Home | History | Annotate | Download | only in crypto
      1 /*
      2  * SSL/TLS interface functions for OpenSSL
      3  * Copyright (c) 2004-2011, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #ifndef CONFIG_SMARTCARD
     12 #ifndef OPENSSL_NO_ENGINE
     13 #ifndef ANDROID
     14 #define OPENSSL_NO_ENGINE
     15 #endif
     16 #endif
     17 #endif
     18 
     19 #include <openssl/ssl.h>
     20 #include <openssl/err.h>
     21 #include <openssl/pkcs12.h>
     22 #include <openssl/x509v3.h>
     23 #ifndef OPENSSL_NO_ENGINE
     24 #include <openssl/engine.h>
     25 #endif /* OPENSSL_NO_ENGINE */
     26 
     27 #include "common.h"
     28 #include "crypto.h"
     29 #include "tls.h"
     30 
     31 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
     32 #define OPENSSL_d2i_TYPE const unsigned char **
     33 #else
     34 #define OPENSSL_d2i_TYPE unsigned char **
     35 #endif
     36 
     37 #ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT
     38 #ifdef SSL_OP_NO_TICKET
     39 /*
     40  * Session ticket override patch was merged into OpenSSL 0.9.9 tree on
     41  * 2008-11-15. This version uses a bit different API compared to the old patch.
     42  */
     43 #define CONFIG_OPENSSL_TICKET_OVERRIDE
     44 #endif
     45 #endif
     46 
     47 #ifdef ANDROID
     48 #include <openssl/pem.h>
     49 #include <keystore/keystore_get.h>
     50 
     51 static BIO * BIO_from_keystore(const char *key)
     52 {
     53     BIO *bio = NULL;
     54     uint8_t *value = NULL;
     55     int length = keystore_get(key, strlen(key), &value);
     56     if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) {
     57         BIO_write(bio, value, length);
     58     }
     59     free(value);
     60     return bio;
     61 }
     62 #endif /* ANDROID */
     63 
     64 static int tls_openssl_ref_count = 0;
     65 
     66 struct tls_global {
     67 	void (*event_cb)(void *ctx, enum tls_event ev,
     68 			 union tls_event_data *data);
     69 	void *cb_ctx;
     70 	int cert_in_cb;
     71 };
     72 
     73 static struct tls_global *tls_global = NULL;
     74 
     75 
     76 struct tls_connection {
     77 	SSL *ssl;
     78 	BIO *ssl_in, *ssl_out;
     79 #ifndef OPENSSL_NO_ENGINE
     80 	ENGINE *engine;        /* functional reference to the engine */
     81 	EVP_PKEY *private_key; /* the private key if using engine */
     82 #endif /* OPENSSL_NO_ENGINE */
     83 	char *subject_match, *altsubject_match;
     84 	int read_alerts, write_alerts, failed;
     85 
     86 	tls_session_ticket_cb session_ticket_cb;
     87 	void *session_ticket_cb_ctx;
     88 
     89 	/* SessionTicket received from OpenSSL hello_extension_cb (server) */
     90 	u8 *session_ticket;
     91 	size_t session_ticket_len;
     92 
     93 	unsigned int ca_cert_verify:1;
     94 	unsigned int cert_probe:1;
     95 	unsigned int server_cert_only:1;
     96 
     97 	u8 srv_cert_hash[32];
     98 
     99 	unsigned int flags;
    100 };
    101 
    102 
    103 #ifdef CONFIG_NO_STDOUT_DEBUG
    104 
    105 static void _tls_show_errors(void)
    106 {
    107 	unsigned long err;
    108 
    109 	while ((err = ERR_get_error())) {
    110 		/* Just ignore the errors, since stdout is disabled */
    111 	}
    112 }
    113 #define tls_show_errors(l, f, t) _tls_show_errors()
    114 
    115 #else /* CONFIG_NO_STDOUT_DEBUG */
    116 
    117 static void tls_show_errors(int level, const char *func, const char *txt)
    118 {
    119 	unsigned long err;
    120 
    121 	wpa_printf(level, "OpenSSL: %s - %s %s",
    122 		   func, txt, ERR_error_string(ERR_get_error(), NULL));
    123 
    124 	while ((err = ERR_get_error())) {
    125 		wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
    126 			   ERR_error_string(err, NULL));
    127 	}
    128 }
    129 
    130 #endif /* CONFIG_NO_STDOUT_DEBUG */
    131 
    132 
    133 #ifdef CONFIG_NATIVE_WINDOWS
    134 
    135 /* Windows CryptoAPI and access to certificate stores */
    136 #include <wincrypt.h>
    137 
    138 #ifdef __MINGW32_VERSION
    139 /*
    140  * MinGW does not yet include all the needed definitions for CryptoAPI, so
    141  * define here whatever extra is needed.
    142  */
    143 #define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
    144 #define CERT_STORE_READONLY_FLAG 0x00008000
    145 #define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
    146 
    147 #endif /* __MINGW32_VERSION */
    148 
    149 
    150 struct cryptoapi_rsa_data {
    151 	const CERT_CONTEXT *cert;
    152 	HCRYPTPROV crypt_prov;
    153 	DWORD key_spec;
    154 	BOOL free_crypt_prov;
    155 };
    156 
    157 
    158 static void cryptoapi_error(const char *msg)
    159 {
    160 	wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u",
    161 		   msg, (unsigned int) GetLastError());
    162 }
    163 
    164 
    165 static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from,
    166 				 unsigned char *to, RSA *rsa, int padding)
    167 {
    168 	wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
    169 	return 0;
    170 }
    171 
    172 
    173 static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from,
    174 				 unsigned char *to, RSA *rsa, int padding)
    175 {
    176 	wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
    177 	return 0;
    178 }
    179 
    180 
    181 static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
    182 				  unsigned char *to, RSA *rsa, int padding)
    183 {
    184 	struct cryptoapi_rsa_data *priv =
    185 		(struct cryptoapi_rsa_data *) rsa->meth->app_data;
    186 	HCRYPTHASH hash;
    187 	DWORD hash_size, len, i;
    188 	unsigned char *buf = NULL;
    189 	int ret = 0;
    190 
    191 	if (priv == NULL) {
    192 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
    193 		       ERR_R_PASSED_NULL_PARAMETER);
    194 		return 0;
    195 	}
    196 
    197 	if (padding != RSA_PKCS1_PADDING) {
    198 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
    199 		       RSA_R_UNKNOWN_PADDING_TYPE);
    200 		return 0;
    201 	}
    202 
    203 	if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
    204 		wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
    205 			   __func__);
    206 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
    207 		       RSA_R_INVALID_MESSAGE_LENGTH);
    208 		return 0;
    209 	}
    210 
    211 	if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
    212 	{
    213 		cryptoapi_error("CryptCreateHash failed");
    214 		return 0;
    215 	}
    216 
    217 	len = sizeof(hash_size);
    218 	if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len,
    219 			       0)) {
    220 		cryptoapi_error("CryptGetHashParam failed");
    221 		goto err;
    222 	}
    223 
    224 	if ((int) hash_size != flen) {
    225 		wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)",
    226 			   (unsigned) hash_size, flen);
    227 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
    228 		       RSA_R_INVALID_MESSAGE_LENGTH);
    229 		goto err;
    230 	}
    231 	if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) {
    232 		cryptoapi_error("CryptSetHashParam failed");
    233 		goto err;
    234 	}
    235 
    236 	len = RSA_size(rsa);
    237 	buf = os_malloc(len);
    238 	if (buf == NULL) {
    239 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
    240 		goto err;
    241 	}
    242 
    243 	if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
    244 		cryptoapi_error("CryptSignHash failed");
    245 		goto err;
    246 	}
    247 
    248 	for (i = 0; i < len; i++)
    249 		to[i] = buf[len - i - 1];
    250 	ret = len;
    251 
    252 err:
    253 	os_free(buf);
    254 	CryptDestroyHash(hash);
    255 
    256 	return ret;
    257 }
    258 
    259 
    260 static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from,
    261 				  unsigned char *to, RSA *rsa, int padding)
    262 {
    263 	wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
    264 	return 0;
    265 }
    266 
    267 
    268 static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv)
    269 {
    270 	if (priv == NULL)
    271 		return;
    272 	if (priv->crypt_prov && priv->free_crypt_prov)
    273 		CryptReleaseContext(priv->crypt_prov, 0);
    274 	if (priv->cert)
    275 		CertFreeCertificateContext(priv->cert);
    276 	os_free(priv);
    277 }
    278 
    279 
    280 static int cryptoapi_finish(RSA *rsa)
    281 {
    282 	cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
    283 	os_free((void *) rsa->meth);
    284 	rsa->meth = NULL;
    285 	return 1;
    286 }
    287 
    288 
    289 static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store)
    290 {
    291 	HCERTSTORE cs;
    292 	const CERT_CONTEXT *ret = NULL;
    293 
    294 	cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0,
    295 			   store | CERT_STORE_OPEN_EXISTING_FLAG |
    296 			   CERT_STORE_READONLY_FLAG, L"MY");
    297 	if (cs == NULL) {
    298 		cryptoapi_error("Failed to open 'My system store'");
    299 		return NULL;
    300 	}
    301 
    302 	if (strncmp(name, "cert://", 7) == 0) {
    303 		unsigned short wbuf[255];
    304 		MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
    305 		ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING |
    306 						 PKCS_7_ASN_ENCODING,
    307 						 0, CERT_FIND_SUBJECT_STR,
    308 						 wbuf, NULL);
    309 	} else if (strncmp(name, "hash://", 7) == 0) {
    310 		CRYPT_HASH_BLOB blob;
    311 		int len;
    312 		const char *hash = name + 7;
    313 		unsigned char *buf;
    314 
    315 		len = os_strlen(hash) / 2;
    316 		buf = os_malloc(len);
    317 		if (buf && hexstr2bin(hash, buf, len) == 0) {
    318 			blob.cbData = len;
    319 			blob.pbData = buf;
    320 			ret = CertFindCertificateInStore(cs,
    321 							 X509_ASN_ENCODING |
    322 							 PKCS_7_ASN_ENCODING,
    323 							 0, CERT_FIND_HASH,
    324 							 &blob, NULL);
    325 		}
    326 		os_free(buf);
    327 	}
    328 
    329 	CertCloseStore(cs, 0);
    330 
    331 	return ret;
    332 }
    333 
    334 
    335 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
    336 {
    337 	X509 *cert = NULL;
    338 	RSA *rsa = NULL, *pub_rsa;
    339 	struct cryptoapi_rsa_data *priv;
    340 	RSA_METHOD *rsa_meth;
    341 
    342 	if (name == NULL ||
    343 	    (strncmp(name, "cert://", 7) != 0 &&
    344 	     strncmp(name, "hash://", 7) != 0))
    345 		return -1;
    346 
    347 	priv = os_zalloc(sizeof(*priv));
    348 	rsa_meth = os_zalloc(sizeof(*rsa_meth));
    349 	if (priv == NULL || rsa_meth == NULL) {
    350 		wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory "
    351 			   "for CryptoAPI RSA method");
    352 		os_free(priv);
    353 		os_free(rsa_meth);
    354 		return -1;
    355 	}
    356 
    357 	priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
    358 	if (priv->cert == NULL) {
    359 		priv->cert = cryptoapi_find_cert(
    360 			name, CERT_SYSTEM_STORE_LOCAL_MACHINE);
    361 	}
    362 	if (priv->cert == NULL) {
    363 		wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate "
    364 			   "'%s'", name);
    365 		goto err;
    366 	}
    367 
    368 	cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
    369 			priv->cert->cbCertEncoded);
    370 	if (cert == NULL) {
    371 		wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
    372 			   "encoding");
    373 		goto err;
    374 	}
    375 
    376 	if (!CryptAcquireCertificatePrivateKey(priv->cert,
    377 					       CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
    378 					       NULL, &priv->crypt_prov,
    379 					       &priv->key_spec,
    380 					       &priv->free_crypt_prov)) {
    381 		cryptoapi_error("Failed to acquire a private key for the "
    382 				"certificate");
    383 		goto err;
    384 	}
    385 
    386 	rsa_meth->name = "Microsoft CryptoAPI RSA Method";
    387 	rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
    388 	rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
    389 	rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
    390 	rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
    391 	rsa_meth->finish = cryptoapi_finish;
    392 	rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
    393 	rsa_meth->app_data = (char *) priv;
    394 
    395 	rsa = RSA_new();
    396 	if (rsa == NULL) {
    397 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,
    398 		       ERR_R_MALLOC_FAILURE);
    399 		goto err;
    400 	}
    401 
    402 	if (!SSL_use_certificate(ssl, cert)) {
    403 		RSA_free(rsa);
    404 		rsa = NULL;
    405 		goto err;
    406 	}
    407 	pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
    408 	X509_free(cert);
    409 	cert = NULL;
    410 
    411 	rsa->n = BN_dup(pub_rsa->n);
    412 	rsa->e = BN_dup(pub_rsa->e);
    413 	if (!RSA_set_method(rsa, rsa_meth))
    414 		goto err;
    415 
    416 	if (!SSL_use_RSAPrivateKey(ssl, rsa))
    417 		goto err;
    418 	RSA_free(rsa);
    419 
    420 	return 0;
    421 
    422 err:
    423 	if (cert)
    424 		X509_free(cert);
    425 	if (rsa)
    426 		RSA_free(rsa);
    427 	else {
    428 		os_free(rsa_meth);
    429 		cryptoapi_free_data(priv);
    430 	}
    431 	return -1;
    432 }
    433 
    434 
    435 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
    436 {
    437 	HCERTSTORE cs;
    438 	PCCERT_CONTEXT ctx = NULL;
    439 	X509 *cert;
    440 	char buf[128];
    441 	const char *store;
    442 #ifdef UNICODE
    443 	WCHAR *wstore;
    444 #endif /* UNICODE */
    445 
    446 	if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
    447 		return -1;
    448 
    449 	store = name + 13;
    450 #ifdef UNICODE
    451 	wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR));
    452 	if (wstore == NULL)
    453 		return -1;
    454 	wsprintf(wstore, L"%S", store);
    455 	cs = CertOpenSystemStore(0, wstore);
    456 	os_free(wstore);
    457 #else /* UNICODE */
    458 	cs = CertOpenSystemStore(0, store);
    459 #endif /* UNICODE */
    460 	if (cs == NULL) {
    461 		wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
    462 			   "'%s': error=%d", __func__, store,
    463 			   (int) GetLastError());
    464 		return -1;
    465 	}
    466 
    467 	while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
    468 		cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
    469 				ctx->cbCertEncoded);
    470 		if (cert == NULL) {
    471 			wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
    472 				   "X509 DER encoding for CA cert");
    473 			continue;
    474 		}
    475 
    476 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
    477 				  sizeof(buf));
    478 		wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for "
    479 			   "system certificate store: subject='%s'", buf);
    480 
    481 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
    482 			tls_show_errors(MSG_WARNING, __func__,
    483 					"Failed to add ca_cert to OpenSSL "
    484 					"certificate store");
    485 		}
    486 
    487 		X509_free(cert);
    488 	}
    489 
    490 	if (!CertCloseStore(cs, 0)) {
    491 		wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
    492 			   "'%s': error=%d", __func__, name + 13,
    493 			   (int) GetLastError());
    494 	}
    495 
    496 	return 0;
    497 }
    498 
    499 
    500 #else /* CONFIG_NATIVE_WINDOWS */
    501 
    502 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
    503 {
    504 	return -1;
    505 }
    506 
    507 #endif /* CONFIG_NATIVE_WINDOWS */
    508 
    509 
    510 static void ssl_info_cb(const SSL *ssl, int where, int ret)
    511 {
    512 	const char *str;
    513 	int w;
    514 
    515 	wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
    516 	w = where & ~SSL_ST_MASK;
    517 	if (w & SSL_ST_CONNECT)
    518 		str = "SSL_connect";
    519 	else if (w & SSL_ST_ACCEPT)
    520 		str = "SSL_accept";
    521 	else
    522 		str = "undefined";
    523 
    524 	if (where & SSL_CB_LOOP) {
    525 		wpa_printf(MSG_DEBUG, "SSL: %s:%s",
    526 			   str, SSL_state_string_long(ssl));
    527 	} else if (where & SSL_CB_ALERT) {
    528 		wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
    529 			   where & SSL_CB_READ ?
    530 			   "read (remote end reported an error)" :
    531 			   "write (local SSL3 detected an error)",
    532 			   SSL_alert_type_string_long(ret),
    533 			   SSL_alert_desc_string_long(ret));
    534 		if ((ret >> 8) == SSL3_AL_FATAL) {
    535 			struct tls_connection *conn =
    536 				SSL_get_app_data((SSL *) ssl);
    537 			if (where & SSL_CB_READ)
    538 				conn->read_alerts++;
    539 			else
    540 				conn->write_alerts++;
    541 		}
    542 		if (tls_global->event_cb != NULL) {
    543 			union tls_event_data ev;
    544 			os_memset(&ev, 0, sizeof(ev));
    545 			ev.alert.is_local = !(where & SSL_CB_READ);
    546 			ev.alert.type = SSL_alert_type_string_long(ret);
    547 			ev.alert.description = SSL_alert_desc_string_long(ret);
    548 			tls_global->event_cb(tls_global->cb_ctx, TLS_ALERT,
    549 					     &ev);
    550 		}
    551 	} else if (where & SSL_CB_EXIT && ret <= 0) {
    552 		wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
    553 			   str, ret == 0 ? "failed" : "error",
    554 			   SSL_state_string_long(ssl));
    555 	}
    556 }
    557 
    558 
    559 #ifndef OPENSSL_NO_ENGINE
    560 /**
    561  * tls_engine_load_dynamic_generic - load any openssl engine
    562  * @pre: an array of commands and values that load an engine initialized
    563  *       in the engine specific function
    564  * @post: an array of commands and values that initialize an already loaded
    565  *        engine (or %NULL if not required)
    566  * @id: the engine id of the engine to load (only required if post is not %NULL
    567  *
    568  * This function is a generic function that loads any openssl engine.
    569  *
    570  * Returns: 0 on success, -1 on failure
    571  */
    572 static int tls_engine_load_dynamic_generic(const char *pre[],
    573 					   const char *post[], const char *id)
    574 {
    575 	ENGINE *engine;
    576 	const char *dynamic_id = "dynamic";
    577 
    578 	engine = ENGINE_by_id(id);
    579 	if (engine) {
    580 		ENGINE_free(engine);
    581 		wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
    582 			   "available", id);
    583 		return 0;
    584 	}
    585 	ERR_clear_error();
    586 
    587 	engine = ENGINE_by_id(dynamic_id);
    588 	if (engine == NULL) {
    589 		wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
    590 			   dynamic_id,
    591 			   ERR_error_string(ERR_get_error(), NULL));
    592 		return -1;
    593 	}
    594 
    595 	/* Perform the pre commands. This will load the engine. */
    596 	while (pre && pre[0]) {
    597 		wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
    598 		if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
    599 			wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
    600 				   "%s %s [%s]", pre[0], pre[1],
    601 				   ERR_error_string(ERR_get_error(), NULL));
    602 			ENGINE_free(engine);
    603 			return -1;
    604 		}
    605 		pre += 2;
    606 	}
    607 
    608 	/*
    609 	 * Free the reference to the "dynamic" engine. The loaded engine can
    610 	 * now be looked up using ENGINE_by_id().
    611 	 */
    612 	ENGINE_free(engine);
    613 
    614 	engine = ENGINE_by_id(id);
    615 	if (engine == NULL) {
    616 		wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
    617 			   id, ERR_error_string(ERR_get_error(), NULL));
    618 		return -1;
    619 	}
    620 
    621 	while (post && post[0]) {
    622 		wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
    623 		if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
    624 			wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
    625 				" %s %s [%s]", post[0], post[1],
    626 				   ERR_error_string(ERR_get_error(), NULL));
    627 			ENGINE_remove(engine);
    628 			ENGINE_free(engine);
    629 			return -1;
    630 		}
    631 		post += 2;
    632 	}
    633 	ENGINE_free(engine);
    634 
    635 	return 0;
    636 }
    637 
    638 
    639 /**
    640  * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
    641  * @pkcs11_so_path: pksc11_so_path from the configuration
    642  * @pcks11_module_path: pkcs11_module_path from the configuration
    643  */
    644 static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
    645 					  const char *pkcs11_module_path)
    646 {
    647 	char *engine_id = "pkcs11";
    648 	const char *pre_cmd[] = {
    649 		"SO_PATH", NULL /* pkcs11_so_path */,
    650 		"ID", NULL /* engine_id */,
    651 		"LIST_ADD", "1",
    652 		/* "NO_VCHECK", "1", */
    653 		"LOAD", NULL,
    654 		NULL, NULL
    655 	};
    656 	const char *post_cmd[] = {
    657 		"MODULE_PATH", NULL /* pkcs11_module_path */,
    658 		NULL, NULL
    659 	};
    660 
    661 	if (!pkcs11_so_path || !pkcs11_module_path)
    662 		return 0;
    663 
    664 	pre_cmd[1] = pkcs11_so_path;
    665 	pre_cmd[3] = engine_id;
    666 	post_cmd[1] = pkcs11_module_path;
    667 
    668 	wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
    669 		   pkcs11_so_path);
    670 
    671 	return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id);
    672 }
    673 
    674 
    675 /**
    676  * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
    677  * @opensc_so_path: opensc_so_path from the configuration
    678  */
    679 static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
    680 {
    681 	char *engine_id = "opensc";
    682 	const char *pre_cmd[] = {
    683 		"SO_PATH", NULL /* opensc_so_path */,
    684 		"ID", NULL /* engine_id */,
    685 		"LIST_ADD", "1",
    686 		"LOAD", NULL,
    687 		NULL, NULL
    688 	};
    689 
    690 	if (!opensc_so_path)
    691 		return 0;
    692 
    693 	pre_cmd[1] = opensc_so_path;
    694 	pre_cmd[3] = engine_id;
    695 
    696 	wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s",
    697 		   opensc_so_path);
    698 
    699 	return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id);
    700 }
    701 #endif /* OPENSSL_NO_ENGINE */
    702 
    703 
    704 void * tls_init(const struct tls_config *conf)
    705 {
    706 	SSL_CTX *ssl;
    707 
    708 	if (tls_openssl_ref_count == 0) {
    709 		tls_global = os_zalloc(sizeof(*tls_global));
    710 		if (tls_global == NULL)
    711 			return NULL;
    712 		if (conf) {
    713 			tls_global->event_cb = conf->event_cb;
    714 			tls_global->cb_ctx = conf->cb_ctx;
    715 			tls_global->cert_in_cb = conf->cert_in_cb;
    716 		}
    717 
    718 #ifdef CONFIG_FIPS
    719 #ifdef OPENSSL_FIPS
    720 		if (conf && conf->fips_mode) {
    721 			if (!FIPS_mode_set(1)) {
    722 				wpa_printf(MSG_ERROR, "Failed to enable FIPS "
    723 					   "mode");
    724 				ERR_load_crypto_strings();
    725 				ERR_print_errors_fp(stderr);
    726 				os_free(tls_global);
    727 				tls_global = NULL;
    728 				return NULL;
    729 			} else
    730 				wpa_printf(MSG_INFO, "Running in FIPS mode");
    731 		}
    732 #else /* OPENSSL_FIPS */
    733 		if (conf && conf->fips_mode) {
    734 			wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
    735 				   "supported");
    736 			os_free(tls_global);
    737 			tls_global = NULL;
    738 			return NULL;
    739 		}
    740 #endif /* OPENSSL_FIPS */
    741 #endif /* CONFIG_FIPS */
    742 		SSL_load_error_strings();
    743 		SSL_library_init();
    744 #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
    745 		EVP_add_digest(EVP_sha256());
    746 #endif /* OPENSSL_NO_SHA256 */
    747 		/* TODO: if /dev/urandom is available, PRNG is seeded
    748 		 * automatically. If this is not the case, random data should
    749 		 * be added here. */
    750 
    751 #ifdef PKCS12_FUNCS
    752 #ifndef OPENSSL_NO_RC2
    753 		/*
    754 		 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
    755 		 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
    756 		 * versions, but it looks like OpenSSL 1.0.0 does not do that
    757 		 * anymore.
    758 		 */
    759 		EVP_add_cipher(EVP_rc2_40_cbc());
    760 #endif /* OPENSSL_NO_RC2 */
    761 		PKCS12_PBE_add();
    762 #endif  /* PKCS12_FUNCS */
    763 	}
    764 	tls_openssl_ref_count++;
    765 
    766 	ssl = SSL_CTX_new(TLSv1_method());
    767 	if (ssl == NULL)
    768 		return NULL;
    769 
    770 	SSL_CTX_set_info_callback(ssl, ssl_info_cb);
    771 
    772 #ifndef OPENSSL_NO_ENGINE
    773 	if (conf &&
    774 	    (conf->opensc_engine_path || conf->pkcs11_engine_path ||
    775 	     conf->pkcs11_module_path)) {
    776 		wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
    777 		ERR_load_ENGINE_strings();
    778 		ENGINE_load_dynamic();
    779 
    780 		if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
    781 		    tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
    782 						   conf->pkcs11_module_path)) {
    783 			tls_deinit(ssl);
    784 			return NULL;
    785 		}
    786 	}
    787 #endif /* OPENSSL_NO_ENGINE */
    788 
    789 	return ssl;
    790 }
    791 
    792 
    793 void tls_deinit(void *ssl_ctx)
    794 {
    795 	SSL_CTX *ssl = ssl_ctx;
    796 	SSL_CTX_free(ssl);
    797 
    798 	tls_openssl_ref_count--;
    799 	if (tls_openssl_ref_count == 0) {
    800 #ifndef OPENSSL_NO_ENGINE
    801 		ENGINE_cleanup();
    802 #endif /* OPENSSL_NO_ENGINE */
    803 		CRYPTO_cleanup_all_ex_data();
    804 		ERR_remove_state(0);
    805 		ERR_free_strings();
    806 		EVP_cleanup();
    807 		os_free(tls_global);
    808 		tls_global = NULL;
    809 	}
    810 }
    811 
    812 
    813 static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
    814 			   const char *pin, const char *key_id,
    815 			   const char *cert_id, const char *ca_cert_id)
    816 {
    817 #ifndef OPENSSL_NO_ENGINE
    818 	int ret = -1;
    819 	if (engine_id == NULL) {
    820 		wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
    821 		return -1;
    822 	}
    823 #ifndef ANDROID
    824 	if (pin == NULL) {
    825 		wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
    826 		return -1;
    827 	}
    828 #endif
    829 	if (key_id == NULL) {
    830 		wpa_printf(MSG_ERROR, "ENGINE: Key Id not set");
    831 		return -1;
    832 	}
    833 
    834 	ERR_clear_error();
    835 #ifdef ANDROID
    836 	ENGINE_load_dynamic();
    837 #endif
    838 	conn->engine = ENGINE_by_id(engine_id);
    839 	if (!conn->engine) {
    840 		wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
    841 			   engine_id, ERR_error_string(ERR_get_error(), NULL));
    842 		goto err;
    843 	}
    844 	if (ENGINE_init(conn->engine) != 1) {
    845 		wpa_printf(MSG_ERROR, "ENGINE: engine init failed "
    846 			   "(engine: %s) [%s]", engine_id,
    847 			   ERR_error_string(ERR_get_error(), NULL));
    848 		goto err;
    849 	}
    850 	wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
    851 
    852 #ifndef ANDROID
    853 	if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
    854 		wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
    855 			   ERR_error_string(ERR_get_error(), NULL));
    856 		goto err;
    857 	}
    858 #endif
    859 	/* load private key first in-case PIN is required for cert */
    860 	conn->private_key = ENGINE_load_private_key(conn->engine,
    861 						    key_id, NULL, NULL);
    862 	if (!conn->private_key) {
    863 		wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id"
    864 				" '%s' [%s]", key_id,
    865 			   ERR_error_string(ERR_get_error(), NULL));
    866 		ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
    867 		goto err;
    868 	}
    869 
    870 	/* handle a certificate and/or CA certificate */
    871 	if (cert_id || ca_cert_id) {
    872 		const char *cmd_name = "LOAD_CERT_CTRL";
    873 
    874 		/* test if the engine supports a LOAD_CERT_CTRL */
    875 		if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
    876 				 0, (void *)cmd_name, NULL)) {
    877 			wpa_printf(MSG_ERROR, "ENGINE: engine does not support"
    878 				   " loading certificates");
    879 			ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
    880 			goto err;
    881 		}
    882 	}
    883 
    884 	return 0;
    885 
    886 err:
    887 	if (conn->engine) {
    888 		ENGINE_free(conn->engine);
    889 		conn->engine = NULL;
    890 	}
    891 
    892 	if (conn->private_key) {
    893 		EVP_PKEY_free(conn->private_key);
    894 		conn->private_key = NULL;
    895 	}
    896 
    897 	return ret;
    898 #else /* OPENSSL_NO_ENGINE */
    899 	return 0;
    900 #endif /* OPENSSL_NO_ENGINE */
    901 }
    902 
    903 
    904 static void tls_engine_deinit(struct tls_connection *conn)
    905 {
    906 #ifndef OPENSSL_NO_ENGINE
    907 	wpa_printf(MSG_DEBUG, "ENGINE: engine deinit");
    908 	if (conn->private_key) {
    909 		EVP_PKEY_free(conn->private_key);
    910 		conn->private_key = NULL;
    911 	}
    912 	if (conn->engine) {
    913 		ENGINE_finish(conn->engine);
    914 		conn->engine = NULL;
    915 	}
    916 #endif /* OPENSSL_NO_ENGINE */
    917 }
    918 
    919 
    920 int tls_get_errors(void *ssl_ctx)
    921 {
    922 	int count = 0;
    923 	unsigned long err;
    924 
    925 	while ((err = ERR_get_error())) {
    926 		wpa_printf(MSG_INFO, "TLS - SSL error: %s",
    927 			   ERR_error_string(err, NULL));
    928 		count++;
    929 	}
    930 
    931 	return count;
    932 }
    933 
    934 struct tls_connection * tls_connection_init(void *ssl_ctx)
    935 {
    936 	SSL_CTX *ssl = ssl_ctx;
    937 	struct tls_connection *conn;
    938 	long options;
    939 
    940 	conn = os_zalloc(sizeof(*conn));
    941 	if (conn == NULL)
    942 		return NULL;
    943 	conn->ssl = SSL_new(ssl);
    944 	if (conn->ssl == NULL) {
    945 		tls_show_errors(MSG_INFO, __func__,
    946 				"Failed to initialize new SSL connection");
    947 		os_free(conn);
    948 		return NULL;
    949 	}
    950 
    951 	SSL_set_app_data(conn->ssl, conn);
    952 	options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
    953 		SSL_OP_SINGLE_DH_USE;
    954 #ifdef SSL_OP_NO_COMPRESSION
    955 	options |= SSL_OP_NO_COMPRESSION;
    956 #endif /* SSL_OP_NO_COMPRESSION */
    957 #ifdef ANDROID
    958 	options |= SSL_OP_NO_TLSv1_1;
    959 	options |= SSL_OP_NO_TLSv1_2;
    960 	options |= SSL_OP_NO_TICKET;
    961 #endif /* ANDROID */
    962 	SSL_set_options(conn->ssl, options);
    963 
    964 	conn->ssl_in = BIO_new(BIO_s_mem());
    965 	if (!conn->ssl_in) {
    966 		tls_show_errors(MSG_INFO, __func__,
    967 				"Failed to create a new BIO for ssl_in");
    968 		SSL_free(conn->ssl);
    969 		os_free(conn);
    970 		return NULL;
    971 	}
    972 
    973 	conn->ssl_out = BIO_new(BIO_s_mem());
    974 	if (!conn->ssl_out) {
    975 		tls_show_errors(MSG_INFO, __func__,
    976 				"Failed to create a new BIO for ssl_out");
    977 		SSL_free(conn->ssl);
    978 		BIO_free(conn->ssl_in);
    979 		os_free(conn);
    980 		return NULL;
    981 	}
    982 
    983 	SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
    984 
    985 	return conn;
    986 }
    987 
    988 
    989 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
    990 {
    991 	if (conn == NULL)
    992 		return;
    993 	SSL_free(conn->ssl);
    994 	tls_engine_deinit(conn);
    995 	os_free(conn->subject_match);
    996 	os_free(conn->altsubject_match);
    997 	os_free(conn->session_ticket);
    998 	os_free(conn);
    999 }
   1000 
   1001 
   1002 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
   1003 {
   1004 	return conn ? SSL_is_init_finished(conn->ssl) : 0;
   1005 }
   1006 
   1007 
   1008 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
   1009 {
   1010 	if (conn == NULL)
   1011 		return -1;
   1012 
   1013 	/* Shutdown previous TLS connection without notifying the peer
   1014 	 * because the connection was already terminated in practice
   1015 	 * and "close notify" shutdown alert would confuse AS. */
   1016 	SSL_set_quiet_shutdown(conn->ssl, 1);
   1017 	SSL_shutdown(conn->ssl);
   1018 	return 0;
   1019 }
   1020 
   1021 
   1022 static int tls_match_altsubject_component(X509 *cert, int type,
   1023 					  const char *value, size_t len)
   1024 {
   1025 	GENERAL_NAME *gen;
   1026 	void *ext;
   1027 	int i, found = 0;
   1028 
   1029 	ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
   1030 
   1031 	for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
   1032 		gen = sk_GENERAL_NAME_value(ext, i);
   1033 		if (gen->type != type)
   1034 			continue;
   1035 		if (os_strlen((char *) gen->d.ia5->data) == len &&
   1036 		    os_memcmp(value, gen->d.ia5->data, len) == 0)
   1037 			found++;
   1038 	}
   1039 
   1040 	return found;
   1041 }
   1042 
   1043 
   1044 static int tls_match_altsubject(X509 *cert, const char *match)
   1045 {
   1046 	int type;
   1047 	const char *pos, *end;
   1048 	size_t len;
   1049 
   1050 	pos = match;
   1051 	do {
   1052 		if (os_strncmp(pos, "EMAIL:", 6) == 0) {
   1053 			type = GEN_EMAIL;
   1054 			pos += 6;
   1055 		} else if (os_strncmp(pos, "DNS:", 4) == 0) {
   1056 			type = GEN_DNS;
   1057 			pos += 4;
   1058 		} else if (os_strncmp(pos, "URI:", 4) == 0) {
   1059 			type = GEN_URI;
   1060 			pos += 4;
   1061 		} else {
   1062 			wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName "
   1063 				   "match '%s'", pos);
   1064 			return 0;
   1065 		}
   1066 		end = os_strchr(pos, ';');
   1067 		while (end) {
   1068 			if (os_strncmp(end + 1, "EMAIL:", 6) == 0 ||
   1069 			    os_strncmp(end + 1, "DNS:", 4) == 0 ||
   1070 			    os_strncmp(end + 1, "URI:", 4) == 0)
   1071 				break;
   1072 			end = os_strchr(end + 1, ';');
   1073 		}
   1074 		if (end)
   1075 			len = end - pos;
   1076 		else
   1077 			len = os_strlen(pos);
   1078 		if (tls_match_altsubject_component(cert, type, pos, len) > 0)
   1079 			return 1;
   1080 		pos = end + 1;
   1081 	} while (end);
   1082 
   1083 	return 0;
   1084 }
   1085 
   1086 
   1087 static enum tls_fail_reason openssl_tls_fail_reason(int err)
   1088 {
   1089 	switch (err) {
   1090 	case X509_V_ERR_CERT_REVOKED:
   1091 		return TLS_FAIL_REVOKED;
   1092 	case X509_V_ERR_CERT_NOT_YET_VALID:
   1093 	case X509_V_ERR_CRL_NOT_YET_VALID:
   1094 		return TLS_FAIL_NOT_YET_VALID;
   1095 	case X509_V_ERR_CERT_HAS_EXPIRED:
   1096 	case X509_V_ERR_CRL_HAS_EXPIRED:
   1097 		return TLS_FAIL_EXPIRED;
   1098 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
   1099 	case X509_V_ERR_UNABLE_TO_GET_CRL:
   1100 	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
   1101 	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
   1102 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
   1103 	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
   1104 	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
   1105 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
   1106 	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
   1107 	case X509_V_ERR_INVALID_CA:
   1108 		return TLS_FAIL_UNTRUSTED;
   1109 	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
   1110 	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
   1111 	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
   1112 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
   1113 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
   1114 	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
   1115 	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
   1116 	case X509_V_ERR_CERT_UNTRUSTED:
   1117 	case X509_V_ERR_CERT_REJECTED:
   1118 		return TLS_FAIL_BAD_CERTIFICATE;
   1119 	default:
   1120 		return TLS_FAIL_UNSPECIFIED;
   1121 	}
   1122 }
   1123 
   1124 
   1125 static struct wpabuf * get_x509_cert(X509 *cert)
   1126 {
   1127 	struct wpabuf *buf;
   1128 	u8 *tmp;
   1129 
   1130 	int cert_len = i2d_X509(cert, NULL);
   1131 	if (cert_len <= 0)
   1132 		return NULL;
   1133 
   1134 	buf = wpabuf_alloc(cert_len);
   1135 	if (buf == NULL)
   1136 		return NULL;
   1137 
   1138 	tmp = wpabuf_put(buf, cert_len);
   1139 	i2d_X509(cert, &tmp);
   1140 	return buf;
   1141 }
   1142 
   1143 
   1144 static void openssl_tls_fail_event(struct tls_connection *conn,
   1145 				   X509 *err_cert, int err, int depth,
   1146 				   const char *subject, const char *err_str,
   1147 				   enum tls_fail_reason reason)
   1148 {
   1149 	union tls_event_data ev;
   1150 	struct wpabuf *cert = NULL;
   1151 
   1152 	if (tls_global->event_cb == NULL)
   1153 		return;
   1154 
   1155 	cert = get_x509_cert(err_cert);
   1156 	os_memset(&ev, 0, sizeof(ev));
   1157 	ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ?
   1158 		reason : openssl_tls_fail_reason(err);
   1159 	ev.cert_fail.depth = depth;
   1160 	ev.cert_fail.subject = subject;
   1161 	ev.cert_fail.reason_txt = err_str;
   1162 	ev.cert_fail.cert = cert;
   1163 	tls_global->event_cb(tls_global->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev);
   1164 	wpabuf_free(cert);
   1165 }
   1166 
   1167 
   1168 static void openssl_tls_cert_event(struct tls_connection *conn,
   1169 				   X509 *err_cert, int depth,
   1170 				   const char *subject)
   1171 {
   1172 	struct wpabuf *cert = NULL;
   1173 	union tls_event_data ev;
   1174 #ifdef CONFIG_SHA256
   1175 	u8 hash[32];
   1176 #endif /* CONFIG_SHA256 */
   1177 
   1178 	if (tls_global->event_cb == NULL)
   1179 		return;
   1180 
   1181 	os_memset(&ev, 0, sizeof(ev));
   1182 	if (conn->cert_probe || tls_global->cert_in_cb) {
   1183 		cert = get_x509_cert(err_cert);
   1184 		ev.peer_cert.cert = cert;
   1185 	}
   1186 #ifdef CONFIG_SHA256
   1187 	if (cert) {
   1188 		const u8 *addr[1];
   1189 		size_t len[1];
   1190 		addr[0] = wpabuf_head(cert);
   1191 		len[0] = wpabuf_len(cert);
   1192 		if (sha256_vector(1, addr, len, hash) == 0) {
   1193 			ev.peer_cert.hash = hash;
   1194 			ev.peer_cert.hash_len = sizeof(hash);
   1195 		}
   1196 	}
   1197 #endif /* CONFIG_SHA256 */
   1198 	ev.peer_cert.depth = depth;
   1199 	ev.peer_cert.subject = subject;
   1200 	tls_global->event_cb(tls_global->cb_ctx, TLS_PEER_CERTIFICATE, &ev);
   1201 	wpabuf_free(cert);
   1202 }
   1203 
   1204 
   1205 static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
   1206 {
   1207 	char buf[256];
   1208 	X509 *err_cert;
   1209 	int err, depth;
   1210 	SSL *ssl;
   1211 	struct tls_connection *conn;
   1212 	char *match, *altmatch;
   1213 	const char *err_str;
   1214 
   1215 	err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
   1216 	err = X509_STORE_CTX_get_error(x509_ctx);
   1217 	depth = X509_STORE_CTX_get_error_depth(x509_ctx);
   1218 	ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
   1219 					 SSL_get_ex_data_X509_STORE_CTX_idx());
   1220 	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
   1221 
   1222 	conn = SSL_get_app_data(ssl);
   1223 	if (conn == NULL)
   1224 		return 0;
   1225 	match = conn->subject_match;
   1226 	altmatch = conn->altsubject_match;
   1227 
   1228 	if (!preverify_ok && !conn->ca_cert_verify)
   1229 		preverify_ok = 1;
   1230 	if (!preverify_ok && depth > 0 && conn->server_cert_only)
   1231 		preverify_ok = 1;
   1232 	if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
   1233 	    (err == X509_V_ERR_CERT_HAS_EXPIRED ||
   1234 	     err == X509_V_ERR_CERT_NOT_YET_VALID)) {
   1235 		wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity "
   1236 			   "time mismatch");
   1237 		preverify_ok = 1;
   1238 	}
   1239 
   1240 	err_str = X509_verify_cert_error_string(err);
   1241 
   1242 #ifdef CONFIG_SHA256
   1243 	if (preverify_ok && depth == 0 && conn->server_cert_only) {
   1244 		struct wpabuf *cert;
   1245 		cert = get_x509_cert(err_cert);
   1246 		if (!cert) {
   1247 			wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch "
   1248 				   "server certificate data");
   1249 			preverify_ok = 0;
   1250 		} else {
   1251 			u8 hash[32];
   1252 			const u8 *addr[1];
   1253 			size_t len[1];
   1254 			addr[0] = wpabuf_head(cert);
   1255 			len[0] = wpabuf_len(cert);
   1256 			if (sha256_vector(1, addr, len, hash) < 0 ||
   1257 			    os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
   1258 				err_str = "Server certificate mismatch";
   1259 				err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
   1260 				preverify_ok = 0;
   1261 			}
   1262 			wpabuf_free(cert);
   1263 		}
   1264 	}
   1265 #endif /* CONFIG_SHA256 */
   1266 
   1267 	if (!preverify_ok) {
   1268 		wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
   1269 			   " error %d (%s) depth %d for '%s'", err, err_str,
   1270 			   depth, buf);
   1271 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
   1272 				       err_str, TLS_FAIL_UNSPECIFIED);
   1273 		return preverify_ok;
   1274 	}
   1275 
   1276 	wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d "
   1277 		   "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'",
   1278 		   preverify_ok, err, err_str,
   1279 		   conn->ca_cert_verify, depth, buf);
   1280 	if (depth == 0 && match && os_strstr(buf, match) == NULL) {
   1281 		wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
   1282 			   "match with '%s'", buf, match);
   1283 		preverify_ok = 0;
   1284 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
   1285 				       "Subject mismatch",
   1286 				       TLS_FAIL_SUBJECT_MISMATCH);
   1287 	} else if (depth == 0 && altmatch &&
   1288 		   !tls_match_altsubject(err_cert, altmatch)) {
   1289 		wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
   1290 			   "'%s' not found", altmatch);
   1291 		preverify_ok = 0;
   1292 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
   1293 				       "AltSubject mismatch",
   1294 				       TLS_FAIL_ALTSUBJECT_MISMATCH);
   1295 	} else
   1296 		openssl_tls_cert_event(conn, err_cert, depth, buf);
   1297 
   1298 	if (conn->cert_probe && preverify_ok && depth == 0) {
   1299 		wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
   1300 			   "on probe-only run");
   1301 		preverify_ok = 0;
   1302 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
   1303 				       "Server certificate chain probe",
   1304 				       TLS_FAIL_SERVER_CHAIN_PROBE);
   1305 	}
   1306 
   1307 	if (preverify_ok && tls_global->event_cb != NULL)
   1308 		tls_global->event_cb(tls_global->cb_ctx,
   1309 				     TLS_CERT_CHAIN_SUCCESS, NULL);
   1310 
   1311 	return preverify_ok;
   1312 }
   1313 
   1314 
   1315 #ifndef OPENSSL_NO_STDIO
   1316 static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
   1317 {
   1318 	SSL_CTX *ssl_ctx = _ssl_ctx;
   1319 	X509_LOOKUP *lookup;
   1320 	int ret = 0;
   1321 
   1322 	lookup = X509_STORE_add_lookup(ssl_ctx->cert_store,
   1323 				       X509_LOOKUP_file());
   1324 	if (lookup == NULL) {
   1325 		tls_show_errors(MSG_WARNING, __func__,
   1326 				"Failed add lookup for X509 store");
   1327 		return -1;
   1328 	}
   1329 
   1330 	if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
   1331 		unsigned long err = ERR_peek_error();
   1332 		tls_show_errors(MSG_WARNING, __func__,
   1333 				"Failed load CA in DER format");
   1334 		if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
   1335 		    ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
   1336 			wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
   1337 				   "cert already in hash table error",
   1338 				   __func__);
   1339 		} else
   1340 			ret = -1;
   1341 	}
   1342 
   1343 	return ret;
   1344 }
   1345 #endif /* OPENSSL_NO_STDIO */
   1346 
   1347 
   1348 static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
   1349 				  const char *ca_cert, const u8 *ca_cert_blob,
   1350 				  size_t ca_cert_blob_len, const char *ca_path)
   1351 {
   1352 	SSL_CTX *ssl_ctx = _ssl_ctx;
   1353 
   1354 	/*
   1355 	 * Remove previously configured trusted CA certificates before adding
   1356 	 * new ones.
   1357 	 */
   1358 	X509_STORE_free(ssl_ctx->cert_store);
   1359 	ssl_ctx->cert_store = X509_STORE_new();
   1360 	if (ssl_ctx->cert_store == NULL) {
   1361 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
   1362 			   "certificate store", __func__);
   1363 		return -1;
   1364 	}
   1365 
   1366 	SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
   1367 	conn->ca_cert_verify = 1;
   1368 
   1369 	if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) {
   1370 		wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate "
   1371 			   "chain");
   1372 		conn->cert_probe = 1;
   1373 		conn->ca_cert_verify = 0;
   1374 		return 0;
   1375 	}
   1376 
   1377 	if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) {
   1378 #ifdef CONFIG_SHA256
   1379 		const char *pos = ca_cert + 7;
   1380 		if (os_strncmp(pos, "server/sha256/", 14) != 0) {
   1381 			wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert "
   1382 				   "hash value '%s'", ca_cert);
   1383 			return -1;
   1384 		}
   1385 		pos += 14;
   1386 		if (os_strlen(pos) != 32 * 2) {
   1387 			wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 "
   1388 				   "hash length in ca_cert '%s'", ca_cert);
   1389 			return -1;
   1390 		}
   1391 		if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
   1392 			wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash "
   1393 				   "value in ca_cert '%s'", ca_cert);
   1394 			return -1;
   1395 		}
   1396 		conn->server_cert_only = 1;
   1397 		wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server "
   1398 			   "certificate match");
   1399 		return 0;
   1400 #else /* CONFIG_SHA256 */
   1401 		wpa_printf(MSG_INFO, "No SHA256 included in the build - "
   1402 			   "cannot validate server certificate hash");
   1403 		return -1;
   1404 #endif /* CONFIG_SHA256 */
   1405 	}
   1406 
   1407 	if (ca_cert_blob) {
   1408 		X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
   1409 				      ca_cert_blob_len);
   1410 		if (cert == NULL) {
   1411 			tls_show_errors(MSG_WARNING, __func__,
   1412 					"Failed to parse ca_cert_blob");
   1413 			return -1;
   1414 		}
   1415 
   1416 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
   1417 			unsigned long err = ERR_peek_error();
   1418 			tls_show_errors(MSG_WARNING, __func__,
   1419 					"Failed to add ca_cert_blob to "
   1420 					"certificate store");
   1421 			if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
   1422 			    ERR_GET_REASON(err) ==
   1423 			    X509_R_CERT_ALREADY_IN_HASH_TABLE) {
   1424 				wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
   1425 					   "cert already in hash table error",
   1426 					   __func__);
   1427 			} else {
   1428 				X509_free(cert);
   1429 				return -1;
   1430 			}
   1431 		}
   1432 		X509_free(cert);
   1433 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
   1434 			   "to certificate store", __func__);
   1435 		return 0;
   1436 	}
   1437 
   1438 #ifdef ANDROID
   1439 	if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) {
   1440 		BIO *bio = BIO_from_keystore(&ca_cert[11]);
   1441 		STACK_OF(X509_INFO) *stack = NULL;
   1442 		int i;
   1443 
   1444 		if (bio) {
   1445 			stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
   1446 			BIO_free(bio);
   1447 		}
   1448 		if (!stack)
   1449 			return -1;
   1450 
   1451 		for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
   1452 			X509_INFO *info = sk_X509_INFO_value(stack, i);
   1453 			if (info->x509) {
   1454 				X509_STORE_add_cert(ssl_ctx->cert_store,
   1455 						    info->x509);
   1456 			}
   1457 			if (info->crl) {
   1458 				X509_STORE_add_crl(ssl_ctx->cert_store,
   1459 						   info->crl);
   1460 			}
   1461 		}
   1462 		sk_X509_INFO_pop_free(stack, X509_INFO_free);
   1463 		SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
   1464 		return 0;
   1465 	}
   1466 #endif /* ANDROID */
   1467 
   1468 #ifdef CONFIG_NATIVE_WINDOWS
   1469 	if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
   1470 	    0) {
   1471 		wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from "
   1472 			   "system certificate store");
   1473 		return 0;
   1474 	}
   1475 #endif /* CONFIG_NATIVE_WINDOWS */
   1476 
   1477 	if (ca_cert || ca_path) {
   1478 #ifndef OPENSSL_NO_STDIO
   1479 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
   1480 		    1) {
   1481 			tls_show_errors(MSG_WARNING, __func__,
   1482 					"Failed to load root certificates");
   1483 			if (ca_cert &&
   1484 			    tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
   1485 				wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
   1486 					   "DER format CA certificate",
   1487 					   __func__);
   1488 			} else
   1489 				return -1;
   1490 		} else {
   1491 			wpa_printf(MSG_DEBUG, "TLS: Trusted root "
   1492 				   "certificate(s) loaded");
   1493 			tls_get_errors(ssl_ctx);
   1494 		}
   1495 #else /* OPENSSL_NO_STDIO */
   1496 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
   1497 			   __func__);
   1498 		return -1;
   1499 #endif /* OPENSSL_NO_STDIO */
   1500 	} else {
   1501 		/* No ca_cert configured - do not try to verify server
   1502 		 * certificate */
   1503 		conn->ca_cert_verify = 0;
   1504 	}
   1505 
   1506 	return 0;
   1507 }
   1508 
   1509 
   1510 static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
   1511 {
   1512 	if (ca_cert) {
   1513 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
   1514 		{
   1515 			tls_show_errors(MSG_WARNING, __func__,
   1516 					"Failed to load root certificates");
   1517 			return -1;
   1518 		}
   1519 
   1520 		wpa_printf(MSG_DEBUG, "TLS: Trusted root "
   1521 			   "certificate(s) loaded");
   1522 
   1523 #ifndef OPENSSL_NO_STDIO
   1524 		/* Add the same CAs to the client certificate requests */
   1525 		SSL_CTX_set_client_CA_list(ssl_ctx,
   1526 					   SSL_load_client_CA_file(ca_cert));
   1527 #endif /* OPENSSL_NO_STDIO */
   1528 	}
   1529 
   1530 	return 0;
   1531 }
   1532 
   1533 
   1534 int tls_global_set_verify(void *ssl_ctx, int check_crl)
   1535 {
   1536 	int flags;
   1537 
   1538 	if (check_crl) {
   1539 		X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
   1540 		if (cs == NULL) {
   1541 			tls_show_errors(MSG_INFO, __func__, "Failed to get "
   1542 					"certificate store when enabling "
   1543 					"check_crl");
   1544 			return -1;
   1545 		}
   1546 		flags = X509_V_FLAG_CRL_CHECK;
   1547 		if (check_crl == 2)
   1548 			flags |= X509_V_FLAG_CRL_CHECK_ALL;
   1549 		X509_STORE_set_flags(cs, flags);
   1550 	}
   1551 	return 0;
   1552 }
   1553 
   1554 
   1555 static int tls_connection_set_subject_match(struct tls_connection *conn,
   1556 					    const char *subject_match,
   1557 					    const char *altsubject_match)
   1558 {
   1559 	os_free(conn->subject_match);
   1560 	conn->subject_match = NULL;
   1561 	if (subject_match) {
   1562 		conn->subject_match = os_strdup(subject_match);
   1563 		if (conn->subject_match == NULL)
   1564 			return -1;
   1565 	}
   1566 
   1567 	os_free(conn->altsubject_match);
   1568 	conn->altsubject_match = NULL;
   1569 	if (altsubject_match) {
   1570 		conn->altsubject_match = os_strdup(altsubject_match);
   1571 		if (conn->altsubject_match == NULL)
   1572 			return -1;
   1573 	}
   1574 
   1575 	return 0;
   1576 }
   1577 
   1578 
   1579 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
   1580 			      int verify_peer)
   1581 {
   1582 	static int counter = 0;
   1583 
   1584 	if (conn == NULL)
   1585 		return -1;
   1586 
   1587 	if (verify_peer) {
   1588 		conn->ca_cert_verify = 1;
   1589 		SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
   1590 			       SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
   1591 			       SSL_VERIFY_CLIENT_ONCE, tls_verify_cb);
   1592 	} else {
   1593 		conn->ca_cert_verify = 0;
   1594 		SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
   1595 	}
   1596 
   1597 	SSL_set_accept_state(conn->ssl);
   1598 
   1599 	/*
   1600 	 * Set session id context in order to avoid fatal errors when client
   1601 	 * tries to resume a session. However, set the context to a unique
   1602 	 * value in order to effectively disable session resumption for now
   1603 	 * since not all areas of the server code are ready for it (e.g.,
   1604 	 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS
   1605 	 * handshake).
   1606 	 */
   1607 	counter++;
   1608 	SSL_set_session_id_context(conn->ssl,
   1609 				   (const unsigned char *) &counter,
   1610 				   sizeof(counter));
   1611 
   1612 	return 0;
   1613 }
   1614 
   1615 
   1616 static int tls_connection_client_cert(struct tls_connection *conn,
   1617 				      const char *client_cert,
   1618 				      const u8 *client_cert_blob,
   1619 				      size_t client_cert_blob_len)
   1620 {
   1621 	if (client_cert == NULL && client_cert_blob == NULL)
   1622 		return 0;
   1623 
   1624 	if (client_cert_blob &&
   1625 	    SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
   1626 				     client_cert_blob_len) == 1) {
   1627 		wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
   1628 			   "OK");
   1629 		return 0;
   1630 	} else if (client_cert_blob) {
   1631 		tls_show_errors(MSG_DEBUG, __func__,
   1632 				"SSL_use_certificate_ASN1 failed");
   1633 	}
   1634 
   1635 	if (client_cert == NULL)
   1636 		return -1;
   1637 
   1638 #ifdef ANDROID
   1639 	if (os_strncmp("keystore://", client_cert, 11) == 0) {
   1640 		BIO *bio = BIO_from_keystore(&client_cert[11]);
   1641 		X509 *x509 = NULL;
   1642 		int ret = -1;
   1643 		if (bio) {
   1644 			x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
   1645 			BIO_free(bio);
   1646 		}
   1647 		if (x509) {
   1648 			if (SSL_use_certificate(conn->ssl, x509) == 1)
   1649 				ret = 0;
   1650 			X509_free(x509);
   1651 		}
   1652 		return ret;
   1653 	}
   1654 #endif /* ANDROID */
   1655 
   1656 #ifndef OPENSSL_NO_STDIO
   1657 	if (SSL_use_certificate_file(conn->ssl, client_cert,
   1658 				     SSL_FILETYPE_ASN1) == 1) {
   1659 		wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
   1660 			   " --> OK");
   1661 		return 0;
   1662 	}
   1663 
   1664 	if (SSL_use_certificate_file(conn->ssl, client_cert,
   1665 				     SSL_FILETYPE_PEM) == 1) {
   1666 		ERR_clear_error();
   1667 		wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
   1668 			   " --> OK");
   1669 		return 0;
   1670 	}
   1671 
   1672 	tls_show_errors(MSG_DEBUG, __func__,
   1673 			"SSL_use_certificate_file failed");
   1674 #else /* OPENSSL_NO_STDIO */
   1675 	wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
   1676 #endif /* OPENSSL_NO_STDIO */
   1677 
   1678 	return -1;
   1679 }
   1680 
   1681 
   1682 static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
   1683 {
   1684 #ifndef OPENSSL_NO_STDIO
   1685 	if (client_cert == NULL)
   1686 		return 0;
   1687 
   1688 	if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
   1689 					 SSL_FILETYPE_ASN1) != 1 &&
   1690 	    SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
   1691 	    SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
   1692 					 SSL_FILETYPE_PEM) != 1) {
   1693 		tls_show_errors(MSG_INFO, __func__,
   1694 				"Failed to load client certificate");
   1695 		return -1;
   1696 	}
   1697 	return 0;
   1698 #else /* OPENSSL_NO_STDIO */
   1699 	if (client_cert == NULL)
   1700 		return 0;
   1701 	wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
   1702 	return -1;
   1703 #endif /* OPENSSL_NO_STDIO */
   1704 }
   1705 
   1706 
   1707 static int tls_passwd_cb(char *buf, int size, int rwflag, void *password)
   1708 {
   1709 	if (password == NULL) {
   1710 		return 0;
   1711 	}
   1712 	os_strlcpy(buf, (char *) password, size);
   1713 	return os_strlen(buf);
   1714 }
   1715 
   1716 
   1717 #ifdef PKCS12_FUNCS
   1718 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
   1719 			    const char *passwd)
   1720 {
   1721 	EVP_PKEY *pkey;
   1722 	X509 *cert;
   1723 	STACK_OF(X509) *certs;
   1724 	int res = 0;
   1725 	char buf[256];
   1726 
   1727 	pkey = NULL;
   1728 	cert = NULL;
   1729 	certs = NULL;
   1730 	if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
   1731 		tls_show_errors(MSG_DEBUG, __func__,
   1732 				"Failed to parse PKCS12 file");
   1733 		PKCS12_free(p12);
   1734 		return -1;
   1735 	}
   1736 	wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
   1737 
   1738 	if (cert) {
   1739 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
   1740 				  sizeof(buf));
   1741 		wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: "
   1742 			   "subject='%s'", buf);
   1743 		if (ssl) {
   1744 			if (SSL_use_certificate(ssl, cert) != 1)
   1745 				res = -1;
   1746 		} else {
   1747 			if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
   1748 				res = -1;
   1749 		}
   1750 		X509_free(cert);
   1751 	}
   1752 
   1753 	if (pkey) {
   1754 		wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12");
   1755 		if (ssl) {
   1756 			if (SSL_use_PrivateKey(ssl, pkey) != 1)
   1757 				res = -1;
   1758 		} else {
   1759 			if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
   1760 				res = -1;
   1761 		}
   1762 		EVP_PKEY_free(pkey);
   1763 	}
   1764 
   1765 	if (certs) {
   1766 		while ((cert = sk_X509_pop(certs)) != NULL) {
   1767 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
   1768 					  sizeof(buf));
   1769 			wpa_printf(MSG_DEBUG, "TLS: additional certificate"
   1770 				   " from PKCS12: subject='%s'", buf);
   1771 			/*
   1772 			 * There is no SSL equivalent for the chain cert - so
   1773 			 * always add it to the context...
   1774 			 */
   1775 			if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
   1776 				res = -1;
   1777 				break;
   1778 			}
   1779 		}
   1780 		sk_X509_free(certs);
   1781 	}
   1782 
   1783 	PKCS12_free(p12);
   1784 
   1785 	if (res < 0)
   1786 		tls_get_errors(ssl_ctx);
   1787 
   1788 	return res;
   1789 }
   1790 #endif  /* PKCS12_FUNCS */
   1791 
   1792 
   1793 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
   1794 			   const char *passwd)
   1795 {
   1796 #ifdef PKCS12_FUNCS
   1797 	FILE *f;
   1798 	PKCS12 *p12;
   1799 
   1800 	f = fopen(private_key, "rb");
   1801 	if (f == NULL)
   1802 		return -1;
   1803 
   1804 	p12 = d2i_PKCS12_fp(f, NULL);
   1805 	fclose(f);
   1806 
   1807 	if (p12 == NULL) {
   1808 		tls_show_errors(MSG_INFO, __func__,
   1809 				"Failed to use PKCS#12 file");
   1810 		return -1;
   1811 	}
   1812 
   1813 	return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
   1814 
   1815 #else /* PKCS12_FUNCS */
   1816 	wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
   1817 		   "p12/pfx files");
   1818 	return -1;
   1819 #endif  /* PKCS12_FUNCS */
   1820 }
   1821 
   1822 
   1823 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
   1824 				const u8 *blob, size_t len, const char *passwd)
   1825 {
   1826 #ifdef PKCS12_FUNCS
   1827 	PKCS12 *p12;
   1828 
   1829 	p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len);
   1830 	if (p12 == NULL) {
   1831 		tls_show_errors(MSG_INFO, __func__,
   1832 				"Failed to use PKCS#12 blob");
   1833 		return -1;
   1834 	}
   1835 
   1836 	return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
   1837 
   1838 #else /* PKCS12_FUNCS */
   1839 	wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
   1840 		   "p12/pfx blobs");
   1841 	return -1;
   1842 #endif  /* PKCS12_FUNCS */
   1843 }
   1844 
   1845 
   1846 #ifndef OPENSSL_NO_ENGINE
   1847 static int tls_engine_get_cert(struct tls_connection *conn,
   1848 			       const char *cert_id,
   1849 			       X509 **cert)
   1850 {
   1851 	/* this runs after the private key is loaded so no PIN is required */
   1852 	struct {
   1853 		const char *cert_id;
   1854 		X509 *cert;
   1855 	} params;
   1856 	params.cert_id = cert_id;
   1857 	params.cert = NULL;
   1858 
   1859 	if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
   1860 			     0, &params, NULL, 1)) {
   1861 		wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
   1862 			   " '%s' [%s]", cert_id,
   1863 			   ERR_error_string(ERR_get_error(), NULL));
   1864 		return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
   1865 	}
   1866 	if (!params.cert) {
   1867 		wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
   1868 			   " '%s'", cert_id);
   1869 		return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
   1870 	}
   1871 	*cert = params.cert;
   1872 	return 0;
   1873 }
   1874 #endif /* OPENSSL_NO_ENGINE */
   1875 
   1876 
   1877 static int tls_connection_engine_client_cert(struct tls_connection *conn,
   1878 					     const char *cert_id)
   1879 {
   1880 #ifndef OPENSSL_NO_ENGINE
   1881 	X509 *cert;
   1882 
   1883 	if (tls_engine_get_cert(conn, cert_id, &cert))
   1884 		return -1;
   1885 
   1886 	if (!SSL_use_certificate(conn->ssl, cert)) {
   1887 		tls_show_errors(MSG_ERROR, __func__,
   1888 				"SSL_use_certificate failed");
   1889                 X509_free(cert);
   1890 		return -1;
   1891 	}
   1892 	X509_free(cert);
   1893 	wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> "
   1894 		   "OK");
   1895 	return 0;
   1896 
   1897 #else /* OPENSSL_NO_ENGINE */
   1898 	return -1;
   1899 #endif /* OPENSSL_NO_ENGINE */
   1900 }
   1901 
   1902 
   1903 static int tls_connection_engine_ca_cert(void *_ssl_ctx,
   1904 					 struct tls_connection *conn,
   1905 					 const char *ca_cert_id)
   1906 {
   1907 #ifndef OPENSSL_NO_ENGINE
   1908 	X509 *cert;
   1909 	SSL_CTX *ssl_ctx = _ssl_ctx;
   1910 
   1911 	if (tls_engine_get_cert(conn, ca_cert_id, &cert))
   1912 		return -1;
   1913 
   1914 	/* start off the same as tls_connection_ca_cert */
   1915 	X509_STORE_free(ssl_ctx->cert_store);
   1916 	ssl_ctx->cert_store = X509_STORE_new();
   1917 	if (ssl_ctx->cert_store == NULL) {
   1918 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
   1919 			   "certificate store", __func__);
   1920 		X509_free(cert);
   1921 		return -1;
   1922 	}
   1923 	if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
   1924 		unsigned long err = ERR_peek_error();
   1925 		tls_show_errors(MSG_WARNING, __func__,
   1926 				"Failed to add CA certificate from engine "
   1927 				"to certificate store");
   1928 		if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
   1929 		    ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
   1930 			wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
   1931 				   " already in hash table error",
   1932 				   __func__);
   1933 		} else {
   1934 			X509_free(cert);
   1935 			return -1;
   1936 		}
   1937 	}
   1938 	X509_free(cert);
   1939 	wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
   1940 		   "to certificate store", __func__);
   1941 	SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
   1942 	conn->ca_cert_verify = 1;
   1943 
   1944 	return 0;
   1945 
   1946 #else /* OPENSSL_NO_ENGINE */
   1947 	return -1;
   1948 #endif /* OPENSSL_NO_ENGINE */
   1949 }
   1950 
   1951 
   1952 static int tls_connection_engine_private_key(struct tls_connection *conn)
   1953 {
   1954 #ifndef OPENSSL_NO_ENGINE
   1955 	if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
   1956 		tls_show_errors(MSG_ERROR, __func__,
   1957 				"ENGINE: cannot use private key for TLS");
   1958 		return -1;
   1959 	}
   1960 	if (!SSL_check_private_key(conn->ssl)) {
   1961 		tls_show_errors(MSG_INFO, __func__,
   1962 				"Private key failed verification");
   1963 		return -1;
   1964 	}
   1965 	return 0;
   1966 #else /* OPENSSL_NO_ENGINE */
   1967 	wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
   1968 		   "engine support was not compiled in");
   1969 	return -1;
   1970 #endif /* OPENSSL_NO_ENGINE */
   1971 }
   1972 
   1973 
   1974 static int tls_connection_private_key(void *_ssl_ctx,
   1975 				      struct tls_connection *conn,
   1976 				      const char *private_key,
   1977 				      const char *private_key_passwd,
   1978 				      const u8 *private_key_blob,
   1979 				      size_t private_key_blob_len)
   1980 {
   1981 	SSL_CTX *ssl_ctx = _ssl_ctx;
   1982 	char *passwd;
   1983 	int ok;
   1984 
   1985 	if (private_key == NULL && private_key_blob == NULL)
   1986 		return 0;
   1987 
   1988 	if (private_key_passwd) {
   1989 		passwd = os_strdup(private_key_passwd);
   1990 		if (passwd == NULL)
   1991 			return -1;
   1992 	} else
   1993 		passwd = NULL;
   1994 
   1995 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
   1996 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
   1997 
   1998 	ok = 0;
   1999 	while (private_key_blob) {
   2000 		if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
   2001 					    (u8 *) private_key_blob,
   2002 					    private_key_blob_len) == 1) {
   2003 			wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
   2004 				   "ASN1(EVP_PKEY_RSA) --> OK");
   2005 			ok = 1;
   2006 			break;
   2007 		}
   2008 
   2009 		if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
   2010 					    (u8 *) private_key_blob,
   2011 					    private_key_blob_len) == 1) {
   2012 			wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
   2013 				   "ASN1(EVP_PKEY_DSA) --> OK");
   2014 			ok = 1;
   2015 			break;
   2016 		}
   2017 
   2018 		if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
   2019 					       (u8 *) private_key_blob,
   2020 					       private_key_blob_len) == 1) {
   2021 			wpa_printf(MSG_DEBUG, "OpenSSL: "
   2022 				   "SSL_use_RSAPrivateKey_ASN1 --> OK");
   2023 			ok = 1;
   2024 			break;
   2025 		}
   2026 
   2027 		if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
   2028 					 private_key_blob_len, passwd) == 0) {
   2029 			wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
   2030 				   "OK");
   2031 			ok = 1;
   2032 			break;
   2033 		}
   2034 
   2035 		break;
   2036 	}
   2037 
   2038 #ifdef ANDROID
   2039 	if (!ok && private_key &&
   2040 	    os_strncmp("keystore://", private_key, 11) == 0) {
   2041 		BIO *bio = BIO_from_keystore(&private_key[11]);
   2042 		EVP_PKEY *pkey = NULL;
   2043 		if (bio) {
   2044 			pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
   2045 			BIO_free(bio);
   2046 		}
   2047 		if (pkey) {
   2048 			if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
   2049 				wpa_printf(MSG_DEBUG, "OpenSSL: Private key "
   2050 					   "from keystore");
   2051 				ok = 1;
   2052 			}
   2053 			EVP_PKEY_free(pkey);
   2054 		}
   2055 	}
   2056 #endif /* ANDROID */
   2057 
   2058 	while (!ok && private_key) {
   2059 #ifndef OPENSSL_NO_STDIO
   2060 		if (SSL_use_PrivateKey_file(conn->ssl, private_key,
   2061 					    SSL_FILETYPE_ASN1) == 1) {
   2062 			wpa_printf(MSG_DEBUG, "OpenSSL: "
   2063 				   "SSL_use_PrivateKey_File (DER) --> OK");
   2064 			ok = 1;
   2065 			break;
   2066 		}
   2067 
   2068 		if (SSL_use_PrivateKey_file(conn->ssl, private_key,
   2069 					    SSL_FILETYPE_PEM) == 1) {
   2070 			wpa_printf(MSG_DEBUG, "OpenSSL: "
   2071 				   "SSL_use_PrivateKey_File (PEM) --> OK");
   2072 			ok = 1;
   2073 			break;
   2074 		}
   2075 #else /* OPENSSL_NO_STDIO */
   2076 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
   2077 			   __func__);
   2078 #endif /* OPENSSL_NO_STDIO */
   2079 
   2080 		if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
   2081 		    == 0) {
   2082 			wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
   2083 				   "--> OK");
   2084 			ok = 1;
   2085 			break;
   2086 		}
   2087 
   2088 		if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
   2089 			wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to "
   2090 				   "access certificate store --> OK");
   2091 			ok = 1;
   2092 			break;
   2093 		}
   2094 
   2095 		break;
   2096 	}
   2097 
   2098 	if (!ok) {
   2099 		tls_show_errors(MSG_INFO, __func__,
   2100 				"Failed to load private key");
   2101 		os_free(passwd);
   2102 		return -1;
   2103 	}
   2104 	ERR_clear_error();
   2105 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
   2106 	os_free(passwd);
   2107 
   2108 	if (!SSL_check_private_key(conn->ssl)) {
   2109 		tls_show_errors(MSG_INFO, __func__, "Private key failed "
   2110 				"verification");
   2111 		return -1;
   2112 	}
   2113 
   2114 	wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
   2115 	return 0;
   2116 }
   2117 
   2118 
   2119 static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
   2120 				  const char *private_key_passwd)
   2121 {
   2122 	char *passwd;
   2123 
   2124 	if (private_key == NULL)
   2125 		return 0;
   2126 
   2127 	if (private_key_passwd) {
   2128 		passwd = os_strdup(private_key_passwd);
   2129 		if (passwd == NULL)
   2130 			return -1;
   2131 	} else
   2132 		passwd = NULL;
   2133 
   2134 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
   2135 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
   2136 	if (
   2137 #ifndef OPENSSL_NO_STDIO
   2138 	    SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
   2139 					SSL_FILETYPE_ASN1) != 1 &&
   2140 	    SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
   2141 					SSL_FILETYPE_PEM) != 1 &&
   2142 #endif /* OPENSSL_NO_STDIO */
   2143 	    tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
   2144 		tls_show_errors(MSG_INFO, __func__,
   2145 				"Failed to load private key");
   2146 		os_free(passwd);
   2147 		ERR_clear_error();
   2148 		return -1;
   2149 	}
   2150 	os_free(passwd);
   2151 	ERR_clear_error();
   2152 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
   2153 
   2154 	if (!SSL_CTX_check_private_key(ssl_ctx)) {
   2155 		tls_show_errors(MSG_INFO, __func__,
   2156 				"Private key failed verification");
   2157 		return -1;
   2158 	}
   2159 
   2160 	return 0;
   2161 }
   2162 
   2163 
   2164 static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
   2165 {
   2166 #ifdef OPENSSL_NO_DH
   2167 	if (dh_file == NULL)
   2168 		return 0;
   2169 	wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
   2170 		   "dh_file specified");
   2171 	return -1;
   2172 #else /* OPENSSL_NO_DH */
   2173 	DH *dh;
   2174 	BIO *bio;
   2175 
   2176 	/* TODO: add support for dh_blob */
   2177 	if (dh_file == NULL)
   2178 		return 0;
   2179 	if (conn == NULL)
   2180 		return -1;
   2181 
   2182 	bio = BIO_new_file(dh_file, "r");
   2183 	if (bio == NULL) {
   2184 		wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
   2185 			   dh_file, ERR_error_string(ERR_get_error(), NULL));
   2186 		return -1;
   2187 	}
   2188 	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
   2189 	BIO_free(bio);
   2190 #ifndef OPENSSL_NO_DSA
   2191 	while (dh == NULL) {
   2192 		DSA *dsa;
   2193 		wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
   2194 			   " trying to parse as DSA params", dh_file,
   2195 			   ERR_error_string(ERR_get_error(), NULL));
   2196 		bio = BIO_new_file(dh_file, "r");
   2197 		if (bio == NULL)
   2198 			break;
   2199 		dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
   2200 		BIO_free(bio);
   2201 		if (!dsa) {
   2202 			wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
   2203 				   "'%s': %s", dh_file,
   2204 				   ERR_error_string(ERR_get_error(), NULL));
   2205 			break;
   2206 		}
   2207 
   2208 		wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
   2209 		dh = DSA_dup_DH(dsa);
   2210 		DSA_free(dsa);
   2211 		if (dh == NULL) {
   2212 			wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
   2213 				   "params into DH params");
   2214 			break;
   2215 		}
   2216 		break;
   2217 	}
   2218 #endif /* !OPENSSL_NO_DSA */
   2219 	if (dh == NULL) {
   2220 		wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
   2221 			   "'%s'", dh_file);
   2222 		return -1;
   2223 	}
   2224 
   2225 	if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
   2226 		wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
   2227 			   "%s", dh_file,
   2228 			   ERR_error_string(ERR_get_error(), NULL));
   2229 		DH_free(dh);
   2230 		return -1;
   2231 	}
   2232 	DH_free(dh);
   2233 	return 0;
   2234 #endif /* OPENSSL_NO_DH */
   2235 }
   2236 
   2237 
   2238 static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
   2239 {
   2240 #ifdef OPENSSL_NO_DH
   2241 	if (dh_file == NULL)
   2242 		return 0;
   2243 	wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
   2244 		   "dh_file specified");
   2245 	return -1;
   2246 #else /* OPENSSL_NO_DH */
   2247 	DH *dh;
   2248 	BIO *bio;
   2249 
   2250 	/* TODO: add support for dh_blob */
   2251 	if (dh_file == NULL)
   2252 		return 0;
   2253 	if (ssl_ctx == NULL)
   2254 		return -1;
   2255 
   2256 	bio = BIO_new_file(dh_file, "r");
   2257 	if (bio == NULL) {
   2258 		wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
   2259 			   dh_file, ERR_error_string(ERR_get_error(), NULL));
   2260 		return -1;
   2261 	}
   2262 	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
   2263 	BIO_free(bio);
   2264 #ifndef OPENSSL_NO_DSA
   2265 	while (dh == NULL) {
   2266 		DSA *dsa;
   2267 		wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
   2268 			   " trying to parse as DSA params", dh_file,
   2269 			   ERR_error_string(ERR_get_error(), NULL));
   2270 		bio = BIO_new_file(dh_file, "r");
   2271 		if (bio == NULL)
   2272 			break;
   2273 		dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
   2274 		BIO_free(bio);
   2275 		if (!dsa) {
   2276 			wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
   2277 				   "'%s': %s", dh_file,
   2278 				   ERR_error_string(ERR_get_error(), NULL));
   2279 			break;
   2280 		}
   2281 
   2282 		wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
   2283 		dh = DSA_dup_DH(dsa);
   2284 		DSA_free(dsa);
   2285 		if (dh == NULL) {
   2286 			wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
   2287 				   "params into DH params");
   2288 			break;
   2289 		}
   2290 		break;
   2291 	}
   2292 #endif /* !OPENSSL_NO_DSA */
   2293 	if (dh == NULL) {
   2294 		wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
   2295 			   "'%s'", dh_file);
   2296 		return -1;
   2297 	}
   2298 
   2299 	if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
   2300 		wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
   2301 			   "%s", dh_file,
   2302 			   ERR_error_string(ERR_get_error(), NULL));
   2303 		DH_free(dh);
   2304 		return -1;
   2305 	}
   2306 	DH_free(dh);
   2307 	return 0;
   2308 #endif /* OPENSSL_NO_DH */
   2309 }
   2310 
   2311 
   2312 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
   2313 			    struct tls_keys *keys)
   2314 {
   2315 #ifdef CONFIG_FIPS
   2316 	wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS "
   2317 		   "mode");
   2318 	return -1;
   2319 #else /* CONFIG_FIPS */
   2320 	SSL *ssl;
   2321 
   2322 	if (conn == NULL || keys == NULL)
   2323 		return -1;
   2324 	ssl = conn->ssl;
   2325 	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
   2326 		return -1;
   2327 
   2328 	os_memset(keys, 0, sizeof(*keys));
   2329 	keys->master_key = ssl->session->master_key;
   2330 	keys->master_key_len = ssl->session->master_key_length;
   2331 	keys->client_random = ssl->s3->client_random;
   2332 	keys->client_random_len = SSL3_RANDOM_SIZE;
   2333 	keys->server_random = ssl->s3->server_random;
   2334 	keys->server_random_len = SSL3_RANDOM_SIZE;
   2335 
   2336 	return 0;
   2337 #endif /* CONFIG_FIPS */
   2338 }
   2339 
   2340 
   2341 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
   2342 		       const char *label, int server_random_first,
   2343 		       u8 *out, size_t out_len)
   2344 {
   2345 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
   2346 	SSL *ssl;
   2347 	if (conn == NULL)
   2348 		return -1;
   2349 	if (server_random_first)
   2350 		return -1;
   2351 	ssl = conn->ssl;
   2352 	if (SSL_export_keying_material(ssl, out, out_len, label,
   2353 				       os_strlen(label), NULL, 0, 0) == 1) {
   2354 		wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF");
   2355 		return 0;
   2356 	}
   2357 #endif
   2358 	return -1;
   2359 }
   2360 
   2361 
   2362 static struct wpabuf *
   2363 openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
   2364 		  int server)
   2365 {
   2366 	int res;
   2367 	struct wpabuf *out_data;
   2368 
   2369 	/*
   2370 	 * Give TLS handshake data from the server (if available) to OpenSSL
   2371 	 * for processing.
   2372 	 */
   2373 	if (in_data &&
   2374 	    BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
   2375 	    < 0) {
   2376 		tls_show_errors(MSG_INFO, __func__,
   2377 				"Handshake failed - BIO_write");
   2378 		return NULL;
   2379 	}
   2380 
   2381 	/* Initiate TLS handshake or continue the existing handshake */
   2382 	if (server)
   2383 		res = SSL_accept(conn->ssl);
   2384 	else
   2385 		res = SSL_connect(conn->ssl);
   2386 	if (res != 1) {
   2387 		int err = SSL_get_error(conn->ssl, res);
   2388 		if (err == SSL_ERROR_WANT_READ)
   2389 			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
   2390 				   "more data");
   2391 		else if (err == SSL_ERROR_WANT_WRITE)
   2392 			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
   2393 				   "write");
   2394 		else {
   2395 			tls_show_errors(MSG_INFO, __func__, "SSL_connect");
   2396 			conn->failed++;
   2397 		}
   2398 	}
   2399 
   2400 	/* Get the TLS handshake data to be sent to the server */
   2401 	res = BIO_ctrl_pending(conn->ssl_out);
   2402 	wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
   2403 	out_data = wpabuf_alloc(res);
   2404 	if (out_data == NULL) {
   2405 		wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
   2406 			   "handshake output (%d bytes)", res);
   2407 		if (BIO_reset(conn->ssl_out) < 0) {
   2408 			tls_show_errors(MSG_INFO, __func__,
   2409 					"BIO_reset failed");
   2410 		}
   2411 		return NULL;
   2412 	}
   2413 	res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
   2414 				      res);
   2415 	if (res < 0) {
   2416 		tls_show_errors(MSG_INFO, __func__,
   2417 				"Handshake failed - BIO_read");
   2418 		if (BIO_reset(conn->ssl_out) < 0) {
   2419 			tls_show_errors(MSG_INFO, __func__,
   2420 					"BIO_reset failed");
   2421 		}
   2422 		wpabuf_free(out_data);
   2423 		return NULL;
   2424 	}
   2425 	wpabuf_put(out_data, res);
   2426 
   2427 	return out_data;
   2428 }
   2429 
   2430 
   2431 static struct wpabuf *
   2432 openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
   2433 {
   2434 	struct wpabuf *appl_data;
   2435 	int res;
   2436 
   2437 	appl_data = wpabuf_alloc(max_len + 100);
   2438 	if (appl_data == NULL)
   2439 		return NULL;
   2440 
   2441 	res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
   2442 		       wpabuf_size(appl_data));
   2443 	if (res < 0) {
   2444 		int err = SSL_get_error(conn->ssl, res);
   2445 		if (err == SSL_ERROR_WANT_READ ||
   2446 		    err == SSL_ERROR_WANT_WRITE) {
   2447 			wpa_printf(MSG_DEBUG, "SSL: No Application Data "
   2448 				   "included");
   2449 		} else {
   2450 			tls_show_errors(MSG_INFO, __func__,
   2451 					"Failed to read possible "
   2452 					"Application Data");
   2453 		}
   2454 		wpabuf_free(appl_data);
   2455 		return NULL;
   2456 	}
   2457 
   2458 	wpabuf_put(appl_data, res);
   2459 	wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
   2460 			    "message", appl_data);
   2461 
   2462 	return appl_data;
   2463 }
   2464 
   2465 
   2466 static struct wpabuf *
   2467 openssl_connection_handshake(struct tls_connection *conn,
   2468 			     const struct wpabuf *in_data,
   2469 			     struct wpabuf **appl_data, int server)
   2470 {
   2471 	struct wpabuf *out_data;
   2472 
   2473 	if (appl_data)
   2474 		*appl_data = NULL;
   2475 
   2476 	out_data = openssl_handshake(conn, in_data, server);
   2477 	if (out_data == NULL)
   2478 		return NULL;
   2479 
   2480 	if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
   2481 		*appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
   2482 
   2483 	return out_data;
   2484 }
   2485 
   2486 
   2487 struct wpabuf *
   2488 tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
   2489 			 const struct wpabuf *in_data,
   2490 			 struct wpabuf **appl_data)
   2491 {
   2492 	return openssl_connection_handshake(conn, in_data, appl_data, 0);
   2493 }
   2494 
   2495 
   2496 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
   2497 						struct tls_connection *conn,
   2498 						const struct wpabuf *in_data,
   2499 						struct wpabuf **appl_data)
   2500 {
   2501 	return openssl_connection_handshake(conn, in_data, appl_data, 1);
   2502 }
   2503 
   2504 
   2505 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
   2506 				       struct tls_connection *conn,
   2507 				       const struct wpabuf *in_data)
   2508 {
   2509 	int res;
   2510 	struct wpabuf *buf;
   2511 
   2512 	if (conn == NULL)
   2513 		return NULL;
   2514 
   2515 	/* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */
   2516 	if ((res = BIO_reset(conn->ssl_in)) < 0 ||
   2517 	    (res = BIO_reset(conn->ssl_out)) < 0) {
   2518 		tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
   2519 		return NULL;
   2520 	}
   2521 	res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
   2522 	if (res < 0) {
   2523 		tls_show_errors(MSG_INFO, __func__,
   2524 				"Encryption failed - SSL_write");
   2525 		return NULL;
   2526 	}
   2527 
   2528 	/* Read encrypted data to be sent to the server */
   2529 	buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
   2530 	if (buf == NULL)
   2531 		return NULL;
   2532 	res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
   2533 	if (res < 0) {
   2534 		tls_show_errors(MSG_INFO, __func__,
   2535 				"Encryption failed - BIO_read");
   2536 		wpabuf_free(buf);
   2537 		return NULL;
   2538 	}
   2539 	wpabuf_put(buf, res);
   2540 
   2541 	return buf;
   2542 }
   2543 
   2544 
   2545 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
   2546 				       struct tls_connection *conn,
   2547 				       const struct wpabuf *in_data)
   2548 {
   2549 	int res;
   2550 	struct wpabuf *buf;
   2551 
   2552 	/* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */
   2553 	res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
   2554 			wpabuf_len(in_data));
   2555 	if (res < 0) {
   2556 		tls_show_errors(MSG_INFO, __func__,
   2557 				"Decryption failed - BIO_write");
   2558 		return NULL;
   2559 	}
   2560 	if (BIO_reset(conn->ssl_out) < 0) {
   2561 		tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
   2562 		return NULL;
   2563 	}
   2564 
   2565 	/* Read decrypted data for further processing */
   2566 	/*
   2567 	 * Even though we try to disable TLS compression, it is possible that
   2568 	 * this cannot be done with all TLS libraries. Add extra buffer space
   2569 	 * to handle the possibility of the decrypted data being longer than
   2570 	 * input data.
   2571 	 */
   2572 	buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
   2573 	if (buf == NULL)
   2574 		return NULL;
   2575 	res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
   2576 	if (res < 0) {
   2577 		tls_show_errors(MSG_INFO, __func__,
   2578 				"Decryption failed - SSL_read");
   2579 		wpabuf_free(buf);
   2580 		return NULL;
   2581 	}
   2582 	wpabuf_put(buf, res);
   2583 
   2584 	return buf;
   2585 }
   2586 
   2587 
   2588 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
   2589 {
   2590 	return conn ? conn->ssl->hit : 0;
   2591 }
   2592 
   2593 
   2594 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
   2595 				   u8 *ciphers)
   2596 {
   2597 	char buf[100], *pos, *end;
   2598 	u8 *c;
   2599 	int ret;
   2600 
   2601 	if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
   2602 		return -1;
   2603 
   2604 	buf[0] = '\0';
   2605 	pos = buf;
   2606 	end = pos + sizeof(buf);
   2607 
   2608 	c = ciphers;
   2609 	while (*c != TLS_CIPHER_NONE) {
   2610 		const char *suite;
   2611 
   2612 		switch (*c) {
   2613 		case TLS_CIPHER_RC4_SHA:
   2614 			suite = "RC4-SHA";
   2615 			break;
   2616 		case TLS_CIPHER_AES128_SHA:
   2617 			suite = "AES128-SHA";
   2618 			break;
   2619 		case TLS_CIPHER_RSA_DHE_AES128_SHA:
   2620 			suite = "DHE-RSA-AES128-SHA";
   2621 			break;
   2622 		case TLS_CIPHER_ANON_DH_AES128_SHA:
   2623 			suite = "ADH-AES128-SHA";
   2624 			break;
   2625 		default:
   2626 			wpa_printf(MSG_DEBUG, "TLS: Unsupported "
   2627 				   "cipher selection: %d", *c);
   2628 			return -1;
   2629 		}
   2630 		ret = os_snprintf(pos, end - pos, ":%s", suite);
   2631 		if (ret < 0 || ret >= end - pos)
   2632 			break;
   2633 		pos += ret;
   2634 
   2635 		c++;
   2636 	}
   2637 
   2638 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
   2639 
   2640 	if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
   2641 		tls_show_errors(MSG_INFO, __func__,
   2642 				"Cipher suite configuration failed");
   2643 		return -1;
   2644 	}
   2645 
   2646 	return 0;
   2647 }
   2648 
   2649 
   2650 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
   2651 		   char *buf, size_t buflen)
   2652 {
   2653 	const char *name;
   2654 	if (conn == NULL || conn->ssl == NULL)
   2655 		return -1;
   2656 
   2657 	name = SSL_get_cipher(conn->ssl);
   2658 	if (name == NULL)
   2659 		return -1;
   2660 
   2661 	os_strlcpy(buf, name, buflen);
   2662 	return 0;
   2663 }
   2664 
   2665 
   2666 int tls_connection_enable_workaround(void *ssl_ctx,
   2667 				     struct tls_connection *conn)
   2668 {
   2669 	SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
   2670 
   2671 	return 0;
   2672 }
   2673 
   2674 
   2675 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
   2676 /* ClientHello TLS extensions require a patch to openssl, so this function is
   2677  * commented out unless explicitly needed for EAP-FAST in order to be able to
   2678  * build this file with unmodified openssl. */
   2679 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
   2680 				    int ext_type, const u8 *data,
   2681 				    size_t data_len)
   2682 {
   2683 	if (conn == NULL || conn->ssl == NULL || ext_type != 35)
   2684 		return -1;
   2685 
   2686 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
   2687 	if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
   2688 				       data_len) != 1)
   2689 		return -1;
   2690 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
   2691 	if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
   2692 				    data_len) != 1)
   2693 		return -1;
   2694 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
   2695 
   2696 	return 0;
   2697 }
   2698 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
   2699 
   2700 
   2701 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
   2702 {
   2703 	if (conn == NULL)
   2704 		return -1;
   2705 	return conn->failed;
   2706 }
   2707 
   2708 
   2709 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
   2710 {
   2711 	if (conn == NULL)
   2712 		return -1;
   2713 	return conn->read_alerts;
   2714 }
   2715 
   2716 
   2717 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
   2718 {
   2719 	if (conn == NULL)
   2720 		return -1;
   2721 	return conn->write_alerts;
   2722 }
   2723 
   2724 
   2725 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
   2726 			      const struct tls_connection_params *params)
   2727 {
   2728 	int ret;
   2729 	unsigned long err;
   2730 
   2731 	if (conn == NULL)
   2732 		return -1;
   2733 
   2734 	while ((err = ERR_get_error())) {
   2735 		wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
   2736 			   __func__, ERR_error_string(err, NULL));
   2737 	}
   2738 
   2739 	if (params->engine) {
   2740 		wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
   2741 		ret = tls_engine_init(conn, params->engine_id, params->pin,
   2742 				      params->key_id, params->cert_id,
   2743 				      params->ca_cert_id);
   2744 		if (ret)
   2745 			return ret;
   2746 	}
   2747 	if (tls_connection_set_subject_match(conn,
   2748 					     params->subject_match,
   2749 					     params->altsubject_match))
   2750 		return -1;
   2751 
   2752 	if (params->engine && params->ca_cert_id) {
   2753 		if (tls_connection_engine_ca_cert(tls_ctx, conn,
   2754 						  params->ca_cert_id))
   2755 			return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
   2756 	} else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
   2757 					  params->ca_cert_blob,
   2758 					  params->ca_cert_blob_len,
   2759 					  params->ca_path))
   2760 		return -1;
   2761 
   2762 	if (params->engine && params->cert_id) {
   2763 		if (tls_connection_engine_client_cert(conn, params->cert_id))
   2764 			return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
   2765 	} else if (tls_connection_client_cert(conn, params->client_cert,
   2766 					      params->client_cert_blob,
   2767 					      params->client_cert_blob_len))
   2768 		return -1;
   2769 
   2770 	if (params->engine && params->key_id) {
   2771 		wpa_printf(MSG_DEBUG, "TLS: Using private key from engine");
   2772 		if (tls_connection_engine_private_key(conn))
   2773 			return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
   2774 	} else if (tls_connection_private_key(tls_ctx, conn,
   2775 					      params->private_key,
   2776 					      params->private_key_passwd,
   2777 					      params->private_key_blob,
   2778 					      params->private_key_blob_len)) {
   2779 		wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'",
   2780 			   params->private_key);
   2781 		return -1;
   2782 	}
   2783 
   2784 	if (tls_connection_dh(conn, params->dh_file)) {
   2785 		wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
   2786 			   params->dh_file);
   2787 		return -1;
   2788 	}
   2789 
   2790 #ifdef SSL_OP_NO_TICKET
   2791 	if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
   2792 		SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
   2793 	else
   2794 		SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
   2795 #endif /*  SSL_OP_NO_TICKET */
   2796 
   2797 	conn->flags = params->flags;
   2798 
   2799 	tls_get_errors(tls_ctx);
   2800 
   2801 	return 0;
   2802 }
   2803 
   2804 
   2805 int tls_global_set_params(void *tls_ctx,
   2806 			  const struct tls_connection_params *params)
   2807 {
   2808 	SSL_CTX *ssl_ctx = tls_ctx;
   2809 	unsigned long err;
   2810 
   2811 	while ((err = ERR_get_error())) {
   2812 		wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
   2813 			   __func__, ERR_error_string(err, NULL));
   2814 	}
   2815 
   2816 	if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
   2817 		return -1;
   2818 
   2819 	if (tls_global_client_cert(ssl_ctx, params->client_cert))
   2820 		return -1;
   2821 
   2822 	if (tls_global_private_key(ssl_ctx, params->private_key,
   2823 				   params->private_key_passwd))
   2824 		return -1;
   2825 
   2826 	if (tls_global_dh(ssl_ctx, params->dh_file)) {
   2827 		wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
   2828 			   params->dh_file);
   2829 		return -1;
   2830 	}
   2831 
   2832 #ifdef SSL_OP_NO_TICKET
   2833 	if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
   2834 		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
   2835 	else
   2836 		SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET);
   2837 #endif /*  SSL_OP_NO_TICKET */
   2838 
   2839 	return 0;
   2840 }
   2841 
   2842 
   2843 int tls_connection_get_keyblock_size(void *tls_ctx,
   2844 				     struct tls_connection *conn)
   2845 {
   2846 	const EVP_CIPHER *c;
   2847 	const EVP_MD *h;
   2848 	int md_size;
   2849 
   2850 	if (conn == NULL || conn->ssl == NULL ||
   2851 	    conn->ssl->enc_read_ctx == NULL ||
   2852 	    conn->ssl->enc_read_ctx->cipher == NULL ||
   2853 	    conn->ssl->read_hash == NULL)
   2854 		return -1;
   2855 
   2856 	c = conn->ssl->enc_read_ctx->cipher;
   2857 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
   2858 	h = EVP_MD_CTX_md(conn->ssl->read_hash);
   2859 #else
   2860 	h = conn->ssl->read_hash;
   2861 #endif
   2862 	if (h)
   2863 		md_size = EVP_MD_size(h);
   2864 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
   2865 	else if (conn->ssl->s3)
   2866 		md_size = conn->ssl->s3->tmp.new_mac_secret_size;
   2867 #endif
   2868 	else
   2869 		return -1;
   2870 
   2871 	wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
   2872 		   "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
   2873 		   EVP_CIPHER_iv_length(c));
   2874 	return 2 * (EVP_CIPHER_key_length(c) +
   2875 		    md_size +
   2876 		    EVP_CIPHER_iv_length(c));
   2877 }
   2878 
   2879 
   2880 unsigned int tls_capabilities(void *tls_ctx)
   2881 {
   2882 	return 0;
   2883 }
   2884 
   2885 
   2886 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
   2887 /* Pre-shared secred requires a patch to openssl, so this function is
   2888  * commented out unless explicitly needed for EAP-FAST in order to be able to
   2889  * build this file with unmodified openssl. */
   2890 
   2891 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
   2892 			   STACK_OF(SSL_CIPHER) *peer_ciphers,
   2893 			   SSL_CIPHER **cipher, void *arg)
   2894 {
   2895 	struct tls_connection *conn = arg;
   2896 	int ret;
   2897 
   2898 	if (conn == NULL || conn->session_ticket_cb == NULL)
   2899 		return 0;
   2900 
   2901 	ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
   2902 				      conn->session_ticket,
   2903 				      conn->session_ticket_len,
   2904 				      s->s3->client_random,
   2905 				      s->s3->server_random, secret);
   2906 	os_free(conn->session_ticket);
   2907 	conn->session_ticket = NULL;
   2908 
   2909 	if (ret <= 0)
   2910 		return 0;
   2911 
   2912 	*secret_len = SSL_MAX_MASTER_KEY_LENGTH;
   2913 	return 1;
   2914 }
   2915 
   2916 
   2917 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
   2918 static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
   2919 				     int len, void *arg)
   2920 {
   2921 	struct tls_connection *conn = arg;
   2922 
   2923 	if (conn == NULL || conn->session_ticket_cb == NULL)
   2924 		return 0;
   2925 
   2926 	wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len);
   2927 
   2928 	os_free(conn->session_ticket);
   2929 	conn->session_ticket = NULL;
   2930 
   2931 	wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
   2932 		    "extension", data, len);
   2933 
   2934 	conn->session_ticket = os_malloc(len);
   2935 	if (conn->session_ticket == NULL)
   2936 		return 0;
   2937 
   2938 	os_memcpy(conn->session_ticket, data, len);
   2939 	conn->session_ticket_len = len;
   2940 
   2941 	return 1;
   2942 }
   2943 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
   2944 #ifdef SSL_OP_NO_TICKET
   2945 static void tls_hello_ext_cb(SSL *s, int client_server, int type,
   2946 			     unsigned char *data, int len, void *arg)
   2947 {
   2948 	struct tls_connection *conn = arg;
   2949 
   2950 	if (conn == NULL || conn->session_ticket_cb == NULL)
   2951 		return;
   2952 
   2953 	wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__,
   2954 		   type, len);
   2955 
   2956 	if (type == TLSEXT_TYPE_session_ticket && !client_server) {
   2957 		os_free(conn->session_ticket);
   2958 		conn->session_ticket = NULL;
   2959 
   2960 		wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
   2961 			    "extension", data, len);
   2962 		conn->session_ticket = os_malloc(len);
   2963 		if (conn->session_ticket == NULL)
   2964 			return;
   2965 
   2966 		os_memcpy(conn->session_ticket, data, len);
   2967 		conn->session_ticket_len = len;
   2968 	}
   2969 }
   2970 #else /* SSL_OP_NO_TICKET */
   2971 static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg)
   2972 {
   2973 	struct tls_connection *conn = arg;
   2974 
   2975 	if (conn == NULL || conn->session_ticket_cb == NULL)
   2976 		return 0;
   2977 
   2978 	wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__,
   2979 		   ext->type, ext->length);
   2980 
   2981 	os_free(conn->session_ticket);
   2982 	conn->session_ticket = NULL;
   2983 
   2984 	if (ext->type == 35) {
   2985 		wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
   2986 			    "extension", ext->data, ext->length);
   2987 		conn->session_ticket = os_malloc(ext->length);
   2988 		if (conn->session_ticket == NULL)
   2989 			return SSL_AD_INTERNAL_ERROR;
   2990 
   2991 		os_memcpy(conn->session_ticket, ext->data, ext->length);
   2992 		conn->session_ticket_len = ext->length;
   2993 	}
   2994 
   2995 	return 0;
   2996 }
   2997 #endif /* SSL_OP_NO_TICKET */
   2998 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
   2999 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
   3000 
   3001 
   3002 int tls_connection_set_session_ticket_cb(void *tls_ctx,
   3003 					 struct tls_connection *conn,
   3004 					 tls_session_ticket_cb cb,
   3005 					 void *ctx)
   3006 {
   3007 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
   3008 	conn->session_ticket_cb = cb;
   3009 	conn->session_ticket_cb_ctx = ctx;
   3010 
   3011 	if (cb) {
   3012 		if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
   3013 					      conn) != 1)
   3014 			return -1;
   3015 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
   3016 		SSL_set_session_ticket_ext_cb(conn->ssl,
   3017 					      tls_session_ticket_ext_cb, conn);
   3018 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
   3019 #ifdef SSL_OP_NO_TICKET
   3020 		SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
   3021 		SSL_set_tlsext_debug_arg(conn->ssl, conn);
   3022 #else /* SSL_OP_NO_TICKET */
   3023 		if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
   3024 					       conn) != 1)
   3025 			return -1;
   3026 #endif /* SSL_OP_NO_TICKET */
   3027 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
   3028 	} else {
   3029 		if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
   3030 			return -1;
   3031 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE
   3032 		SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
   3033 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
   3034 #ifdef SSL_OP_NO_TICKET
   3035 		SSL_set_tlsext_debug_callback(conn->ssl, NULL);
   3036 		SSL_set_tlsext_debug_arg(conn->ssl, conn);
   3037 #else /* SSL_OP_NO_TICKET */
   3038 		if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
   3039 			return -1;
   3040 #endif /* SSL_OP_NO_TICKET */
   3041 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
   3042 	}
   3043 
   3044 	return 0;
   3045 #else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
   3046 	return -1;
   3047 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
   3048 }
   3049