform the pre commands. This will load the engine. */ 571 while (pre && pre[0]) { 572 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]); 573 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) { 574 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: " 575 "%s %s [%s]", pre[0], pre[1], 576 ERR_error_string(ERR_get_error(), NULL)); 577 ENGINE_free(engine); 578 return -1; 579 } 580 pre += 2; 581 } 582 583 /* 584 * Free the reference to the "dynamic" engine. The loaded engine can 585 * now be looked up using ENGINE_by_id(). 586 */ 587 ENGINE_free(engine); 588 589 engine = ENGINE_by_id(id); 590 if (engine == NULL) { 591 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 592 id, ERR_error_string(ERR_get_error(), NULL)); 593 return -1; 594 } 595 596 while (post && post[0]) { 597 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]); 598 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) { 599 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:" 600 " %s %s [%s]", post[0], post[1], 601 ERR_error_string(ERR_get_error(), NULL)); 602 ENGINE_remove(engine); 603 ENGINE_free(engine); 604 return -1; 605 } 606 post += 2; 607 } 608 ENGINE_free(engine); 609 610 return 0; 611 } 612 613 614 /** 615 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc 616 * @pkcs11_so_path: pksc11_so_path from the configuration 617 * @pcks11_module_path: pkcs11_module_path from the configuration 618 */ 619 static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, 620 const char *pkcs11_module_path) 621 { 622 char *engine_id = "pkcs11"; 623 const char *pre_cmd[] = { 624 "SO_PATH", NULL /* pkcs11_so_path */, 625 "ID", NULL /* engine_id */, 626 "LIST_ADD", "1", 627 /* "NO_VCHECK", "1", */ 628 "LOAD", NULL, 629 NULL, NULL 630 }; 631 const char *post_cmd[] = { 632 "MODULE_PATH", NULL /* pkcs11_module_path */, 633 NULL, NULL 634 }; 635 636 if (!pkcs11_so_path || !pkcs11_module_path) 637 return 0; 638 639 pre_cmd[1] = pkcs11_so_path; 640 pre_cmd[3] = engine_id; 641 post_cmd[1] = pkcs11_module_path; 642 643 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", 644 pkcs11_so_path); 645 646 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id); 647 } 648 649 650 /** 651 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc 652 * @opensc_so_path: opensc_so_path from the configuration 653 */ 654 static int tls_engine_load_dynamic_opensc(const char *opensc_so_path) 655 { 656 char *engine_id = "opensc"; 657 const char *pre_cmd[] = { 658 "SO_PATH", NULL /* opensc_so_path */, 659 "ID", NULL /* engine_id */, 660 "LIST_ADD", "1", 661 "LOAD", NULL, 662 NULL, NULL 663 }; 664 665 if (!opensc_so_path) 666 return 0; 667 668 pre_cmd[1] = opensc_so_path; 669 pre_cmd[3] = engine_id; 670 671 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s", 672 opensc_so_path); 673 674 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); 675 } 676 #endif /* OPENSSL_NO_ENGINE */ 677 678 679 void * tls_init(const struct tls_config *conf) 680 { 681 SSL_CTX *ssl; 682 683 if (tls_openssl_ref_count == 0) { 684 SSL_load_error_strings(); 685 SSL_library_init(); 686 #ifndef OPENSSL_NO_SHA256 687 EVP_add_digest(EVP_sha256()); 688 #endif /* OPENSSL_NO_SHA256 */ 689 /* TODO: if /dev/urandom is available, PRNG is seeded 690 * automatically. If this is not the case, random data should 691 * be added here. */ 692 693 #ifdef PKCS12_FUNCS 694 #ifndef OPENSSL_NO_RC2 695 /* 696 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it. 697 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8 698 * versions, but it looks like OpenSSL 1.0.0 does not do that 699 * anymore. 700 */ 701 EVP_add_cipher(EVP_rc2_40_cbc()); 702 #endif /* OPENSSL_NO_RC2 */ 703 PKCS12_PBE_add(); 704 #endif /* PKCS12_FUNCS */ 705 } 706 tls_openssl_ref_count++; 707 708 ssl = SSL_CTX_new(TLSv1_method()); 709 if (ssl == NULL) 710 return NULL; 711 712 SSL_CTX_set_info_callback(ssl, ssl_info_cb); 713 714 #ifndef OPENSSL_NO_ENGINE 715 if (conf && 716 (conf->opensc_engine_path || conf->pkcs11_engine_path || 717 conf->pkcs11_module_path)) { 718 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); 719 ERR_load_ENGINE_strings(); 720 ENGINE_load_dynamic(); 721 722 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || 723 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, 724 conf->pkcs11_module_path)) { 725 tls_deinit(ssl); 726 return NULL; 727 } 728 } 729 #endif /* OPENSSL_NO_ENGINE */ 730 731 return ssl; 732 } 733 734 735 void tls_deinit(void *ssl_ctx) 736 { 737 SSL_CTX *ssl = ssl_ctx; 738 SSL_CTX_free(ssl); 739 740 tls_openssl_ref_count--; 741 if (tls_openssl_ref_count == 0) { 742 #ifndef OPENSSL_NO_ENGINE 743 ENGINE_cleanup(); 744 #endif /* OPENSSL_NO_ENGINE */ 745 CRYPTO_cleanup_all_ex_data(); 746 ERR_remove_state(0); 747 ERR_free_strings(); 748 EVP_cleanup(); 749 } 750 } 751 752 753 static int tls_engine_init(struct tls_connection *conn, const char *engine_id, 754 const char *pin, const char *key_id, 755 const char *cert_id, const char *ca_cert_id) 756 { 757 #ifndef OPENSSL_NO_ENGINE 758 int ret = -1; 759 if (engine_id == NULL) { 760 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); 761 return -1; 762 } 763 if (pin == NULL) { 764 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set"); 765 return -1; 766 } 767 if (key_id == NULL) { 768 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set"); 769 return -1; 770 } 771 772 ERR_clear_error(); 773 conn->engine = ENGINE_by_id(engine_id); 774 if (!conn->engine) { 775 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", 776 engine_id, ERR_error_string(ERR_get_error(), NULL)); 777 goto err; 778 } 779 if (ENGINE_init(conn->engine) != 1) { 780 wpa_printf(MSG_ERROR, "ENGINE: engine init failed " 781 "(engine: %s) [%s]", engine_id, 782 ERR_error_string(ERR_get_error(), NULL)); 783 goto err; 784 } 785 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); 786 787 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { 788 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", 789 ERR_error_string(ERR_get_error(), NULL)); 790 goto err; 791 } 792 /* load private key first in-case PIN is required for cert */ 793 conn->private_key = ENGINE_load_private_key(conn->engine, 794 key_id, NULL, NULL); 795 if (!conn->private_key) { 796 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id" 797 " '%s' [%s]", key_id, 798 ERR_error_string(ERR_get_error(), NULL)); 799 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 800 goto err; 801 } 802 803 /* handle a certificate and/or CA certificate */ 804 if (cert_id || ca_cert_id) { 805 const char *cmd_name = "LOAD_CERT_CTRL"; 806 807 /* test if the engine supports a LOAD_CERT_CTRL */ 808 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME, 809 0, (void *)cmd_name, NULL)) { 810 wpa_printf(MSG_ERROR, "ENGINE: engine does not support" 811 " loading certificates"); 812 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 813 goto err; 814 } 815 } 816 817 return 0; 818 819 err: 820 if (conn->engine) { 821 ENGINE_free(conn->engine); 822 conn->engine = NULL; 823 } 824 825 if (conn->private_key) { 826 EVP_PKEY_free(conn->private_key); 827 conn->private_key = NULL; 828 } 829 830 return ret; 831 #else /* OPENSSL_NO_ENGINE */ 832 return 0; 833 #endif /* OPENSSL_NO_ENGINE */ 834 } 835 836 837 static void tls_engine_deinit(struct tls_connection *conn) 838 { 839 #ifndef OPENSSL_NO_ENGINE 840 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit"); 841 if (conn->private_key) { 842 EVP_PKEY_free(conn->private_key); 843 conn->private_key = NULL; 844 } 845 if (conn->engine) { 846 ENGINE_finish(conn->engine); 847 conn->engine = NULL; 848 } 849 #endif /* OPENSSL_NO_ENGINE */ 850 } 851 852 853 int tls_get_errors(void *ssl_ctx) 854 { 855 int count = 0; 856 unsigned long err; 857 858 while ((err = ERR_get_error())) { 859 wpa_printf(MSG_INFO, "TLS - SSL error: %s", 860 ERR_error_string(err, NULL)); 861 count++; 862 } 863 864 return count; 865 } 866 867 struct tls_connection * tls_connection_init(void *ssl_ctx) 868 { 869 SSL_CTX *ssl = ssl_ctx; 870 struct tls_connection *conn; 871 long options; 872 873 conn = os_zalloc(sizeof(*conn)); 874 if (conn == NULL) 875 return NULL; 876 conn->ssl = SSL_new(ssl); 877 if (conn->ssl == NULL) { 878 tls_show_errors(MSG_INFO, __func__, 879 "Failed to initialize new SSL connection"); 880 os_free(conn); 881 return NULL; 882 } 883 884 SSL_set_app_data(conn->ssl, conn); 885 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 886 SSL_OP_SINGLE_DH_USE; 887 #ifdef SSL_OP_NO_COMPRESSION 888 options |= SSL_OP_NO_COMPRESSION; 889 #endif /* SSL_OP_NO_COMPRESSION */ 890 SSL_set_options(conn->ssl, options); 891 892 conn->ssl_in = BIO_new(BIO_s_mem()); 893 if (!conn->ssl_in) { 894 tls_show_errors(MSG_INFO, __func__, 895 "Failed to create a new BIO for ssl_in"); 896 SSL_free(conn->ssl); 897 os_free(conn); 898 return NULL; 899 } 900 901 conn->ssl_out = BIO_new(BIO_s_mem()); 902 if (!conn->ssl_out) { 903 tls_show_errors(MSG_INFO, __func__, 904 "Failed to create a new BIO for ssl_out"); 905 SSL_free(conn->ssl); 906 BIO_free(conn->ssl_in); 907 os_free(conn); 908 return NULL; 909 } 910 911 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out); 912 913 return conn; 914 } 915 916 917 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) 918 { 919 if (conn == NULL) 920 return; 921 SSL_free(conn->ssl); 922 tls_engine_deinit(conn); 923 os_free(conn->subject_match); 924 os_free(conn->altsubject_match); 925 os_free(conn->session_ticket); 926 os_free(conn); 927 } 928 929 930 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) 931 { 932 return conn ? SSL_is_init_finished(conn->ssl) : 0; 933 } 934 935 936 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) 937 { 938 if (conn == NULL) 939 return -1; 940 941 /* Shutdown previous TLS connection without notifying the peer 942 * because the connection was already terminated in practice 943 * and "close notify" shutdown alert would confuse AS. */ 944 SSL_set_quiet_shutdown(conn->ssl, 1); 945 SSL_shutdown(conn->ssl); 946 return 0; 947 } 948 949 950 static int tls_match_altsubject_component(X509 *cert, int type, 951 const char *value, size_t len) 952 { 953 GENERAL_NAME *gen; 954 void *ext; 955 int i, found = 0; 956 957 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 958 959 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 960 gen = sk_GENERAL_NAME_value(ext, i); 961 if (gen->type != type) 962 continue; 963 if (os_strlen((char *) gen->d.ia5->data) == len && 964 os_memcmp(value, gen->d.ia5->data, len) == 0) 965 found++; 966 } 967 968 return found; 969 } 970 971 972 static int tls_match_altsubject(X509 *cert, const char *match) 973 { 974 int type; 975 const char *pos, *end; 976 size_t len; 977 978 pos = match; 979 do { 980 if (os_strncmp(pos, "EMAIL:", 6) == 0) { 981 type = GEN_EMAIL; 982 pos += 6; 983 } else if (os_strncmp(pos, "DNS:", 4) == 0) { 984 type = GEN_DNS; 985 pos += 4; 986 } else if (os_strncmp(pos, "URI:", 4) == 0) { 987 type = GEN_URI; 988 pos += 4; 989 } else { 990 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " 991 "match '%s'", pos); 992 return 0; 993 } 994 end = os_strchr(pos, ';'); 995 while (end) { 996 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || 997 os_strncmp(end + 1, "DNS:", 4) == 0 || 998 os_strncmp(end + 1, "URI:", 4) == 0) 999 break; 1000 end = os_strchr(end + 1, ';'); 1001 } 1002 if (end) 1003 len = end - pos; 1004 else 1005 len = os_strlen(pos); 1006 if (tls_match_altsubject_component(cert, type, pos, len) > 0) 1007 return 1; 1008 pos = end + 1; 1009 } while (end); 1010 1011 return 0; 1012 } 1013 1014 1015 static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) 1016 { 1017 char buf[256]; 1018 X509 *err_cert; 1019 int err, depth; 1020 SSL *ssl; 1021 struct tls_connection *conn; 1022 char *match, *altmatch; 1023 1024 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); 1025 err = X509_STORE_CTX_get_error(x509_ctx); 1026 depth = X509_STORE_CTX_get_error_depth(x509_ctx); 1027 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 1028 SSL_get_ex_data_X509_STORE_CTX_idx()); 1029 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); 1030 1031 conn = SSL_get_app_data(ssl); 1032 match = conn ? conn->subject_match : NULL; 1033 altmatch = conn ? conn->altsubject_match : NULL; 1034 1035 if (!preverify_ok) { 1036 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," 1037 " error %d (%s) depth %d for '%s'", err, 1038 X509_verify_cert_error_string(err), depth, buf); 1039 } else { 1040 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - " 1041 "preverify_ok=%d err=%d (%s) depth=%d buf='%s'", 1042 preverify_ok, err, 1043 X509_verify_cert_error_string(err), depth, buf); 1044 if (depth == 0 && match && os_strstr(buf, match) == NULL) { 1045 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " 1046 "match with '%s'", buf, match); 1047 preverify_ok = 0; 1048 } else if (depth == 0 && altmatch && 1049 !tls_match_altsubject(err_cert, altmatch)) { 1050 wpa_printf(MSG_WARNING, "TLS: altSubjectName match " 1051 "'%s' not found", altmatch); 1052 preverify_ok = 0; 1053 } 1054 } 1055 1056 return preverify_ok; 1057 } 1058 1059 1060 #ifndef OPENSSL_NO_STDIO 1061 static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert) 1062 { 1063 SSL_CTX *ssl_ctx = _ssl_ctx; 1064 X509_LOOKUP *lookup; 1065 int ret = 0; 1066 1067 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store, 1068 X509_LOOKUP_file()); 1069 if (lookup == NULL) { 1070 tls_show_errors(MSG_WARNING, __func__, 1071 "Failed add lookup for X509 store"); 1072 return -1; 1073 } 1074 1075 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) { 1076 unsigned long err = ERR_peek_error(); 1077 tls_show_errors(MSG_WARNING, __func__, 1078 "Failed load CA in DER format"); 1079 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1080 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1081 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1082 "cert already in hash table error", 1083 __func__); 1084 } else 1085 ret = -1; 1086 } 1087 1088 return ret; 1089 } 1090 #endif /* OPENSSL_NO_STDIO */ 1091 1092 1093 static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn, 1094 const char *ca_cert, const u8 *ca_cert_blob, 1095 size_t ca_cert_blob_len, const char *ca_path) 1096 { 1097 SSL_CTX *ssl_ctx = _ssl_ctx; 1098 1099 /* 1100 * Remove previously configured trusted CA certificates before adding 1101 * new ones. 1102 */ 1103 X509_STORE_free(ssl_ctx->cert_store); 1104 ssl_ctx->cert_store = X509_STORE_new(); 1105 if (ssl_ctx->cert_store == NULL) { 1106 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1107 "certificate store", __func__); 1108 return -1; 1109 } 1110 1111 if (ca_cert_blob) { 1112 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob, 1113 ca_cert_blob_len); 1114 if (cert == NULL) { 1115 tls_show_errors(MSG_WARNING, __func__, 1116 "Failed to parse ca_cert_blob"); 1117 return -1; 1118 } 1119 1120 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1121 unsigned long err = ERR_peek_error(); 1122 tls_show_errors(MSG_WARNING, __func__, 1123 "Failed to add ca_cert_blob to " 1124 "certificate store"); 1125 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1126 ERR_GET_REASON(err) == 1127 X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1128 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1129 "cert already in hash table error", 1130 __func__); 1131 } else { 1132 X509_free(cert); 1133 return -1; 1134 } 1135 } 1136 X509_free(cert); 1137 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob " 1138 "to certificate store", __func__); 1139 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1140 return 0; 1141 } 1142 1143 #ifdef ANDROID 1144 if (ca_cert && strncmp("keystore://", ca_cert, 11) == 0) { 1145 BIO *bio = BIO_from_keystore(&ca_cert[11]); 1146 STACK_OF(X509_INFO) *stack = NULL; 1147 int i; 1148 if (bio) { 1149 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 1150 BIO_free(bio); 1151 } 1152 if (!stack) { 1153 return -1; 1154 } 1155 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 1156 X509_INFO *info = sk_X509_INFO_value(stack, i); 1157 if (info->x509) { 1158 X509_STORE_add_cert(ssl_ctx->cert_store, info->x509); 1159 } 1160 if (info->crl) { 1161 X509_STORE_add_crl(ssl_ctx->cert_store, info->crl); 1162 } 1163 } 1164 sk_X509_INFO_pop_free(stack, X509_INFO_free); 1165 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1166 return 0; 1167 } 1168 #endif 1169 1170 #ifdef CONFIG_NATIVE_WINDOWS 1171 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) == 1172 0) { 1173 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from " 1174 "system certificate store"); 1175 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1176 return 0; 1177 } 1178 #endif /* CONFIG_NATIVE_WINDOWS */ 1179 1180 if (ca_cert || ca_path) { 1181 #ifndef OPENSSL_NO_STDIO 1182 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) != 1183 1) { 1184 tls_show_errors(MSG_WARNING, __func__, 1185 "Failed to load root certificates"); 1186 if (ca_cert && 1187 tls_load_ca_der(ssl_ctx, ca_cert) == 0) { 1188 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded " 1189 "DER format CA certificate", 1190 __func__); 1191 } else 1192 return -1; 1193 } else { 1194 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1195 "certificate(s) loaded"); 1196 tls_get_errors(ssl_ctx); 1197 } 1198 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1199 #else /* OPENSSL_NO_STDIO */ 1200 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1201 __func__); 1202 return -1; 1203 #endif /* OPENSSL_NO_STDIO */ 1204 } else { 1205 /* No ca_cert configured - do not try to verify server 1206 * certificate */ 1207 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1208 } 1209 1210 return 0; 1211 } 1212 1213 1214 static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert) 1215 { 1216 if (ca_cert) { 1217 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1) 1218 { 1219 tls_show_errors(MSG_WARNING, __func__, 1220 "Failed to load root certificates"); 1221 return -1; 1222 } 1223 1224 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1225 "certificate(s) loaded"); 1226 1227 #ifndef OPENSSL_NO_STDIO 1228 /* Add the same CAs to the client certificate requests */ 1229 SSL_CTX_set_client_CA_list(ssl_ctx, 1230 SSL_load_client_CA_file(ca_cert)); 1231 #endif /* OPENSSL_NO_STDIO */ 1232 } 1233 1234 return 0; 1235 } 1236 1237 1238 int tls_global_set_verify(void *ssl_ctx, int check_crl) 1239 { 1240 int flags; 1241 1242 if (check_crl) { 1243 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx); 1244 if (cs == NULL) { 1245 tls_show_errors(MSG_INFO, __func__, "Failed to get " 1246 "certificate store when enabling " 1247 "check_crl"); 1248 return -1; 1249 } 1250 flags = X509_V_FLAG_CRL_CHECK; 1251 if (check_crl == 2) 1252 flags |= X509_V_FLAG_CRL_CHECK_ALL; 1253 X509_STORE_set_flags(cs, flags); 1254 } 1255 return 0; 1256 } 1257 1258 1259 static int tls_connection_set_subject_match(struct tls_connection *conn, 1260 const char *subject_match, 1261 const char *altsubject_match) 1262 { 1263 os_free(conn->subject_match); 1264 conn->subject_match = NULL; 1265 if (subject_match) { 1266 conn->subject_match = os_strdup(subject_match); 1267 if (conn->subject_match == NULL) 1268 return -1; 1269 } 1270 1271 os_free(conn->altsubject_match); 1272 conn->altsubject_match = NULL; 1273 if (altsubject_match) { 1274 conn->altsubject_match = os_strdup(altsubject_match); 1275 if (conn->altsubject_match == NULL) 1276 return -1; 1277 } 1278 1279 return 0; 1280 } 1281 1282 1283 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, 1284 int verify_peer) 1285 { 1286 static int counter = 0; 1287 1288 if (conn == NULL) 1289 return -1; 1290 1291 if (verify_peer) { 1292 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER | 1293 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1294 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb); 1295 } else { 1296 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1297 } 1298 1299 SSL_set_accept_state(conn->ssl); 1300 1301 /* 1302 * Set session id context in order to avoid fatal errors when client 1303 * tries to resume a session. However, set the context to a unique 1304 * value in order to effectively disable session resumption for now 1305 * since not all areas of the server code are ready for it (e.g., 1306 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS 1307 * handshake). 1308 */ 1309 counter++; 1310 SSL_set_session_id_context(conn->ssl, 1311 (const unsigned char *) &counter, 1312 sizeof(counter)); 1313 1314 return 0; 1315 } 1316 1317 1318 static int tls_connection_client_cert(struct tls_connection *conn, 1319 const char *client_cert, 1320 const u8 *client_cert_blob, 1321 size_t client_cert_blob_len) 1322 { 1323 if (client_cert == NULL && client_cert_blob == NULL) 1324 return 0; 1325 1326 if (client_cert_blob && 1327 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob, 1328 client_cert_blob_len) == 1) { 1329 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> " 1330 "OK"); 1331 return 0; 1332 } else if (client_cert_blob) { 1333 tls_show_errors(MSG_DEBUG, __func__, 1334 "SSL_use_certificate_ASN1 failed"); 1335 } 1336 1337 if (client_cert == NULL) 1338 return -1; 1339 1340 #ifdef ANDROID 1341 if (strncmp("keystore://", client_cert, 11) == 0) { 1342 BIO *bio = BIO_from_keystore(&client_cert[11]); 1343 X509 *x509 = NULL; 1344 int ret = -1; 1345 if (bio) { 1346 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 1347 BIO_free(bio); 1348 } 1349 if (x509) { 1350 if (SSL_use_certificate(conn->ssl, x509) == 1) { 1351 ret = 0; 1352 } 1353 X509_free(x509); 1354 } 1355 return ret; 1356 } 1357 #endif 1358 1359 #ifndef OPENSSL_NO_STDIO 1360 if (SSL_use_certificate_file(conn->ssl, client_cert, 1361 SSL_FILETYPE_ASN1) == 1) { 1362 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" 1363 " --> OK"); 1364 return 0; 1365 } else { 1366 tls_show_errors(MSG_DEBUG, __func__, 1367 "SSL_use_certificate_file (DER) failed"); 1368 } 1369 1370 if (SSL_use_certificate_file(conn->ssl, client_cert, 1371 SSL_FILETYPE_PEM) == 1) { 1372 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" 1373 " --> OK"); 1374 return 0; 1375 } else { 1376 tls_show_errors(MSG_DEBUG, __func__, 1377 "SSL_use_certificate_file (PEM) failed"); 1378 } 1379 #else /* OPENSSL_NO_STDIO */ 1380 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1381 #endif /* OPENSSL_NO_STDIO */ 1382 1383 return -1; 1384 } 1385 1386 1387 static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) 1388 { 1389 #ifndef OPENSSL_NO_STDIO 1390 if (client_cert == NULL) 1391 return 0; 1392 1393 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1394 SSL_FILETYPE_ASN1) != 1 && 1395 SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1396 SSL_FILETYPE_PEM) != 1) { 1397 tls_show_errors(MSG_INFO, __func__, 1398 "Failed to load client certificate"); 1399 return -1; 1400 } 1401 return 0; 1402 #else /* OPENSSL_NO_STDIO */ 1403 if (client_cert == NULL) 1404 return 0; 1405 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1406 return -1; 1407 #endif /* OPENSSL_NO_STDIO */ 1408 } 1409 1410 1411 static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) 1412 { 1413 if (password == NULL) { 1414 return 0; 1415 } 1416 os_strlcpy(buf, (char *) password, size); 1417 return os_strlen(buf); 1418 } 1419 1420 1421 #ifdef PKCS12_FUNCS 1422 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, 1423 const char *passwd) 1424 { 1425 EVP_PKEY *pkey; 1426 X509 *cert; 1427 STACK_OF(X509) *certs; 1428 int res = 0; 1429 char buf[256]; 1430 1431 pkey = NULL; 1432 cert = NULL; 1433 certs = NULL; 1434 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { 1435 tls_show_errors(MSG_DEBUG, __func__, 1436 "Failed to parse PKCS12 file"); 1437 PKCS12_free(p12); 1438 return -1; 1439 } 1440 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data"); 1441 1442 if (cert) { 1443 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1444 sizeof(buf)); 1445 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: " 1446 "subject='%s'", buf); 1447 if (ssl) { 1448 if (SSL_use_certificate(ssl, cert) != 1) 1449 res = -1; 1450 } else { 1451 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1) 1452 res = -1; 1453 } 1454 X509_free(cert); 1455 } 1456 1457 if (pkey) { 1458 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12"); 1459 if (ssl) { 1460 if (SSL_use_PrivateKey(ssl, pkey) != 1) 1461 res = -1; 1462 } else { 1463 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) 1464 res = -1; 1465 } 1466 EVP_PKEY_free(pkey); 1467 } 1468 1469 if (certs) { 1470 while ((cert = sk_X509_pop(certs)) != NULL) { 1471 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1472 sizeof(buf)); 1473 wpa_printf(MSG_DEBUG, "TLS: additional certificate" 1474 " from PKCS12: subject='%s'", buf); 1475 /* 1476 * There is no SSL equivalent for the chain cert - so 1477 * always add it to the context... 1478 */ 1479 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) { 1480 res = -1; 1481 break; 1482 } 1483 } 1484 sk_X509_free(certs); 1485 } 1486 1487 PKCS12_free(p12); 1488 1489 if (res < 0) 1490 tls_get_errors(ssl_ctx); 1491 1492 return res; 1493 } 1494 #endif /* PKCS12_FUNCS */ 1495 1496 1497 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key, 1498 const char *passwd) 1499 { 1500 #ifdef PKCS12_FUNCS 1501 FILE *f; 1502 PKCS12 *p12; 1503 1504 f = fopen(private_key, "rb"); 1505 if (f == NULL) 1506 return -1; 1507 1508 p12 = d2i_PKCS12_fp(f, NULL); 1509 fclose(f); 1510 1511 if (p12 == NULL) { 1512 tls_show_errors(MSG_INFO, __func__, 1513 "Failed to use PKCS#12 file"); 1514 return -1; 1515 } 1516 1517 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 1518 1519 #else /* PKCS12_FUNCS */ 1520 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read " 1521 "p12/pfx files"); 1522 return -1; 1523 #endif /* PKCS12_FUNCS */ 1524 } 1525 1526 1527 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl, 1528 const u8 *blob, size_t len, const char *passwd) 1529 { 1530 #ifdef PKCS12_FUNCS 1531 PKCS12 *p12; 1532 1533 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len); 1534 if (p12 == NULL) { 1535 tls_show_errors(MSG_INFO, __func__, 1536 "Failed to use PKCS#12 blob"); 1537 return -1; 1538 } 1539 1540 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 1541 1542 #else /* PKCS12_FUNCS */ 1543 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse " 1544 "p12/pfx blobs"); 1545 return -1; 1546 #endif /* PKCS12_FUNCS */ 1547 } 1548 1549 1550 #ifndef OPENSSL_NO_ENGINE 1551 static int tls_engine_get_cert(struct tls_connection *conn, 1552 const char *cert_id, 1553 X509 **cert) 1554 { 1555 /* this runs after the private key is loaded so no PIN is required */ 1556 struct { 1557 const char *cert_id; 1558 X509 *cert; 1559 } params; 1560 params.cert_id = cert_id; 1561 params.cert = NULL; 1562 1563 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL", 1564 0, ¶ms, NULL, 1)) { 1565 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id" 1566 " '%s' [%s]", cert_id, 1567 ERR_error_string(ERR_get_error(), NULL)); 1568 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 1569 } 1570 if (!params.cert) { 1571 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id" 1572 " '%s'", cert_id); 1573 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 1574 } 1575 *cert = params.cert; 1576 return 0; 1577 } 1578 #endif /* OPENSSL_NO_ENGINE */ 1579 1580 1581 static int tls_connection_engine_client_cert(struct tls_connection *conn, 1582 const char *cert_id) 1583 { 1584 #ifndef OPENSSL_NO_ENGINE 1585 X509 *cert; 1586 1587 if (tls_engine_get_cert(conn, cert_id, &cert)) 1588 return -1; 1589 1590 if (!SSL_use_certificate(conn->ssl, cert)) { 1591 tls_show_errors(MSG_ERROR, __func__, 1592 "SSL_use_certificate failed"); 1593 X509_free(cert); 1594 return -1; 1595 } 1596 X509_free(cert); 1597 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> " 1598 "OK"); 1599 return 0; 1600 1601 #else /* OPENSSL_NO_ENGINE */ 1602 return -1; 1603 #endif /* OPENSSL_NO_ENGINE */ 1604 } 1605 1606 1607 static int tls_connection_engine_ca_cert(void *_ssl_ctx, 1608 struct tls_connection *conn, 1609 const char *ca_cert_id) 1610 { 1611 #ifndef OPENSSL_NO_ENGINE 1612 X509 *cert; 1613 SSL_CTX *ssl_ctx = _ssl_ctx; 1614 1615 if (tls_engine_get_cert(conn, ca_cert_id, &cert)) 1616 return -1; 1617 1618 /* start off the same as tls_connection_ca_cert */ 1619 X509_STORE_free(ssl_ctx->cert_store); 1620 ssl_ctx->cert_store = X509_STORE_new(); 1621 if (ssl_ctx->cert_store == NULL) { 1622 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1623 "certificate store", __func__); 1624 X509_free(cert); 1625 return -1; 1626 } 1627 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1628 unsigned long err = ERR_peek_error(); 1629 tls_show_errors(MSG_WARNING, __func__, 1630 "Failed to add CA certificate from engine " 1631 "to certificate store"); 1632 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1633 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1634 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert" 1635 " already in hash table error", 1636 __func__); 1637 } else { 1638 X509_free(cert); 1639 return -1; 1640 } 1641 } 1642 X509_free(cert); 1643 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine " 1644 "to certificate store", __func__); 1645 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1646 return 0; 1647 1648 #else /* OPENSSL_NO_ENGINE */ 1649 return -1; 1650 #endif /* OPENSSL_NO_ENGINE */ 1651 } 1652 1653 1654 static int tls_connection_engine_private_key(struct tls_connection *conn) 1655 { 1656 #ifndef OPENSSL_NO_ENGINE 1657 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) { 1658 tls_show_errors(MSG_ERROR, __func__, 1659 "ENGINE: cannot use private key for TLS"); 1660 return -1; 1661 } 1662 if (!SSL_check_private_key(conn->ssl)) { 1663 tls_show_errors(MSG_INFO, __func__, 1664 "Private key failed verification"); 1665 return -1; 1666 } 1667 return 0; 1668 #else /* OPENSSL_NO_ENGINE */ 1669 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but " 1670 "engine support was not compiled in"); 1671 return -1; 1672 #endif /* OPENSSL_NO_ENGINE */ 1673 } 1674 1675 1676 static int tls_connection_private_key(void *_ssl_ctx, 1677 struct tls_connection *conn, 1678 const char *private_key, 1679 const char *private_key_passwd, 1680 const u8 *private_key_blob, 1681 size_t private_key_blob_len) 1682 { 1683 SSL_CTX *ssl_ctx = _ssl_ctx; 1684 char *passwd; 1685 int ok; 1686 1687 if (private_key == NULL && private_key_blob == NULL) 1688 return 0; 1689 1690 if (private_key_passwd) { 1691 passwd = os_strdup(private_key_passwd); 1692 if (passwd == NULL) 1693 return -1; 1694 } else 1695 passwd = NULL; 1696 1697 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 1698 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 1699 1700 ok = 0; 1701 while (private_key_blob) { 1702 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl, 1703 (u8 *) private_key_blob, 1704 private_key_blob_len) == 1) { 1705 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 1706 "ASN1(EVP_PKEY_RSA) --> OK"); 1707 ok = 1; 1708 break; 1709 } else { 1710 tls_show_errors(MSG_DEBUG, __func__, 1711 "SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA)" 1712 " failed"); 1713 } 1714 1715 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, 1716 (u8 *) private_key_blob, 1717 private_key_blob_len) == 1) { 1718 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 1719 "ASN1(EVP_PKEY_DSA) --> OK"); 1720 ok = 1; 1721 break; 1722 } else { 1723 tls_show_errors(MSG_DEBUG, __func__, 1724 "SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA)" 1725 " failed"); 1726 } 1727 1728 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, 1729 (u8 *) private_key_blob, 1730 private_key_blob_len) == 1) { 1731 wpa_printf(MSG_DEBUG, "OpenSSL: " 1732 "SSL_use_RSAPrivateKey_ASN1 --> OK"); 1733 ok = 1; 1734 break; 1735 } else { 1736 tls_show_errors(MSG_DEBUG, __func__, 1737 "SSL_use_RSAPrivateKey_ASN1 failed"); 1738 } 1739 1740 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, 1741 private_key_blob_len, passwd) == 0) { 1742 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> " 1743 "OK"); 1744 ok = 1; 1745 break; 1746 } 1747 1748 break; 1749 } 1750 1751 #ifdef ANDROID 1752 if (!ok && private_key && strncmp("keystore://", private_key, 11) == 0) { 1753 BIO *bio = BIO_from_keystore(&private_key[11]); 1754 EVP_PKEY *pkey = NULL; 1755 if (bio) { 1756 pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); 1757 BIO_free(bio); 1758 } 1759 if (pkey) { 1760 if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) { 1761 ok = 1; 1762 } 1763 EVP_PKEY_free(pkey); 1764 } 1765 } 1766 #endif 1767 1768 while (!ok && private_key) { 1769 #ifndef OPENSSL_NO_STDIO 1770 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 1771 SSL_FILETYPE_ASN1) == 1) { 1772 wpa_printf(MSG_DEBUG, "OpenSSL: " 1773 "SSL_use_PrivateKey_File (DER) --> OK"); 1774 ok = 1; 1775 break; 1776 } else { 1777 tls_show_errors(MSG_DEBUG, __func__, 1778 "SSL_use_PrivateKey_File (DER) " 1779 "failed"); 1780 } 1781 1782 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 1783 SSL_FILETYPE_PEM) == 1) { 1784 wpa_printf(MSG_DEBUG, "OpenSSL: " 1785 "SSL_use_PrivateKey_File (PEM) --> OK"); 1786 ok = 1; 1787 break; 1788 } else { 1789 tls_show_errors(MSG_DEBUG, __func__, 1790 "SSL_use_PrivateKey_File (PEM) " 1791 "failed"); 1792 } 1793 #else /* OPENSSL_NO_STDIO */ 1794 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1795 __func__); 1796 #endif /* OPENSSL_NO_STDIO */ 1797 1798 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd) 1799 == 0) { 1800 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file " 1801 "--> OK"); 1802 ok = 1; 1803 break; 1804 } 1805 1806 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) { 1807 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to " 1808 "access certificate store --> OK"); 1809 ok = 1; 1810 break; 1811 } 1812 1813 break; 1814 } 1815 1816 if (!ok) { 1817 wpa_printf(MSG_INFO, "OpenSSL: Failed to load private key"); 1818 os_free(passwd); 1819 ERR_clear_error(); 1820 return -1; 1821 } 1822 ERR_clear_error(); 1823 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 1824 os_free(passwd); 1825 1826 if (!SSL_check_private_key(conn->ssl)) { 1827 tls_show_errors(MSG_INFO, __func__, "Private key failed " 1828 "verification"); 1829 return -1; 1830 } 1831 1832 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully"); 1833 return 0; 1834 } 1835 1836 1837 static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key, 1838 const char *private_key_passwd) 1839 { 1840 char *passwd; 1841 1842 if (private_key == NULL) 1843 return 0; 1844 1845 if (private_key_passwd) { 1846 passwd = os_strdup(private_key_passwd); 1847 if (passwd == NULL) 1848 return -1; 1849 } else 1850 passwd = NULL; 1851 1852 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 1853 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 1854 if ( 1855 #ifndef OPENSSL_NO_STDIO 1856 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 1857 SSL_FILETYPE_ASN1) != 1 && 1858 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 1859 SSL_FILETYPE_PEM) != 1 && 1860 #endif /* OPENSSL_NO_STDIO */ 1861 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) { 1862 tls_show_errors(MSG_INFO, __func__, 1863 "Failed to load private key"); 1864 os_free(passwd); 1865 ERR_clear_error(); 1866 return -1; 1867 } 1868 os_free(passwd); 1869 ERR_clear_error(); 1870 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 1871 1872 if (!SSL_CTX_check_private_key(ssl_ctx)) { 1873 tls_show_errors(MSG_INFO, __func__, 1874 "Private key failed verification"); 1875 return -1; 1876 } 1877 1878 return 0; 1879 } 1880 1881 1882 static int tls_connection_dh(struct tls_connection *conn, const char *dh_file) 1883 { 1884 #ifdef OPENSSL_NO_DH 1885 if (dh_file == NULL) 1886 return 0; 1887 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 1888 "dh_file specified"); 1889 return -1; 1890 #else /* OPENSSL_NO_DH */ 1891 DH *dh; 1892 BIO *bio; 1893 1894 /* TODO: add support for dh_blob */ 1895 if (dh_file == NULL) 1896 return 0; 1897 if (conn == NULL) 1898 return -1; 1899 1900 bio = BIO_new_file(dh_file, "r"); 1901 if (bio == NULL) { 1902 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 1903 dh_file, ERR_error_string(ERR_get_error(), NULL)); 1904 return -1; 1905 } 1906 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 1907 BIO_free(bio); 1908 #ifndef OPENSSL_NO_DSA 1909 while (dh == NULL) { 1910 DSA *dsa; 1911 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 1912 " trying to parse as DSA params", dh_file, 1913 ERR_error_string(ERR_get_error(), NULL)); 1914 bio = BIO_new_file(dh_file, "r"); 1915 if (bio == NULL) 1916 break; 1917 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 1918 BIO_free(bio); 1919 if (!dsa) { 1920 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 1921 "'%s': %s", dh_file, 1922 ERR_error_string(ERR_get_error(), NULL)); 1923 break; 1924 } 1925 1926 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 1927 dh = DSA_dup_DH(dsa); 1928 DSA_free(dsa); 1929 if (dh == NULL) { 1930 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 1931 "params into DH params"); 1932 break; 1933 } 1934 break; 1935 } 1936 #endif /* !OPENSSL_NO_DSA */ 1937 if (dh == NULL) { 1938 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 1939 "'%s'", dh_file); 1940 return -1; 1941 } 1942 1943 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) { 1944 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 1945 "%s", dh_file, 1946 ERR_error_string(ERR_get_error(), NULL)); 1947 DH_free(dh); 1948 return -1; 1949 } 1950 DH_free(dh); 1951 return 0; 1952 #endif /* OPENSSL_NO_DH */ 1953 } 1954 1955 1956 static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file) 1957 { 1958 #ifdef OPENSSL_NO_DH 1959 if (dh_file == NULL) 1960 return 0; 1961 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 1962 "dh_file specified"); 1963 return -1; 1964 #else /* OPENSSL_NO_DH */ 1965 DH *dh; 1966 BIO *bio; 1967 1968 /* TODO: add support for dh_blob */ 1969 if (dh_file == NULL) 1970 return 0; 1971 if (ssl_ctx == NULL) 1972 return -1; 1973 1974 bio = BIO_new_file(dh_file, "r"); 1975 if (bio == NULL) { 1976 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 1977 dh_file, ERR_error_string(ERR_get_error(), NULL)); 1978 return -1; 1979 } 1980 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 1981 BIO_free(bio); 1982 #ifndef OPENSSL_NO_DSA 1983 while (dh == NULL) { 1984 DSA *dsa; 1985 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 1986 " trying to parse as DSA params", dh_file, 1987 ERR_error_string(ERR_get_error(), NULL)); 1988 bio = BIO_new_file(dh_file, "r"); 1989 if (bio == NULL) 1990 break; 1991 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 1992 BIO_free(bio); 1993 if (!dsa) { 1994 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 1995 "'%s': %s", dh_file, 1996 ERR_error_string(ERR_get_error(), NULL)); 1997 break; 1998 } 1999 2000 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2001 dh = DSA_dup_DH(dsa); 2002 DSA_free(dsa); 2003 if (dh == NULL) { 2004 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2005 "params into DH params"); 2006 break; 2007 } 2008 break; 2009 } 2010 #endif /* !OPENSSL_NO_DSA */ 2011 if (dh == NULL) { 2012 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2013 "'%s'", dh_file); 2014 return -1; 2015 } 2016 2017 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) { 2018 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2019 "%s", dh_file, 2020 ERR_error_string(ERR_get_error(), NULL)); 2021 DH_free(dh); 2022 return -1; 2023 } 2024 DH_free(dh); 2025 return 0; 2026 #endif /* OPENSSL_NO_DH */ 2027 } 2028 2029 2030 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, 2031 struct tls_keys *keys) 2032 { 2033 SSL *ssl; 2034 2035 if (conn == NULL || keys == NULL) 2036 return -1; 2037 ssl = conn->ssl; 2038 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) 2039 return -1; 2040 2041 os_memset(keys, 0, sizeof(*keys)); 2042 keys->master_key = ssl->session->master_key; 2043 keys->master_key_len = ssl->session->master_key_length; 2044 keys->client_random = ssl->s3->client_random; 2045 keys->client_random_len = SSL3_RANDOM_SIZE; 2046 keys->server_random = ssl->s3->server_random; 2047 keys->server_random_len = SSL3_RANDOM_SIZE; 2048 2049 return 0; 2050 } 2051 2052 2053 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 2054 const char *label, int server_random_first, 2055 u8 *out, size_t out_len) 2056 { 2057 return -1; 2058 } 2059 2060 2061 u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, 2062 const u8 *in_data, size_t in_len, 2063 size_t *out_len, u8 **appl_data, 2064 size_t *appl_data_len) 2065 { 2066 int res; 2067 u8 *out_data; 2068 2069 if (appl_data) 2070 *appl_data = NULL; 2071 2072 /* 2073 * Give TLS handshake data from the server (if available) to OpenSSL 2074 * for processing. 2075 */ 2076 if (in_data && 2077 BIO_write(conn->ssl_in, in_data, in_len) < 0) { 2078 tls_show_errors(MSG_INFO, __func__, 2079 "Handshake failed - BIO_write"); 2080 return NULL; 2081 } 2082 2083 /* Initiate TLS handshake or continue the existing handshake */ 2084 res = SSL_connect(conn->ssl); 2085 if (res != 1) { 2086 int err = SSL_get_error(conn->ssl, res); 2087 if (err == SSL_ERROR_WANT_READ) 2088 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want " 2089 "more data"); 2090 else if (err == SSL_ERROR_WANT_WRITE) 2091 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " 2092 "write"); 2093 else { 2094 tls_show_errors(MSG_INFO, __func__, "SSL_connect"); 2095 conn->failed++; 2096 } 2097 } 2098 2099 /* Get the TLS handshake data to be sent to the server */ 2100 res = BIO_ctrl_pending(conn->ssl_out); 2101 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2102 out_data = os_malloc(res == 0 ? 1 : res); 2103 if (out_data == NULL) { 2104 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2105 "handshake output (%d bytes)", res); 2106 if (BIO_reset(conn->ssl_out) < 0) { 2107 tls_show_errors(MSG_INFO, __func__, 2108 "BIO_reset failed"); 2109 } 2110 *out_len = 0; 2111 return NULL; 2112 } 2113 res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res); 2114 if (res < 0) { 2115 tls_show_errors(MSG_INFO, __func__, 2116 "Handshake failed - BIO_read"); 2117 if (BIO_reset(conn->ssl_out) < 0) { 2118 tls_show_errors(MSG_INFO, __func__, 2119 "BIO_reset failed"); 2120 } 2121 *out_len = 0; 2122 return NULL; 2123 } 2124 *out_len = res; 2125 2126 if (SSL_is_init_finished(conn->ssl) && appl_data) { 2127 *appl_data = os_malloc(in_len); 2128 if (*appl_data) { 2129 res = SSL_read(conn->ssl, *appl_data, in_len); 2130 if (res < 0) { 2131 int err = SSL_get_error(conn->ssl, res); 2132 if (err == SSL_ERROR_WANT_READ || 2133 err == SSL_ERROR_WANT_WRITE) { 2134 wpa_printf(MSG_DEBUG, 2135 "SSL: No Application Data " 2136 "included"); 2137 } else { 2138 tls_show_errors(MSG_INFO, __func__, 2139 "Failed to read " 2140 "possible " 2141 "Application Data"); 2142 } 2143 os_free(*appl_data); 2144 *appl_data = NULL; 2145 } else { 2146 *appl_data_len = res; 2147 wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application" 2148 " Data in Finish message", 2149 *appl_data, *appl_data_len); 2150 } 2151 } 2152 } 2153 2154 return out_data; 2155 } 2156 2157 2158 u8 * tls_connection_server_handshake(void *ssl_ctx, 2159 struct tls_connection *conn, 2160 const u8 *in_data, size_t in_len, 2161 size_t *out_len) 2162 { 2163 int res; 2164 u8 *out_data; 2165 2166 /* 2167 * Give TLS handshake data from the client (if available) to OpenSSL 2168 * for processing. 2169 */ 2170 if (in_data && 2171 BIO_write(conn->ssl_in, in_data, in_len) < 0) { 2172 tls_show_errors(MSG_INFO, __func__, 2173 "Handshake failed - BIO_write"); 2174 return NULL; 2175 } 2176 2177 /* Initiate TLS handshake or continue the existing handshake */ 2178 res = SSL_accept(conn->ssl); 2179 if (res != 1) { 2180 int err = SSL_get_error(conn->ssl, res); 2181 if (err == SSL_ERROR_WANT_READ) 2182 wpa_printf(MSG_DEBUG, "SSL: SSL_accept - want " 2183 "more data"); 2184 else if (err == SSL_ERROR_WANT_WRITE) 2185 wpa_printf(MSG_DEBUG, "SSL: SSL_accept - want to " 2186 "write"); 2187 else { 2188 tls_show_errors(MSG_INFO, __func__, "SSL_accept"); 2189 return NULL; 2190 } 2191 } 2192 2193 /* Get the TLS handshake data to be sent to the client */ 2194 res = BIO_ctrl_pending(conn->ssl_out); 2195 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2196 out_data = os_malloc(res == 0 ? 1 : res); 2197 if (out_data == NULL) { 2198 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2199 "handshake output (%d bytes)", res); 2200 if (BIO_reset(conn->ssl_out) < 0) { 2201 tls_show_errors(MSG_INFO, __func__, 2202 "BIO_reset failed"); 2203 } 2204 *out_len = 0; 2205 return NULL; 2206 } 2207 res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res); 2208 if (res < 0) { 2209 tls_show_errors(MSG_INFO, __func__, 2210 "Handshake failed - BIO_read"); 2211 if (BIO_reset(conn->ssl_out) < 0) { 2212 tls_show_errors(MSG_INFO, __func__, 2213 "BIO_reset failed"); 2214 } 2215 *out_len = 0; 2216 return NULL; 2217 } 2218 *out_len = res; 2219 return out_data; 2220 } 2221 2222 2223 int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn, 2224 const u8 *in_data, size_t in_len, 2225 u8 *out_data, size_t out_len) 2226 { 2227 int res; 2228 2229 if (conn == NULL) 2230 return -1; 2231 2232 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */ 2233 if ((res = BIO_reset(conn->ssl_in)) < 0 || 2234 (res = BIO_reset(conn->ssl_out)) < 0) { 2235 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2236 return res; 2237 } 2238 res = SSL_write(conn->ssl, in_data, in_len); 2239 if (res < 0) { 2240 tls_show_errors(MSG_INFO, __func__, 2241 "Encryption failed - SSL_write"); 2242 return res; 2243 } 2244 2245 /* Read encrypted data to be sent to the server */ 2246 res = BIO_read(conn->ssl_out, out_data, out_len); 2247 if (res < 0) { 2248 tls_show_errors(MSG_INFO, __func__, 2249 "Encryption failed - BIO_read"); 2250 return res; 2251 } 2252 2253 return res; 2254 } 2255 2256 2257 int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn, 2258 const u8 *in_data, size_t in_len, 2259 u8 *out_data, size_t out_len) 2260 { 2261 int res; 2262 2263 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */ 2264 res = BIO_write(conn->ssl_in, in_data, in_len); 2265 if (res < 0) { 2266 tls_show_errors(MSG_INFO, __func__, 2267 "Decryption failed - BIO_write"); 2268 return res; 2269 } 2270 if (BIO_reset(conn->ssl_out) < 0) { 2271 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2272 return res; 2273 } 2274 2275 /* Read decrypted data for further processing */ 2276 res = SSL_read(conn->ssl, out_data, out_len); 2277 if (res < 0) { 2278 tls_show_errors(MSG_INFO, __func__, 2279 "Decryption failed - SSL_read"); 2280 return res; 2281 } 2282 2283 return res; 2284 } 2285 2286 2287 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 2288 { 2289 return conn ? conn->ssl->hit : 0; 2290 } 2291 2292 2293 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 2294 u8 *ciphers) 2295 { 2296 char buf[100], *pos, *end; 2297 u8 *c; 2298 int ret; 2299 2300 if (conn == NULL || conn->ssl == NULL || ciphers == NULL) 2301 return -1; 2302 2303 buf[0] = '\0'; 2304 pos = buf; 2305 end = pos + sizeof(buf); 2306 2307 c = ciphers; 2308 while (*c != TLS_CIPHER_NONE) { 2309 const char *suite; 2310 2311 switch (*c) { 2312 case TLS_CIPHER_RC4_SHA: 2313 suite = "RC4-SHA"; 2314 break; 2315 case TLS_CIPHER_AES128_SHA: 2316 suite = "AES128-SHA"; 2317 break; 2318 case TLS_CIPHER_RSA_DHE_AES128_SHA: 2319 suite = "DHE-RSA-AES128-SHA"; 2320 break; 2321 case TLS_CIPHER_ANON_DH_AES128_SHA: 2322 suite = "ADH-AES128-SHA"; 2323 break; 2324 default: 2325 wpa_printf(MSG_DEBUG, "TLS: Unsupported " 2326 "cipher selection: %d", *c); 2327 return -1; 2328 } 2329 ret = os_snprintf(pos, end - pos, ":%s", suite); 2330 if (ret < 0 || ret >= end - pos) 2331 break; 2332 pos += ret; 2333 2334 c++; 2335 } 2336 2337 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); 2338 2339 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) { 2340 tls_show_errors(MSG_INFO, __func__, 2341 "Cipher suite configuration failed"); 2342 return -1; 2343 } 2344 2345 return 0; 2346 } 2347 2348 2349 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, 2350 char *buf, size_t buflen) 2351 { 2352 const char *name; 2353 if (conn == NULL || conn->ssl == NULL) 2354 return -1; 2355 2356 name = SSL_get_cipher(conn->ssl); 2357 if (name == NULL) 2358 return -1; 2359 2360 os_strlcpy(buf, name, buflen); 2361 return 0; 2362 } 2363 2364 2365 int tls_connection_enable_workaround(void *ssl_ctx, 2366 struct tls_connection *conn) 2367 { 2368 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 2369 2370 return 0; 2371 } 2372 2373 2374 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) 2375 /* ClientHello TLS extensions require a patch to openssl, so this function is 2376 * commented out unless explicitly needed for EAP-FAST in order to be able to 2377 * build this file with unmodified openssl. */ 2378 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, 2379 int ext_type, const u8 *data, 2380 size_t data_len) 2381 { 2382 if (conn == NULL || conn->ssl == NULL || ext_type != 35) 2383 return -1; 2384 2385 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2386 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data, 2387 data_len) != 1) 2388 return -1; 2389 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2390 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data, 2391 data_len) != 1) 2392 return -1; 2393 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2394 2395 return 0; 2396 } 2397 #endif /* EAP_FAST || EAP_FAST_DYNAMIC */ 2398 2399 2400 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) 2401 { 2402 if (conn == NULL) 2403 return -1; 2404 return conn->failed; 2405 } 2406 2407 2408 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) 2409 { 2410 if (conn == NULL) 2411 return -1; 2412 return conn->read_alerts; 2413 } 2414 2415 2416 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) 2417 { 2418 if (conn == NULL) 2419 return -1; 2420 return conn->write_alerts; 2421 } 2422 2423 2424 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 2425 const struct tls_connection_params *params) 2426 { 2427 int ret; 2428 unsigned long err; 2429 2430 if (conn == NULL) 2431 return -1; 2432 2433 while ((err = ERR_get_error())) { 2434 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 2435 __func__, ERR_error_string(err, NULL)); 2436 } 2437 2438 if (params->engine) { 2439 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine"); 2440 ret = tls_engine_init(conn, params->engine_id, params->pin, 2441 params->key_id, params->cert_id, 2442 params->ca_cert_id); 2443 if (ret) 2444 return ret; 2445 } 2446 if (tls_connection_set_subject_match(conn, 2447 params->subject_match, 2448 params->altsubject_match)) 2449 return -1; 2450 2451 if (params->engine && params->ca_cert_id) { 2452 if (tls_connection_engine_ca_cert(tls_ctx, conn, 2453 params->ca_cert_id)) 2454 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2455 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, 2456 params->ca_cert_blob, 2457 params->ca_cert_blob_len, 2458 params->ca_path)) 2459 return -1; 2460 2461 if (params->engine && params->cert_id) { 2462 if (tls_connection_engine_client_cert(conn, params->cert_id)) 2463 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2464 } else if (tls_connection_client_cert(conn, params->client_cert, 2465 params->client_cert_blob, 2466 params->client_cert_blob_len)) 2467 return -1; 2468 2469 if (params->engine && params->key_id) { 2470 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine"); 2471 if (tls_connection_engine_private_key(conn)) 2472 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2473 } else if (tls_connection_private_key(tls_ctx, conn, 2474 params->private_key, 2475 params->private_key_passwd, 2476 params->private_key_blob, 2477 params->private_key_blob_len)) { 2478 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'", 2479 params->private_key); 2480 return -1; 2481 } 2482 2483 if (tls_connection_dh(conn, params->dh_file)) { 2484 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 2485 params->dh_file); 2486 return -1; 2487 } 2488 2489 tls_get_errors(tls_ctx); 2490 2491 return 0; 2492 } 2493 2494 2495 int tls_global_set_params(void *tls_ctx, 2496 const struct tls_connection_params *params) 2497 { 2498 SSL_CTX *ssl_ctx = tls_ctx; 2499 unsigned long err; 2500 2501 while ((err = ERR_get_error())) { 2502 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 2503 __func__, ERR_error_string(err, NULL)); 2504 } 2505 2506 if (tls_global_ca_cert(ssl_ctx, params->ca_cert)) 2507 return -1; 2508 2509 if (tls_global_client_cert(ssl_ctx, params->client_cert)) 2510 return -1; 2511 2512 if (tls_global_private_key(ssl_ctx, params->private_key, 2513 params->private_key_passwd)) 2514 return -1; 2515 2516 if (tls_global_dh(ssl_ctx, params->dh_file)) { 2517 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 2518 params->dh_file); 2519 return -1; 2520 } 2521 2522 return 0; 2523 } 2524 2525 2526 int tls_connection_get_keyblock_size(void *tls_ctx, 2527 struct tls_connection *conn) 2528 { 2529 const EVP_CIPHER *c; 2530 const EVP_MD *h; 2531 2532 if (conn == NULL || conn->ssl == NULL || 2533 conn->ssl->enc_read_ctx == NULL || 2534 conn->ssl->enc_read_ctx->cipher == NULL || 2535 conn->ssl->read_hash == NULL) 2536 return -1; 2537 2538 c = conn->ssl->enc_read_ctx->cipher; 2539 #if OPENSSL_VERSION_NUMBER >= 0x00909000L 2540 h = EVP_MD_CTX_md(conn->ssl->read_hash); 2541 #else 2542 h = conn->ssl->read_hash; 2543 #endif 2544 2545 return 2 * (EVP_CIPHER_key_length(c) + 2546 EVP_MD_size(h) + 2547 EVP_CIPHER_iv_length(c)); 2548 } 2549 2550 2551 unsigned int tls_capabilities(void *tls_ctx) 2552 { 2553 return 0; 2554 } 2555 2556 2557 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, 2558 int tls_ia) 2559 { 2560 return -1; 2561 } 2562 2563 2564 int tls_connection_ia_send_phase_finished(void *tls_ctx, 2565 struct tls_connection *conn, 2566 int final, 2567 u8 *out_data, size_t out_len) 2568 { 2569 return -1; 2570 } 2571 2572 2573 int tls_connection_ia_final_phase_finished(void *tls_ctx, 2574 struct tls_connection *conn) 2575 { 2576 return -1; 2577 } 2578 2579 2580 int tls_connection_ia_permute_inner_secret(void *tls_ctx, 2581 struct tls_connection *conn, 2582 const u8 *key, size_t key_len) 2583 { 2584 return -1; 2585 } 2586 2587 2588 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) 2589 /* Pre-shared secred requires a patch to openssl, so this function is 2590 * commented out unless explicitly needed for EAP-FAST in order to be able to 2591 * build this file with unmodified openssl. */ 2592 2593 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, 2594 STACK_OF(SSL_CIPHER) *peer_ciphers, 2595 SSL_CIPHER **cipher, void *arg) 2596 { 2597 struct tls_connection *conn = arg; 2598 int ret; 2599 2600 if (conn == NULL || conn->session_ticket_cb == NULL) 2601 return 0; 2602 2603 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, 2604 conn->session_ticket, 2605 conn->session_ticket_len, 2606 s->s3->client_random, 2607 s->s3->server_random, secret); 2608 os_free(conn->session_ticket); 2609 conn->session_ticket = NULL; 2610 2611 if (ret <= 0) 2612 return 0; 2613 2614 *secret_len = SSL_MAX_MASTER_KEY_LENGTH; 2615 return 1; 2616 } 2617 2618 2619 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2620 static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data, 2621 int len, void *arg) 2622 { 2623 struct tls_connection *conn = arg; 2624 2625 if (conn == NULL || conn->session_ticket_cb == NULL) 2626 return 0; 2627 2628 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len); 2629 2630 os_free(conn->session_ticket); 2631 conn->session_ticket = NULL; 2632 2633 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2634 "extension", data, len); 2635 2636 conn->session_ticket = os_malloc(len); 2637 if (conn->session_ticket == NULL) 2638 return 0; 2639 2640 os_memcpy(conn->session_ticket, data, len); 2641 conn->session_ticket_len = len; 2642 2643 return 1; 2644 } 2645 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2646 #ifdef SSL_OP_NO_TICKET 2647 static void tls_hello_ext_cb(SSL *s, int client_server, int type, 2648 unsigned char *data, int len, void *arg) 2649 { 2650 struct tls_connection *conn = arg; 2651 2652 if (conn == NULL || conn->session_ticket_cb == NULL) 2653 return; 2654 2655 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 2656 type, len); 2657 2658 if (type == TLSEXT_TYPE_session_ticket && !client_server) { 2659 os_free(conn->session_ticket); 2660 conn->session_ticket = NULL; 2661 2662 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2663 "extension", data, len); 2664 conn->session_ticket = os_malloc(len); 2665 if (conn->session_ticket == NULL) 2666 return; 2667 2668 os_memcpy(conn->session_ticket, data, len); 2669 conn->session_ticket_len = len; 2670 } 2671 } 2672 #else /* SSL_OP_NO_TICKET */ 2673 static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg) 2674 { 2675 struct tls_connection *conn = arg; 2676 2677 if (conn == NULL || conn->session_ticket_cb == NULL) 2678 return 0; 2679 2680 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 2681 ext->type, ext->length); 2682 2683 os_free(conn->session_ticket); 2684 conn->session_ticket = NULL; 2685 2686 if (ext->type == 35) { 2687 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2688 "extension", ext->data, ext->length); 2689 conn->session_ticket = os_malloc(ext->length); 2690 if (conn->session_ticket == NULL) 2691 return SSL_AD_INTERNAL_ERROR; 2692 2693 os_memcpy(conn->session_ticket, ext->data, ext->length); 2694 conn->session_ticket_len = ext->length; 2695 } 2696 2697 return 0; 2698 } 2699 #endif /* SSL_OP_NO_TICKET */ 2700 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2701 #endif /* EAP_FAST || EAP_FAST_DYNAMIC */ 2702 2703 2704 int tls_connection_set_session_ticket_cb(void *tls_ctx, 2705 struct tls_connection *conn, 2706 tls_session_ticket_cb cb, 2707 void *ctx) 2708 { 2709 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) 2710 conn->session_ticket_cb = cb; 2711 conn->session_ticket_cb_ctx = ctx; 2712 2713 if (cb) { 2714 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, 2715 conn) != 1) 2716 return -1; 2717 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2718 SSL_set_session_ticket_ext_cb(conn->ssl, 2719 tls_session_ticket_ext_cb, conn); 2720 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2721 #ifdef SSL_OP_NO_TICKET 2722 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb); 2723 SSL_set_tlsext_debug_arg(conn->ssl, conn); 2724 #else /* SSL_OP_NO_TICKET */ 2725 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb, 2726 conn) != 1) 2727 return -1; 2728 #endif /* SSL_OP_NO_TICKET */ 2729 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2730 } else { 2731 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) 2732 return -1; 2733 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2734 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL); 2735 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2736 #ifdef SSL_OP_NO_TICKET 2737 SSL_set_tlsext_debug_callback(conn->ssl, NULL); 2738 SSL_set_tlsext_debug_arg(conn->ssl, conn); 2739 #else /* SSL_OP_NO_TICKET */ 2740 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1) 2741 return -1; 2742 #endif /* SSL_OP_NO_TICKET */ 2743 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2744 } 2745 2746 return 0; 2747 #else /* EAP_FAST || EAP_FAST_DYNAMIC */ 2748 return -1; 2749 #endif /* EAP_FAST || EAP_FAST_DYNAMIC */ 2750 } 2751
