xref: /freebsd/contrib/wpa/src/crypto/tls_openssl.c (revision 4436b51dff5736e74da464946049ea6899a88938)
1 /*
2  * SSL/TLS interface functions for OpenSSL
3  * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #ifndef CONFIG_SMARTCARD
12 #ifndef OPENSSL_NO_ENGINE
13 #ifndef ANDROID
14 #define OPENSSL_NO_ENGINE
15 #endif
16 #endif
17 #endif
18 
19 #include <openssl/ssl.h>
20 #include <openssl/err.h>
21 #include <openssl/pkcs12.h>
22 #include <openssl/x509v3.h>
23 #ifndef OPENSSL_NO_ENGINE
24 #include <openssl/engine.h>
25 #endif /* OPENSSL_NO_ENGINE */
26 
27 #include "common.h"
28 #include "crypto.h"
29 #include "tls.h"
30 
31 #if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data)
32 #define OPENSSL_SUPPORTS_CTX_APP_DATA
33 #endif
34 
35 #if OPENSSL_VERSION_NUMBER < 0x10000000L
36 /* ERR_remove_thread_state replaces ERR_remove_state and the latter is
37  * deprecated. However, OpenSSL 0.9.8 doesn't include
38  * ERR_remove_thread_state. */
39 #define ERR_remove_thread_state(tid) ERR_remove_state(0)
40 #endif
41 
42 #if defined(OPENSSL_IS_BORINGSSL)
43 /* stack_index_t is the return type of OpenSSL's sk_XXX_num() functions. */
44 typedef size_t stack_index_t;
45 #else
46 typedef int stack_index_t;
47 #endif
48 
49 #ifdef SSL_set_tlsext_status_type
50 #ifndef OPENSSL_NO_TLSEXT
51 #define HAVE_OCSP
52 #include <openssl/ocsp.h>
53 #endif /* OPENSSL_NO_TLSEXT */
54 #endif /* SSL_set_tlsext_status_type */
55 
56 #ifdef ANDROID
57 #include <openssl/pem.h>
58 #include <keystore/keystore_get.h>
59 
60 static BIO * BIO_from_keystore(const char *key)
61 {
62 	BIO *bio = NULL;
63 	uint8_t *value = NULL;
64 	int length = keystore_get(key, strlen(key), &value);
65 	if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL)
66 		BIO_write(bio, value, length);
67 	free(value);
68 	return bio;
69 }
70 #endif /* ANDROID */
71 
72 static int tls_openssl_ref_count = 0;
73 
74 struct tls_context {
75 	void (*event_cb)(void *ctx, enum tls_event ev,
76 			 union tls_event_data *data);
77 	void *cb_ctx;
78 	int cert_in_cb;
79 	char *ocsp_stapling_response;
80 };
81 
82 static struct tls_context *tls_global = NULL;
83 
84 
85 struct tls_connection {
86 	struct tls_context *context;
87 	SSL_CTX *ssl_ctx;
88 	SSL *ssl;
89 	BIO *ssl_in, *ssl_out;
90 #ifndef OPENSSL_NO_ENGINE
91 	ENGINE *engine;        /* functional reference to the engine */
92 	EVP_PKEY *private_key; /* the private key if using engine */
93 #endif /* OPENSSL_NO_ENGINE */
94 	char *subject_match, *altsubject_match, *suffix_match, *domain_match;
95 	int read_alerts, write_alerts, failed;
96 
97 	tls_session_ticket_cb session_ticket_cb;
98 	void *session_ticket_cb_ctx;
99 
100 	/* SessionTicket received from OpenSSL hello_extension_cb (server) */
101 	u8 *session_ticket;
102 	size_t session_ticket_len;
103 
104 	unsigned int ca_cert_verify:1;
105 	unsigned int cert_probe:1;
106 	unsigned int server_cert_only:1;
107 	unsigned int invalid_hb_used:1;
108 
109 	u8 srv_cert_hash[32];
110 
111 	unsigned int flags;
112 
113 	X509 *peer_cert;
114 	X509 *peer_issuer;
115 	X509 *peer_issuer_issuer;
116 };
117 
118 
119 static struct tls_context * tls_context_new(const struct tls_config *conf)
120 {
121 	struct tls_context *context = os_zalloc(sizeof(*context));
122 	if (context == NULL)
123 		return NULL;
124 	if (conf) {
125 		context->event_cb = conf->event_cb;
126 		context->cb_ctx = conf->cb_ctx;
127 		context->cert_in_cb = conf->cert_in_cb;
128 	}
129 	return context;
130 }
131 
132 
133 #ifdef CONFIG_NO_STDOUT_DEBUG
134 
135 static void _tls_show_errors(void)
136 {
137 	unsigned long err;
138 
139 	while ((err = ERR_get_error())) {
140 		/* Just ignore the errors, since stdout is disabled */
141 	}
142 }
143 #define tls_show_errors(l, f, t) _tls_show_errors()
144 
145 #else /* CONFIG_NO_STDOUT_DEBUG */
146 
147 static void tls_show_errors(int level, const char *func, const char *txt)
148 {
149 	unsigned long err;
150 
151 	wpa_printf(level, "OpenSSL: %s - %s %s",
152 		   func, txt, ERR_error_string(ERR_get_error(), NULL));
153 
154 	while ((err = ERR_get_error())) {
155 		wpa_printf(MSG_INFO, "OpenSSL: pending error: %s",
156 			   ERR_error_string(err, NULL));
157 	}
158 }
159 
160 #endif /* CONFIG_NO_STDOUT_DEBUG */
161 
162 
163 #ifdef CONFIG_NATIVE_WINDOWS
164 
165 /* Windows CryptoAPI and access to certificate stores */
166 #include <wincrypt.h>
167 
168 #ifdef __MINGW32_VERSION
169 /*
170  * MinGW does not yet include all the needed definitions for CryptoAPI, so
171  * define here whatever extra is needed.
172  */
173 #define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16)
174 #define CERT_STORE_READONLY_FLAG 0x00008000
175 #define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
176 
177 #endif /* __MINGW32_VERSION */
178 
179 
180 struct cryptoapi_rsa_data {
181 	const CERT_CONTEXT *cert;
182 	HCRYPTPROV crypt_prov;
183 	DWORD key_spec;
184 	BOOL free_crypt_prov;
185 };
186 
187 
188 static void cryptoapi_error(const char *msg)
189 {
190 	wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u",
191 		   msg, (unsigned int) GetLastError());
192 }
193 
194 
195 static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from,
196 				 unsigned char *to, RSA *rsa, int padding)
197 {
198 	wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
199 	return 0;
200 }
201 
202 
203 static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from,
204 				 unsigned char *to, RSA *rsa, int padding)
205 {
206 	wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
207 	return 0;
208 }
209 
210 
211 static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from,
212 				  unsigned char *to, RSA *rsa, int padding)
213 {
214 	struct cryptoapi_rsa_data *priv =
215 		(struct cryptoapi_rsa_data *) rsa->meth->app_data;
216 	HCRYPTHASH hash;
217 	DWORD hash_size, len, i;
218 	unsigned char *buf = NULL;
219 	int ret = 0;
220 
221 	if (priv == NULL) {
222 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
223 		       ERR_R_PASSED_NULL_PARAMETER);
224 		return 0;
225 	}
226 
227 	if (padding != RSA_PKCS1_PADDING) {
228 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
229 		       RSA_R_UNKNOWN_PADDING_TYPE);
230 		return 0;
231 	}
232 
233 	if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
234 		wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
235 			   __func__);
236 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
237 		       RSA_R_INVALID_MESSAGE_LENGTH);
238 		return 0;
239 	}
240 
241 	if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
242 	{
243 		cryptoapi_error("CryptCreateHash failed");
244 		return 0;
245 	}
246 
247 	len = sizeof(hash_size);
248 	if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len,
249 			       0)) {
250 		cryptoapi_error("CryptGetHashParam failed");
251 		goto err;
252 	}
253 
254 	if ((int) hash_size != flen) {
255 		wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)",
256 			   (unsigned) hash_size, flen);
257 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
258 		       RSA_R_INVALID_MESSAGE_LENGTH);
259 		goto err;
260 	}
261 	if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) {
262 		cryptoapi_error("CryptSetHashParam failed");
263 		goto err;
264 	}
265 
266 	len = RSA_size(rsa);
267 	buf = os_malloc(len);
268 	if (buf == NULL) {
269 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
270 		goto err;
271 	}
272 
273 	if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
274 		cryptoapi_error("CryptSignHash failed");
275 		goto err;
276 	}
277 
278 	for (i = 0; i < len; i++)
279 		to[i] = buf[len - i - 1];
280 	ret = len;
281 
282 err:
283 	os_free(buf);
284 	CryptDestroyHash(hash);
285 
286 	return ret;
287 }
288 
289 
290 static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from,
291 				  unsigned char *to, RSA *rsa, int padding)
292 {
293 	wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
294 	return 0;
295 }
296 
297 
298 static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv)
299 {
300 	if (priv == NULL)
301 		return;
302 	if (priv->crypt_prov && priv->free_crypt_prov)
303 		CryptReleaseContext(priv->crypt_prov, 0);
304 	if (priv->cert)
305 		CertFreeCertificateContext(priv->cert);
306 	os_free(priv);
307 }
308 
309 
310 static int cryptoapi_finish(RSA *rsa)
311 {
312 	cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
313 	os_free((void *) rsa->meth);
314 	rsa->meth = NULL;
315 	return 1;
316 }
317 
318 
319 static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store)
320 {
321 	HCERTSTORE cs;
322 	const CERT_CONTEXT *ret = NULL;
323 
324 	cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0,
325 			   store | CERT_STORE_OPEN_EXISTING_FLAG |
326 			   CERT_STORE_READONLY_FLAG, L"MY");
327 	if (cs == NULL) {
328 		cryptoapi_error("Failed to open 'My system store'");
329 		return NULL;
330 	}
331 
332 	if (strncmp(name, "cert://", 7) == 0) {
333 		unsigned short wbuf[255];
334 		MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
335 		ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING |
336 						 PKCS_7_ASN_ENCODING,
337 						 0, CERT_FIND_SUBJECT_STR,
338 						 wbuf, NULL);
339 	} else if (strncmp(name, "hash://", 7) == 0) {
340 		CRYPT_HASH_BLOB blob;
341 		int len;
342 		const char *hash = name + 7;
343 		unsigned char *buf;
344 
345 		len = os_strlen(hash) / 2;
346 		buf = os_malloc(len);
347 		if (buf && hexstr2bin(hash, buf, len) == 0) {
348 			blob.cbData = len;
349 			blob.pbData = buf;
350 			ret = CertFindCertificateInStore(cs,
351 							 X509_ASN_ENCODING |
352 							 PKCS_7_ASN_ENCODING,
353 							 0, CERT_FIND_HASH,
354 							 &blob, NULL);
355 		}
356 		os_free(buf);
357 	}
358 
359 	CertCloseStore(cs, 0);
360 
361 	return ret;
362 }
363 
364 
365 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
366 {
367 	X509 *cert = NULL;
368 	RSA *rsa = NULL, *pub_rsa;
369 	struct cryptoapi_rsa_data *priv;
370 	RSA_METHOD *rsa_meth;
371 
372 	if (name == NULL ||
373 	    (strncmp(name, "cert://", 7) != 0 &&
374 	     strncmp(name, "hash://", 7) != 0))
375 		return -1;
376 
377 	priv = os_zalloc(sizeof(*priv));
378 	rsa_meth = os_zalloc(sizeof(*rsa_meth));
379 	if (priv == NULL || rsa_meth == NULL) {
380 		wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory "
381 			   "for CryptoAPI RSA method");
382 		os_free(priv);
383 		os_free(rsa_meth);
384 		return -1;
385 	}
386 
387 	priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
388 	if (priv->cert == NULL) {
389 		priv->cert = cryptoapi_find_cert(
390 			name, CERT_SYSTEM_STORE_LOCAL_MACHINE);
391 	}
392 	if (priv->cert == NULL) {
393 		wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate "
394 			   "'%s'", name);
395 		goto err;
396 	}
397 
398 	cert = d2i_X509(NULL,
399 			(const unsigned char **) &priv->cert->pbCertEncoded,
400 			priv->cert->cbCertEncoded);
401 	if (cert == NULL) {
402 		wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
403 			   "encoding");
404 		goto err;
405 	}
406 
407 	if (!CryptAcquireCertificatePrivateKey(priv->cert,
408 					       CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
409 					       NULL, &priv->crypt_prov,
410 					       &priv->key_spec,
411 					       &priv->free_crypt_prov)) {
412 		cryptoapi_error("Failed to acquire a private key for the "
413 				"certificate");
414 		goto err;
415 	}
416 
417 	rsa_meth->name = "Microsoft CryptoAPI RSA Method";
418 	rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
419 	rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
420 	rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
421 	rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
422 	rsa_meth->finish = cryptoapi_finish;
423 	rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
424 	rsa_meth->app_data = (char *) priv;
425 
426 	rsa = RSA_new();
427 	if (rsa == NULL) {
428 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,
429 		       ERR_R_MALLOC_FAILURE);
430 		goto err;
431 	}
432 
433 	if (!SSL_use_certificate(ssl, cert)) {
434 		RSA_free(rsa);
435 		rsa = NULL;
436 		goto err;
437 	}
438 	pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
439 	X509_free(cert);
440 	cert = NULL;
441 
442 	rsa->n = BN_dup(pub_rsa->n);
443 	rsa->e = BN_dup(pub_rsa->e);
444 	if (!RSA_set_method(rsa, rsa_meth))
445 		goto err;
446 
447 	if (!SSL_use_RSAPrivateKey(ssl, rsa))
448 		goto err;
449 	RSA_free(rsa);
450 
451 	return 0;
452 
453 err:
454 	if (cert)
455 		X509_free(cert);
456 	if (rsa)
457 		RSA_free(rsa);
458 	else {
459 		os_free(rsa_meth);
460 		cryptoapi_free_data(priv);
461 	}
462 	return -1;
463 }
464 
465 
466 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
467 {
468 	HCERTSTORE cs;
469 	PCCERT_CONTEXT ctx = NULL;
470 	X509 *cert;
471 	char buf[128];
472 	const char *store;
473 #ifdef UNICODE
474 	WCHAR *wstore;
475 #endif /* UNICODE */
476 
477 	if (name == NULL || strncmp(name, "cert_store://", 13) != 0)
478 		return -1;
479 
480 	store = name + 13;
481 #ifdef UNICODE
482 	wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR));
483 	if (wstore == NULL)
484 		return -1;
485 	wsprintf(wstore, L"%S", store);
486 	cs = CertOpenSystemStore(0, wstore);
487 	os_free(wstore);
488 #else /* UNICODE */
489 	cs = CertOpenSystemStore(0, store);
490 #endif /* UNICODE */
491 	if (cs == NULL) {
492 		wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
493 			   "'%s': error=%d", __func__, store,
494 			   (int) GetLastError());
495 		return -1;
496 	}
497 
498 	while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
499 		cert = d2i_X509(NULL,
500 				(const unsigned char **) &ctx->pbCertEncoded,
501 				ctx->cbCertEncoded);
502 		if (cert == NULL) {
503 			wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
504 				   "X509 DER encoding for CA cert");
505 			continue;
506 		}
507 
508 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
509 				  sizeof(buf));
510 		wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for "
511 			   "system certificate store: subject='%s'", buf);
512 
513 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
514 			tls_show_errors(MSG_WARNING, __func__,
515 					"Failed to add ca_cert to OpenSSL "
516 					"certificate store");
517 		}
518 
519 		X509_free(cert);
520 	}
521 
522 	if (!CertCloseStore(cs, 0)) {
523 		wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
524 			   "'%s': error=%d", __func__, name + 13,
525 			   (int) GetLastError());
526 	}
527 
528 	return 0;
529 }
530 
531 
532 #else /* CONFIG_NATIVE_WINDOWS */
533 
534 static int tls_cryptoapi_cert(SSL *ssl, const char *name)
535 {
536 	return -1;
537 }
538 
539 #endif /* CONFIG_NATIVE_WINDOWS */
540 
541 
542 static void ssl_info_cb(const SSL *ssl, int where, int ret)
543 {
544 	const char *str;
545 	int w;
546 
547 	wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret);
548 	w = where & ~SSL_ST_MASK;
549 	if (w & SSL_ST_CONNECT)
550 		str = "SSL_connect";
551 	else if (w & SSL_ST_ACCEPT)
552 		str = "SSL_accept";
553 	else
554 		str = "undefined";
555 
556 	if (where & SSL_CB_LOOP) {
557 		wpa_printf(MSG_DEBUG, "SSL: %s:%s",
558 			   str, SSL_state_string_long(ssl));
559 	} else if (where & SSL_CB_ALERT) {
560 		struct tls_connection *conn = SSL_get_app_data((SSL *) ssl);
561 		wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s",
562 			   where & SSL_CB_READ ?
563 			   "read (remote end reported an error)" :
564 			   "write (local SSL3 detected an error)",
565 			   SSL_alert_type_string_long(ret),
566 			   SSL_alert_desc_string_long(ret));
567 		if ((ret >> 8) == SSL3_AL_FATAL) {
568 			if (where & SSL_CB_READ)
569 				conn->read_alerts++;
570 			else
571 				conn->write_alerts++;
572 		}
573 		if (conn->context->event_cb != NULL) {
574 			union tls_event_data ev;
575 			struct tls_context *context = conn->context;
576 			os_memset(&ev, 0, sizeof(ev));
577 			ev.alert.is_local = !(where & SSL_CB_READ);
578 			ev.alert.type = SSL_alert_type_string_long(ret);
579 			ev.alert.description = SSL_alert_desc_string_long(ret);
580 			context->event_cb(context->cb_ctx, TLS_ALERT, &ev);
581 		}
582 	} else if (where & SSL_CB_EXIT && ret <= 0) {
583 		wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s",
584 			   str, ret == 0 ? "failed" : "error",
585 			   SSL_state_string_long(ssl));
586 	}
587 }
588 
589 
590 #ifndef OPENSSL_NO_ENGINE
591 /**
592  * tls_engine_load_dynamic_generic - load any openssl engine
593  * @pre: an array of commands and values that load an engine initialized
594  *       in the engine specific function
595  * @post: an array of commands and values that initialize an already loaded
596  *        engine (or %NULL if not required)
597  * @id: the engine id of the engine to load (only required if post is not %NULL
598  *
599  * This function is a generic function that loads any openssl engine.
600  *
601  * Returns: 0 on success, -1 on failure
602  */
603 static int tls_engine_load_dynamic_generic(const char *pre[],
604 					   const char *post[], const char *id)
605 {
606 	ENGINE *engine;
607 	const char *dynamic_id = "dynamic";
608 
609 	engine = ENGINE_by_id(id);
610 	if (engine) {
611 		ENGINE_free(engine);
612 		wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
613 			   "available", id);
614 		return 0;
615 	}
616 	ERR_clear_error();
617 
618 	engine = ENGINE_by_id(dynamic_id);
619 	if (engine == NULL) {
620 		wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
621 			   dynamic_id,
622 			   ERR_error_string(ERR_get_error(), NULL));
623 		return -1;
624 	}
625 
626 	/* Perform the pre commands. This will load the engine. */
627 	while (pre && pre[0]) {
628 		wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
629 		if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
630 			wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
631 				   "%s %s [%s]", pre[0], pre[1],
632 				   ERR_error_string(ERR_get_error(), NULL));
633 			ENGINE_free(engine);
634 			return -1;
635 		}
636 		pre += 2;
637 	}
638 
639 	/*
640 	 * Free the reference to the "dynamic" engine. The loaded engine can
641 	 * now be looked up using ENGINE_by_id().
642 	 */
643 	ENGINE_free(engine);
644 
645 	engine = ENGINE_by_id(id);
646 	if (engine == NULL) {
647 		wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
648 			   id, ERR_error_string(ERR_get_error(), NULL));
649 		return -1;
650 	}
651 
652 	while (post && post[0]) {
653 		wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
654 		if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
655 			wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
656 				" %s %s [%s]", post[0], post[1],
657 				   ERR_error_string(ERR_get_error(), NULL));
658 			ENGINE_remove(engine);
659 			ENGINE_free(engine);
660 			return -1;
661 		}
662 		post += 2;
663 	}
664 	ENGINE_free(engine);
665 
666 	return 0;
667 }
668 
669 
670 /**
671  * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
672  * @pkcs11_so_path: pksc11_so_path from the configuration
673  * @pcks11_module_path: pkcs11_module_path from the configuration
674  */
675 static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
676 					  const char *pkcs11_module_path)
677 {
678 	char *engine_id = "pkcs11";
679 	const char *pre_cmd[] = {
680 		"SO_PATH", NULL /* pkcs11_so_path */,
681 		"ID", NULL /* engine_id */,
682 		"LIST_ADD", "1",
683 		/* "NO_VCHECK", "1", */
684 		"LOAD", NULL,
685 		NULL, NULL
686 	};
687 	const char *post_cmd[] = {
688 		"MODULE_PATH", NULL /* pkcs11_module_path */,
689 		NULL, NULL
690 	};
691 
692 	if (!pkcs11_so_path)
693 		return 0;
694 
695 	pre_cmd[1] = pkcs11_so_path;
696 	pre_cmd[3] = engine_id;
697 	if (pkcs11_module_path)
698 		post_cmd[1] = pkcs11_module_path;
699 	else
700 		post_cmd[0] = NULL;
701 
702 	wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
703 		   pkcs11_so_path);
704 
705 	return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id);
706 }
707 
708 
709 /**
710  * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
711  * @opensc_so_path: opensc_so_path from the configuration
712  */
713 static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
714 {
715 	char *engine_id = "opensc";
716 	const char *pre_cmd[] = {
717 		"SO_PATH", NULL /* opensc_so_path */,
718 		"ID", NULL /* engine_id */,
719 		"LIST_ADD", "1",
720 		"LOAD", NULL,
721 		NULL, NULL
722 	};
723 
724 	if (!opensc_so_path)
725 		return 0;
726 
727 	pre_cmd[1] = opensc_so_path;
728 	pre_cmd[3] = engine_id;
729 
730 	wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s",
731 		   opensc_so_path);
732 
733 	return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id);
734 }
735 #endif /* OPENSSL_NO_ENGINE */
736 
737 
738 void * tls_init(const struct tls_config *conf)
739 {
740 	SSL_CTX *ssl;
741 	struct tls_context *context;
742 	const char *ciphers;
743 
744 	if (tls_openssl_ref_count == 0) {
745 		tls_global = context = tls_context_new(conf);
746 		if (context == NULL)
747 			return NULL;
748 #ifdef CONFIG_FIPS
749 #ifdef OPENSSL_FIPS
750 		if (conf && conf->fips_mode) {
751 			if (!FIPS_mode_set(1)) {
752 				wpa_printf(MSG_ERROR, "Failed to enable FIPS "
753 					   "mode");
754 				ERR_load_crypto_strings();
755 				ERR_print_errors_fp(stderr);
756 				os_free(tls_global);
757 				tls_global = NULL;
758 				return NULL;
759 			} else
760 				wpa_printf(MSG_INFO, "Running in FIPS mode");
761 		}
762 #else /* OPENSSL_FIPS */
763 		if (conf && conf->fips_mode) {
764 			wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
765 				   "supported");
766 			os_free(tls_global);
767 			tls_global = NULL;
768 			return NULL;
769 		}
770 #endif /* OPENSSL_FIPS */
771 #endif /* CONFIG_FIPS */
772 		SSL_load_error_strings();
773 		SSL_library_init();
774 #ifndef OPENSSL_NO_SHA256
775 		EVP_add_digest(EVP_sha256());
776 #endif /* OPENSSL_NO_SHA256 */
777 		/* TODO: if /dev/urandom is available, PRNG is seeded
778 		 * automatically. If this is not the case, random data should
779 		 * be added here. */
780 
781 #ifdef PKCS12_FUNCS
782 #ifndef OPENSSL_NO_RC2
783 		/*
784 		 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
785 		 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8
786 		 * versions, but it looks like OpenSSL 1.0.0 does not do that
787 		 * anymore.
788 		 */
789 		EVP_add_cipher(EVP_rc2_40_cbc());
790 #endif /* OPENSSL_NO_RC2 */
791 		PKCS12_PBE_add();
792 #endif  /* PKCS12_FUNCS */
793 	} else {
794 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
795 		/* Newer OpenSSL can store app-data per-SSL */
796 		context = tls_context_new(conf);
797 		if (context == NULL)
798 			return NULL;
799 #else /* OPENSSL_SUPPORTS_CTX_APP_DATA */
800 		context = tls_global;
801 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
802 	}
803 	tls_openssl_ref_count++;
804 
805 	ssl = SSL_CTX_new(SSLv23_method());
806 	if (ssl == NULL) {
807 		tls_openssl_ref_count--;
808 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
809 		if (context != tls_global)
810 			os_free(context);
811 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
812 		if (tls_openssl_ref_count == 0) {
813 			os_free(tls_global);
814 			tls_global = NULL;
815 		}
816 		return NULL;
817 	}
818 
819 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
820 	SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
821 
822 	SSL_CTX_set_info_callback(ssl, ssl_info_cb);
823 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
824 	SSL_CTX_set_app_data(ssl, context);
825 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
826 
827 #ifndef OPENSSL_NO_ENGINE
828 	wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
829 	ERR_load_ENGINE_strings();
830 	ENGINE_load_dynamic();
831 
832 	if (conf &&
833 	    (conf->opensc_engine_path || conf->pkcs11_engine_path ||
834 	     conf->pkcs11_module_path)) {
835 		if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
836 		    tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
837 						   conf->pkcs11_module_path)) {
838 			tls_deinit(ssl);
839 			return NULL;
840 		}
841 	}
842 #endif /* OPENSSL_NO_ENGINE */
843 
844 	if (conf && conf->openssl_ciphers)
845 		ciphers = conf->openssl_ciphers;
846 	else
847 		ciphers = "DEFAULT:!EXP:!LOW";
848 	if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) {
849 		wpa_printf(MSG_ERROR,
850 			   "OpenSSL: Failed to set cipher string '%s'",
851 			   ciphers);
852 		tls_deinit(ssl);
853 		return NULL;
854 	}
855 
856 	return ssl;
857 }
858 
859 
860 void tls_deinit(void *ssl_ctx)
861 {
862 	SSL_CTX *ssl = ssl_ctx;
863 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
864 	struct tls_context *context = SSL_CTX_get_app_data(ssl);
865 	if (context != tls_global)
866 		os_free(context);
867 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
868 	SSL_CTX_free(ssl);
869 
870 	tls_openssl_ref_count--;
871 	if (tls_openssl_ref_count == 0) {
872 #ifndef OPENSSL_NO_ENGINE
873 		ENGINE_cleanup();
874 #endif /* OPENSSL_NO_ENGINE */
875 		CRYPTO_cleanup_all_ex_data();
876 		ERR_remove_thread_state(NULL);
877 		ERR_free_strings();
878 		EVP_cleanup();
879 		os_free(tls_global->ocsp_stapling_response);
880 		tls_global->ocsp_stapling_response = NULL;
881 		os_free(tls_global);
882 		tls_global = NULL;
883 	}
884 }
885 
886 
887 static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
888 			   const char *pin, const char *key_id,
889 			   const char *cert_id, const char *ca_cert_id)
890 {
891 #ifndef OPENSSL_NO_ENGINE
892 	int ret = -1;
893 	if (engine_id == NULL) {
894 		wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
895 		return -1;
896 	}
897 
898 	ERR_clear_error();
899 #ifdef ANDROID
900 	ENGINE_load_dynamic();
901 #endif
902 	conn->engine = ENGINE_by_id(engine_id);
903 	if (!conn->engine) {
904 		wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
905 			   engine_id, ERR_error_string(ERR_get_error(), NULL));
906 		goto err;
907 	}
908 	if (ENGINE_init(conn->engine) != 1) {
909 		wpa_printf(MSG_ERROR, "ENGINE: engine init failed "
910 			   "(engine: %s) [%s]", engine_id,
911 			   ERR_error_string(ERR_get_error(), NULL));
912 		goto err;
913 	}
914 	wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
915 
916 #ifndef ANDROID
917 	if (pin && ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
918 		wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
919 			   ERR_error_string(ERR_get_error(), NULL));
920 		goto err;
921 	}
922 #endif
923 	if (key_id) {
924 		/*
925 		 * Ensure that the ENGINE does not attempt to use the OpenSSL
926 		 * UI system to obtain a PIN, if we didn't provide one.
927 		 */
928 		struct {
929 			const void *password;
930 			const char *prompt_info;
931 		} key_cb = { "", NULL };
932 
933 		/* load private key first in-case PIN is required for cert */
934 		conn->private_key = ENGINE_load_private_key(conn->engine,
935 							    key_id, NULL,
936 							    &key_cb);
937 		if (!conn->private_key) {
938 			wpa_printf(MSG_ERROR,
939 				   "ENGINE: cannot load private key with id '%s' [%s]",
940 				   key_id,
941 				   ERR_error_string(ERR_get_error(), NULL));
942 			ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
943 			goto err;
944 		}
945 	}
946 
947 	/* handle a certificate and/or CA certificate */
948 	if (cert_id || ca_cert_id) {
949 		const char *cmd_name = "LOAD_CERT_CTRL";
950 
951 		/* test if the engine supports a LOAD_CERT_CTRL */
952 		if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
953 				 0, (void *)cmd_name, NULL)) {
954 			wpa_printf(MSG_ERROR, "ENGINE: engine does not support"
955 				   " loading certificates");
956 			ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
957 			goto err;
958 		}
959 	}
960 
961 	return 0;
962 
963 err:
964 	if (conn->engine) {
965 		ENGINE_free(conn->engine);
966 		conn->engine = NULL;
967 	}
968 
969 	if (conn->private_key) {
970 		EVP_PKEY_free(conn->private_key);
971 		conn->private_key = NULL;
972 	}
973 
974 	return ret;
975 #else /* OPENSSL_NO_ENGINE */
976 	return 0;
977 #endif /* OPENSSL_NO_ENGINE */
978 }
979 
980 
981 static void tls_engine_deinit(struct tls_connection *conn)
982 {
983 #ifndef OPENSSL_NO_ENGINE
984 	wpa_printf(MSG_DEBUG, "ENGINE: engine deinit");
985 	if (conn->private_key) {
986 		EVP_PKEY_free(conn->private_key);
987 		conn->private_key = NULL;
988 	}
989 	if (conn->engine) {
990 		ENGINE_finish(conn->engine);
991 		conn->engine = NULL;
992 	}
993 #endif /* OPENSSL_NO_ENGINE */
994 }
995 
996 
997 int tls_get_errors(void *ssl_ctx)
998 {
999 	int count = 0;
1000 	unsigned long err;
1001 
1002 	while ((err = ERR_get_error())) {
1003 		wpa_printf(MSG_INFO, "TLS - SSL error: %s",
1004 			   ERR_error_string(err, NULL));
1005 		count++;
1006 	}
1007 
1008 	return count;
1009 }
1010 
1011 
1012 static void tls_msg_cb(int write_p, int version, int content_type,
1013 		       const void *buf, size_t len, SSL *ssl, void *arg)
1014 {
1015 	struct tls_connection *conn = arg;
1016 	const u8 *pos = buf;
1017 
1018 	wpa_printf(MSG_DEBUG, "OpenSSL: %s ver=0x%x content_type=%d",
1019 		   write_p ? "TX" : "RX", version, content_type);
1020 	wpa_hexdump_key(MSG_MSGDUMP, "OpenSSL: Message", buf, len);
1021 	if (content_type == 24 && len >= 3 && pos[0] == 1) {
1022 		size_t payload_len = WPA_GET_BE16(pos + 1);
1023 		if (payload_len + 3 > len) {
1024 			wpa_printf(MSG_ERROR, "OpenSSL: Heartbeat attack detected");
1025 			conn->invalid_hb_used = 1;
1026 		}
1027 	}
1028 }
1029 
1030 
1031 struct tls_connection * tls_connection_init(void *ssl_ctx)
1032 {
1033 	SSL_CTX *ssl = ssl_ctx;
1034 	struct tls_connection *conn;
1035 	long options;
1036 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
1037 	struct tls_context *context = SSL_CTX_get_app_data(ssl);
1038 #else /* OPENSSL_SUPPORTS_CTX_APP_DATA */
1039 	struct tls_context *context = tls_global;
1040 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
1041 
1042 	conn = os_zalloc(sizeof(*conn));
1043 	if (conn == NULL)
1044 		return NULL;
1045 	conn->ssl_ctx = ssl_ctx;
1046 	conn->ssl = SSL_new(ssl);
1047 	if (conn->ssl == NULL) {
1048 		tls_show_errors(MSG_INFO, __func__,
1049 				"Failed to initialize new SSL connection");
1050 		os_free(conn);
1051 		return NULL;
1052 	}
1053 
1054 	conn->context = context;
1055 	SSL_set_app_data(conn->ssl, conn);
1056 	SSL_set_msg_callback(conn->ssl, tls_msg_cb);
1057 	SSL_set_msg_callback_arg(conn->ssl, conn);
1058 	options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
1059 		SSL_OP_SINGLE_DH_USE;
1060 #ifdef SSL_OP_NO_COMPRESSION
1061 	options |= SSL_OP_NO_COMPRESSION;
1062 #endif /* SSL_OP_NO_COMPRESSION */
1063 	SSL_set_options(conn->ssl, options);
1064 
1065 	conn->ssl_in = BIO_new(BIO_s_mem());
1066 	if (!conn->ssl_in) {
1067 		tls_show_errors(MSG_INFO, __func__,
1068 				"Failed to create a new BIO for ssl_in");
1069 		SSL_free(conn->ssl);
1070 		os_free(conn);
1071 		return NULL;
1072 	}
1073 
1074 	conn->ssl_out = BIO_new(BIO_s_mem());
1075 	if (!conn->ssl_out) {
1076 		tls_show_errors(MSG_INFO, __func__,
1077 				"Failed to create a new BIO for ssl_out");
1078 		SSL_free(conn->ssl);
1079 		BIO_free(conn->ssl_in);
1080 		os_free(conn);
1081 		return NULL;
1082 	}
1083 
1084 	SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1085 
1086 	return conn;
1087 }
1088 
1089 
1090 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn)
1091 {
1092 	if (conn == NULL)
1093 		return;
1094 	SSL_free(conn->ssl);
1095 	tls_engine_deinit(conn);
1096 	os_free(conn->subject_match);
1097 	os_free(conn->altsubject_match);
1098 	os_free(conn->suffix_match);
1099 	os_free(conn->domain_match);
1100 	os_free(conn->session_ticket);
1101 	os_free(conn);
1102 }
1103 
1104 
1105 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
1106 {
1107 	return conn ? SSL_is_init_finished(conn->ssl) : 0;
1108 }
1109 
1110 
1111 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
1112 {
1113 	if (conn == NULL)
1114 		return -1;
1115 
1116 	/* Shutdown previous TLS connection without notifying the peer
1117 	 * because the connection was already terminated in practice
1118 	 * and "close notify" shutdown alert would confuse AS. */
1119 	SSL_set_quiet_shutdown(conn->ssl, 1);
1120 	SSL_shutdown(conn->ssl);
1121 	return 0;
1122 }
1123 
1124 
1125 static int tls_match_altsubject_component(X509 *cert, int type,
1126 					  const char *value, size_t len)
1127 {
1128 	GENERAL_NAME *gen;
1129 	void *ext;
1130 	int found = 0;
1131 	stack_index_t i;
1132 
1133 	ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1134 
1135 	for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1136 		gen = sk_GENERAL_NAME_value(ext, i);
1137 		if (gen->type != type)
1138 			continue;
1139 		if (os_strlen((char *) gen->d.ia5->data) == len &&
1140 		    os_memcmp(value, gen->d.ia5->data, len) == 0)
1141 			found++;
1142 	}
1143 
1144 	return found;
1145 }
1146 
1147 
1148 static int tls_match_altsubject(X509 *cert, const char *match)
1149 {
1150 	int type;
1151 	const char *pos, *end;
1152 	size_t len;
1153 
1154 	pos = match;
1155 	do {
1156 		if (os_strncmp(pos, "EMAIL:", 6) == 0) {
1157 			type = GEN_EMAIL;
1158 			pos += 6;
1159 		} else if (os_strncmp(pos, "DNS:", 4) == 0) {
1160 			type = GEN_DNS;
1161 			pos += 4;
1162 		} else if (os_strncmp(pos, "URI:", 4) == 0) {
1163 			type = GEN_URI;
1164 			pos += 4;
1165 		} else {
1166 			wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName "
1167 				   "match '%s'", pos);
1168 			return 0;
1169 		}
1170 		end = os_strchr(pos, ';');
1171 		while (end) {
1172 			if (os_strncmp(end + 1, "EMAIL:", 6) == 0 ||
1173 			    os_strncmp(end + 1, "DNS:", 4) == 0 ||
1174 			    os_strncmp(end + 1, "URI:", 4) == 0)
1175 				break;
1176 			end = os_strchr(end + 1, ';');
1177 		}
1178 		if (end)
1179 			len = end - pos;
1180 		else
1181 			len = os_strlen(pos);
1182 		if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1183 			return 1;
1184 		pos = end + 1;
1185 	} while (end);
1186 
1187 	return 0;
1188 }
1189 
1190 
1191 #ifndef CONFIG_NATIVE_WINDOWS
1192 static int domain_suffix_match(const u8 *val, size_t len, const char *match,
1193 			       int full)
1194 {
1195 	size_t i, match_len;
1196 
1197 	/* Check for embedded nuls that could mess up suffix matching */
1198 	for (i = 0; i < len; i++) {
1199 		if (val[i] == '\0') {
1200 			wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject");
1201 			return 0;
1202 		}
1203 	}
1204 
1205 	match_len = os_strlen(match);
1206 	if (match_len > len || (full && match_len != len))
1207 		return 0;
1208 
1209 	if (os_strncasecmp((const char *) val + len - match_len, match,
1210 			   match_len) != 0)
1211 		return 0; /* no match */
1212 
1213 	if (match_len == len)
1214 		return 1; /* exact match */
1215 
1216 	if (val[len - match_len - 1] == '.')
1217 		return 1; /* full label match completes suffix match */
1218 
1219 	wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match");
1220 	return 0;
1221 }
1222 #endif /* CONFIG_NATIVE_WINDOWS */
1223 
1224 
1225 static int tls_match_suffix(X509 *cert, const char *match, int full)
1226 {
1227 #ifdef CONFIG_NATIVE_WINDOWS
1228 	/* wincrypt.h has conflicting X509_NAME definition */
1229 	return -1;
1230 #else /* CONFIG_NATIVE_WINDOWS */
1231 	GENERAL_NAME *gen;
1232 	void *ext;
1233 	int i;
1234 	stack_index_t j;
1235 	int dns_name = 0;
1236 	X509_NAME *name;
1237 
1238 	wpa_printf(MSG_DEBUG, "TLS: Match domain against %s%s",
1239 		   full ? "": "suffix ", match);
1240 
1241 	ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1242 
1243 	for (j = 0; ext && j < sk_GENERAL_NAME_num(ext); j++) {
1244 		gen = sk_GENERAL_NAME_value(ext, j);
1245 		if (gen->type != GEN_DNS)
1246 			continue;
1247 		dns_name++;
1248 		wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
1249 				  gen->d.dNSName->data,
1250 				  gen->d.dNSName->length);
1251 		if (domain_suffix_match(gen->d.dNSName->data,
1252 					gen->d.dNSName->length, match, full) ==
1253 		    1) {
1254 			wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found",
1255 				   full ? "Match" : "Suffix match");
1256 			return 1;
1257 		}
1258 	}
1259 
1260 	if (dns_name) {
1261 		wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched");
1262 		return 0;
1263 	}
1264 
1265 	name = X509_get_subject_name(cert);
1266 	i = -1;
1267 	for (;;) {
1268 		X509_NAME_ENTRY *e;
1269 		ASN1_STRING *cn;
1270 
1271 		i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
1272 		if (i == -1)
1273 			break;
1274 		e = X509_NAME_get_entry(name, i);
1275 		if (e == NULL)
1276 			continue;
1277 		cn = X509_NAME_ENTRY_get_data(e);
1278 		if (cn == NULL)
1279 			continue;
1280 		wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName",
1281 				  cn->data, cn->length);
1282 		if (domain_suffix_match(cn->data, cn->length, match, full) == 1)
1283 		{
1284 			wpa_printf(MSG_DEBUG, "TLS: %s in commonName found",
1285 				   full ? "Match" : "Suffix match");
1286 			return 1;
1287 		}
1288 	}
1289 
1290 	wpa_printf(MSG_DEBUG, "TLS: No CommonName %smatch found",
1291 		   full ? "": "suffix ");
1292 	return 0;
1293 #endif /* CONFIG_NATIVE_WINDOWS */
1294 }
1295 
1296 
1297 static enum tls_fail_reason openssl_tls_fail_reason(int err)
1298 {
1299 	switch (err) {
1300 	case X509_V_ERR_CERT_REVOKED:
1301 		return TLS_FAIL_REVOKED;
1302 	case X509_V_ERR_CERT_NOT_YET_VALID:
1303 	case X509_V_ERR_CRL_NOT_YET_VALID:
1304 		return TLS_FAIL_NOT_YET_VALID;
1305 	case X509_V_ERR_CERT_HAS_EXPIRED:
1306 	case X509_V_ERR_CRL_HAS_EXPIRED:
1307 		return TLS_FAIL_EXPIRED;
1308 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
1309 	case X509_V_ERR_UNABLE_TO_GET_CRL:
1310 	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
1311 	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1312 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1313 	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1314 	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1315 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
1316 	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
1317 	case X509_V_ERR_INVALID_CA:
1318 		return TLS_FAIL_UNTRUSTED;
1319 	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
1320 	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
1321 	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
1322 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
1323 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
1324 	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
1325 	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
1326 	case X509_V_ERR_CERT_UNTRUSTED:
1327 	case X509_V_ERR_CERT_REJECTED:
1328 		return TLS_FAIL_BAD_CERTIFICATE;
1329 	default:
1330 		return TLS_FAIL_UNSPECIFIED;
1331 	}
1332 }
1333 
1334 
1335 static struct wpabuf * get_x509_cert(X509 *cert)
1336 {
1337 	struct wpabuf *buf;
1338 	u8 *tmp;
1339 
1340 	int cert_len = i2d_X509(cert, NULL);
1341 	if (cert_len <= 0)
1342 		return NULL;
1343 
1344 	buf = wpabuf_alloc(cert_len);
1345 	if (buf == NULL)
1346 		return NULL;
1347 
1348 	tmp = wpabuf_put(buf, cert_len);
1349 	i2d_X509(cert, &tmp);
1350 	return buf;
1351 }
1352 
1353 
1354 static void openssl_tls_fail_event(struct tls_connection *conn,
1355 				   X509 *err_cert, int err, int depth,
1356 				   const char *subject, const char *err_str,
1357 				   enum tls_fail_reason reason)
1358 {
1359 	union tls_event_data ev;
1360 	struct wpabuf *cert = NULL;
1361 	struct tls_context *context = conn->context;
1362 
1363 	if (context->event_cb == NULL)
1364 		return;
1365 
1366 	cert = get_x509_cert(err_cert);
1367 	os_memset(&ev, 0, sizeof(ev));
1368 	ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ?
1369 		reason : openssl_tls_fail_reason(err);
1370 	ev.cert_fail.depth = depth;
1371 	ev.cert_fail.subject = subject;
1372 	ev.cert_fail.reason_txt = err_str;
1373 	ev.cert_fail.cert = cert;
1374 	context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev);
1375 	wpabuf_free(cert);
1376 }
1377 
1378 
1379 static void openssl_tls_cert_event(struct tls_connection *conn,
1380 				   X509 *err_cert, int depth,
1381 				   const char *subject)
1382 {
1383 	struct wpabuf *cert = NULL;
1384 	union tls_event_data ev;
1385 	struct tls_context *context = conn->context;
1386 	char *altsubject[TLS_MAX_ALT_SUBJECT];
1387 	int alt, num_altsubject = 0;
1388 	GENERAL_NAME *gen;
1389 	void *ext;
1390 	stack_index_t i;
1391 #ifdef CONFIG_SHA256
1392 	u8 hash[32];
1393 #endif /* CONFIG_SHA256 */
1394 
1395 	if (context->event_cb == NULL)
1396 		return;
1397 
1398 	os_memset(&ev, 0, sizeof(ev));
1399 	if (conn->cert_probe || context->cert_in_cb) {
1400 		cert = get_x509_cert(err_cert);
1401 		ev.peer_cert.cert = cert;
1402 	}
1403 #ifdef CONFIG_SHA256
1404 	if (cert) {
1405 		const u8 *addr[1];
1406 		size_t len[1];
1407 		addr[0] = wpabuf_head(cert);
1408 		len[0] = wpabuf_len(cert);
1409 		if (sha256_vector(1, addr, len, hash) == 0) {
1410 			ev.peer_cert.hash = hash;
1411 			ev.peer_cert.hash_len = sizeof(hash);
1412 		}
1413 	}
1414 #endif /* CONFIG_SHA256 */
1415 	ev.peer_cert.depth = depth;
1416 	ev.peer_cert.subject = subject;
1417 
1418 	ext = X509_get_ext_d2i(err_cert, NID_subject_alt_name, NULL, NULL);
1419 	for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1420 		char *pos;
1421 
1422 		if (num_altsubject == TLS_MAX_ALT_SUBJECT)
1423 			break;
1424 		gen = sk_GENERAL_NAME_value(ext, i);
1425 		if (gen->type != GEN_EMAIL &&
1426 		    gen->type != GEN_DNS &&
1427 		    gen->type != GEN_URI)
1428 			continue;
1429 
1430 		pos = os_malloc(10 + gen->d.ia5->length + 1);
1431 		if (pos == NULL)
1432 			break;
1433 		altsubject[num_altsubject++] = pos;
1434 
1435 		switch (gen->type) {
1436 		case GEN_EMAIL:
1437 			os_memcpy(pos, "EMAIL:", 6);
1438 			pos += 6;
1439 			break;
1440 		case GEN_DNS:
1441 			os_memcpy(pos, "DNS:", 4);
1442 			pos += 4;
1443 			break;
1444 		case GEN_URI:
1445 			os_memcpy(pos, "URI:", 4);
1446 			pos += 4;
1447 			break;
1448 		}
1449 
1450 		os_memcpy(pos, gen->d.ia5->data, gen->d.ia5->length);
1451 		pos += gen->d.ia5->length;
1452 		*pos = '\0';
1453 	}
1454 
1455 	for (alt = 0; alt < num_altsubject; alt++)
1456 		ev.peer_cert.altsubject[alt] = altsubject[alt];
1457 	ev.peer_cert.num_altsubject = num_altsubject;
1458 
1459 	context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev);
1460 	wpabuf_free(cert);
1461 	for (alt = 0; alt < num_altsubject; alt++)
1462 		os_free(altsubject[alt]);
1463 }
1464 
1465 
1466 static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
1467 {
1468 	char buf[256];
1469 	X509 *err_cert;
1470 	int err, depth;
1471 	SSL *ssl;
1472 	struct tls_connection *conn;
1473 	struct tls_context *context;
1474 	char *match, *altmatch, *suffix_match, *domain_match;
1475 	const char *err_str;
1476 
1477 	err_cert = X509_STORE_CTX_get_current_cert(x509_ctx);
1478 	if (!err_cert)
1479 		return 0;
1480 
1481 	err = X509_STORE_CTX_get_error(x509_ctx);
1482 	depth = X509_STORE_CTX_get_error_depth(x509_ctx);
1483 	ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
1484 					 SSL_get_ex_data_X509_STORE_CTX_idx());
1485 	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
1486 
1487 	conn = SSL_get_app_data(ssl);
1488 	if (conn == NULL)
1489 		return 0;
1490 
1491 	if (depth == 0)
1492 		conn->peer_cert = err_cert;
1493 	else if (depth == 1)
1494 		conn->peer_issuer = err_cert;
1495 	else if (depth == 2)
1496 		conn->peer_issuer_issuer = err_cert;
1497 
1498 	context = conn->context;
1499 	match = conn->subject_match;
1500 	altmatch = conn->altsubject_match;
1501 	suffix_match = conn->suffix_match;
1502 	domain_match = conn->domain_match;
1503 
1504 	if (!preverify_ok && !conn->ca_cert_verify)
1505 		preverify_ok = 1;
1506 	if (!preverify_ok && depth > 0 && conn->server_cert_only)
1507 		preverify_ok = 1;
1508 	if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
1509 	    (err == X509_V_ERR_CERT_HAS_EXPIRED ||
1510 	     err == X509_V_ERR_CERT_NOT_YET_VALID)) {
1511 		wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity "
1512 			   "time mismatch");
1513 		preverify_ok = 1;
1514 	}
1515 
1516 	err_str = X509_verify_cert_error_string(err);
1517 
1518 #ifdef CONFIG_SHA256
1519 	/*
1520 	 * Do not require preverify_ok so we can explicity allow otherwise
1521 	 * invalid pinned server certificates.
1522 	 */
1523 	if (depth == 0 && conn->server_cert_only) {
1524 		struct wpabuf *cert;
1525 		cert = get_x509_cert(err_cert);
1526 		if (!cert) {
1527 			wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch "
1528 				   "server certificate data");
1529 			preverify_ok = 0;
1530 		} else {
1531 			u8 hash[32];
1532 			const u8 *addr[1];
1533 			size_t len[1];
1534 			addr[0] = wpabuf_head(cert);
1535 			len[0] = wpabuf_len(cert);
1536 			if (sha256_vector(1, addr, len, hash) < 0 ||
1537 			    os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
1538 				err_str = "Server certificate mismatch";
1539 				err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
1540 				preverify_ok = 0;
1541 			} else if (!preverify_ok) {
1542 				/*
1543 				 * Certificate matches pinned certificate, allow
1544 				 * regardless of other problems.
1545 				 */
1546 				wpa_printf(MSG_DEBUG,
1547 					   "OpenSSL: Ignore validation issues for a pinned server certificate");
1548 				preverify_ok = 1;
1549 			}
1550 			wpabuf_free(cert);
1551 		}
1552 	}
1553 #endif /* CONFIG_SHA256 */
1554 
1555 	if (!preverify_ok) {
1556 		wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
1557 			   " error %d (%s) depth %d for '%s'", err, err_str,
1558 			   depth, buf);
1559 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1560 				       err_str, TLS_FAIL_UNSPECIFIED);
1561 		return preverify_ok;
1562 	}
1563 
1564 	wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d "
1565 		   "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'",
1566 		   preverify_ok, err, err_str,
1567 		   conn->ca_cert_verify, depth, buf);
1568 	if (depth == 0 && match && os_strstr(buf, match) == NULL) {
1569 		wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not "
1570 			   "match with '%s'", buf, match);
1571 		preverify_ok = 0;
1572 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1573 				       "Subject mismatch",
1574 				       TLS_FAIL_SUBJECT_MISMATCH);
1575 	} else if (depth == 0 && altmatch &&
1576 		   !tls_match_altsubject(err_cert, altmatch)) {
1577 		wpa_printf(MSG_WARNING, "TLS: altSubjectName match "
1578 			   "'%s' not found", altmatch);
1579 		preverify_ok = 0;
1580 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1581 				       "AltSubject mismatch",
1582 				       TLS_FAIL_ALTSUBJECT_MISMATCH);
1583 	} else if (depth == 0 && suffix_match &&
1584 		   !tls_match_suffix(err_cert, suffix_match, 0)) {
1585 		wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found",
1586 			   suffix_match);
1587 		preverify_ok = 0;
1588 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1589 				       "Domain suffix mismatch",
1590 				       TLS_FAIL_DOMAIN_SUFFIX_MISMATCH);
1591 	} else if (depth == 0 && domain_match &&
1592 		   !tls_match_suffix(err_cert, domain_match, 1)) {
1593 		wpa_printf(MSG_WARNING, "TLS: Domain match '%s' not found",
1594 			   domain_match);
1595 		preverify_ok = 0;
1596 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1597 				       "Domain mismatch",
1598 				       TLS_FAIL_DOMAIN_MISMATCH);
1599 	} else
1600 		openssl_tls_cert_event(conn, err_cert, depth, buf);
1601 
1602 	if (conn->cert_probe && preverify_ok && depth == 0) {
1603 		wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
1604 			   "on probe-only run");
1605 		preverify_ok = 0;
1606 		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
1607 				       "Server certificate chain probe",
1608 				       TLS_FAIL_SERVER_CHAIN_PROBE);
1609 	}
1610 
1611 	if (preverify_ok && context->event_cb != NULL)
1612 		context->event_cb(context->cb_ctx,
1613 				  TLS_CERT_CHAIN_SUCCESS, NULL);
1614 
1615 	return preverify_ok;
1616 }
1617 
1618 
1619 #ifndef OPENSSL_NO_STDIO
1620 static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
1621 {
1622 	SSL_CTX *ssl_ctx = _ssl_ctx;
1623 	X509_LOOKUP *lookup;
1624 	int ret = 0;
1625 
1626 	lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(ssl_ctx),
1627 				       X509_LOOKUP_file());
1628 	if (lookup == NULL) {
1629 		tls_show_errors(MSG_WARNING, __func__,
1630 				"Failed add lookup for X509 store");
1631 		return -1;
1632 	}
1633 
1634 	if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) {
1635 		unsigned long err = ERR_peek_error();
1636 		tls_show_errors(MSG_WARNING, __func__,
1637 				"Failed load CA in DER format");
1638 		if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1639 		    ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1640 			wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1641 				   "cert already in hash table error",
1642 				   __func__);
1643 		} else
1644 			ret = -1;
1645 	}
1646 
1647 	return ret;
1648 }
1649 #endif /* OPENSSL_NO_STDIO */
1650 
1651 
1652 static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
1653 				  const char *ca_cert, const u8 *ca_cert_blob,
1654 				  size_t ca_cert_blob_len, const char *ca_path)
1655 {
1656 	SSL_CTX *ssl_ctx = _ssl_ctx;
1657 	X509_STORE *store;
1658 
1659 	/*
1660 	 * Remove previously configured trusted CA certificates before adding
1661 	 * new ones.
1662 	 */
1663 	store = X509_STORE_new();
1664 	if (store == NULL) {
1665 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
1666 			   "certificate store", __func__);
1667 		return -1;
1668 	}
1669 	SSL_CTX_set_cert_store(ssl_ctx, store);
1670 
1671 	SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1672 	conn->ca_cert_verify = 1;
1673 
1674 	if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) {
1675 		wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate "
1676 			   "chain");
1677 		conn->cert_probe = 1;
1678 		conn->ca_cert_verify = 0;
1679 		return 0;
1680 	}
1681 
1682 	if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) {
1683 #ifdef CONFIG_SHA256
1684 		const char *pos = ca_cert + 7;
1685 		if (os_strncmp(pos, "server/sha256/", 14) != 0) {
1686 			wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert "
1687 				   "hash value '%s'", ca_cert);
1688 			return -1;
1689 		}
1690 		pos += 14;
1691 		if (os_strlen(pos) != 32 * 2) {
1692 			wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 "
1693 				   "hash length in ca_cert '%s'", ca_cert);
1694 			return -1;
1695 		}
1696 		if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
1697 			wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash "
1698 				   "value in ca_cert '%s'", ca_cert);
1699 			return -1;
1700 		}
1701 		conn->server_cert_only = 1;
1702 		wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server "
1703 			   "certificate match");
1704 		return 0;
1705 #else /* CONFIG_SHA256 */
1706 		wpa_printf(MSG_INFO, "No SHA256 included in the build - "
1707 			   "cannot validate server certificate hash");
1708 		return -1;
1709 #endif /* CONFIG_SHA256 */
1710 	}
1711 
1712 	if (ca_cert_blob) {
1713 		X509 *cert = d2i_X509(NULL,
1714 				      (const unsigned char **) &ca_cert_blob,
1715 				      ca_cert_blob_len);
1716 		if (cert == NULL) {
1717 			tls_show_errors(MSG_WARNING, __func__,
1718 					"Failed to parse ca_cert_blob");
1719 			return -1;
1720 		}
1721 
1722 		if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx),
1723 					 cert)) {
1724 			unsigned long err = ERR_peek_error();
1725 			tls_show_errors(MSG_WARNING, __func__,
1726 					"Failed to add ca_cert_blob to "
1727 					"certificate store");
1728 			if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
1729 			    ERR_GET_REASON(err) ==
1730 			    X509_R_CERT_ALREADY_IN_HASH_TABLE) {
1731 				wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
1732 					   "cert already in hash table error",
1733 					   __func__);
1734 			} else {
1735 				X509_free(cert);
1736 				return -1;
1737 			}
1738 		}
1739 		X509_free(cert);
1740 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
1741 			   "to certificate store", __func__);
1742 		return 0;
1743 	}
1744 
1745 #ifdef ANDROID
1746 	if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) {
1747 		BIO *bio = BIO_from_keystore(&ca_cert[11]);
1748 		STACK_OF(X509_INFO) *stack = NULL;
1749 		stack_index_t i;
1750 
1751 		if (bio) {
1752 			stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
1753 			BIO_free(bio);
1754 		}
1755 		if (!stack)
1756 			return -1;
1757 
1758 		for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
1759 			X509_INFO *info = sk_X509_INFO_value(stack, i);
1760 			if (info->x509) {
1761 				X509_STORE_add_cert(ssl_ctx->cert_store,
1762 						    info->x509);
1763 			}
1764 			if (info->crl) {
1765 				X509_STORE_add_crl(ssl_ctx->cert_store,
1766 						   info->crl);
1767 			}
1768 		}
1769 		sk_X509_INFO_pop_free(stack, X509_INFO_free);
1770 		SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
1771 		return 0;
1772 	}
1773 #endif /* ANDROID */
1774 
1775 #ifdef CONFIG_NATIVE_WINDOWS
1776 	if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
1777 	    0) {
1778 		wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from "
1779 			   "system certificate store");
1780 		return 0;
1781 	}
1782 #endif /* CONFIG_NATIVE_WINDOWS */
1783 
1784 	if (ca_cert || ca_path) {
1785 #ifndef OPENSSL_NO_STDIO
1786 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) !=
1787 		    1) {
1788 			tls_show_errors(MSG_WARNING, __func__,
1789 					"Failed to load root certificates");
1790 			if (ca_cert &&
1791 			    tls_load_ca_der(ssl_ctx, ca_cert) == 0) {
1792 				wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
1793 					   "DER format CA certificate",
1794 					   __func__);
1795 			} else
1796 				return -1;
1797 		} else {
1798 			wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1799 				   "certificate(s) loaded");
1800 			tls_get_errors(ssl_ctx);
1801 		}
1802 #else /* OPENSSL_NO_STDIO */
1803 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
1804 			   __func__);
1805 		return -1;
1806 #endif /* OPENSSL_NO_STDIO */
1807 	} else {
1808 		/* No ca_cert configured - do not try to verify server
1809 		 * certificate */
1810 		conn->ca_cert_verify = 0;
1811 	}
1812 
1813 	return 0;
1814 }
1815 
1816 
1817 static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert)
1818 {
1819 	if (ca_cert) {
1820 		if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1)
1821 		{
1822 			tls_show_errors(MSG_WARNING, __func__,
1823 					"Failed to load root certificates");
1824 			return -1;
1825 		}
1826 
1827 		wpa_printf(MSG_DEBUG, "TLS: Trusted root "
1828 			   "certificate(s) loaded");
1829 
1830 #ifndef OPENSSL_NO_STDIO
1831 		/* Add the same CAs to the client certificate requests */
1832 		SSL_CTX_set_client_CA_list(ssl_ctx,
1833 					   SSL_load_client_CA_file(ca_cert));
1834 #endif /* OPENSSL_NO_STDIO */
1835 	}
1836 
1837 	return 0;
1838 }
1839 
1840 
1841 int tls_global_set_verify(void *ssl_ctx, int check_crl)
1842 {
1843 	int flags;
1844 
1845 	if (check_crl) {
1846 		X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx);
1847 		if (cs == NULL) {
1848 			tls_show_errors(MSG_INFO, __func__, "Failed to get "
1849 					"certificate store when enabling "
1850 					"check_crl");
1851 			return -1;
1852 		}
1853 		flags = X509_V_FLAG_CRL_CHECK;
1854 		if (check_crl == 2)
1855 			flags |= X509_V_FLAG_CRL_CHECK_ALL;
1856 		X509_STORE_set_flags(cs, flags);
1857 	}
1858 	return 0;
1859 }
1860 
1861 
1862 static int tls_connection_set_subject_match(struct tls_connection *conn,
1863 					    const char *subject_match,
1864 					    const char *altsubject_match,
1865 					    const char *suffix_match,
1866 					    const char *domain_match)
1867 {
1868 	os_free(conn->subject_match);
1869 	conn->subject_match = NULL;
1870 	if (subject_match) {
1871 		conn->subject_match = os_strdup(subject_match);
1872 		if (conn->subject_match == NULL)
1873 			return -1;
1874 	}
1875 
1876 	os_free(conn->altsubject_match);
1877 	conn->altsubject_match = NULL;
1878 	if (altsubject_match) {
1879 		conn->altsubject_match = os_strdup(altsubject_match);
1880 		if (conn->altsubject_match == NULL)
1881 			return -1;
1882 	}
1883 
1884 	os_free(conn->suffix_match);
1885 	conn->suffix_match = NULL;
1886 	if (suffix_match) {
1887 		conn->suffix_match = os_strdup(suffix_match);
1888 		if (conn->suffix_match == NULL)
1889 			return -1;
1890 	}
1891 
1892 	os_free(conn->domain_match);
1893 	conn->domain_match = NULL;
1894 	if (domain_match) {
1895 		conn->domain_match = os_strdup(domain_match);
1896 		if (conn->domain_match == NULL)
1897 			return -1;
1898 	}
1899 
1900 	return 0;
1901 }
1902 
1903 
1904 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
1905 			      int verify_peer)
1906 {
1907 	static int counter = 0;
1908 
1909 	if (conn == NULL)
1910 		return -1;
1911 
1912 	if (verify_peer) {
1913 		conn->ca_cert_verify = 1;
1914 		SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
1915 			       SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
1916 			       SSL_VERIFY_CLIENT_ONCE, tls_verify_cb);
1917 	} else {
1918 		conn->ca_cert_verify = 0;
1919 		SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
1920 	}
1921 
1922 	SSL_set_accept_state(conn->ssl);
1923 
1924 	/*
1925 	 * Set session id context in order to avoid fatal errors when client
1926 	 * tries to resume a session. However, set the context to a unique
1927 	 * value in order to effectively disable session resumption for now
1928 	 * since not all areas of the server code are ready for it (e.g.,
1929 	 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS
1930 	 * handshake).
1931 	 */
1932 	counter++;
1933 	SSL_set_session_id_context(conn->ssl,
1934 				   (const unsigned char *) &counter,
1935 				   sizeof(counter));
1936 
1937 	return 0;
1938 }
1939 
1940 
1941 static int tls_connection_client_cert(struct tls_connection *conn,
1942 				      const char *client_cert,
1943 				      const u8 *client_cert_blob,
1944 				      size_t client_cert_blob_len)
1945 {
1946 	if (client_cert == NULL && client_cert_blob == NULL)
1947 		return 0;
1948 
1949 	if (client_cert_blob &&
1950 	    SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
1951 				     client_cert_blob_len) == 1) {
1952 		wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
1953 			   "OK");
1954 		return 0;
1955 	} else if (client_cert_blob) {
1956 		tls_show_errors(MSG_DEBUG, __func__,
1957 				"SSL_use_certificate_ASN1 failed");
1958 	}
1959 
1960 	if (client_cert == NULL)
1961 		return -1;
1962 
1963 #ifdef ANDROID
1964 	if (os_strncmp("keystore://", client_cert, 11) == 0) {
1965 		BIO *bio = BIO_from_keystore(&client_cert[11]);
1966 		X509 *x509 = NULL;
1967 		int ret = -1;
1968 		if (bio) {
1969 			x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
1970 			BIO_free(bio);
1971 		}
1972 		if (x509) {
1973 			if (SSL_use_certificate(conn->ssl, x509) == 1)
1974 				ret = 0;
1975 			X509_free(x509);
1976 		}
1977 		return ret;
1978 	}
1979 #endif /* ANDROID */
1980 
1981 #ifndef OPENSSL_NO_STDIO
1982 	if (SSL_use_certificate_file(conn->ssl, client_cert,
1983 				     SSL_FILETYPE_ASN1) == 1) {
1984 		wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
1985 			   " --> OK");
1986 		return 0;
1987 	}
1988 
1989 	if (SSL_use_certificate_file(conn->ssl, client_cert,
1990 				     SSL_FILETYPE_PEM) == 1) {
1991 		ERR_clear_error();
1992 		wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
1993 			   " --> OK");
1994 		return 0;
1995 	}
1996 
1997 	tls_show_errors(MSG_DEBUG, __func__,
1998 			"SSL_use_certificate_file failed");
1999 #else /* OPENSSL_NO_STDIO */
2000 	wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
2001 #endif /* OPENSSL_NO_STDIO */
2002 
2003 	return -1;
2004 }
2005 
2006 
2007 static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
2008 {
2009 #ifndef OPENSSL_NO_STDIO
2010 	if (client_cert == NULL)
2011 		return 0;
2012 
2013 	if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
2014 					 SSL_FILETYPE_ASN1) != 1 &&
2015 	    SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
2016 	    SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
2017 					 SSL_FILETYPE_PEM) != 1) {
2018 		tls_show_errors(MSG_INFO, __func__,
2019 				"Failed to load client certificate");
2020 		return -1;
2021 	}
2022 	return 0;
2023 #else /* OPENSSL_NO_STDIO */
2024 	if (client_cert == NULL)
2025 		return 0;
2026 	wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
2027 	return -1;
2028 #endif /* OPENSSL_NO_STDIO */
2029 }
2030 
2031 
2032 static int tls_passwd_cb(char *buf, int size, int rwflag, void *password)
2033 {
2034 	if (password == NULL) {
2035 		return 0;
2036 	}
2037 	os_strlcpy(buf, (char *) password, size);
2038 	return os_strlen(buf);
2039 }
2040 
2041 
2042 #ifdef PKCS12_FUNCS
2043 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
2044 			    const char *passwd)
2045 {
2046 	EVP_PKEY *pkey;
2047 	X509 *cert;
2048 	STACK_OF(X509) *certs;
2049 	int res = 0;
2050 	char buf[256];
2051 
2052 	pkey = NULL;
2053 	cert = NULL;
2054 	certs = NULL;
2055 	if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
2056 		tls_show_errors(MSG_DEBUG, __func__,
2057 				"Failed to parse PKCS12 file");
2058 		PKCS12_free(p12);
2059 		return -1;
2060 	}
2061 	wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
2062 
2063 	if (cert) {
2064 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
2065 				  sizeof(buf));
2066 		wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: "
2067 			   "subject='%s'", buf);
2068 		if (ssl) {
2069 			if (SSL_use_certificate(ssl, cert) != 1)
2070 				res = -1;
2071 		} else {
2072 			if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
2073 				res = -1;
2074 		}
2075 		X509_free(cert);
2076 	}
2077 
2078 	if (pkey) {
2079 		wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12");
2080 		if (ssl) {
2081 			if (SSL_use_PrivateKey(ssl, pkey) != 1)
2082 				res = -1;
2083 		} else {
2084 			if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1)
2085 				res = -1;
2086 		}
2087 		EVP_PKEY_free(pkey);
2088 	}
2089 
2090 	if (certs) {
2091 		while ((cert = sk_X509_pop(certs)) != NULL) {
2092 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
2093 					  sizeof(buf));
2094 			wpa_printf(MSG_DEBUG, "TLS: additional certificate"
2095 				   " from PKCS12: subject='%s'", buf);
2096 			/*
2097 			 * There is no SSL equivalent for the chain cert - so
2098 			 * always add it to the context...
2099 			 */
2100 			if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
2101 				res = -1;
2102 				break;
2103 			}
2104 		}
2105 		sk_X509_free(certs);
2106 	}
2107 
2108 	PKCS12_free(p12);
2109 
2110 	if (res < 0)
2111 		tls_get_errors(ssl_ctx);
2112 
2113 	return res;
2114 }
2115 #endif  /* PKCS12_FUNCS */
2116 
2117 
2118 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key,
2119 			   const char *passwd)
2120 {
2121 #ifdef PKCS12_FUNCS
2122 	FILE *f;
2123 	PKCS12 *p12;
2124 
2125 	f = fopen(private_key, "rb");
2126 	if (f == NULL)
2127 		return -1;
2128 
2129 	p12 = d2i_PKCS12_fp(f, NULL);
2130 	fclose(f);
2131 
2132 	if (p12 == NULL) {
2133 		tls_show_errors(MSG_INFO, __func__,
2134 				"Failed to use PKCS#12 file");
2135 		return -1;
2136 	}
2137 
2138 	return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
2139 
2140 #else /* PKCS12_FUNCS */
2141 	wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
2142 		   "p12/pfx files");
2143 	return -1;
2144 #endif  /* PKCS12_FUNCS */
2145 }
2146 
2147 
2148 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
2149 				const u8 *blob, size_t len, const char *passwd)
2150 {
2151 #ifdef PKCS12_FUNCS
2152 	PKCS12 *p12;
2153 
2154 	p12 = d2i_PKCS12(NULL, (const unsigned char **) &blob, len);
2155 	if (p12 == NULL) {
2156 		tls_show_errors(MSG_INFO, __func__,
2157 				"Failed to use PKCS#12 blob");
2158 		return -1;
2159 	}
2160 
2161 	return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd);
2162 
2163 #else /* PKCS12_FUNCS */
2164 	wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
2165 		   "p12/pfx blobs");
2166 	return -1;
2167 #endif  /* PKCS12_FUNCS */
2168 }
2169 
2170 
2171 #ifndef OPENSSL_NO_ENGINE
2172 static int tls_engine_get_cert(struct tls_connection *conn,
2173 			       const char *cert_id,
2174 			       X509 **cert)
2175 {
2176 	/* this runs after the private key is loaded so no PIN is required */
2177 	struct {
2178 		const char *cert_id;
2179 		X509 *cert;
2180 	} params;
2181 	params.cert_id = cert_id;
2182 	params.cert = NULL;
2183 
2184 	if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
2185 			     0, &params, NULL, 1)) {
2186 		wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
2187 			   " '%s' [%s]", cert_id,
2188 			   ERR_error_string(ERR_get_error(), NULL));
2189 		return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
2190 	}
2191 	if (!params.cert) {
2192 		wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
2193 			   " '%s'", cert_id);
2194 		return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
2195 	}
2196 	*cert = params.cert;
2197 	return 0;
2198 }
2199 #endif /* OPENSSL_NO_ENGINE */
2200 
2201 
2202 static int tls_connection_engine_client_cert(struct tls_connection *conn,
2203 					     const char *cert_id)
2204 {
2205 #ifndef OPENSSL_NO_ENGINE
2206 	X509 *cert;
2207 
2208 	if (tls_engine_get_cert(conn, cert_id, &cert))
2209 		return -1;
2210 
2211 	if (!SSL_use_certificate(conn->ssl, cert)) {
2212 		tls_show_errors(MSG_ERROR, __func__,
2213 				"SSL_use_certificate failed");
2214                 X509_free(cert);
2215 		return -1;
2216 	}
2217 	X509_free(cert);
2218 	wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> "
2219 		   "OK");
2220 	return 0;
2221 
2222 #else /* OPENSSL_NO_ENGINE */
2223 	return -1;
2224 #endif /* OPENSSL_NO_ENGINE */
2225 }
2226 
2227 
2228 static int tls_connection_engine_ca_cert(void *_ssl_ctx,
2229 					 struct tls_connection *conn,
2230 					 const char *ca_cert_id)
2231 {
2232 #ifndef OPENSSL_NO_ENGINE
2233 	X509 *cert;
2234 	SSL_CTX *ssl_ctx = _ssl_ctx;
2235 	X509_STORE *store;
2236 
2237 	if (tls_engine_get_cert(conn, ca_cert_id, &cert))
2238 		return -1;
2239 
2240 	/* start off the same as tls_connection_ca_cert */
2241 	store = X509_STORE_new();
2242 	if (store == NULL) {
2243 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
2244 			   "certificate store", __func__);
2245 		X509_free(cert);
2246 		return -1;
2247 	}
2248 	SSL_CTX_set_cert_store(ssl_ctx, store);
2249 	if (!X509_STORE_add_cert(store, cert)) {
2250 		unsigned long err = ERR_peek_error();
2251 		tls_show_errors(MSG_WARNING, __func__,
2252 				"Failed to add CA certificate from engine "
2253 				"to certificate store");
2254 		if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
2255 		    ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
2256 			wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
2257 				   " already in hash table error",
2258 				   __func__);
2259 		} else {
2260 			X509_free(cert);
2261 			return -1;
2262 		}
2263 	}
2264 	X509_free(cert);
2265 	wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
2266 		   "to certificate store", __func__);
2267 	SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2268 	conn->ca_cert_verify = 1;
2269 
2270 	return 0;
2271 
2272 #else /* OPENSSL_NO_ENGINE */
2273 	return -1;
2274 #endif /* OPENSSL_NO_ENGINE */
2275 }
2276 
2277 
2278 static int tls_connection_engine_private_key(struct tls_connection *conn)
2279 {
2280 #ifndef OPENSSL_NO_ENGINE
2281 	if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
2282 		tls_show_errors(MSG_ERROR, __func__,
2283 				"ENGINE: cannot use private key for TLS");
2284 		return -1;
2285 	}
2286 	if (!SSL_check_private_key(conn->ssl)) {
2287 		tls_show_errors(MSG_INFO, __func__,
2288 				"Private key failed verification");
2289 		return -1;
2290 	}
2291 	return 0;
2292 #else /* OPENSSL_NO_ENGINE */
2293 	wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but "
2294 		   "engine support was not compiled in");
2295 	return -1;
2296 #endif /* OPENSSL_NO_ENGINE */
2297 }
2298 
2299 
2300 static int tls_connection_private_key(void *_ssl_ctx,
2301 				      struct tls_connection *conn,
2302 				      const char *private_key,
2303 				      const char *private_key_passwd,
2304 				      const u8 *private_key_blob,
2305 				      size_t private_key_blob_len)
2306 {
2307 	SSL_CTX *ssl_ctx = _ssl_ctx;
2308 	char *passwd;
2309 	int ok;
2310 
2311 	if (private_key == NULL && private_key_blob == NULL)
2312 		return 0;
2313 
2314 	if (private_key_passwd) {
2315 		passwd = os_strdup(private_key_passwd);
2316 		if (passwd == NULL)
2317 			return -1;
2318 	} else
2319 		passwd = NULL;
2320 
2321 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2322 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2323 
2324 	ok = 0;
2325 	while (private_key_blob) {
2326 		if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
2327 					    (u8 *) private_key_blob,
2328 					    private_key_blob_len) == 1) {
2329 			wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2330 				   "ASN1(EVP_PKEY_RSA) --> OK");
2331 			ok = 1;
2332 			break;
2333 		}
2334 
2335 		if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
2336 					    (u8 *) private_key_blob,
2337 					    private_key_blob_len) == 1) {
2338 			wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
2339 				   "ASN1(EVP_PKEY_DSA) --> OK");
2340 			ok = 1;
2341 			break;
2342 		}
2343 
2344 		if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
2345 					       (u8 *) private_key_blob,
2346 					       private_key_blob_len) == 1) {
2347 			wpa_printf(MSG_DEBUG, "OpenSSL: "
2348 				   "SSL_use_RSAPrivateKey_ASN1 --> OK");
2349 			ok = 1;
2350 			break;
2351 		}
2352 
2353 		if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
2354 					 private_key_blob_len, passwd) == 0) {
2355 			wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
2356 				   "OK");
2357 			ok = 1;
2358 			break;
2359 		}
2360 
2361 		break;
2362 	}
2363 
2364 	while (!ok && private_key) {
2365 #ifndef OPENSSL_NO_STDIO
2366 		if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2367 					    SSL_FILETYPE_ASN1) == 1) {
2368 			wpa_printf(MSG_DEBUG, "OpenSSL: "
2369 				   "SSL_use_PrivateKey_File (DER) --> OK");
2370 			ok = 1;
2371 			break;
2372 		}
2373 
2374 		if (SSL_use_PrivateKey_file(conn->ssl, private_key,
2375 					    SSL_FILETYPE_PEM) == 1) {
2376 			wpa_printf(MSG_DEBUG, "OpenSSL: "
2377 				   "SSL_use_PrivateKey_File (PEM) --> OK");
2378 			ok = 1;
2379 			break;
2380 		}
2381 #else /* OPENSSL_NO_STDIO */
2382 		wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
2383 			   __func__);
2384 #endif /* OPENSSL_NO_STDIO */
2385 
2386 		if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd)
2387 		    == 0) {
2388 			wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file "
2389 				   "--> OK");
2390 			ok = 1;
2391 			break;
2392 		}
2393 
2394 		if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
2395 			wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to "
2396 				   "access certificate store --> OK");
2397 			ok = 1;
2398 			break;
2399 		}
2400 
2401 		break;
2402 	}
2403 
2404 	if (!ok) {
2405 		tls_show_errors(MSG_INFO, __func__,
2406 				"Failed to load private key");
2407 		os_free(passwd);
2408 		return -1;
2409 	}
2410 	ERR_clear_error();
2411 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2412 	os_free(passwd);
2413 
2414 	if (!SSL_check_private_key(conn->ssl)) {
2415 		tls_show_errors(MSG_INFO, __func__, "Private key failed "
2416 				"verification");
2417 		return -1;
2418 	}
2419 
2420 	wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully");
2421 	return 0;
2422 }
2423 
2424 
2425 static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key,
2426 				  const char *private_key_passwd)
2427 {
2428 	char *passwd;
2429 
2430 	if (private_key == NULL)
2431 		return 0;
2432 
2433 	if (private_key_passwd) {
2434 		passwd = os_strdup(private_key_passwd);
2435 		if (passwd == NULL)
2436 			return -1;
2437 	} else
2438 		passwd = NULL;
2439 
2440 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
2441 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
2442 	if (
2443 #ifndef OPENSSL_NO_STDIO
2444 	    SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2445 					SSL_FILETYPE_ASN1) != 1 &&
2446 	    SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key,
2447 					SSL_FILETYPE_PEM) != 1 &&
2448 #endif /* OPENSSL_NO_STDIO */
2449 	    tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) {
2450 		tls_show_errors(MSG_INFO, __func__,
2451 				"Failed to load private key");
2452 		os_free(passwd);
2453 		ERR_clear_error();
2454 		return -1;
2455 	}
2456 	os_free(passwd);
2457 	ERR_clear_error();
2458 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
2459 
2460 	if (!SSL_CTX_check_private_key(ssl_ctx)) {
2461 		tls_show_errors(MSG_INFO, __func__,
2462 				"Private key failed verification");
2463 		return -1;
2464 	}
2465 
2466 	return 0;
2467 }
2468 
2469 
2470 static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
2471 {
2472 #ifdef OPENSSL_NO_DH
2473 	if (dh_file == NULL)
2474 		return 0;
2475 	wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2476 		   "dh_file specified");
2477 	return -1;
2478 #else /* OPENSSL_NO_DH */
2479 	DH *dh;
2480 	BIO *bio;
2481 
2482 	/* TODO: add support for dh_blob */
2483 	if (dh_file == NULL)
2484 		return 0;
2485 	if (conn == NULL)
2486 		return -1;
2487 
2488 	bio = BIO_new_file(dh_file, "r");
2489 	if (bio == NULL) {
2490 		wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2491 			   dh_file, ERR_error_string(ERR_get_error(), NULL));
2492 		return -1;
2493 	}
2494 	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2495 	BIO_free(bio);
2496 #ifndef OPENSSL_NO_DSA
2497 	while (dh == NULL) {
2498 		DSA *dsa;
2499 		wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2500 			   " trying to parse as DSA params", dh_file,
2501 			   ERR_error_string(ERR_get_error(), NULL));
2502 		bio = BIO_new_file(dh_file, "r");
2503 		if (bio == NULL)
2504 			break;
2505 		dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2506 		BIO_free(bio);
2507 		if (!dsa) {
2508 			wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2509 				   "'%s': %s", dh_file,
2510 				   ERR_error_string(ERR_get_error(), NULL));
2511 			break;
2512 		}
2513 
2514 		wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2515 		dh = DSA_dup_DH(dsa);
2516 		DSA_free(dsa);
2517 		if (dh == NULL) {
2518 			wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2519 				   "params into DH params");
2520 			break;
2521 		}
2522 		break;
2523 	}
2524 #endif /* !OPENSSL_NO_DSA */
2525 	if (dh == NULL) {
2526 		wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2527 			   "'%s'", dh_file);
2528 		return -1;
2529 	}
2530 
2531 	if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
2532 		wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2533 			   "%s", dh_file,
2534 			   ERR_error_string(ERR_get_error(), NULL));
2535 		DH_free(dh);
2536 		return -1;
2537 	}
2538 	DH_free(dh);
2539 	return 0;
2540 #endif /* OPENSSL_NO_DH */
2541 }
2542 
2543 
2544 static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file)
2545 {
2546 #ifdef OPENSSL_NO_DH
2547 	if (dh_file == NULL)
2548 		return 0;
2549 	wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
2550 		   "dh_file specified");
2551 	return -1;
2552 #else /* OPENSSL_NO_DH */
2553 	DH *dh;
2554 	BIO *bio;
2555 
2556 	/* TODO: add support for dh_blob */
2557 	if (dh_file == NULL)
2558 		return 0;
2559 	if (ssl_ctx == NULL)
2560 		return -1;
2561 
2562 	bio = BIO_new_file(dh_file, "r");
2563 	if (bio == NULL) {
2564 		wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
2565 			   dh_file, ERR_error_string(ERR_get_error(), NULL));
2566 		return -1;
2567 	}
2568 	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2569 	BIO_free(bio);
2570 #ifndef OPENSSL_NO_DSA
2571 	while (dh == NULL) {
2572 		DSA *dsa;
2573 		wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
2574 			   " trying to parse as DSA params", dh_file,
2575 			   ERR_error_string(ERR_get_error(), NULL));
2576 		bio = BIO_new_file(dh_file, "r");
2577 		if (bio == NULL)
2578 			break;
2579 		dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
2580 		BIO_free(bio);
2581 		if (!dsa) {
2582 			wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
2583 				   "'%s': %s", dh_file,
2584 				   ERR_error_string(ERR_get_error(), NULL));
2585 			break;
2586 		}
2587 
2588 		wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
2589 		dh = DSA_dup_DH(dsa);
2590 		DSA_free(dsa);
2591 		if (dh == NULL) {
2592 			wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
2593 				   "params into DH params");
2594 			break;
2595 		}
2596 		break;
2597 	}
2598 #endif /* !OPENSSL_NO_DSA */
2599 	if (dh == NULL) {
2600 		wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
2601 			   "'%s'", dh_file);
2602 		return -1;
2603 	}
2604 
2605 	if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) {
2606 		wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2607 			   "%s", dh_file,
2608 			   ERR_error_string(ERR_get_error(), NULL));
2609 		DH_free(dh);
2610 		return -1;
2611 	}
2612 	DH_free(dh);
2613 	return 0;
2614 #endif /* OPENSSL_NO_DH */
2615 }
2616 
2617 
2618 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
2619 			    struct tls_keys *keys)
2620 {
2621 #ifdef CONFIG_FIPS
2622 	wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS "
2623 		   "mode");
2624 	return -1;
2625 #else /* CONFIG_FIPS */
2626 	SSL *ssl;
2627 
2628 	if (conn == NULL || keys == NULL)
2629 		return -1;
2630 	ssl = conn->ssl;
2631 	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
2632 		return -1;
2633 
2634 	os_memset(keys, 0, sizeof(*keys));
2635 	keys->master_key = ssl->session->master_key;
2636 	keys->master_key_len = ssl->session->master_key_length;
2637 	keys->client_random = ssl->s3->client_random;
2638 	keys->client_random_len = SSL3_RANDOM_SIZE;
2639 	keys->server_random = ssl->s3->server_random;
2640 	keys->server_random_len = SSL3_RANDOM_SIZE;
2641 
2642 	return 0;
2643 #endif /* CONFIG_FIPS */
2644 }
2645 
2646 
2647 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
2648 		       const char *label, int server_random_first,
2649 		       u8 *out, size_t out_len)
2650 {
2651 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
2652 	SSL *ssl;
2653 	if (conn == NULL)
2654 		return -1;
2655 	if (server_random_first)
2656 		return -1;
2657 	ssl = conn->ssl;
2658 	if (SSL_export_keying_material(ssl, out, out_len, label,
2659 				       os_strlen(label), NULL, 0, 0) == 1) {
2660 		wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF");
2661 		return 0;
2662 	}
2663 #endif
2664 	return -1;
2665 }
2666 
2667 
2668 static struct wpabuf *
2669 openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
2670 		  int server)
2671 {
2672 	int res;
2673 	struct wpabuf *out_data;
2674 
2675 	/*
2676 	 * Give TLS handshake data from the server (if available) to OpenSSL
2677 	 * for processing.
2678 	 */
2679 	if (in_data &&
2680 	    BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
2681 	    < 0) {
2682 		tls_show_errors(MSG_INFO, __func__,
2683 				"Handshake failed - BIO_write");
2684 		return NULL;
2685 	}
2686 
2687 	/* Initiate TLS handshake or continue the existing handshake */
2688 	if (server)
2689 		res = SSL_accept(conn->ssl);
2690 	else
2691 		res = SSL_connect(conn->ssl);
2692 	if (res != 1) {
2693 		int err = SSL_get_error(conn->ssl, res);
2694 		if (err == SSL_ERROR_WANT_READ)
2695 			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
2696 				   "more data");
2697 		else if (err == SSL_ERROR_WANT_WRITE)
2698 			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
2699 				   "write");
2700 		else {
2701 			tls_show_errors(MSG_INFO, __func__, "SSL_connect");
2702 			conn->failed++;
2703 		}
2704 	}
2705 
2706 	/* Get the TLS handshake data to be sent to the server */
2707 	res = BIO_ctrl_pending(conn->ssl_out);
2708 	wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res);
2709 	out_data = wpabuf_alloc(res);
2710 	if (out_data == NULL) {
2711 		wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for "
2712 			   "handshake output (%d bytes)", res);
2713 		if (BIO_reset(conn->ssl_out) < 0) {
2714 			tls_show_errors(MSG_INFO, __func__,
2715 					"BIO_reset failed");
2716 		}
2717 		return NULL;
2718 	}
2719 	res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
2720 				      res);
2721 	if (res < 0) {
2722 		tls_show_errors(MSG_INFO, __func__,
2723 				"Handshake failed - BIO_read");
2724 		if (BIO_reset(conn->ssl_out) < 0) {
2725 			tls_show_errors(MSG_INFO, __func__,
2726 					"BIO_reset failed");
2727 		}
2728 		wpabuf_free(out_data);
2729 		return NULL;
2730 	}
2731 	wpabuf_put(out_data, res);
2732 
2733 	return out_data;
2734 }
2735 
2736 
2737 static struct wpabuf *
2738 openssl_get_appl_data(struct tls_connection *conn, size_t max_len)
2739 {
2740 	struct wpabuf *appl_data;
2741 	int res;
2742 
2743 	appl_data = wpabuf_alloc(max_len + 100);
2744 	if (appl_data == NULL)
2745 		return NULL;
2746 
2747 	res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
2748 		       wpabuf_size(appl_data));
2749 	if (res < 0) {
2750 		int err = SSL_get_error(conn->ssl, res);
2751 		if (err == SSL_ERROR_WANT_READ ||
2752 		    err == SSL_ERROR_WANT_WRITE) {
2753 			wpa_printf(MSG_DEBUG, "SSL: No Application Data "
2754 				   "included");
2755 		} else {
2756 			tls_show_errors(MSG_INFO, __func__,
2757 					"Failed to read possible "
2758 					"Application Data");
2759 		}
2760 		wpabuf_free(appl_data);
2761 		return NULL;
2762 	}
2763 
2764 	wpabuf_put(appl_data, res);
2765 	wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished "
2766 			    "message", appl_data);
2767 
2768 	return appl_data;
2769 }
2770 
2771 
2772 static struct wpabuf *
2773 openssl_connection_handshake(struct tls_connection *conn,
2774 			     const struct wpabuf *in_data,
2775 			     struct wpabuf **appl_data, int server)
2776 {
2777 	struct wpabuf *out_data;
2778 
2779 	if (appl_data)
2780 		*appl_data = NULL;
2781 
2782 	out_data = openssl_handshake(conn, in_data, server);
2783 	if (out_data == NULL)
2784 		return NULL;
2785 	if (conn->invalid_hb_used) {
2786 		wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
2787 		wpabuf_free(out_data);
2788 		return NULL;
2789 	}
2790 
2791 	if (SSL_is_init_finished(conn->ssl) && appl_data && in_data)
2792 		*appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data));
2793 
2794 	if (conn->invalid_hb_used) {
2795 		wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
2796 		if (appl_data) {
2797 			wpabuf_free(*appl_data);
2798 			*appl_data = NULL;
2799 		}
2800 		wpabuf_free(out_data);
2801 		return NULL;
2802 	}
2803 
2804 	return out_data;
2805 }
2806 
2807 
2808 struct wpabuf *
2809 tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn,
2810 			 const struct wpabuf *in_data,
2811 			 struct wpabuf **appl_data)
2812 {
2813 	return openssl_connection_handshake(conn, in_data, appl_data, 0);
2814 }
2815 
2816 
2817 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
2818 						struct tls_connection *conn,
2819 						const struct wpabuf *in_data,
2820 						struct wpabuf **appl_data)
2821 {
2822 	return openssl_connection_handshake(conn, in_data, appl_data, 1);
2823 }
2824 
2825 
2826 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
2827 				       struct tls_connection *conn,
2828 				       const struct wpabuf *in_data)
2829 {
2830 	int res;
2831 	struct wpabuf *buf;
2832 
2833 	if (conn == NULL)
2834 		return NULL;
2835 
2836 	/* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */
2837 	if ((res = BIO_reset(conn->ssl_in)) < 0 ||
2838 	    (res = BIO_reset(conn->ssl_out)) < 0) {
2839 		tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
2840 		return NULL;
2841 	}
2842 	res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
2843 	if (res < 0) {
2844 		tls_show_errors(MSG_INFO, __func__,
2845 				"Encryption failed - SSL_write");
2846 		return NULL;
2847 	}
2848 
2849 	/* Read encrypted data to be sent to the server */
2850 	buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
2851 	if (buf == NULL)
2852 		return NULL;
2853 	res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
2854 	if (res < 0) {
2855 		tls_show_errors(MSG_INFO, __func__,
2856 				"Encryption failed - BIO_read");
2857 		wpabuf_free(buf);
2858 		return NULL;
2859 	}
2860 	wpabuf_put(buf, res);
2861 
2862 	return buf;
2863 }
2864 
2865 
2866 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
2867 				       struct tls_connection *conn,
2868 				       const struct wpabuf *in_data)
2869 {
2870 	int res;
2871 	struct wpabuf *buf;
2872 
2873 	/* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */
2874 	res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
2875 			wpabuf_len(in_data));
2876 	if (res < 0) {
2877 		tls_show_errors(MSG_INFO, __func__,
2878 				"Decryption failed - BIO_write");
2879 		return NULL;
2880 	}
2881 	if (BIO_reset(conn->ssl_out) < 0) {
2882 		tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
2883 		return NULL;
2884 	}
2885 
2886 	/* Read decrypted data for further processing */
2887 	/*
2888 	 * Even though we try to disable TLS compression, it is possible that
2889 	 * this cannot be done with all TLS libraries. Add extra buffer space
2890 	 * to handle the possibility of the decrypted data being longer than
2891 	 * input data.
2892 	 */
2893 	buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3);
2894 	if (buf == NULL)
2895 		return NULL;
2896 	res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
2897 	if (res < 0) {
2898 		tls_show_errors(MSG_INFO, __func__,
2899 				"Decryption failed - SSL_read");
2900 		wpabuf_free(buf);
2901 		return NULL;
2902 	}
2903 	wpabuf_put(buf, res);
2904 
2905 	if (conn->invalid_hb_used) {
2906 		wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
2907 		wpabuf_free(buf);
2908 		return NULL;
2909 	}
2910 
2911 	return buf;
2912 }
2913 
2914 
2915 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn)
2916 {
2917 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
2918 	return conn ? SSL_cache_hit(conn->ssl) : 0;
2919 #else
2920 	return conn ? conn->ssl->hit : 0;
2921 #endif
2922 }
2923 
2924 
2925 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
2926 				   u8 *ciphers)
2927 {
2928 	char buf[100], *pos, *end;
2929 	u8 *c;
2930 	int ret;
2931 
2932 	if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
2933 		return -1;
2934 
2935 	buf[0] = '\0';
2936 	pos = buf;
2937 	end = pos + sizeof(buf);
2938 
2939 	c = ciphers;
2940 	while (*c != TLS_CIPHER_NONE) {
2941 		const char *suite;
2942 
2943 		switch (*c) {
2944 		case TLS_CIPHER_RC4_SHA:
2945 			suite = "RC4-SHA";
2946 			break;
2947 		case TLS_CIPHER_AES128_SHA:
2948 			suite = "AES128-SHA";
2949 			break;
2950 		case TLS_CIPHER_RSA_DHE_AES128_SHA:
2951 			suite = "DHE-RSA-AES128-SHA";
2952 			break;
2953 		case TLS_CIPHER_ANON_DH_AES128_SHA:
2954 			suite = "ADH-AES128-SHA";
2955 			break;
2956 		default:
2957 			wpa_printf(MSG_DEBUG, "TLS: Unsupported "
2958 				   "cipher selection: %d", *c);
2959 			return -1;
2960 		}
2961 		ret = os_snprintf(pos, end - pos, ":%s", suite);
2962 		if (os_snprintf_error(end - pos, ret))
2963 			break;
2964 		pos += ret;
2965 
2966 		c++;
2967 	}
2968 
2969 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
2970 
2971 	if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
2972 		tls_show_errors(MSG_INFO, __func__,
2973 				"Cipher suite configuration failed");
2974 		return -1;
2975 	}
2976 
2977 	return 0;
2978 }
2979 
2980 
2981 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
2982 		   char *buf, size_t buflen)
2983 {
2984 	const char *name;
2985 	if (conn == NULL || conn->ssl == NULL)
2986 		return -1;
2987 
2988 	name = SSL_get_cipher(conn->ssl);
2989 	if (name == NULL)
2990 		return -1;
2991 
2992 	os_strlcpy(buf, name, buflen);
2993 	return 0;
2994 }
2995 
2996 
2997 int tls_connection_enable_workaround(void *ssl_ctx,
2998 				     struct tls_connection *conn)
2999 {
3000 	SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
3001 
3002 	return 0;
3003 }
3004 
3005 
3006 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
3007 /* ClientHello TLS extensions require a patch to openssl, so this function is
3008  * commented out unless explicitly needed for EAP-FAST in order to be able to
3009  * build this file with unmodified openssl. */
3010 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn,
3011 				    int ext_type, const u8 *data,
3012 				    size_t data_len)
3013 {
3014 	if (conn == NULL || conn->ssl == NULL || ext_type != 35)
3015 		return -1;
3016 
3017 	if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
3018 				       data_len) != 1)
3019 		return -1;
3020 
3021 	return 0;
3022 }
3023 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3024 
3025 
3026 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn)
3027 {
3028 	if (conn == NULL)
3029 		return -1;
3030 	return conn->failed;
3031 }
3032 
3033 
3034 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn)
3035 {
3036 	if (conn == NULL)
3037 		return -1;
3038 	return conn->read_alerts;
3039 }
3040 
3041 
3042 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn)
3043 {
3044 	if (conn == NULL)
3045 		return -1;
3046 	return conn->write_alerts;
3047 }
3048 
3049 
3050 #ifdef HAVE_OCSP
3051 
3052 static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp)
3053 {
3054 #ifndef CONFIG_NO_STDOUT_DEBUG
3055 	BIO *out;
3056 	size_t rlen;
3057 	char *txt;
3058 	int res;
3059 
3060 	if (wpa_debug_level > MSG_DEBUG)
3061 		return;
3062 
3063 	out = BIO_new(BIO_s_mem());
3064 	if (!out)
3065 		return;
3066 
3067 	OCSP_RESPONSE_print(out, rsp, 0);
3068 	rlen = BIO_ctrl_pending(out);
3069 	txt = os_malloc(rlen + 1);
3070 	if (!txt) {
3071 		BIO_free(out);
3072 		return;
3073 	}
3074 
3075 	res = BIO_read(out, txt, rlen);
3076 	if (res > 0) {
3077 		txt[res] = '\0';
3078 		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt);
3079 	}
3080 	os_free(txt);
3081 	BIO_free(out);
3082 #endif /* CONFIG_NO_STDOUT_DEBUG */
3083 }
3084 
3085 
3086 static void debug_print_cert(X509 *cert, const char *title)
3087 {
3088 #ifndef CONFIG_NO_STDOUT_DEBUG
3089 	BIO *out;
3090 	size_t rlen;
3091 	char *txt;
3092 	int res;
3093 
3094 	if (wpa_debug_level > MSG_DEBUG)
3095 		return;
3096 
3097 	out = BIO_new(BIO_s_mem());
3098 	if (!out)
3099 		return;
3100 
3101 	X509_print(out, cert);
3102 	rlen = BIO_ctrl_pending(out);
3103 	txt = os_malloc(rlen + 1);
3104 	if (!txt) {
3105 		BIO_free(out);
3106 		return;
3107 	}
3108 
3109 	res = BIO_read(out, txt, rlen);
3110 	if (res > 0) {
3111 		txt[res] = '\0';
3112 		wpa_printf(MSG_DEBUG, "OpenSSL: %s\n%s", title, txt);
3113 	}
3114 	os_free(txt);
3115 
3116 	BIO_free(out);
3117 #endif /* CONFIG_NO_STDOUT_DEBUG */
3118 }
3119 
3120 
3121 static int ocsp_resp_cb(SSL *s, void *arg)
3122 {
3123 	struct tls_connection *conn = arg;
3124 	const unsigned char *p;
3125 	int len, status, reason;
3126 	OCSP_RESPONSE *rsp;
3127 	OCSP_BASICRESP *basic;
3128 	OCSP_CERTID *id;
3129 	ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update;
3130 	X509_STORE *store;
3131 	STACK_OF(X509) *certs = NULL;
3132 
3133 	len = SSL_get_tlsext_status_ocsp_resp(s, &p);
3134 	if (!p) {
3135 		wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received");
3136 		return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
3137 	}
3138 
3139 	wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len);
3140 
3141 	rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
3142 	if (!rsp) {
3143 		wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response");
3144 		return 0;
3145 	}
3146 
3147 	ocsp_debug_print_resp(rsp);
3148 
3149 	status = OCSP_response_status(rsp);
3150 	if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
3151 		wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)",
3152 			   status, OCSP_response_status_str(status));
3153 		return 0;
3154 	}
3155 
3156 	basic = OCSP_response_get1_basic(rsp);
3157 	if (!basic) {
3158 		wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse");
3159 		return 0;
3160 	}
3161 
3162 	store = SSL_CTX_get_cert_store(conn->ssl_ctx);
3163 	if (conn->peer_issuer) {
3164 		debug_print_cert(conn->peer_issuer, "Add OCSP issuer");
3165 
3166 		if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) {
3167 			tls_show_errors(MSG_INFO, __func__,
3168 					"OpenSSL: Could not add issuer to certificate store");
3169 		}
3170 		certs = sk_X509_new_null();
3171 		if (certs) {
3172 			X509 *cert;
3173 			cert = X509_dup(conn->peer_issuer);
3174 			if (cert && !sk_X509_push(certs, cert)) {
3175 				tls_show_errors(
3176 					MSG_INFO, __func__,
3177 					"OpenSSL: Could not add issuer to OCSP responder trust store");
3178 				X509_free(cert);
3179 				sk_X509_free(certs);
3180 				certs = NULL;
3181 			}
3182 			if (certs && conn->peer_issuer_issuer) {
3183 				cert = X509_dup(conn->peer_issuer_issuer);
3184 				if (cert && !sk_X509_push(certs, cert)) {
3185 					tls_show_errors(
3186 						MSG_INFO, __func__,
3187 						"OpenSSL: Could not add issuer's issuer to OCSP responder trust store");
3188 					X509_free(cert);
3189 				}
3190 			}
3191 		}
3192 	}
3193 
3194 	status = OCSP_basic_verify(basic, certs, store, OCSP_TRUSTOTHER);
3195 	sk_X509_pop_free(certs, X509_free);
3196 	if (status <= 0) {
3197 		tls_show_errors(MSG_INFO, __func__,
3198 				"OpenSSL: OCSP response failed verification");
3199 		OCSP_BASICRESP_free(basic);
3200 		OCSP_RESPONSE_free(rsp);
3201 		return 0;
3202 	}
3203 
3204 	wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded");
3205 
3206 	if (!conn->peer_cert) {
3207 		wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check");
3208 		OCSP_BASICRESP_free(basic);
3209 		OCSP_RESPONSE_free(rsp);
3210 		return 0;
3211 	}
3212 
3213 	if (!conn->peer_issuer) {
3214 		wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check");
3215 		OCSP_BASICRESP_free(basic);
3216 		OCSP_RESPONSE_free(rsp);
3217 		return 0;
3218 	}
3219 
3220 	id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer);
3221 	if (!id) {
3222 		wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier");
3223 		OCSP_BASICRESP_free(basic);
3224 		OCSP_RESPONSE_free(rsp);
3225 		return 0;
3226 	}
3227 
3228 	if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at,
3229 				   &this_update, &next_update)) {
3230 		wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s",
3231 			   (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" :
3232 			   " (OCSP not required)");
3233 		OCSP_BASICRESP_free(basic);
3234 		OCSP_RESPONSE_free(rsp);
3235 		return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
3236 	}
3237 
3238 	if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) {
3239 		tls_show_errors(MSG_INFO, __func__,
3240 				"OpenSSL: OCSP status times invalid");
3241 		OCSP_BASICRESP_free(basic);
3242 		OCSP_RESPONSE_free(rsp);
3243 		return 0;
3244 	}
3245 
3246 	OCSP_BASICRESP_free(basic);
3247 	OCSP_RESPONSE_free(rsp);
3248 
3249 	wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s",
3250 		   OCSP_cert_status_str(status));
3251 
3252 	if (status == V_OCSP_CERTSTATUS_GOOD)
3253 		return 1;
3254 	if (status == V_OCSP_CERTSTATUS_REVOKED)
3255 		return 0;
3256 	if (conn->flags & TLS_CONN_REQUIRE_OCSP) {
3257 		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required");
3258 		return 0;
3259 	}
3260 	wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue");
3261 	return 1;
3262 }
3263 
3264 
3265 static int ocsp_status_cb(SSL *s, void *arg)
3266 {
3267 	char *tmp;
3268 	char *resp;
3269 	size_t len;
3270 
3271 	if (tls_global->ocsp_stapling_response == NULL) {
3272 		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured");
3273 		return SSL_TLSEXT_ERR_OK;
3274 	}
3275 
3276 	resp = os_readfile(tls_global->ocsp_stapling_response, &len);
3277 	if (resp == NULL) {
3278 		wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file");
3279 		/* TODO: Build OCSPResponse with responseStatus = internalError
3280 		 */
3281 		return SSL_TLSEXT_ERR_OK;
3282 	}
3283 	wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response");
3284 	tmp = OPENSSL_malloc(len);
3285 	if (tmp == NULL) {
3286 		os_free(resp);
3287 		return SSL_TLSEXT_ERR_ALERT_FATAL;
3288 	}
3289 
3290 	os_memcpy(tmp, resp, len);
3291 	os_free(resp);
3292 	SSL_set_tlsext_status_ocsp_resp(s, tmp, len);
3293 
3294 	return SSL_TLSEXT_ERR_OK;
3295 }
3296 
3297 #endif /* HAVE_OCSP */
3298 
3299 
3300 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
3301 			      const struct tls_connection_params *params)
3302 {
3303 	int ret;
3304 	unsigned long err;
3305 	int can_pkcs11 = 0;
3306 	const char *key_id = params->key_id;
3307 	const char *cert_id = params->cert_id;
3308 	const char *ca_cert_id = params->ca_cert_id;
3309 	const char *engine_id = params->engine ? params->engine_id : NULL;
3310 
3311 	if (conn == NULL)
3312 		return -1;
3313 
3314 	/*
3315 	 * If the engine isn't explicitly configured, and any of the
3316 	 * cert/key fields are actually PKCS#11 URIs, then automatically
3317 	 * use the PKCS#11 ENGINE.
3318 	 */
3319 	if (!engine_id || os_strcmp(engine_id, "pkcs11") == 0)
3320 		can_pkcs11 = 1;
3321 
3322 	if (!key_id && params->private_key && can_pkcs11 &&
3323 	    os_strncmp(params->private_key, "pkcs11:", 7) == 0) {
3324 		can_pkcs11 = 2;
3325 		key_id = params->private_key;
3326 	}
3327 
3328 	if (!cert_id && params->client_cert && can_pkcs11 &&
3329 	    os_strncmp(params->client_cert, "pkcs11:", 7) == 0) {
3330 		can_pkcs11 = 2;
3331 		cert_id = params->client_cert;
3332 	}
3333 
3334 	if (!ca_cert_id && params->ca_cert && can_pkcs11 &&
3335 	    os_strncmp(params->ca_cert, "pkcs11:", 7) == 0) {
3336 		can_pkcs11 = 2;
3337 		ca_cert_id = params->ca_cert;
3338 	}
3339 
3340 	/* If we need to automatically enable the PKCS#11 ENGINE, do so. */
3341 	if (can_pkcs11 == 2 && !engine_id)
3342 		engine_id = "pkcs11";
3343 
3344 	if (params->flags & TLS_CONN_EAP_FAST) {
3345 		wpa_printf(MSG_DEBUG,
3346 			   "OpenSSL: Use TLSv1_method() for EAP-FAST");
3347 		if (SSL_set_ssl_method(conn->ssl, TLSv1_method()) != 1) {
3348 			tls_show_errors(MSG_INFO, __func__,
3349 					"Failed to set TLSv1_method() for EAP-FAST");
3350 			return -1;
3351 		}
3352 	}
3353 
3354 	while ((err = ERR_get_error())) {
3355 		wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3356 			   __func__, ERR_error_string(err, NULL));
3357 	}
3358 
3359 	if (engine_id) {
3360 		wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine");
3361 		ret = tls_engine_init(conn, engine_id, params->pin,
3362 				      key_id, cert_id, ca_cert_id);
3363 		if (ret)
3364 			return ret;
3365 	}
3366 	if (tls_connection_set_subject_match(conn,
3367 					     params->subject_match,
3368 					     params->altsubject_match,
3369 					     params->suffix_match,
3370 					     params->domain_match))
3371 		return -1;
3372 
3373 	if (engine_id && ca_cert_id) {
3374 		if (tls_connection_engine_ca_cert(tls_ctx, conn,
3375 						  ca_cert_id))
3376 			return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3377 	} else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert,
3378 					  params->ca_cert_blob,
3379 					  params->ca_cert_blob_len,
3380 					  params->ca_path))
3381 		return -1;
3382 
3383 	if (engine_id && cert_id) {
3384 		if (tls_connection_engine_client_cert(conn, cert_id))
3385 			return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3386 	} else if (tls_connection_client_cert(conn, params->client_cert,
3387 					      params->client_cert_blob,
3388 					      params->client_cert_blob_len))
3389 		return -1;
3390 
3391 	if (engine_id && key_id) {
3392 		wpa_printf(MSG_DEBUG, "TLS: Using private key from engine");
3393 		if (tls_connection_engine_private_key(conn))
3394 			return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
3395 	} else if (tls_connection_private_key(tls_ctx, conn,
3396 					      params->private_key,
3397 					      params->private_key_passwd,
3398 					      params->private_key_blob,
3399 					      params->private_key_blob_len)) {
3400 		wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'",
3401 			   params->private_key);
3402 		return -1;
3403 	}
3404 
3405 	if (tls_connection_dh(conn, params->dh_file)) {
3406 		wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
3407 			   params->dh_file);
3408 		return -1;
3409 	}
3410 
3411 	if (params->openssl_ciphers &&
3412 	    SSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
3413 		wpa_printf(MSG_INFO,
3414 			   "OpenSSL: Failed to set cipher string '%s'",
3415 			   params->openssl_ciphers);
3416 		return -1;
3417 	}
3418 
3419 #ifdef SSL_OP_NO_TICKET
3420 	if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3421 		SSL_set_options(conn->ssl, SSL_OP_NO_TICKET);
3422 #ifdef SSL_clear_options
3423 	else
3424 		SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET);
3425 #endif /* SSL_clear_options */
3426 #endif /*  SSL_OP_NO_TICKET */
3427 
3428 #ifdef SSL_OP_NO_TLSv1_1
3429 	if (params->flags & TLS_CONN_DISABLE_TLSv1_1)
3430 		SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1);
3431 	else
3432 		SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1);
3433 #endif /* SSL_OP_NO_TLSv1_1 */
3434 #ifdef SSL_OP_NO_TLSv1_2
3435 	if (params->flags & TLS_CONN_DISABLE_TLSv1_2)
3436 		SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2);
3437 	else
3438 		SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2);
3439 #endif /* SSL_OP_NO_TLSv1_2 */
3440 
3441 #ifdef HAVE_OCSP
3442 	if (params->flags & TLS_CONN_REQUEST_OCSP) {
3443 		SSL_CTX *ssl_ctx = tls_ctx;
3444 		SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
3445 		SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
3446 		SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn);
3447 	}
3448 #endif /* HAVE_OCSP */
3449 
3450 	conn->flags = params->flags;
3451 
3452 	tls_get_errors(tls_ctx);
3453 
3454 	return 0;
3455 }
3456 
3457 
3458 int tls_global_set_params(void *tls_ctx,
3459 			  const struct tls_connection_params *params)
3460 {
3461 	SSL_CTX *ssl_ctx = tls_ctx;
3462 	unsigned long err;
3463 
3464 	while ((err = ERR_get_error())) {
3465 		wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
3466 			   __func__, ERR_error_string(err, NULL));
3467 	}
3468 
3469 	if (tls_global_ca_cert(ssl_ctx, params->ca_cert))
3470 		return -1;
3471 
3472 	if (tls_global_client_cert(ssl_ctx, params->client_cert))
3473 		return -1;
3474 
3475 	if (tls_global_private_key(ssl_ctx, params->private_key,
3476 				   params->private_key_passwd))
3477 		return -1;
3478 
3479 	if (tls_global_dh(ssl_ctx, params->dh_file)) {
3480 		wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
3481 			   params->dh_file);
3482 		return -1;
3483 	}
3484 
3485 	if (params->openssl_ciphers &&
3486 	    SSL_CTX_set_cipher_list(ssl_ctx, params->openssl_ciphers) != 1) {
3487 		wpa_printf(MSG_INFO,
3488 			   "OpenSSL: Failed to set cipher string '%s'",
3489 			   params->openssl_ciphers);
3490 		return -1;
3491 	}
3492 
3493 #ifdef SSL_OP_NO_TICKET
3494 	if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3495 		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
3496 #ifdef SSL_CTX_clear_options
3497 	else
3498 		SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET);
3499 #endif /* SSL_clear_options */
3500 #endif /*  SSL_OP_NO_TICKET */
3501 
3502 #ifdef HAVE_OCSP
3503 	SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb);
3504 	SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx);
3505 	os_free(tls_global->ocsp_stapling_response);
3506 	if (params->ocsp_stapling_response)
3507 		tls_global->ocsp_stapling_response =
3508 			os_strdup(params->ocsp_stapling_response);
3509 	else
3510 		tls_global->ocsp_stapling_response = NULL;
3511 #endif /* HAVE_OCSP */
3512 
3513 	return 0;
3514 }
3515 
3516 
3517 int tls_connection_get_keyblock_size(void *tls_ctx,
3518 				     struct tls_connection *conn)
3519 {
3520 	const EVP_CIPHER *c;
3521 	const EVP_MD *h;
3522 	int md_size;
3523 
3524 	if (conn == NULL || conn->ssl == NULL ||
3525 	    conn->ssl->enc_read_ctx == NULL ||
3526 	    conn->ssl->enc_read_ctx->cipher == NULL ||
3527 	    conn->ssl->read_hash == NULL)
3528 		return -1;
3529 
3530 	c = conn->ssl->enc_read_ctx->cipher;
3531 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
3532 	h = EVP_MD_CTX_md(conn->ssl->read_hash);
3533 #else
3534 	h = conn->ssl->read_hash;
3535 #endif
3536 	if (h)
3537 		md_size = EVP_MD_size(h);
3538 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
3539 	else if (conn->ssl->s3)
3540 		md_size = conn->ssl->s3->tmp.new_mac_secret_size;
3541 #endif
3542 	else
3543 		return -1;
3544 
3545 	wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
3546 		   "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
3547 		   EVP_CIPHER_iv_length(c));
3548 	return 2 * (EVP_CIPHER_key_length(c) +
3549 		    md_size +
3550 		    EVP_CIPHER_iv_length(c));
3551 }
3552 
3553 
3554 unsigned int tls_capabilities(void *tls_ctx)
3555 {
3556 	return 0;
3557 }
3558 
3559 
3560 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
3561 /* Pre-shared secred requires a patch to openssl, so this function is
3562  * commented out unless explicitly needed for EAP-FAST in order to be able to
3563  * build this file with unmodified openssl. */
3564 
3565 #ifdef OPENSSL_IS_BORINGSSL
3566 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3567 			   STACK_OF(SSL_CIPHER) *peer_ciphers,
3568 			   const SSL_CIPHER **cipher, void *arg)
3569 #else /* OPENSSL_IS_BORINGSSL */
3570 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
3571 			   STACK_OF(SSL_CIPHER) *peer_ciphers,
3572 			   SSL_CIPHER **cipher, void *arg)
3573 #endif /* OPENSSL_IS_BORINGSSL */
3574 {
3575 	struct tls_connection *conn = arg;
3576 	int ret;
3577 
3578 	if (conn == NULL || conn->session_ticket_cb == NULL)
3579 		return 0;
3580 
3581 	ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
3582 				      conn->session_ticket,
3583 				      conn->session_ticket_len,
3584 				      s->s3->client_random,
3585 				      s->s3->server_random, secret);
3586 	os_free(conn->session_ticket);
3587 	conn->session_ticket = NULL;
3588 
3589 	if (ret <= 0)
3590 		return 0;
3591 
3592 	*secret_len = SSL_MAX_MASTER_KEY_LENGTH;
3593 	return 1;
3594 }
3595 
3596 
3597 static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data,
3598 				     int len, void *arg)
3599 {
3600 	struct tls_connection *conn = arg;
3601 
3602 	if (conn == NULL || conn->session_ticket_cb == NULL)
3603 		return 0;
3604 
3605 	wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len);
3606 
3607 	os_free(conn->session_ticket);
3608 	conn->session_ticket = NULL;
3609 
3610 	wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket "
3611 		    "extension", data, len);
3612 
3613 	conn->session_ticket = os_malloc(len);
3614 	if (conn->session_ticket == NULL)
3615 		return 0;
3616 
3617 	os_memcpy(conn->session_ticket, data, len);
3618 	conn->session_ticket_len = len;
3619 
3620 	return 1;
3621 }
3622 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3623 
3624 
3625 int tls_connection_set_session_ticket_cb(void *tls_ctx,
3626 					 struct tls_connection *conn,
3627 					 tls_session_ticket_cb cb,
3628 					 void *ctx)
3629 {
3630 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
3631 	conn->session_ticket_cb = cb;
3632 	conn->session_ticket_cb_ctx = ctx;
3633 
3634 	if (cb) {
3635 		if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
3636 					      conn) != 1)
3637 			return -1;
3638 		SSL_set_session_ticket_ext_cb(conn->ssl,
3639 					      tls_session_ticket_ext_cb, conn);
3640 	} else {
3641 		if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
3642 			return -1;
3643 		SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
3644 	}
3645 
3646 	return 0;
3647 #else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3648 	return -1;
3649 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
3650 }
3651 
3652 
3653 int tls_get_library_version(char *buf, size_t buf_len)
3654 {
3655 	return os_snprintf(buf, buf_len, "OpenSSL build=%s run=%s",
3656 			   OPENSSL_VERSION_TEXT,
3657 			   SSLeay_version(SSLEAY_VERSION));
3658 }
3659