1 /* 2 * SSL/TLS interface functions for OpenSSL 3 * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #ifndef CONFIG_SMARTCARD 12 #ifndef OPENSSL_NO_ENGINE 13 #ifndef ANDROID 14 #define OPENSSL_NO_ENGINE 15 #endif 16 #endif 17 #endif 18 19 #include <openssl/ssl.h> 20 #include <openssl/err.h> 21 #include <openssl/pkcs12.h> 22 #include <openssl/x509v3.h> 23 #ifndef OPENSSL_NO_ENGINE 24 #include <openssl/engine.h> 25 #endif /* OPENSSL_NO_ENGINE */ 26 27 #include "common.h" 28 #include "crypto.h" 29 #include "tls.h" 30 31 #if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data) 32 #define OPENSSL_SUPPORTS_CTX_APP_DATA 33 #endif 34 35 #if OPENSSL_VERSION_NUMBER < 0x10000000L 36 /* ERR_remove_thread_state replaces ERR_remove_state and the latter is 37 * deprecated. However, OpenSSL 0.9.8 doesn't include 38 * ERR_remove_thread_state. */ 39 #define ERR_remove_thread_state(tid) ERR_remove_state(0) 40 #endif 41 42 #if defined(OPENSSL_IS_BORINGSSL) 43 /* stack_index_t is the return type of OpenSSL's sk_XXX_num() functions. */ 44 typedef size_t stack_index_t; 45 #else 46 typedef int stack_index_t; 47 #endif 48 49 #ifdef SSL_set_tlsext_status_type 50 #ifndef OPENSSL_NO_TLSEXT 51 #define HAVE_OCSP 52 #include <openssl/ocsp.h> 53 #endif /* OPENSSL_NO_TLSEXT */ 54 #endif /* SSL_set_tlsext_status_type */ 55 56 #ifdef ANDROID 57 #include <openssl/pem.h> 58 #include <keystore/keystore_get.h> 59 60 static BIO * BIO_from_keystore(const char *key) 61 { 62 BIO *bio = NULL; 63 uint8_t *value = NULL; 64 int length = keystore_get(key, strlen(key), &value); 65 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) 66 BIO_write(bio, value, length); 67 free(value); 68 return bio; 69 } 70 #endif /* ANDROID */ 71 72 static int tls_openssl_ref_count = 0; 73 74 struct tls_context { 75 void (*event_cb)(void *ctx, enum tls_event ev, 76 union tls_event_data *data); 77 void *cb_ctx; 78 int cert_in_cb; 79 char *ocsp_stapling_response; 80 }; 81 82 static struct tls_context *tls_global = NULL; 83 84 85 struct tls_connection { 86 struct tls_context *context; 87 SSL_CTX *ssl_ctx; 88 SSL *ssl; 89 BIO *ssl_in, *ssl_out; 90 #ifndef OPENSSL_NO_ENGINE 91 ENGINE *engine; /* functional reference to the engine */ 92 EVP_PKEY *private_key; /* the private key if using engine */ 93 #endif /* OPENSSL_NO_ENGINE */ 94 char *subject_match, *altsubject_match, *suffix_match, *domain_match; 95 int read_alerts, write_alerts, failed; 96 97 tls_session_ticket_cb session_ticket_cb; 98 void *session_ticket_cb_ctx; 99 100 /* SessionTicket received from OpenSSL hello_extension_cb (server) */ 101 u8 *session_ticket; 102 size_t session_ticket_len; 103 104 unsigned int ca_cert_verify:1; 105 unsigned int cert_probe:1; 106 unsigned int server_cert_only:1; 107 unsigned int invalid_hb_used:1; 108 109 u8 srv_cert_hash[32]; 110 111 unsigned int flags; 112 113 X509 *peer_cert; 114 X509 *peer_issuer; 115 X509 *peer_issuer_issuer; 116 }; 117 118 119 static struct tls_context * tls_context_new(const struct tls_config *conf) 120 { 121 struct tls_context *context = os_zalloc(sizeof(*context)); 122 if (context == NULL) 123 return NULL; 124 if (conf) { 125 context->event_cb = conf->event_cb; 126 context->cb_ctx = conf->cb_ctx; 127 context->cert_in_cb = conf->cert_in_cb; 128 } 129 return context; 130 } 131 132 133 #ifdef CONFIG_NO_STDOUT_DEBUG 134 135 static void _tls_show_errors(void) 136 { 137 unsigned long err; 138 139 while ((err = ERR_get_error())) { 140 /* Just ignore the errors, since stdout is disabled */ 141 } 142 } 143 #define tls_show_errors(l, f, t) _tls_show_errors() 144 145 #else /* CONFIG_NO_STDOUT_DEBUG */ 146 147 static void tls_show_errors(int level, const char *func, const char *txt) 148 { 149 unsigned long err; 150 151 wpa_printf(level, "OpenSSL: %s - %s %s", 152 func, txt, ERR_error_string(ERR_get_error(), NULL)); 153 154 while ((err = ERR_get_error())) { 155 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 156 ERR_error_string(err, NULL)); 157 } 158 } 159 160 #endif /* CONFIG_NO_STDOUT_DEBUG */ 161 162 163 #ifdef CONFIG_NATIVE_WINDOWS 164 165 /* Windows CryptoAPI and access to certificate stores */ 166 #include <wincrypt.h> 167 168 #ifdef __MINGW32_VERSION 169 /* 170 * MinGW does not yet include all the needed definitions for CryptoAPI, so 171 * define here whatever extra is needed. 172 */ 173 #define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16) 174 #define CERT_STORE_READONLY_FLAG 0x00008000 175 #define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 176 177 #endif /* __MINGW32_VERSION */ 178 179 180 struct cryptoapi_rsa_data { 181 const CERT_CONTEXT *cert; 182 HCRYPTPROV crypt_prov; 183 DWORD key_spec; 184 BOOL free_crypt_prov; 185 }; 186 187 188 static void cryptoapi_error(const char *msg) 189 { 190 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u", 191 msg, (unsigned int) GetLastError()); 192 } 193 194 195 static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from, 196 unsigned char *to, RSA *rsa, int padding) 197 { 198 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 199 return 0; 200 } 201 202 203 static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from, 204 unsigned char *to, RSA *rsa, int padding) 205 { 206 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 207 return 0; 208 } 209 210 211 static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from, 212 unsigned char *to, RSA *rsa, int padding) 213 { 214 struct cryptoapi_rsa_data *priv = 215 (struct cryptoapi_rsa_data *) rsa->meth->app_data; 216 HCRYPTHASH hash; 217 DWORD hash_size, len, i; 218 unsigned char *buf = NULL; 219 int ret = 0; 220 221 if (priv == NULL) { 222 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 223 ERR_R_PASSED_NULL_PARAMETER); 224 return 0; 225 } 226 227 if (padding != RSA_PKCS1_PADDING) { 228 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 229 RSA_R_UNKNOWN_PADDING_TYPE); 230 return 0; 231 } 232 233 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) { 234 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported", 235 __func__); 236 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 237 RSA_R_INVALID_MESSAGE_LENGTH); 238 return 0; 239 } 240 241 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash)) 242 { 243 cryptoapi_error("CryptCreateHash failed"); 244 return 0; 245 } 246 247 len = sizeof(hash_size); 248 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len, 249 0)) { 250 cryptoapi_error("CryptGetHashParam failed"); 251 goto err; 252 } 253 254 if ((int) hash_size != flen) { 255 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)", 256 (unsigned) hash_size, flen); 257 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 258 RSA_R_INVALID_MESSAGE_LENGTH); 259 goto err; 260 } 261 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) { 262 cryptoapi_error("CryptSetHashParam failed"); 263 goto err; 264 } 265 266 len = RSA_size(rsa); 267 buf = os_malloc(len); 268 if (buf == NULL) { 269 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 270 goto err; 271 } 272 273 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) { 274 cryptoapi_error("CryptSignHash failed"); 275 goto err; 276 } 277 278 for (i = 0; i < len; i++) 279 to[i] = buf[len - i - 1]; 280 ret = len; 281 282 err: 283 os_free(buf); 284 CryptDestroyHash(hash); 285 286 return ret; 287 } 288 289 290 static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from, 291 unsigned char *to, RSA *rsa, int padding) 292 { 293 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 294 return 0; 295 } 296 297 298 static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv) 299 { 300 if (priv == NULL) 301 return; 302 if (priv->crypt_prov && priv->free_crypt_prov) 303 CryptReleaseContext(priv->crypt_prov, 0); 304 if (priv->cert) 305 CertFreeCertificateContext(priv->cert); 306 os_free(priv); 307 } 308 309 310 static int cryptoapi_finish(RSA *rsa) 311 { 312 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data); 313 os_free((void *) rsa->meth); 314 rsa->meth = NULL; 315 return 1; 316 } 317 318 319 static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store) 320 { 321 HCERTSTORE cs; 322 const CERT_CONTEXT *ret = NULL; 323 324 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0, 325 store | CERT_STORE_OPEN_EXISTING_FLAG | 326 CERT_STORE_READONLY_FLAG, L"MY"); 327 if (cs == NULL) { 328 cryptoapi_error("Failed to open 'My system store'"); 329 return NULL; 330 } 331 332 if (strncmp(name, "cert://", 7) == 0) { 333 unsigned short wbuf[255]; 334 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255); 335 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING | 336 PKCS_7_ASN_ENCODING, 337 0, CERT_FIND_SUBJECT_STR, 338 wbuf, NULL); 339 } else if (strncmp(name, "hash://", 7) == 0) { 340 CRYPT_HASH_BLOB blob; 341 int len; 342 const char *hash = name + 7; 343 unsigned char *buf; 344 345 len = os_strlen(hash) / 2; 346 buf = os_malloc(len); 347 if (buf && hexstr2bin(hash, buf, len) == 0) { 348 blob.cbData = len; 349 blob.pbData = buf; 350 ret = CertFindCertificateInStore(cs, 351 X509_ASN_ENCODING | 352 PKCS_7_ASN_ENCODING, 353 0, CERT_FIND_HASH, 354 &blob, NULL); 355 } 356 os_free(buf); 357 } 358 359 CertCloseStore(cs, 0); 360 361 return ret; 362 } 363 364 365 static int tls_cryptoapi_cert(SSL *ssl, const char *name) 366 { 367 X509 *cert = NULL; 368 RSA *rsa = NULL, *pub_rsa; 369 struct cryptoapi_rsa_data *priv; 370 RSA_METHOD *rsa_meth; 371 372 if (name == NULL || 373 (strncmp(name, "cert://", 7) != 0 && 374 strncmp(name, "hash://", 7) != 0)) 375 return -1; 376 377 priv = os_zalloc(sizeof(*priv)); 378 rsa_meth = os_zalloc(sizeof(*rsa_meth)); 379 if (priv == NULL || rsa_meth == NULL) { 380 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory " 381 "for CryptoAPI RSA method"); 382 os_free(priv); 383 os_free(rsa_meth); 384 return -1; 385 } 386 387 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER); 388 if (priv->cert == NULL) { 389 priv->cert = cryptoapi_find_cert( 390 name, CERT_SYSTEM_STORE_LOCAL_MACHINE); 391 } 392 if (priv->cert == NULL) { 393 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate " 394 "'%s'", name); 395 goto err; 396 } 397 398 cert = d2i_X509(NULL, 399 (const unsigned char **) &priv->cert->pbCertEncoded, 400 priv->cert->cbCertEncoded); 401 if (cert == NULL) { 402 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER " 403 "encoding"); 404 goto err; 405 } 406 407 if (!CryptAcquireCertificatePrivateKey(priv->cert, 408 CRYPT_ACQUIRE_COMPARE_KEY_FLAG, 409 NULL, &priv->crypt_prov, 410 &priv->key_spec, 411 &priv->free_crypt_prov)) { 412 cryptoapi_error("Failed to acquire a private key for the " 413 "certificate"); 414 goto err; 415 } 416 417 rsa_meth->name = "Microsoft CryptoAPI RSA Method"; 418 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc; 419 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec; 420 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc; 421 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec; 422 rsa_meth->finish = cryptoapi_finish; 423 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; 424 rsa_meth->app_data = (char *) priv; 425 426 rsa = RSA_new(); 427 if (rsa == NULL) { 428 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 429 ERR_R_MALLOC_FAILURE); 430 goto err; 431 } 432 433 if (!SSL_use_certificate(ssl, cert)) { 434 RSA_free(rsa); 435 rsa = NULL; 436 goto err; 437 } 438 pub_rsa = cert->cert_info->key->pkey->pkey.rsa; 439 X509_free(cert); 440 cert = NULL; 441 442 rsa->n = BN_dup(pub_rsa->n); 443 rsa->e = BN_dup(pub_rsa->e); 444 if (!RSA_set_method(rsa, rsa_meth)) 445 goto err; 446 447 if (!SSL_use_RSAPrivateKey(ssl, rsa)) 448 goto err; 449 RSA_free(rsa); 450 451 return 0; 452 453 err: 454 if (cert) 455 X509_free(cert); 456 if (rsa) 457 RSA_free(rsa); 458 else { 459 os_free(rsa_meth); 460 cryptoapi_free_data(priv); 461 } 462 return -1; 463 } 464 465 466 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name) 467 { 468 HCERTSTORE cs; 469 PCCERT_CONTEXT ctx = NULL; 470 X509 *cert; 471 char buf[128]; 472 const char *store; 473 #ifdef UNICODE 474 WCHAR *wstore; 475 #endif /* UNICODE */ 476 477 if (name == NULL || strncmp(name, "cert_store://", 13) != 0) 478 return -1; 479 480 store = name + 13; 481 #ifdef UNICODE 482 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR)); 483 if (wstore == NULL) 484 return -1; 485 wsprintf(wstore, L"%S", store); 486 cs = CertOpenSystemStore(0, wstore); 487 os_free(wstore); 488 #else /* UNICODE */ 489 cs = CertOpenSystemStore(0, store); 490 #endif /* UNICODE */ 491 if (cs == NULL) { 492 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store " 493 "'%s': error=%d", __func__, store, 494 (int) GetLastError()); 495 return -1; 496 } 497 498 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) { 499 cert = d2i_X509(NULL, 500 (const unsigned char **) &ctx->pbCertEncoded, 501 ctx->cbCertEncoded); 502 if (cert == NULL) { 503 wpa_printf(MSG_INFO, "CryptoAPI: Could not process " 504 "X509 DER encoding for CA cert"); 505 continue; 506 } 507 508 X509_NAME_oneline(X509_get_subject_name(cert), buf, 509 sizeof(buf)); 510 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for " 511 "system certificate store: subject='%s'", buf); 512 513 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 514 tls_show_errors(MSG_WARNING, __func__, 515 "Failed to add ca_cert to OpenSSL " 516 "certificate store"); 517 } 518 519 X509_free(cert); 520 } 521 522 if (!CertCloseStore(cs, 0)) { 523 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store " 524 "'%s': error=%d", __func__, name + 13, 525 (int) GetLastError()); 526 } 527 528 return 0; 529 } 530 531 532 #else /* CONFIG_NATIVE_WINDOWS */ 533 534 static int tls_cryptoapi_cert(SSL *ssl, const char *name) 535 { 536 return -1; 537 } 538 539 #endif /* CONFIG_NATIVE_WINDOWS */ 540 541 542 static void ssl_info_cb(const SSL *ssl, int where, int ret) 543 { 544 const char *str; 545 int w; 546 547 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret); 548 w = where & ~SSL_ST_MASK; 549 if (w & SSL_ST_CONNECT) 550 str = "SSL_connect"; 551 else if (w & SSL_ST_ACCEPT) 552 str = "SSL_accept"; 553 else 554 str = "undefined"; 555 556 if (where & SSL_CB_LOOP) { 557 wpa_printf(MSG_DEBUG, "SSL: %s:%s", 558 str, SSL_state_string_long(ssl)); 559 } else if (where & SSL_CB_ALERT) { 560 struct tls_connection *conn = SSL_get_app_data((SSL *) ssl); 561 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s", 562 where & SSL_CB_READ ? 563 "read (remote end reported an error)" : 564 "write (local SSL3 detected an error)", 565 SSL_alert_type_string_long(ret), 566 SSL_alert_desc_string_long(ret)); 567 if ((ret >> 8) == SSL3_AL_FATAL) { 568 if (where & SSL_CB_READ) 569 conn->read_alerts++; 570 else 571 conn->write_alerts++; 572 } 573 if (conn->context->event_cb != NULL) { 574 union tls_event_data ev; 575 struct tls_context *context = conn->context; 576 os_memset(&ev, 0, sizeof(ev)); 577 ev.alert.is_local = !(where & SSL_CB_READ); 578 ev.alert.type = SSL_alert_type_string_long(ret); 579 ev.alert.description = SSL_alert_desc_string_long(ret); 580 context->event_cb(context->cb_ctx, TLS_ALERT, &ev); 581 } 582 } else if (where & SSL_CB_EXIT && ret <= 0) { 583 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", 584 str, ret == 0 ? "failed" : "error", 585 SSL_state_string_long(ssl)); 586 } 587 } 588 589 590 #ifndef OPENSSL_NO_ENGINE 591 /** 592 * tls_engine_load_dynamic_generic - load any openssl engine 593 * @pre: an array of commands and values that load an engine initialized 594 * in the engine specific function 595 * @post: an array of commands and values that initialize an already loaded 596 * engine (or %NULL if not required) 597 * @id: the engine id of the engine to load (only required if post is not %NULL 598 * 599 * This function is a generic function that loads any openssl engine. 600 * 601 * Returns: 0 on success, -1 on failure 602 */ 603 static int tls_engine_load_dynamic_generic(const char *pre[], 604 const char *post[], const char *id) 605 { 606 ENGINE *engine; 607 const char *dynamic_id = "dynamic"; 608 609 engine = ENGINE_by_id(id); 610 if (engine) { 611 ENGINE_free(engine); 612 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " 613 "available", id); 614 return 0; 615 } 616 ERR_clear_error(); 617 618 engine = ENGINE_by_id(dynamic_id); 619 if (engine == NULL) { 620 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 621 dynamic_id, 622 ERR_error_string(ERR_get_error(), NULL)); 623 return -1; 624 } 625 626 /* Perform the pre commands. This will load the engine. */ 627 while (pre && pre[0]) { 628 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]); 629 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) { 630 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: " 631 "%s %s [%s]", pre[0], pre[1], 632 ERR_error_string(ERR_get_error(), NULL)); 633 ENGINE_free(engine); 634 return -1; 635 } 636 pre += 2; 637 } 638 639 /* 640 * Free the reference to the "dynamic" engine. The loaded engine can 641 * now be looked up using ENGINE_by_id(). 642 */ 643 ENGINE_free(engine); 644 645 engine = ENGINE_by_id(id); 646 if (engine == NULL) { 647 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 648 id, ERR_error_string(ERR_get_error(), NULL)); 649 return -1; 650 } 651 652 while (post && post[0]) { 653 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]); 654 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) { 655 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:" 656 " %s %s [%s]", post[0], post[1], 657 ERR_error_string(ERR_get_error(), NULL)); 658 ENGINE_remove(engine); 659 ENGINE_free(engine); 660 return -1; 661 } 662 post += 2; 663 } 664 ENGINE_free(engine); 665 666 return 0; 667 } 668 669 670 /** 671 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc 672 * @pkcs11_so_path: pksc11_so_path from the configuration 673 * @pcks11_module_path: pkcs11_module_path from the configuration 674 */ 675 static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, 676 const char *pkcs11_module_path) 677 { 678 char *engine_id = "pkcs11"; 679 const char *pre_cmd[] = { 680 "SO_PATH", NULL /* pkcs11_so_path */, 681 "ID", NULL /* engine_id */, 682 "LIST_ADD", "1", 683 /* "NO_VCHECK", "1", */ 684 "LOAD", NULL, 685 NULL, NULL 686 }; 687 const char *post_cmd[] = { 688 "MODULE_PATH", NULL /* pkcs11_module_path */, 689 NULL, NULL 690 }; 691 692 if (!pkcs11_so_path) 693 return 0; 694 695 pre_cmd[1] = pkcs11_so_path; 696 pre_cmd[3] = engine_id; 697 if (pkcs11_module_path) 698 post_cmd[1] = pkcs11_module_path; 699 else 700 post_cmd[0] = NULL; 701 702 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", 703 pkcs11_so_path); 704 705 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id); 706 } 707 708 709 /** 710 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc 711 * @opensc_so_path: opensc_so_path from the configuration 712 */ 713 static int tls_engine_load_dynamic_opensc(const char *opensc_so_path) 714 { 715 char *engine_id = "opensc"; 716 const char *pre_cmd[] = { 717 "SO_PATH", NULL /* opensc_so_path */, 718 "ID", NULL /* engine_id */, 719 "LIST_ADD", "1", 720 "LOAD", NULL, 721 NULL, NULL 722 }; 723 724 if (!opensc_so_path) 725 return 0; 726 727 pre_cmd[1] = opensc_so_path; 728 pre_cmd[3] = engine_id; 729 730 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s", 731 opensc_so_path); 732 733 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); 734 } 735 #endif /* OPENSSL_NO_ENGINE */ 736 737 738 void * tls_init(const struct tls_config *conf) 739 { 740 SSL_CTX *ssl; 741 struct tls_context *context; 742 const char *ciphers; 743 744 if (tls_openssl_ref_count == 0) { 745 tls_global = context = tls_context_new(conf); 746 if (context == NULL) 747 return NULL; 748 #ifdef CONFIG_FIPS 749 #ifdef OPENSSL_FIPS 750 if (conf && conf->fips_mode) { 751 if (!FIPS_mode_set(1)) { 752 wpa_printf(MSG_ERROR, "Failed to enable FIPS " 753 "mode"); 754 ERR_load_crypto_strings(); 755 ERR_print_errors_fp(stderr); 756 os_free(tls_global); 757 tls_global = NULL; 758 return NULL; 759 } else 760 wpa_printf(MSG_INFO, "Running in FIPS mode"); 761 } 762 #else /* OPENSSL_FIPS */ 763 if (conf && conf->fips_mode) { 764 wpa_printf(MSG_ERROR, "FIPS mode requested, but not " 765 "supported"); 766 os_free(tls_global); 767 tls_global = NULL; 768 return NULL; 769 } 770 #endif /* OPENSSL_FIPS */ 771 #endif /* CONFIG_FIPS */ 772 SSL_load_error_strings(); 773 SSL_library_init(); 774 #ifndef OPENSSL_NO_SHA256 775 EVP_add_digest(EVP_sha256()); 776 #endif /* OPENSSL_NO_SHA256 */ 777 /* TODO: if /dev/urandom is available, PRNG is seeded 778 * automatically. If this is not the case, random data should 779 * be added here. */ 780 781 #ifdef PKCS12_FUNCS 782 #ifndef OPENSSL_NO_RC2 783 /* 784 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it. 785 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8 786 * versions, but it looks like OpenSSL 1.0.0 does not do that 787 * anymore. 788 */ 789 EVP_add_cipher(EVP_rc2_40_cbc()); 790 #endif /* OPENSSL_NO_RC2 */ 791 PKCS12_PBE_add(); 792 #endif /* PKCS12_FUNCS */ 793 } else { 794 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 795 /* Newer OpenSSL can store app-data per-SSL */ 796 context = tls_context_new(conf); 797 if (context == NULL) 798 return NULL; 799 #else /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 800 context = tls_global; 801 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 802 } 803 tls_openssl_ref_count++; 804 805 ssl = SSL_CTX_new(SSLv23_method()); 806 if (ssl == NULL) { 807 tls_openssl_ref_count--; 808 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 809 if (context != tls_global) 810 os_free(context); 811 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 812 if (tls_openssl_ref_count == 0) { 813 os_free(tls_global); 814 tls_global = NULL; 815 } 816 return NULL; 817 } 818 819 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2); 820 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3); 821 822 SSL_CTX_set_info_callback(ssl, ssl_info_cb); 823 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 824 SSL_CTX_set_app_data(ssl, context); 825 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 826 827 #ifndef OPENSSL_NO_ENGINE 828 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); 829 ERR_load_ENGINE_strings(); 830 ENGINE_load_dynamic(); 831 832 if (conf && 833 (conf->opensc_engine_path || conf->pkcs11_engine_path || 834 conf->pkcs11_module_path)) { 835 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || 836 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, 837 conf->pkcs11_module_path)) { 838 tls_deinit(ssl); 839 return NULL; 840 } 841 } 842 #endif /* OPENSSL_NO_ENGINE */ 843 844 if (conf && conf->openssl_ciphers) 845 ciphers = conf->openssl_ciphers; 846 else 847 ciphers = "DEFAULT:!EXP:!LOW"; 848 if (SSL_CTX_set_cipher_list(ssl, ciphers) != 1) { 849 wpa_printf(MSG_ERROR, 850 "OpenSSL: Failed to set cipher string '%s'", 851 ciphers); 852 tls_deinit(ssl); 853 return NULL; 854 } 855 856 return ssl; 857 } 858 859 860 void tls_deinit(void *ssl_ctx) 861 { 862 SSL_CTX *ssl = ssl_ctx; 863 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 864 struct tls_context *context = SSL_CTX_get_app_data(ssl); 865 if (context != tls_global) 866 os_free(context); 867 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 868 SSL_CTX_free(ssl); 869 870 tls_openssl_ref_count--; 871 if (tls_openssl_ref_count == 0) { 872 #ifndef OPENSSL_NO_ENGINE 873 ENGINE_cleanup(); 874 #endif /* OPENSSL_NO_ENGINE */ 875 CRYPTO_cleanup_all_ex_data(); 876 ERR_remove_thread_state(NULL); 877 ERR_free_strings(); 878 EVP_cleanup(); 879 os_free(tls_global->ocsp_stapling_response); 880 tls_global->ocsp_stapling_response = NULL; 881 os_free(tls_global); 882 tls_global = NULL; 883 } 884 } 885 886 887 static int tls_engine_init(struct tls_connection *conn, const char *engine_id, 888 const char *pin, const char *key_id, 889 const char *cert_id, const char *ca_cert_id) 890 { 891 #ifndef OPENSSL_NO_ENGINE 892 int ret = -1; 893 if (engine_id == NULL) { 894 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); 895 return -1; 896 } 897 898 ERR_clear_error(); 899 #ifdef ANDROID 900 ENGINE_load_dynamic(); 901 #endif 902 conn->engine = ENGINE_by_id(engine_id); 903 if (!conn->engine) { 904 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", 905 engine_id, ERR_error_string(ERR_get_error(), NULL)); 906 goto err; 907 } 908 if (ENGINE_init(conn->engine) != 1) { 909 wpa_printf(MSG_ERROR, "ENGINE: engine init failed " 910 "(engine: %s) [%s]", engine_id, 911 ERR_error_string(ERR_get_error(), NULL)); 912 goto err; 913 } 914 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); 915 916 #ifndef ANDROID 917 if (pin && ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { 918 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", 919 ERR_error_string(ERR_get_error(), NULL)); 920 goto err; 921 } 922 #endif 923 if (key_id) { 924 /* 925 * Ensure that the ENGINE does not attempt to use the OpenSSL 926 * UI system to obtain a PIN, if we didn't provide one. 927 */ 928 struct { 929 const void *password; 930 const char *prompt_info; 931 } key_cb = { "", NULL }; 932 933 /* load private key first in-case PIN is required for cert */ 934 conn->private_key = ENGINE_load_private_key(conn->engine, 935 key_id, NULL, 936 &key_cb); 937 if (!conn->private_key) { 938 wpa_printf(MSG_ERROR, 939 "ENGINE: cannot load private key with id '%s' [%s]", 940 key_id, 941 ERR_error_string(ERR_get_error(), NULL)); 942 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 943 goto err; 944 } 945 } 946 947 /* handle a certificate and/or CA certificate */ 948 if (cert_id || ca_cert_id) { 949 const char *cmd_name = "LOAD_CERT_CTRL"; 950 951 /* test if the engine supports a LOAD_CERT_CTRL */ 952 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME, 953 0, (void *)cmd_name, NULL)) { 954 wpa_printf(MSG_ERROR, "ENGINE: engine does not support" 955 " loading certificates"); 956 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 957 goto err; 958 } 959 } 960 961 return 0; 962 963 err: 964 if (conn->engine) { 965 ENGINE_free(conn->engine); 966 conn->engine = NULL; 967 } 968 969 if (conn->private_key) { 970 EVP_PKEY_free(conn->private_key); 971 conn->private_key = NULL; 972 } 973 974 return ret; 975 #else /* OPENSSL_NO_ENGINE */ 976 return 0; 977 #endif /* OPENSSL_NO_ENGINE */ 978 } 979 980 981 static void tls_engine_deinit(struct tls_connection *conn) 982 { 983 #ifndef OPENSSL_NO_ENGINE 984 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit"); 985 if (conn->private_key) { 986 EVP_PKEY_free(conn->private_key); 987 conn->private_key = NULL; 988 } 989 if (conn->engine) { 990 ENGINE_finish(conn->engine); 991 conn->engine = NULL; 992 } 993 #endif /* OPENSSL_NO_ENGINE */ 994 } 995 996 997 int tls_get_errors(void *ssl_ctx) 998 { 999 int count = 0; 1000 unsigned long err; 1001 1002 while ((err = ERR_get_error())) { 1003 wpa_printf(MSG_INFO, "TLS - SSL error: %s", 1004 ERR_error_string(err, NULL)); 1005 count++; 1006 } 1007 1008 return count; 1009 } 1010 1011 1012 static void tls_msg_cb(int write_p, int version, int content_type, 1013 const void *buf, size_t len, SSL *ssl, void *arg) 1014 { 1015 struct tls_connection *conn = arg; 1016 const u8 *pos = buf; 1017 1018 wpa_printf(MSG_DEBUG, "OpenSSL: %s ver=0x%x content_type=%d", 1019 write_p ? "TX" : "RX", version, content_type); 1020 wpa_hexdump_key(MSG_MSGDUMP, "OpenSSL: Message", buf, len); 1021 if (content_type == 24 && len >= 3 && pos[0] == 1) { 1022 size_t payload_len = WPA_GET_BE16(pos + 1); 1023 if (payload_len + 3 > len) { 1024 wpa_printf(MSG_ERROR, "OpenSSL: Heartbeat attack detected"); 1025 conn->invalid_hb_used = 1; 1026 } 1027 } 1028 } 1029 1030 1031 struct tls_connection * tls_connection_init(void *ssl_ctx) 1032 { 1033 SSL_CTX *ssl = ssl_ctx; 1034 struct tls_connection *conn; 1035 long options; 1036 #ifdef OPENSSL_SUPPORTS_CTX_APP_DATA 1037 struct tls_context *context = SSL_CTX_get_app_data(ssl); 1038 #else /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 1039 struct tls_context *context = tls_global; 1040 #endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */ 1041 1042 conn = os_zalloc(sizeof(*conn)); 1043 if (conn == NULL) 1044 return NULL; 1045 conn->ssl_ctx = ssl_ctx; 1046 conn->ssl = SSL_new(ssl); 1047 if (conn->ssl == NULL) { 1048 tls_show_errors(MSG_INFO, __func__, 1049 "Failed to initialize new SSL connection"); 1050 os_free(conn); 1051 return NULL; 1052 } 1053 1054 conn->context = context; 1055 SSL_set_app_data(conn->ssl, conn); 1056 SSL_set_msg_callback(conn->ssl, tls_msg_cb); 1057 SSL_set_msg_callback_arg(conn->ssl, conn); 1058 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 1059 SSL_OP_SINGLE_DH_USE; 1060 #ifdef SSL_OP_NO_COMPRESSION 1061 options |= SSL_OP_NO_COMPRESSION; 1062 #endif /* SSL_OP_NO_COMPRESSION */ 1063 SSL_set_options(conn->ssl, options); 1064 1065 conn->ssl_in = BIO_new(BIO_s_mem()); 1066 if (!conn->ssl_in) { 1067 tls_show_errors(MSG_INFO, __func__, 1068 "Failed to create a new BIO for ssl_in"); 1069 SSL_free(conn->ssl); 1070 os_free(conn); 1071 return NULL; 1072 } 1073 1074 conn->ssl_out = BIO_new(BIO_s_mem()); 1075 if (!conn->ssl_out) { 1076 tls_show_errors(MSG_INFO, __func__, 1077 "Failed to create a new BIO for ssl_out"); 1078 SSL_free(conn->ssl); 1079 BIO_free(conn->ssl_in); 1080 os_free(conn); 1081 return NULL; 1082 } 1083 1084 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out); 1085 1086 return conn; 1087 } 1088 1089 1090 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) 1091 { 1092 if (conn == NULL) 1093 return; 1094 SSL_free(conn->ssl); 1095 tls_engine_deinit(conn); 1096 os_free(conn->subject_match); 1097 os_free(conn->altsubject_match); 1098 os_free(conn->suffix_match); 1099 os_free(conn->domain_match); 1100 os_free(conn->session_ticket); 1101 os_free(conn); 1102 } 1103 1104 1105 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) 1106 { 1107 return conn ? SSL_is_init_finished(conn->ssl) : 0; 1108 } 1109 1110 1111 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) 1112 { 1113 if (conn == NULL) 1114 return -1; 1115 1116 /* Shutdown previous TLS connection without notifying the peer 1117 * because the connection was already terminated in practice 1118 * and "close notify" shutdown alert would confuse AS. */ 1119 SSL_set_quiet_shutdown(conn->ssl, 1); 1120 SSL_shutdown(conn->ssl); 1121 return 0; 1122 } 1123 1124 1125 static int tls_match_altsubject_component(X509 *cert, int type, 1126 const char *value, size_t len) 1127 { 1128 GENERAL_NAME *gen; 1129 void *ext; 1130 int found = 0; 1131 stack_index_t i; 1132 1133 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 1134 1135 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 1136 gen = sk_GENERAL_NAME_value(ext, i); 1137 if (gen->type != type) 1138 continue; 1139 if (os_strlen((char *) gen->d.ia5->data) == len && 1140 os_memcmp(value, gen->d.ia5->data, len) == 0) 1141 found++; 1142 } 1143 1144 return found; 1145 } 1146 1147 1148 static int tls_match_altsubject(X509 *cert, const char *match) 1149 { 1150 int type; 1151 const char *pos, *end; 1152 size_t len; 1153 1154 pos = match; 1155 do { 1156 if (os_strncmp(pos, "EMAIL:", 6) == 0) { 1157 type = GEN_EMAIL; 1158 pos += 6; 1159 } else if (os_strncmp(pos, "DNS:", 4) == 0) { 1160 type = GEN_DNS; 1161 pos += 4; 1162 } else if (os_strncmp(pos, "URI:", 4) == 0) { 1163 type = GEN_URI; 1164 pos += 4; 1165 } else { 1166 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " 1167 "match '%s'", pos); 1168 return 0; 1169 } 1170 end = os_strchr(pos, ';'); 1171 while (end) { 1172 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || 1173 os_strncmp(end + 1, "DNS:", 4) == 0 || 1174 os_strncmp(end + 1, "URI:", 4) == 0) 1175 break; 1176 end = os_strchr(end + 1, ';'); 1177 } 1178 if (end) 1179 len = end - pos; 1180 else 1181 len = os_strlen(pos); 1182 if (tls_match_altsubject_component(cert, type, pos, len) > 0) 1183 return 1; 1184 pos = end + 1; 1185 } while (end); 1186 1187 return 0; 1188 } 1189 1190 1191 #ifndef CONFIG_NATIVE_WINDOWS 1192 static int domain_suffix_match(const u8 *val, size_t len, const char *match, 1193 int full) 1194 { 1195 size_t i, match_len; 1196 1197 /* Check for embedded nuls that could mess up suffix matching */ 1198 for (i = 0; i < len; i++) { 1199 if (val[i] == '\0') { 1200 wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject"); 1201 return 0; 1202 } 1203 } 1204 1205 match_len = os_strlen(match); 1206 if (match_len > len || (full && match_len != len)) 1207 return 0; 1208 1209 if (os_strncasecmp((const char *) val + len - match_len, match, 1210 match_len) != 0) 1211 return 0; /* no match */ 1212 1213 if (match_len == len) 1214 return 1; /* exact match */ 1215 1216 if (val[len - match_len - 1] == '.') 1217 return 1; /* full label match completes suffix match */ 1218 1219 wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match"); 1220 return 0; 1221 } 1222 #endif /* CONFIG_NATIVE_WINDOWS */ 1223 1224 1225 static int tls_match_suffix(X509 *cert, const char *match, int full) 1226 { 1227 #ifdef CONFIG_NATIVE_WINDOWS 1228 /* wincrypt.h has conflicting X509_NAME definition */ 1229 return -1; 1230 #else /* CONFIG_NATIVE_WINDOWS */ 1231 GENERAL_NAME *gen; 1232 void *ext; 1233 int i; 1234 stack_index_t j; 1235 int dns_name = 0; 1236 X509_NAME *name; 1237 1238 wpa_printf(MSG_DEBUG, "TLS: Match domain against %s%s", 1239 full ? "": "suffix ", match); 1240 1241 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 1242 1243 for (j = 0; ext && j < sk_GENERAL_NAME_num(ext); j++) { 1244 gen = sk_GENERAL_NAME_value(ext, j); 1245 if (gen->type != GEN_DNS) 1246 continue; 1247 dns_name++; 1248 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName", 1249 gen->d.dNSName->data, 1250 gen->d.dNSName->length); 1251 if (domain_suffix_match(gen->d.dNSName->data, 1252 gen->d.dNSName->length, match, full) == 1253 1) { 1254 wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found", 1255 full ? "Match" : "Suffix match"); 1256 return 1; 1257 } 1258 } 1259 1260 if (dns_name) { 1261 wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched"); 1262 return 0; 1263 } 1264 1265 name = X509_get_subject_name(cert); 1266 i = -1; 1267 for (;;) { 1268 X509_NAME_ENTRY *e; 1269 ASN1_STRING *cn; 1270 1271 i = X509_NAME_get_index_by_NID(name, NID_commonName, i); 1272 if (i == -1) 1273 break; 1274 e = X509_NAME_get_entry(name, i); 1275 if (e == NULL) 1276 continue; 1277 cn = X509_NAME_ENTRY_get_data(e); 1278 if (cn == NULL) 1279 continue; 1280 wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName", 1281 cn->data, cn->length); 1282 if (domain_suffix_match(cn->data, cn->length, match, full) == 1) 1283 { 1284 wpa_printf(MSG_DEBUG, "TLS: %s in commonName found", 1285 full ? "Match" : "Suffix match"); 1286 return 1; 1287 } 1288 } 1289 1290 wpa_printf(MSG_DEBUG, "TLS: No CommonName %smatch found", 1291 full ? "": "suffix "); 1292 return 0; 1293 #endif /* CONFIG_NATIVE_WINDOWS */ 1294 } 1295 1296 1297 static enum tls_fail_reason openssl_tls_fail_reason(int err) 1298 { 1299 switch (err) { 1300 case X509_V_ERR_CERT_REVOKED: 1301 return TLS_FAIL_REVOKED; 1302 case X509_V_ERR_CERT_NOT_YET_VALID: 1303 case X509_V_ERR_CRL_NOT_YET_VALID: 1304 return TLS_FAIL_NOT_YET_VALID; 1305 case X509_V_ERR_CERT_HAS_EXPIRED: 1306 case X509_V_ERR_CRL_HAS_EXPIRED: 1307 return TLS_FAIL_EXPIRED; 1308 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 1309 case X509_V_ERR_UNABLE_TO_GET_CRL: 1310 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 1311 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 1312 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 1313 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1314 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 1315 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 1316 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 1317 case X509_V_ERR_INVALID_CA: 1318 return TLS_FAIL_UNTRUSTED; 1319 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 1320 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 1321 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 1322 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 1323 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 1324 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 1325 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 1326 case X509_V_ERR_CERT_UNTRUSTED: 1327 case X509_V_ERR_CERT_REJECTED: 1328 return TLS_FAIL_BAD_CERTIFICATE; 1329 default: 1330 return TLS_FAIL_UNSPECIFIED; 1331 } 1332 } 1333 1334 1335 static struct wpabuf * get_x509_cert(X509 *cert) 1336 { 1337 struct wpabuf *buf; 1338 u8 *tmp; 1339 1340 int cert_len = i2d_X509(cert, NULL); 1341 if (cert_len <= 0) 1342 return NULL; 1343 1344 buf = wpabuf_alloc(cert_len); 1345 if (buf == NULL) 1346 return NULL; 1347 1348 tmp = wpabuf_put(buf, cert_len); 1349 i2d_X509(cert, &tmp); 1350 return buf; 1351 } 1352 1353 1354 static void openssl_tls_fail_event(struct tls_connection *conn, 1355 X509 *err_cert, int err, int depth, 1356 const char *subject, const char *err_str, 1357 enum tls_fail_reason reason) 1358 { 1359 union tls_event_data ev; 1360 struct wpabuf *cert = NULL; 1361 struct tls_context *context = conn->context; 1362 1363 if (context->event_cb == NULL) 1364 return; 1365 1366 cert = get_x509_cert(err_cert); 1367 os_memset(&ev, 0, sizeof(ev)); 1368 ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ? 1369 reason : openssl_tls_fail_reason(err); 1370 ev.cert_fail.depth = depth; 1371 ev.cert_fail.subject = subject; 1372 ev.cert_fail.reason_txt = err_str; 1373 ev.cert_fail.cert = cert; 1374 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev); 1375 wpabuf_free(cert); 1376 } 1377 1378 1379 static void openssl_tls_cert_event(struct tls_connection *conn, 1380 X509 *err_cert, int depth, 1381 const char *subject) 1382 { 1383 struct wpabuf *cert = NULL; 1384 union tls_event_data ev; 1385 struct tls_context *context = conn->context; 1386 char *altsubject[TLS_MAX_ALT_SUBJECT]; 1387 int alt, num_altsubject = 0; 1388 GENERAL_NAME *gen; 1389 void *ext; 1390 stack_index_t i; 1391 #ifdef CONFIG_SHA256 1392 u8 hash[32]; 1393 #endif /* CONFIG_SHA256 */ 1394 1395 if (context->event_cb == NULL) 1396 return; 1397 1398 os_memset(&ev, 0, sizeof(ev)); 1399 if (conn->cert_probe || context->cert_in_cb) { 1400 cert = get_x509_cert(err_cert); 1401 ev.peer_cert.cert = cert; 1402 } 1403 #ifdef CONFIG_SHA256 1404 if (cert) { 1405 const u8 *addr[1]; 1406 size_t len[1]; 1407 addr[0] = wpabuf_head(cert); 1408 len[0] = wpabuf_len(cert); 1409 if (sha256_vector(1, addr, len, hash) == 0) { 1410 ev.peer_cert.hash = hash; 1411 ev.peer_cert.hash_len = sizeof(hash); 1412 } 1413 } 1414 #endif /* CONFIG_SHA256 */ 1415 ev.peer_cert.depth = depth; 1416 ev.peer_cert.subject = subject; 1417 1418 ext = X509_get_ext_d2i(err_cert, NID_subject_alt_name, NULL, NULL); 1419 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 1420 char *pos; 1421 1422 if (num_altsubject == TLS_MAX_ALT_SUBJECT) 1423 break; 1424 gen = sk_GENERAL_NAME_value(ext, i); 1425 if (gen->type != GEN_EMAIL && 1426 gen->type != GEN_DNS && 1427 gen->type != GEN_URI) 1428 continue; 1429 1430 pos = os_malloc(10 + gen->d.ia5->length + 1); 1431 if (pos == NULL) 1432 break; 1433 altsubject[num_altsubject++] = pos; 1434 1435 switch (gen->type) { 1436 case GEN_EMAIL: 1437 os_memcpy(pos, "EMAIL:", 6); 1438 pos += 6; 1439 break; 1440 case GEN_DNS: 1441 os_memcpy(pos, "DNS:", 4); 1442 pos += 4; 1443 break; 1444 case GEN_URI: 1445 os_memcpy(pos, "URI:", 4); 1446 pos += 4; 1447 break; 1448 } 1449 1450 os_memcpy(pos, gen->d.ia5->data, gen->d.ia5->length); 1451 pos += gen->d.ia5->length; 1452 *pos = '\0'; 1453 } 1454 1455 for (alt = 0; alt < num_altsubject; alt++) 1456 ev.peer_cert.altsubject[alt] = altsubject[alt]; 1457 ev.peer_cert.num_altsubject = num_altsubject; 1458 1459 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev); 1460 wpabuf_free(cert); 1461 for (alt = 0; alt < num_altsubject; alt++) 1462 os_free(altsubject[alt]); 1463 } 1464 1465 1466 static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) 1467 { 1468 char buf[256]; 1469 X509 *err_cert; 1470 int err, depth; 1471 SSL *ssl; 1472 struct tls_connection *conn; 1473 struct tls_context *context; 1474 char *match, *altmatch, *suffix_match, *domain_match; 1475 const char *err_str; 1476 1477 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); 1478 if (!err_cert) 1479 return 0; 1480 1481 err = X509_STORE_CTX_get_error(x509_ctx); 1482 depth = X509_STORE_CTX_get_error_depth(x509_ctx); 1483 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 1484 SSL_get_ex_data_X509_STORE_CTX_idx()); 1485 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); 1486 1487 conn = SSL_get_app_data(ssl); 1488 if (conn == NULL) 1489 return 0; 1490 1491 if (depth == 0) 1492 conn->peer_cert = err_cert; 1493 else if (depth == 1) 1494 conn->peer_issuer = err_cert; 1495 else if (depth == 2) 1496 conn->peer_issuer_issuer = err_cert; 1497 1498 context = conn->context; 1499 match = conn->subject_match; 1500 altmatch = conn->altsubject_match; 1501 suffix_match = conn->suffix_match; 1502 domain_match = conn->domain_match; 1503 1504 if (!preverify_ok && !conn->ca_cert_verify) 1505 preverify_ok = 1; 1506 if (!preverify_ok && depth > 0 && conn->server_cert_only) 1507 preverify_ok = 1; 1508 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) && 1509 (err == X509_V_ERR_CERT_HAS_EXPIRED || 1510 err == X509_V_ERR_CERT_NOT_YET_VALID)) { 1511 wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity " 1512 "time mismatch"); 1513 preverify_ok = 1; 1514 } 1515 1516 err_str = X509_verify_cert_error_string(err); 1517 1518 #ifdef CONFIG_SHA256 1519 /* 1520 * Do not require preverify_ok so we can explicity allow otherwise 1521 * invalid pinned server certificates. 1522 */ 1523 if (depth == 0 && conn->server_cert_only) { 1524 struct wpabuf *cert; 1525 cert = get_x509_cert(err_cert); 1526 if (!cert) { 1527 wpa_printf(MSG_DEBUG, "OpenSSL: Could not fetch " 1528 "server certificate data"); 1529 preverify_ok = 0; 1530 } else { 1531 u8 hash[32]; 1532 const u8 *addr[1]; 1533 size_t len[1]; 1534 addr[0] = wpabuf_head(cert); 1535 len[0] = wpabuf_len(cert); 1536 if (sha256_vector(1, addr, len, hash) < 0 || 1537 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { 1538 err_str = "Server certificate mismatch"; 1539 err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 1540 preverify_ok = 0; 1541 } else if (!preverify_ok) { 1542 /* 1543 * Certificate matches pinned certificate, allow 1544 * regardless of other problems. 1545 */ 1546 wpa_printf(MSG_DEBUG, 1547 "OpenSSL: Ignore validation issues for a pinned server certificate"); 1548 preverify_ok = 1; 1549 } 1550 wpabuf_free(cert); 1551 } 1552 } 1553 #endif /* CONFIG_SHA256 */ 1554 1555 if (!preverify_ok) { 1556 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," 1557 " error %d (%s) depth %d for '%s'", err, err_str, 1558 depth, buf); 1559 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1560 err_str, TLS_FAIL_UNSPECIFIED); 1561 return preverify_ok; 1562 } 1563 1564 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d " 1565 "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", 1566 preverify_ok, err, err_str, 1567 conn->ca_cert_verify, depth, buf); 1568 if (depth == 0 && match && os_strstr(buf, match) == NULL) { 1569 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " 1570 "match with '%s'", buf, match); 1571 preverify_ok = 0; 1572 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1573 "Subject mismatch", 1574 TLS_FAIL_SUBJECT_MISMATCH); 1575 } else if (depth == 0 && altmatch && 1576 !tls_match_altsubject(err_cert, altmatch)) { 1577 wpa_printf(MSG_WARNING, "TLS: altSubjectName match " 1578 "'%s' not found", altmatch); 1579 preverify_ok = 0; 1580 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1581 "AltSubject mismatch", 1582 TLS_FAIL_ALTSUBJECT_MISMATCH); 1583 } else if (depth == 0 && suffix_match && 1584 !tls_match_suffix(err_cert, suffix_match, 0)) { 1585 wpa_printf(MSG_WARNING, "TLS: Domain suffix match '%s' not found", 1586 suffix_match); 1587 preverify_ok = 0; 1588 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1589 "Domain suffix mismatch", 1590 TLS_FAIL_DOMAIN_SUFFIX_MISMATCH); 1591 } else if (depth == 0 && domain_match && 1592 !tls_match_suffix(err_cert, domain_match, 1)) { 1593 wpa_printf(MSG_WARNING, "TLS: Domain match '%s' not found", 1594 domain_match); 1595 preverify_ok = 0; 1596 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1597 "Domain mismatch", 1598 TLS_FAIL_DOMAIN_MISMATCH); 1599 } else 1600 openssl_tls_cert_event(conn, err_cert, depth, buf); 1601 1602 if (conn->cert_probe && preverify_ok && depth == 0) { 1603 wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate " 1604 "on probe-only run"); 1605 preverify_ok = 0; 1606 openssl_tls_fail_event(conn, err_cert, err, depth, buf, 1607 "Server certificate chain probe", 1608 TLS_FAIL_SERVER_CHAIN_PROBE); 1609 } 1610 1611 if (preverify_ok && context->event_cb != NULL) 1612 context->event_cb(context->cb_ctx, 1613 TLS_CERT_CHAIN_SUCCESS, NULL); 1614 1615 return preverify_ok; 1616 } 1617 1618 1619 #ifndef OPENSSL_NO_STDIO 1620 static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert) 1621 { 1622 SSL_CTX *ssl_ctx = _ssl_ctx; 1623 X509_LOOKUP *lookup; 1624 int ret = 0; 1625 1626 lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(ssl_ctx), 1627 X509_LOOKUP_file()); 1628 if (lookup == NULL) { 1629 tls_show_errors(MSG_WARNING, __func__, 1630 "Failed add lookup for X509 store"); 1631 return -1; 1632 } 1633 1634 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) { 1635 unsigned long err = ERR_peek_error(); 1636 tls_show_errors(MSG_WARNING, __func__, 1637 "Failed load CA in DER format"); 1638 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1639 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1640 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1641 "cert already in hash table error", 1642 __func__); 1643 } else 1644 ret = -1; 1645 } 1646 1647 return ret; 1648 } 1649 #endif /* OPENSSL_NO_STDIO */ 1650 1651 1652 static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn, 1653 const char *ca_cert, const u8 *ca_cert_blob, 1654 size_t ca_cert_blob_len, const char *ca_path) 1655 { 1656 SSL_CTX *ssl_ctx = _ssl_ctx; 1657 X509_STORE *store; 1658 1659 /* 1660 * Remove previously configured trusted CA certificates before adding 1661 * new ones. 1662 */ 1663 store = X509_STORE_new(); 1664 if (store == NULL) { 1665 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1666 "certificate store", __func__); 1667 return -1; 1668 } 1669 SSL_CTX_set_cert_store(ssl_ctx, store); 1670 1671 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1672 conn->ca_cert_verify = 1; 1673 1674 if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) { 1675 wpa_printf(MSG_DEBUG, "OpenSSL: Probe for server certificate " 1676 "chain"); 1677 conn->cert_probe = 1; 1678 conn->ca_cert_verify = 0; 1679 return 0; 1680 } 1681 1682 if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) { 1683 #ifdef CONFIG_SHA256 1684 const char *pos = ca_cert + 7; 1685 if (os_strncmp(pos, "server/sha256/", 14) != 0) { 1686 wpa_printf(MSG_DEBUG, "OpenSSL: Unsupported ca_cert " 1687 "hash value '%s'", ca_cert); 1688 return -1; 1689 } 1690 pos += 14; 1691 if (os_strlen(pos) != 32 * 2) { 1692 wpa_printf(MSG_DEBUG, "OpenSSL: Unexpected SHA256 " 1693 "hash length in ca_cert '%s'", ca_cert); 1694 return -1; 1695 } 1696 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { 1697 wpa_printf(MSG_DEBUG, "OpenSSL: Invalid SHA256 hash " 1698 "value in ca_cert '%s'", ca_cert); 1699 return -1; 1700 } 1701 conn->server_cert_only = 1; 1702 wpa_printf(MSG_DEBUG, "OpenSSL: Checking only server " 1703 "certificate match"); 1704 return 0; 1705 #else /* CONFIG_SHA256 */ 1706 wpa_printf(MSG_INFO, "No SHA256 included in the build - " 1707 "cannot validate server certificate hash"); 1708 return -1; 1709 #endif /* CONFIG_SHA256 */ 1710 } 1711 1712 if (ca_cert_blob) { 1713 X509 *cert = d2i_X509(NULL, 1714 (const unsigned char **) &ca_cert_blob, 1715 ca_cert_blob_len); 1716 if (cert == NULL) { 1717 tls_show_errors(MSG_WARNING, __func__, 1718 "Failed to parse ca_cert_blob"); 1719 return -1; 1720 } 1721 1722 if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx), 1723 cert)) { 1724 unsigned long err = ERR_peek_error(); 1725 tls_show_errors(MSG_WARNING, __func__, 1726 "Failed to add ca_cert_blob to " 1727 "certificate store"); 1728 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1729 ERR_GET_REASON(err) == 1730 X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1731 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1732 "cert already in hash table error", 1733 __func__); 1734 } else { 1735 X509_free(cert); 1736 return -1; 1737 } 1738 } 1739 X509_free(cert); 1740 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob " 1741 "to certificate store", __func__); 1742 return 0; 1743 } 1744 1745 #ifdef ANDROID 1746 if (ca_cert && os_strncmp("keystore://", ca_cert, 11) == 0) { 1747 BIO *bio = BIO_from_keystore(&ca_cert[11]); 1748 STACK_OF(X509_INFO) *stack = NULL; 1749 stack_index_t i; 1750 1751 if (bio) { 1752 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 1753 BIO_free(bio); 1754 } 1755 if (!stack) 1756 return -1; 1757 1758 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 1759 X509_INFO *info = sk_X509_INFO_value(stack, i); 1760 if (info->x509) { 1761 X509_STORE_add_cert(ssl_ctx->cert_store, 1762 info->x509); 1763 } 1764 if (info->crl) { 1765 X509_STORE_add_crl(ssl_ctx->cert_store, 1766 info->crl); 1767 } 1768 } 1769 sk_X509_INFO_pop_free(stack, X509_INFO_free); 1770 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1771 return 0; 1772 } 1773 #endif /* ANDROID */ 1774 1775 #ifdef CONFIG_NATIVE_WINDOWS 1776 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) == 1777 0) { 1778 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from " 1779 "system certificate store"); 1780 return 0; 1781 } 1782 #endif /* CONFIG_NATIVE_WINDOWS */ 1783 1784 if (ca_cert || ca_path) { 1785 #ifndef OPENSSL_NO_STDIO 1786 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) != 1787 1) { 1788 tls_show_errors(MSG_WARNING, __func__, 1789 "Failed to load root certificates"); 1790 if (ca_cert && 1791 tls_load_ca_der(ssl_ctx, ca_cert) == 0) { 1792 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded " 1793 "DER format CA certificate", 1794 __func__); 1795 } else 1796 return -1; 1797 } else { 1798 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1799 "certificate(s) loaded"); 1800 tls_get_errors(ssl_ctx); 1801 } 1802 #else /* OPENSSL_NO_STDIO */ 1803 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1804 __func__); 1805 return -1; 1806 #endif /* OPENSSL_NO_STDIO */ 1807 } else { 1808 /* No ca_cert configured - do not try to verify server 1809 * certificate */ 1810 conn->ca_cert_verify = 0; 1811 } 1812 1813 return 0; 1814 } 1815 1816 1817 static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert) 1818 { 1819 if (ca_cert) { 1820 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1) 1821 { 1822 tls_show_errors(MSG_WARNING, __func__, 1823 "Failed to load root certificates"); 1824 return -1; 1825 } 1826 1827 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1828 "certificate(s) loaded"); 1829 1830 #ifndef OPENSSL_NO_STDIO 1831 /* Add the same CAs to the client certificate requests */ 1832 SSL_CTX_set_client_CA_list(ssl_ctx, 1833 SSL_load_client_CA_file(ca_cert)); 1834 #endif /* OPENSSL_NO_STDIO */ 1835 } 1836 1837 return 0; 1838 } 1839 1840 1841 int tls_global_set_verify(void *ssl_ctx, int check_crl) 1842 { 1843 int flags; 1844 1845 if (check_crl) { 1846 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx); 1847 if (cs == NULL) { 1848 tls_show_errors(MSG_INFO, __func__, "Failed to get " 1849 "certificate store when enabling " 1850 "check_crl"); 1851 return -1; 1852 } 1853 flags = X509_V_FLAG_CRL_CHECK; 1854 if (check_crl == 2) 1855 flags |= X509_V_FLAG_CRL_CHECK_ALL; 1856 X509_STORE_set_flags(cs, flags); 1857 } 1858 return 0; 1859 } 1860 1861 1862 static int tls_connection_set_subject_match(struct tls_connection *conn, 1863 const char *subject_match, 1864 const char *altsubject_match, 1865 const char *suffix_match, 1866 const char *domain_match) 1867 { 1868 os_free(conn->subject_match); 1869 conn->subject_match = NULL; 1870 if (subject_match) { 1871 conn->subject_match = os_strdup(subject_match); 1872 if (conn->subject_match == NULL) 1873 return -1; 1874 } 1875 1876 os_free(conn->altsubject_match); 1877 conn->altsubject_match = NULL; 1878 if (altsubject_match) { 1879 conn->altsubject_match = os_strdup(altsubject_match); 1880 if (conn->altsubject_match == NULL) 1881 return -1; 1882 } 1883 1884 os_free(conn->suffix_match); 1885 conn->suffix_match = NULL; 1886 if (suffix_match) { 1887 conn->suffix_match = os_strdup(suffix_match); 1888 if (conn->suffix_match == NULL) 1889 return -1; 1890 } 1891 1892 os_free(conn->domain_match); 1893 conn->domain_match = NULL; 1894 if (domain_match) { 1895 conn->domain_match = os_strdup(domain_match); 1896 if (conn->domain_match == NULL) 1897 return -1; 1898 } 1899 1900 return 0; 1901 } 1902 1903 1904 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, 1905 int verify_peer) 1906 { 1907 static int counter = 0; 1908 1909 if (conn == NULL) 1910 return -1; 1911 1912 if (verify_peer) { 1913 conn->ca_cert_verify = 1; 1914 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER | 1915 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1916 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb); 1917 } else { 1918 conn->ca_cert_verify = 0; 1919 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1920 } 1921 1922 SSL_set_accept_state(conn->ssl); 1923 1924 /* 1925 * Set session id context in order to avoid fatal errors when client 1926 * tries to resume a session. However, set the context to a unique 1927 * value in order to effectively disable session resumption for now 1928 * since not all areas of the server code are ready for it (e.g., 1929 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS 1930 * handshake). 1931 */ 1932 counter++; 1933 SSL_set_session_id_context(conn->ssl, 1934 (const unsigned char *) &counter, 1935 sizeof(counter)); 1936 1937 return 0; 1938 } 1939 1940 1941 static int tls_connection_client_cert(struct tls_connection *conn, 1942 const char *client_cert, 1943 const u8 *client_cert_blob, 1944 size_t client_cert_blob_len) 1945 { 1946 if (client_cert == NULL && client_cert_blob == NULL) 1947 return 0; 1948 1949 if (client_cert_blob && 1950 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob, 1951 client_cert_blob_len) == 1) { 1952 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> " 1953 "OK"); 1954 return 0; 1955 } else if (client_cert_blob) { 1956 tls_show_errors(MSG_DEBUG, __func__, 1957 "SSL_use_certificate_ASN1 failed"); 1958 } 1959 1960 if (client_cert == NULL) 1961 return -1; 1962 1963 #ifdef ANDROID 1964 if (os_strncmp("keystore://", client_cert, 11) == 0) { 1965 BIO *bio = BIO_from_keystore(&client_cert[11]); 1966 X509 *x509 = NULL; 1967 int ret = -1; 1968 if (bio) { 1969 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 1970 BIO_free(bio); 1971 } 1972 if (x509) { 1973 if (SSL_use_certificate(conn->ssl, x509) == 1) 1974 ret = 0; 1975 X509_free(x509); 1976 } 1977 return ret; 1978 } 1979 #endif /* ANDROID */ 1980 1981 #ifndef OPENSSL_NO_STDIO 1982 if (SSL_use_certificate_file(conn->ssl, client_cert, 1983 SSL_FILETYPE_ASN1) == 1) { 1984 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" 1985 " --> OK"); 1986 return 0; 1987 } 1988 1989 if (SSL_use_certificate_file(conn->ssl, client_cert, 1990 SSL_FILETYPE_PEM) == 1) { 1991 ERR_clear_error(); 1992 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" 1993 " --> OK"); 1994 return 0; 1995 } 1996 1997 tls_show_errors(MSG_DEBUG, __func__, 1998 "SSL_use_certificate_file failed"); 1999 #else /* OPENSSL_NO_STDIO */ 2000 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 2001 #endif /* OPENSSL_NO_STDIO */ 2002 2003 return -1; 2004 } 2005 2006 2007 static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) 2008 { 2009 #ifndef OPENSSL_NO_STDIO 2010 if (client_cert == NULL) 2011 return 0; 2012 2013 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 2014 SSL_FILETYPE_ASN1) != 1 && 2015 SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 && 2016 SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 2017 SSL_FILETYPE_PEM) != 1) { 2018 tls_show_errors(MSG_INFO, __func__, 2019 "Failed to load client certificate"); 2020 return -1; 2021 } 2022 return 0; 2023 #else /* OPENSSL_NO_STDIO */ 2024 if (client_cert == NULL) 2025 return 0; 2026 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 2027 return -1; 2028 #endif /* OPENSSL_NO_STDIO */ 2029 } 2030 2031 2032 static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) 2033 { 2034 if (password == NULL) { 2035 return 0; 2036 } 2037 os_strlcpy(buf, (char *) password, size); 2038 return os_strlen(buf); 2039 } 2040 2041 2042 #ifdef PKCS12_FUNCS 2043 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, 2044 const char *passwd) 2045 { 2046 EVP_PKEY *pkey; 2047 X509 *cert; 2048 STACK_OF(X509) *certs; 2049 int res = 0; 2050 char buf[256]; 2051 2052 pkey = NULL; 2053 cert = NULL; 2054 certs = NULL; 2055 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { 2056 tls_show_errors(MSG_DEBUG, __func__, 2057 "Failed to parse PKCS12 file"); 2058 PKCS12_free(p12); 2059 return -1; 2060 } 2061 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data"); 2062 2063 if (cert) { 2064 X509_NAME_oneline(X509_get_subject_name(cert), buf, 2065 sizeof(buf)); 2066 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: " 2067 "subject='%s'", buf); 2068 if (ssl) { 2069 if (SSL_use_certificate(ssl, cert) != 1) 2070 res = -1; 2071 } else { 2072 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1) 2073 res = -1; 2074 } 2075 X509_free(cert); 2076 } 2077 2078 if (pkey) { 2079 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12"); 2080 if (ssl) { 2081 if (SSL_use_PrivateKey(ssl, pkey) != 1) 2082 res = -1; 2083 } else { 2084 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) 2085 res = -1; 2086 } 2087 EVP_PKEY_free(pkey); 2088 } 2089 2090 if (certs) { 2091 while ((cert = sk_X509_pop(certs)) != NULL) { 2092 X509_NAME_oneline(X509_get_subject_name(cert), buf, 2093 sizeof(buf)); 2094 wpa_printf(MSG_DEBUG, "TLS: additional certificate" 2095 " from PKCS12: subject='%s'", buf); 2096 /* 2097 * There is no SSL equivalent for the chain cert - so 2098 * always add it to the context... 2099 */ 2100 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) { 2101 res = -1; 2102 break; 2103 } 2104 } 2105 sk_X509_free(certs); 2106 } 2107 2108 PKCS12_free(p12); 2109 2110 if (res < 0) 2111 tls_get_errors(ssl_ctx); 2112 2113 return res; 2114 } 2115 #endif /* PKCS12_FUNCS */ 2116 2117 2118 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key, 2119 const char *passwd) 2120 { 2121 #ifdef PKCS12_FUNCS 2122 FILE *f; 2123 PKCS12 *p12; 2124 2125 f = fopen(private_key, "rb"); 2126 if (f == NULL) 2127 return -1; 2128 2129 p12 = d2i_PKCS12_fp(f, NULL); 2130 fclose(f); 2131 2132 if (p12 == NULL) { 2133 tls_show_errors(MSG_INFO, __func__, 2134 "Failed to use PKCS#12 file"); 2135 return -1; 2136 } 2137 2138 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 2139 2140 #else /* PKCS12_FUNCS */ 2141 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read " 2142 "p12/pfx files"); 2143 return -1; 2144 #endif /* PKCS12_FUNCS */ 2145 } 2146 2147 2148 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl, 2149 const u8 *blob, size_t len, const char *passwd) 2150 { 2151 #ifdef PKCS12_FUNCS 2152 PKCS12 *p12; 2153 2154 p12 = d2i_PKCS12(NULL, (const unsigned char **) &blob, len); 2155 if (p12 == NULL) { 2156 tls_show_errors(MSG_INFO, __func__, 2157 "Failed to use PKCS#12 blob"); 2158 return -1; 2159 } 2160 2161 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 2162 2163 #else /* PKCS12_FUNCS */ 2164 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse " 2165 "p12/pfx blobs"); 2166 return -1; 2167 #endif /* PKCS12_FUNCS */ 2168 } 2169 2170 2171 #ifndef OPENSSL_NO_ENGINE 2172 static int tls_engine_get_cert(struct tls_connection *conn, 2173 const char *cert_id, 2174 X509 **cert) 2175 { 2176 /* this runs after the private key is loaded so no PIN is required */ 2177 struct { 2178 const char *cert_id; 2179 X509 *cert; 2180 } params; 2181 params.cert_id = cert_id; 2182 params.cert = NULL; 2183 2184 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL", 2185 0, ¶ms, NULL, 1)) { 2186 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id" 2187 " '%s' [%s]", cert_id, 2188 ERR_error_string(ERR_get_error(), NULL)); 2189 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 2190 } 2191 if (!params.cert) { 2192 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id" 2193 " '%s'", cert_id); 2194 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 2195 } 2196 *cert = params.cert; 2197 return 0; 2198 } 2199 #endif /* OPENSSL_NO_ENGINE */ 2200 2201 2202 static int tls_connection_engine_client_cert(struct tls_connection *conn, 2203 const char *cert_id) 2204 { 2205 #ifndef OPENSSL_NO_ENGINE 2206 X509 *cert; 2207 2208 if (tls_engine_get_cert(conn, cert_id, &cert)) 2209 return -1; 2210 2211 if (!SSL_use_certificate(conn->ssl, cert)) { 2212 tls_show_errors(MSG_ERROR, __func__, 2213 "SSL_use_certificate failed"); 2214 X509_free(cert); 2215 return -1; 2216 } 2217 X509_free(cert); 2218 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> " 2219 "OK"); 2220 return 0; 2221 2222 #else /* OPENSSL_NO_ENGINE */ 2223 return -1; 2224 #endif /* OPENSSL_NO_ENGINE */ 2225 } 2226 2227 2228 static int tls_connection_engine_ca_cert(void *_ssl_ctx, 2229 struct tls_connection *conn, 2230 const char *ca_cert_id) 2231 { 2232 #ifndef OPENSSL_NO_ENGINE 2233 X509 *cert; 2234 SSL_CTX *ssl_ctx = _ssl_ctx; 2235 X509_STORE *store; 2236 2237 if (tls_engine_get_cert(conn, ca_cert_id, &cert)) 2238 return -1; 2239 2240 /* start off the same as tls_connection_ca_cert */ 2241 store = X509_STORE_new(); 2242 if (store == NULL) { 2243 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 2244 "certificate store", __func__); 2245 X509_free(cert); 2246 return -1; 2247 } 2248 SSL_CTX_set_cert_store(ssl_ctx, store); 2249 if (!X509_STORE_add_cert(store, cert)) { 2250 unsigned long err = ERR_peek_error(); 2251 tls_show_errors(MSG_WARNING, __func__, 2252 "Failed to add CA certificate from engine " 2253 "to certificate store"); 2254 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 2255 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 2256 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert" 2257 " already in hash table error", 2258 __func__); 2259 } else { 2260 X509_free(cert); 2261 return -1; 2262 } 2263 } 2264 X509_free(cert); 2265 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine " 2266 "to certificate store", __func__); 2267 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 2268 conn->ca_cert_verify = 1; 2269 2270 return 0; 2271 2272 #else /* OPENSSL_NO_ENGINE */ 2273 return -1; 2274 #endif /* OPENSSL_NO_ENGINE */ 2275 } 2276 2277 2278 static int tls_connection_engine_private_key(struct tls_connection *conn) 2279 { 2280 #ifndef OPENSSL_NO_ENGINE 2281 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) { 2282 tls_show_errors(MSG_ERROR, __func__, 2283 "ENGINE: cannot use private key for TLS"); 2284 return -1; 2285 } 2286 if (!SSL_check_private_key(conn->ssl)) { 2287 tls_show_errors(MSG_INFO, __func__, 2288 "Private key failed verification"); 2289 return -1; 2290 } 2291 return 0; 2292 #else /* OPENSSL_NO_ENGINE */ 2293 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but " 2294 "engine support was not compiled in"); 2295 return -1; 2296 #endif /* OPENSSL_NO_ENGINE */ 2297 } 2298 2299 2300 static int tls_connection_private_key(void *_ssl_ctx, 2301 struct tls_connection *conn, 2302 const char *private_key, 2303 const char *private_key_passwd, 2304 const u8 *private_key_blob, 2305 size_t private_key_blob_len) 2306 { 2307 SSL_CTX *ssl_ctx = _ssl_ctx; 2308 char *passwd; 2309 int ok; 2310 2311 if (private_key == NULL && private_key_blob == NULL) 2312 return 0; 2313 2314 if (private_key_passwd) { 2315 passwd = os_strdup(private_key_passwd); 2316 if (passwd == NULL) 2317 return -1; 2318 } else 2319 passwd = NULL; 2320 2321 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2322 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2323 2324 ok = 0; 2325 while (private_key_blob) { 2326 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl, 2327 (u8 *) private_key_blob, 2328 private_key_blob_len) == 1) { 2329 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 2330 "ASN1(EVP_PKEY_RSA) --> OK"); 2331 ok = 1; 2332 break; 2333 } 2334 2335 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, 2336 (u8 *) private_key_blob, 2337 private_key_blob_len) == 1) { 2338 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 2339 "ASN1(EVP_PKEY_DSA) --> OK"); 2340 ok = 1; 2341 break; 2342 } 2343 2344 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, 2345 (u8 *) private_key_blob, 2346 private_key_blob_len) == 1) { 2347 wpa_printf(MSG_DEBUG, "OpenSSL: " 2348 "SSL_use_RSAPrivateKey_ASN1 --> OK"); 2349 ok = 1; 2350 break; 2351 } 2352 2353 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, 2354 private_key_blob_len, passwd) == 0) { 2355 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> " 2356 "OK"); 2357 ok = 1; 2358 break; 2359 } 2360 2361 break; 2362 } 2363 2364 while (!ok && private_key) { 2365 #ifndef OPENSSL_NO_STDIO 2366 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2367 SSL_FILETYPE_ASN1) == 1) { 2368 wpa_printf(MSG_DEBUG, "OpenSSL: " 2369 "SSL_use_PrivateKey_File (DER) --> OK"); 2370 ok = 1; 2371 break; 2372 } 2373 2374 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 2375 SSL_FILETYPE_PEM) == 1) { 2376 wpa_printf(MSG_DEBUG, "OpenSSL: " 2377 "SSL_use_PrivateKey_File (PEM) --> OK"); 2378 ok = 1; 2379 break; 2380 } 2381 #else /* OPENSSL_NO_STDIO */ 2382 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 2383 __func__); 2384 #endif /* OPENSSL_NO_STDIO */ 2385 2386 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd) 2387 == 0) { 2388 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file " 2389 "--> OK"); 2390 ok = 1; 2391 break; 2392 } 2393 2394 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) { 2395 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to " 2396 "access certificate store --> OK"); 2397 ok = 1; 2398 break; 2399 } 2400 2401 break; 2402 } 2403 2404 if (!ok) { 2405 tls_show_errors(MSG_INFO, __func__, 2406 "Failed to load private key"); 2407 os_free(passwd); 2408 return -1; 2409 } 2410 ERR_clear_error(); 2411 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2412 os_free(passwd); 2413 2414 if (!SSL_check_private_key(conn->ssl)) { 2415 tls_show_errors(MSG_INFO, __func__, "Private key failed " 2416 "verification"); 2417 return -1; 2418 } 2419 2420 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully"); 2421 return 0; 2422 } 2423 2424 2425 static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key, 2426 const char *private_key_passwd) 2427 { 2428 char *passwd; 2429 2430 if (private_key == NULL) 2431 return 0; 2432 2433 if (private_key_passwd) { 2434 passwd = os_strdup(private_key_passwd); 2435 if (passwd == NULL) 2436 return -1; 2437 } else 2438 passwd = NULL; 2439 2440 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 2441 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 2442 if ( 2443 #ifndef OPENSSL_NO_STDIO 2444 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2445 SSL_FILETYPE_ASN1) != 1 && 2446 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 2447 SSL_FILETYPE_PEM) != 1 && 2448 #endif /* OPENSSL_NO_STDIO */ 2449 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) { 2450 tls_show_errors(MSG_INFO, __func__, 2451 "Failed to load private key"); 2452 os_free(passwd); 2453 ERR_clear_error(); 2454 return -1; 2455 } 2456 os_free(passwd); 2457 ERR_clear_error(); 2458 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 2459 2460 if (!SSL_CTX_check_private_key(ssl_ctx)) { 2461 tls_show_errors(MSG_INFO, __func__, 2462 "Private key failed verification"); 2463 return -1; 2464 } 2465 2466 return 0; 2467 } 2468 2469 2470 static int tls_connection_dh(struct tls_connection *conn, const char *dh_file) 2471 { 2472 #ifdef OPENSSL_NO_DH 2473 if (dh_file == NULL) 2474 return 0; 2475 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2476 "dh_file specified"); 2477 return -1; 2478 #else /* OPENSSL_NO_DH */ 2479 DH *dh; 2480 BIO *bio; 2481 2482 /* TODO: add support for dh_blob */ 2483 if (dh_file == NULL) 2484 return 0; 2485 if (conn == NULL) 2486 return -1; 2487 2488 bio = BIO_new_file(dh_file, "r"); 2489 if (bio == NULL) { 2490 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2491 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2492 return -1; 2493 } 2494 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2495 BIO_free(bio); 2496 #ifndef OPENSSL_NO_DSA 2497 while (dh == NULL) { 2498 DSA *dsa; 2499 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2500 " trying to parse as DSA params", dh_file, 2501 ERR_error_string(ERR_get_error(), NULL)); 2502 bio = BIO_new_file(dh_file, "r"); 2503 if (bio == NULL) 2504 break; 2505 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2506 BIO_free(bio); 2507 if (!dsa) { 2508 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2509 "'%s': %s", dh_file, 2510 ERR_error_string(ERR_get_error(), NULL)); 2511 break; 2512 } 2513 2514 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2515 dh = DSA_dup_DH(dsa); 2516 DSA_free(dsa); 2517 if (dh == NULL) { 2518 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2519 "params into DH params"); 2520 break; 2521 } 2522 break; 2523 } 2524 #endif /* !OPENSSL_NO_DSA */ 2525 if (dh == NULL) { 2526 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2527 "'%s'", dh_file); 2528 return -1; 2529 } 2530 2531 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) { 2532 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2533 "%s", dh_file, 2534 ERR_error_string(ERR_get_error(), NULL)); 2535 DH_free(dh); 2536 return -1; 2537 } 2538 DH_free(dh); 2539 return 0; 2540 #endif /* OPENSSL_NO_DH */ 2541 } 2542 2543 2544 static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file) 2545 { 2546 #ifdef OPENSSL_NO_DH 2547 if (dh_file == NULL) 2548 return 0; 2549 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 2550 "dh_file specified"); 2551 return -1; 2552 #else /* OPENSSL_NO_DH */ 2553 DH *dh; 2554 BIO *bio; 2555 2556 /* TODO: add support for dh_blob */ 2557 if (dh_file == NULL) 2558 return 0; 2559 if (ssl_ctx == NULL) 2560 return -1; 2561 2562 bio = BIO_new_file(dh_file, "r"); 2563 if (bio == NULL) { 2564 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 2565 dh_file, ERR_error_string(ERR_get_error(), NULL)); 2566 return -1; 2567 } 2568 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2569 BIO_free(bio); 2570 #ifndef OPENSSL_NO_DSA 2571 while (dh == NULL) { 2572 DSA *dsa; 2573 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 2574 " trying to parse as DSA params", dh_file, 2575 ERR_error_string(ERR_get_error(), NULL)); 2576 bio = BIO_new_file(dh_file, "r"); 2577 if (bio == NULL) 2578 break; 2579 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 2580 BIO_free(bio); 2581 if (!dsa) { 2582 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 2583 "'%s': %s", dh_file, 2584 ERR_error_string(ERR_get_error(), NULL)); 2585 break; 2586 } 2587 2588 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 2589 dh = DSA_dup_DH(dsa); 2590 DSA_free(dsa); 2591 if (dh == NULL) { 2592 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 2593 "params into DH params"); 2594 break; 2595 } 2596 break; 2597 } 2598 #endif /* !OPENSSL_NO_DSA */ 2599 if (dh == NULL) { 2600 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 2601 "'%s'", dh_file); 2602 return -1; 2603 } 2604 2605 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) { 2606 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 2607 "%s", dh_file, 2608 ERR_error_string(ERR_get_error(), NULL)); 2609 DH_free(dh); 2610 return -1; 2611 } 2612 DH_free(dh); 2613 return 0; 2614 #endif /* OPENSSL_NO_DH */ 2615 } 2616 2617 2618 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, 2619 struct tls_keys *keys) 2620 { 2621 #ifdef CONFIG_FIPS 2622 wpa_printf(MSG_ERROR, "OpenSSL: TLS keys cannot be exported in FIPS " 2623 "mode"); 2624 return -1; 2625 #else /* CONFIG_FIPS */ 2626 SSL *ssl; 2627 2628 if (conn == NULL || keys == NULL) 2629 return -1; 2630 ssl = conn->ssl; 2631 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) 2632 return -1; 2633 2634 os_memset(keys, 0, sizeof(*keys)); 2635 keys->master_key = ssl->session->master_key; 2636 keys->master_key_len = ssl->session->master_key_length; 2637 keys->client_random = ssl->s3->client_random; 2638 keys->client_random_len = SSL3_RANDOM_SIZE; 2639 keys->server_random = ssl->s3->server_random; 2640 keys->server_random_len = SSL3_RANDOM_SIZE; 2641 2642 return 0; 2643 #endif /* CONFIG_FIPS */ 2644 } 2645 2646 2647 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 2648 const char *label, int server_random_first, 2649 u8 *out, size_t out_len) 2650 { 2651 #if OPENSSL_VERSION_NUMBER >= 0x10001000L 2652 SSL *ssl; 2653 if (conn == NULL) 2654 return -1; 2655 if (server_random_first) 2656 return -1; 2657 ssl = conn->ssl; 2658 if (SSL_export_keying_material(ssl, out, out_len, label, 2659 os_strlen(label), NULL, 0, 0) == 1) { 2660 wpa_printf(MSG_DEBUG, "OpenSSL: Using internal PRF"); 2661 return 0; 2662 } 2663 #endif 2664 return -1; 2665 } 2666 2667 2668 static struct wpabuf * 2669 openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, 2670 int server) 2671 { 2672 int res; 2673 struct wpabuf *out_data; 2674 2675 /* 2676 * Give TLS handshake data from the server (if available) to OpenSSL 2677 * for processing. 2678 */ 2679 if (in_data && 2680 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data)) 2681 < 0) { 2682 tls_show_errors(MSG_INFO, __func__, 2683 "Handshake failed - BIO_write"); 2684 return NULL; 2685 } 2686 2687 /* Initiate TLS handshake or continue the existing handshake */ 2688 if (server) 2689 res = SSL_accept(conn->ssl); 2690 else 2691 res = SSL_connect(conn->ssl); 2692 if (res != 1) { 2693 int err = SSL_get_error(conn->ssl, res); 2694 if (err == SSL_ERROR_WANT_READ) 2695 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want " 2696 "more data"); 2697 else if (err == SSL_ERROR_WANT_WRITE) 2698 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " 2699 "write"); 2700 else { 2701 tls_show_errors(MSG_INFO, __func__, "SSL_connect"); 2702 conn->failed++; 2703 } 2704 } 2705 2706 /* Get the TLS handshake data to be sent to the server */ 2707 res = BIO_ctrl_pending(conn->ssl_out); 2708 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2709 out_data = wpabuf_alloc(res); 2710 if (out_data == NULL) { 2711 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2712 "handshake output (%d bytes)", res); 2713 if (BIO_reset(conn->ssl_out) < 0) { 2714 tls_show_errors(MSG_INFO, __func__, 2715 "BIO_reset failed"); 2716 } 2717 return NULL; 2718 } 2719 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data), 2720 res); 2721 if (res < 0) { 2722 tls_show_errors(MSG_INFO, __func__, 2723 "Handshake failed - BIO_read"); 2724 if (BIO_reset(conn->ssl_out) < 0) { 2725 tls_show_errors(MSG_INFO, __func__, 2726 "BIO_reset failed"); 2727 } 2728 wpabuf_free(out_data); 2729 return NULL; 2730 } 2731 wpabuf_put(out_data, res); 2732 2733 return out_data; 2734 } 2735 2736 2737 static struct wpabuf * 2738 openssl_get_appl_data(struct tls_connection *conn, size_t max_len) 2739 { 2740 struct wpabuf *appl_data; 2741 int res; 2742 2743 appl_data = wpabuf_alloc(max_len + 100); 2744 if (appl_data == NULL) 2745 return NULL; 2746 2747 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data), 2748 wpabuf_size(appl_data)); 2749 if (res < 0) { 2750 int err = SSL_get_error(conn->ssl, res); 2751 if (err == SSL_ERROR_WANT_READ || 2752 err == SSL_ERROR_WANT_WRITE) { 2753 wpa_printf(MSG_DEBUG, "SSL: No Application Data " 2754 "included"); 2755 } else { 2756 tls_show_errors(MSG_INFO, __func__, 2757 "Failed to read possible " 2758 "Application Data"); 2759 } 2760 wpabuf_free(appl_data); 2761 return NULL; 2762 } 2763 2764 wpabuf_put(appl_data, res); 2765 wpa_hexdump_buf_key(MSG_MSGDUMP, "SSL: Application Data in Finished " 2766 "message", appl_data); 2767 2768 return appl_data; 2769 } 2770 2771 2772 static struct wpabuf * 2773 openssl_connection_handshake(struct tls_connection *conn, 2774 const struct wpabuf *in_data, 2775 struct wpabuf **appl_data, int server) 2776 { 2777 struct wpabuf *out_data; 2778 2779 if (appl_data) 2780 *appl_data = NULL; 2781 2782 out_data = openssl_handshake(conn, in_data, server); 2783 if (out_data == NULL) 2784 return NULL; 2785 if (conn->invalid_hb_used) { 2786 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response"); 2787 wpabuf_free(out_data); 2788 return NULL; 2789 } 2790 2791 if (SSL_is_init_finished(conn->ssl) && appl_data && in_data) 2792 *appl_data = openssl_get_appl_data(conn, wpabuf_len(in_data)); 2793 2794 if (conn->invalid_hb_used) { 2795 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response"); 2796 if (appl_data) { 2797 wpabuf_free(*appl_data); 2798 *appl_data = NULL; 2799 } 2800 wpabuf_free(out_data); 2801 return NULL; 2802 } 2803 2804 return out_data; 2805 } 2806 2807 2808 struct wpabuf * 2809 tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, 2810 const struct wpabuf *in_data, 2811 struct wpabuf **appl_data) 2812 { 2813 return openssl_connection_handshake(conn, in_data, appl_data, 0); 2814 } 2815 2816 2817 struct wpabuf * tls_connection_server_handshake(void *tls_ctx, 2818 struct tls_connection *conn, 2819 const struct wpabuf *in_data, 2820 struct wpabuf **appl_data) 2821 { 2822 return openssl_connection_handshake(conn, in_data, appl_data, 1); 2823 } 2824 2825 2826 struct wpabuf * tls_connection_encrypt(void *tls_ctx, 2827 struct tls_connection *conn, 2828 const struct wpabuf *in_data) 2829 { 2830 int res; 2831 struct wpabuf *buf; 2832 2833 if (conn == NULL) 2834 return NULL; 2835 2836 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */ 2837 if ((res = BIO_reset(conn->ssl_in)) < 0 || 2838 (res = BIO_reset(conn->ssl_out)) < 0) { 2839 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2840 return NULL; 2841 } 2842 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data)); 2843 if (res < 0) { 2844 tls_show_errors(MSG_INFO, __func__, 2845 "Encryption failed - SSL_write"); 2846 return NULL; 2847 } 2848 2849 /* Read encrypted data to be sent to the server */ 2850 buf = wpabuf_alloc(wpabuf_len(in_data) + 300); 2851 if (buf == NULL) 2852 return NULL; 2853 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf)); 2854 if (res < 0) { 2855 tls_show_errors(MSG_INFO, __func__, 2856 "Encryption failed - BIO_read"); 2857 wpabuf_free(buf); 2858 return NULL; 2859 } 2860 wpabuf_put(buf, res); 2861 2862 return buf; 2863 } 2864 2865 2866 struct wpabuf * tls_connection_decrypt(void *tls_ctx, 2867 struct tls_connection *conn, 2868 const struct wpabuf *in_data) 2869 { 2870 int res; 2871 struct wpabuf *buf; 2872 2873 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */ 2874 res = BIO_write(conn->ssl_in, wpabuf_head(in_data), 2875 wpabuf_len(in_data)); 2876 if (res < 0) { 2877 tls_show_errors(MSG_INFO, __func__, 2878 "Decryption failed - BIO_write"); 2879 return NULL; 2880 } 2881 if (BIO_reset(conn->ssl_out) < 0) { 2882 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2883 return NULL; 2884 } 2885 2886 /* Read decrypted data for further processing */ 2887 /* 2888 * Even though we try to disable TLS compression, it is possible that 2889 * this cannot be done with all TLS libraries. Add extra buffer space 2890 * to handle the possibility of the decrypted data being longer than 2891 * input data. 2892 */ 2893 buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); 2894 if (buf == NULL) 2895 return NULL; 2896 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); 2897 if (res < 0) { 2898 tls_show_errors(MSG_INFO, __func__, 2899 "Decryption failed - SSL_read"); 2900 wpabuf_free(buf); 2901 return NULL; 2902 } 2903 wpabuf_put(buf, res); 2904 2905 if (conn->invalid_hb_used) { 2906 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response"); 2907 wpabuf_free(buf); 2908 return NULL; 2909 } 2910 2911 return buf; 2912 } 2913 2914 2915 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 2916 { 2917 #if OPENSSL_VERSION_NUMBER >= 0x10001000L 2918 return conn ? SSL_cache_hit(conn->ssl) : 0; 2919 #else 2920 return conn ? conn->ssl->hit : 0; 2921 #endif 2922 } 2923 2924 2925 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 2926 u8 *ciphers) 2927 { 2928 char buf[100], *pos, *end; 2929 u8 *c; 2930 int ret; 2931 2932 if (conn == NULL || conn->ssl == NULL || ciphers == NULL) 2933 return -1; 2934 2935 buf[0] = '\0'; 2936 pos = buf; 2937 end = pos + sizeof(buf); 2938 2939 c = ciphers; 2940 while (*c != TLS_CIPHER_NONE) { 2941 const char *suite; 2942 2943 switch (*c) { 2944 case TLS_CIPHER_RC4_SHA: 2945 suite = "RC4-SHA"; 2946 break; 2947 case TLS_CIPHER_AES128_SHA: 2948 suite = "AES128-SHA"; 2949 break; 2950 case TLS_CIPHER_RSA_DHE_AES128_SHA: 2951 suite = "DHE-RSA-AES128-SHA"; 2952 break; 2953 case TLS_CIPHER_ANON_DH_AES128_SHA: 2954 suite = "ADH-AES128-SHA"; 2955 break; 2956 default: 2957 wpa_printf(MSG_DEBUG, "TLS: Unsupported " 2958 "cipher selection: %d", *c); 2959 return -1; 2960 } 2961 ret = os_snprintf(pos, end - pos, ":%s", suite); 2962 if (os_snprintf_error(end - pos, ret)) 2963 break; 2964 pos += ret; 2965 2966 c++; 2967 } 2968 2969 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); 2970 2971 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) { 2972 tls_show_errors(MSG_INFO, __func__, 2973 "Cipher suite configuration failed"); 2974 return -1; 2975 } 2976 2977 return 0; 2978 } 2979 2980 2981 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, 2982 char *buf, size_t buflen) 2983 { 2984 const char *name; 2985 if (conn == NULL || conn->ssl == NULL) 2986 return -1; 2987 2988 name = SSL_get_cipher(conn->ssl); 2989 if (name == NULL) 2990 return -1; 2991 2992 os_strlcpy(buf, name, buflen); 2993 return 0; 2994 } 2995 2996 2997 int tls_connection_enable_workaround(void *ssl_ctx, 2998 struct tls_connection *conn) 2999 { 3000 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 3001 3002 return 0; 3003 } 3004 3005 3006 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3007 /* ClientHello TLS extensions require a patch to openssl, so this function is 3008 * commented out unless explicitly needed for EAP-FAST in order to be able to 3009 * build this file with unmodified openssl. */ 3010 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, 3011 int ext_type, const u8 *data, 3012 size_t data_len) 3013 { 3014 if (conn == NULL || conn->ssl == NULL || ext_type != 35) 3015 return -1; 3016 3017 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data, 3018 data_len) != 1) 3019 return -1; 3020 3021 return 0; 3022 } 3023 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3024 3025 3026 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) 3027 { 3028 if (conn == NULL) 3029 return -1; 3030 return conn->failed; 3031 } 3032 3033 3034 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) 3035 { 3036 if (conn == NULL) 3037 return -1; 3038 return conn->read_alerts; 3039 } 3040 3041 3042 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) 3043 { 3044 if (conn == NULL) 3045 return -1; 3046 return conn->write_alerts; 3047 } 3048 3049 3050 #ifdef HAVE_OCSP 3051 3052 static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp) 3053 { 3054 #ifndef CONFIG_NO_STDOUT_DEBUG 3055 BIO *out; 3056 size_t rlen; 3057 char *txt; 3058 int res; 3059 3060 if (wpa_debug_level > MSG_DEBUG) 3061 return; 3062 3063 out = BIO_new(BIO_s_mem()); 3064 if (!out) 3065 return; 3066 3067 OCSP_RESPONSE_print(out, rsp, 0); 3068 rlen = BIO_ctrl_pending(out); 3069 txt = os_malloc(rlen + 1); 3070 if (!txt) { 3071 BIO_free(out); 3072 return; 3073 } 3074 3075 res = BIO_read(out, txt, rlen); 3076 if (res > 0) { 3077 txt[res] = '\0'; 3078 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP Response\n%s", txt); 3079 } 3080 os_free(txt); 3081 BIO_free(out); 3082 #endif /* CONFIG_NO_STDOUT_DEBUG */ 3083 } 3084 3085 3086 static void debug_print_cert(X509 *cert, const char *title) 3087 { 3088 #ifndef CONFIG_NO_STDOUT_DEBUG 3089 BIO *out; 3090 size_t rlen; 3091 char *txt; 3092 int res; 3093 3094 if (wpa_debug_level > MSG_DEBUG) 3095 return; 3096 3097 out = BIO_new(BIO_s_mem()); 3098 if (!out) 3099 return; 3100 3101 X509_print(out, cert); 3102 rlen = BIO_ctrl_pending(out); 3103 txt = os_malloc(rlen + 1); 3104 if (!txt) { 3105 BIO_free(out); 3106 return; 3107 } 3108 3109 res = BIO_read(out, txt, rlen); 3110 if (res > 0) { 3111 txt[res] = '\0'; 3112 wpa_printf(MSG_DEBUG, "OpenSSL: %s\n%s", title, txt); 3113 } 3114 os_free(txt); 3115 3116 BIO_free(out); 3117 #endif /* CONFIG_NO_STDOUT_DEBUG */ 3118 } 3119 3120 3121 static int ocsp_resp_cb(SSL *s, void *arg) 3122 { 3123 struct tls_connection *conn = arg; 3124 const unsigned char *p; 3125 int len, status, reason; 3126 OCSP_RESPONSE *rsp; 3127 OCSP_BASICRESP *basic; 3128 OCSP_CERTID *id; 3129 ASN1_GENERALIZEDTIME *produced_at, *this_update, *next_update; 3130 X509_STORE *store; 3131 STACK_OF(X509) *certs = NULL; 3132 3133 len = SSL_get_tlsext_status_ocsp_resp(s, &p); 3134 if (!p) { 3135 wpa_printf(MSG_DEBUG, "OpenSSL: No OCSP response received"); 3136 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1; 3137 } 3138 3139 wpa_hexdump(MSG_DEBUG, "OpenSSL: OCSP response", p, len); 3140 3141 rsp = d2i_OCSP_RESPONSE(NULL, &p, len); 3142 if (!rsp) { 3143 wpa_printf(MSG_INFO, "OpenSSL: Failed to parse OCSP response"); 3144 return 0; 3145 } 3146 3147 ocsp_debug_print_resp(rsp); 3148 3149 status = OCSP_response_status(rsp); 3150 if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { 3151 wpa_printf(MSG_INFO, "OpenSSL: OCSP responder error %d (%s)", 3152 status, OCSP_response_status_str(status)); 3153 return 0; 3154 } 3155 3156 basic = OCSP_response_get1_basic(rsp); 3157 if (!basic) { 3158 wpa_printf(MSG_INFO, "OpenSSL: Could not find BasicOCSPResponse"); 3159 return 0; 3160 } 3161 3162 store = SSL_CTX_get_cert_store(conn->ssl_ctx); 3163 if (conn->peer_issuer) { 3164 debug_print_cert(conn->peer_issuer, "Add OCSP issuer"); 3165 3166 if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) { 3167 tls_show_errors(MSG_INFO, __func__, 3168 "OpenSSL: Could not add issuer to certificate store"); 3169 } 3170 certs = sk_X509_new_null(); 3171 if (certs) { 3172 X509 *cert; 3173 cert = X509_dup(conn->peer_issuer); 3174 if (cert && !sk_X509_push(certs, cert)) { 3175 tls_show_errors( 3176 MSG_INFO, __func__, 3177 "OpenSSL: Could not add issuer to OCSP responder trust store"); 3178 X509_free(cert); 3179 sk_X509_free(certs); 3180 certs = NULL; 3181 } 3182 if (certs && conn->peer_issuer_issuer) { 3183 cert = X509_dup(conn->peer_issuer_issuer); 3184 if (cert && !sk_X509_push(certs, cert)) { 3185 tls_show_errors( 3186 MSG_INFO, __func__, 3187 "OpenSSL: Could not add issuer's issuer to OCSP responder trust store"); 3188 X509_free(cert); 3189 } 3190 } 3191 } 3192 } 3193 3194 status = OCSP_basic_verify(basic, certs, store, OCSP_TRUSTOTHER); 3195 sk_X509_pop_free(certs, X509_free); 3196 if (status <= 0) { 3197 tls_show_errors(MSG_INFO, __func__, 3198 "OpenSSL: OCSP response failed verification"); 3199 OCSP_BASICRESP_free(basic); 3200 OCSP_RESPONSE_free(rsp); 3201 return 0; 3202 } 3203 3204 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP response verification succeeded"); 3205 3206 if (!conn->peer_cert) { 3207 wpa_printf(MSG_DEBUG, "OpenSSL: Peer certificate not available for OCSP status check"); 3208 OCSP_BASICRESP_free(basic); 3209 OCSP_RESPONSE_free(rsp); 3210 return 0; 3211 } 3212 3213 if (!conn->peer_issuer) { 3214 wpa_printf(MSG_DEBUG, "OpenSSL: Peer issuer certificate not available for OCSP status check"); 3215 OCSP_BASICRESP_free(basic); 3216 OCSP_RESPONSE_free(rsp); 3217 return 0; 3218 } 3219 3220 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer); 3221 if (!id) { 3222 wpa_printf(MSG_DEBUG, "OpenSSL: Could not create OCSP certificate identifier"); 3223 OCSP_BASICRESP_free(basic); 3224 OCSP_RESPONSE_free(rsp); 3225 return 0; 3226 } 3227 3228 if (!OCSP_resp_find_status(basic, id, &status, &reason, &produced_at, 3229 &this_update, &next_update)) { 3230 wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s", 3231 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" : 3232 " (OCSP not required)"); 3233 OCSP_BASICRESP_free(basic); 3234 OCSP_RESPONSE_free(rsp); 3235 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1; 3236 } 3237 3238 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) { 3239 tls_show_errors(MSG_INFO, __func__, 3240 "OpenSSL: OCSP status times invalid"); 3241 OCSP_BASICRESP_free(basic); 3242 OCSP_RESPONSE_free(rsp); 3243 return 0; 3244 } 3245 3246 OCSP_BASICRESP_free(basic); 3247 OCSP_RESPONSE_free(rsp); 3248 3249 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status for server certificate: %s", 3250 OCSP_cert_status_str(status)); 3251 3252 if (status == V_OCSP_CERTSTATUS_GOOD) 3253 return 1; 3254 if (status == V_OCSP_CERTSTATUS_REVOKED) 3255 return 0; 3256 if (conn->flags & TLS_CONN_REQUIRE_OCSP) { 3257 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP required"); 3258 return 0; 3259 } 3260 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status unknown, but OCSP was not required, so allow connection to continue"); 3261 return 1; 3262 } 3263 3264 3265 static int ocsp_status_cb(SSL *s, void *arg) 3266 { 3267 char *tmp; 3268 char *resp; 3269 size_t len; 3270 3271 if (tls_global->ocsp_stapling_response == NULL) { 3272 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured"); 3273 return SSL_TLSEXT_ERR_OK; 3274 } 3275 3276 resp = os_readfile(tls_global->ocsp_stapling_response, &len); 3277 if (resp == NULL) { 3278 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file"); 3279 /* TODO: Build OCSPResponse with responseStatus = internalError 3280 */ 3281 return SSL_TLSEXT_ERR_OK; 3282 } 3283 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response"); 3284 tmp = OPENSSL_malloc(len); 3285 if (tmp == NULL) { 3286 os_free(resp); 3287 return SSL_TLSEXT_ERR_ALERT_FATAL; 3288 } 3289 3290 os_memcpy(tmp, resp, len); 3291 os_free(resp); 3292 SSL_set_tlsext_status_ocsp_resp(s, tmp, len); 3293 3294 return SSL_TLSEXT_ERR_OK; 3295 } 3296 3297 #endif /* HAVE_OCSP */ 3298 3299 3300 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 3301 const struct tls_connection_params *params) 3302 { 3303 int ret; 3304 unsigned long err; 3305 int can_pkcs11 = 0; 3306 const char *key_id = params->key_id; 3307 const char *cert_id = params->cert_id; 3308 const char *ca_cert_id = params->ca_cert_id; 3309 const char *engine_id = params->engine ? params->engine_id : NULL; 3310 3311 if (conn == NULL) 3312 return -1; 3313 3314 /* 3315 * If the engine isn't explicitly configured, and any of the 3316 * cert/key fields are actually PKCS#11 URIs, then automatically 3317 * use the PKCS#11 ENGINE. 3318 */ 3319 if (!engine_id || os_strcmp(engine_id, "pkcs11") == 0) 3320 can_pkcs11 = 1; 3321 3322 if (!key_id && params->private_key && can_pkcs11 && 3323 os_strncmp(params->private_key, "pkcs11:", 7) == 0) { 3324 can_pkcs11 = 2; 3325 key_id = params->private_key; 3326 } 3327 3328 if (!cert_id && params->client_cert && can_pkcs11 && 3329 os_strncmp(params->client_cert, "pkcs11:", 7) == 0) { 3330 can_pkcs11 = 2; 3331 cert_id = params->client_cert; 3332 } 3333 3334 if (!ca_cert_id && params->ca_cert && can_pkcs11 && 3335 os_strncmp(params->ca_cert, "pkcs11:", 7) == 0) { 3336 can_pkcs11 = 2; 3337 ca_cert_id = params->ca_cert; 3338 } 3339 3340 /* If we need to automatically enable the PKCS#11 ENGINE, do so. */ 3341 if (can_pkcs11 == 2 && !engine_id) 3342 engine_id = "pkcs11"; 3343 3344 if (params->flags & TLS_CONN_EAP_FAST) { 3345 wpa_printf(MSG_DEBUG, 3346 "OpenSSL: Use TLSv1_method() for EAP-FAST"); 3347 if (SSL_set_ssl_method(conn->ssl, TLSv1_method()) != 1) { 3348 tls_show_errors(MSG_INFO, __func__, 3349 "Failed to set TLSv1_method() for EAP-FAST"); 3350 return -1; 3351 } 3352 } 3353 3354 while ((err = ERR_get_error())) { 3355 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 3356 __func__, ERR_error_string(err, NULL)); 3357 } 3358 3359 if (engine_id) { 3360 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine"); 3361 ret = tls_engine_init(conn, engine_id, params->pin, 3362 key_id, cert_id, ca_cert_id); 3363 if (ret) 3364 return ret; 3365 } 3366 if (tls_connection_set_subject_match(conn, 3367 params->subject_match, 3368 params->altsubject_match, 3369 params->suffix_match, 3370 params->domain_match)) 3371 return -1; 3372 3373 if (engine_id && ca_cert_id) { 3374 if (tls_connection_engine_ca_cert(tls_ctx, conn, 3375 ca_cert_id)) 3376 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3377 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, 3378 params->ca_cert_blob, 3379 params->ca_cert_blob_len, 3380 params->ca_path)) 3381 return -1; 3382 3383 if (engine_id && cert_id) { 3384 if (tls_connection_engine_client_cert(conn, cert_id)) 3385 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3386 } else if (tls_connection_client_cert(conn, params->client_cert, 3387 params->client_cert_blob, 3388 params->client_cert_blob_len)) 3389 return -1; 3390 3391 if (engine_id && key_id) { 3392 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine"); 3393 if (tls_connection_engine_private_key(conn)) 3394 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 3395 } else if (tls_connection_private_key(tls_ctx, conn, 3396 params->private_key, 3397 params->private_key_passwd, 3398 params->private_key_blob, 3399 params->private_key_blob_len)) { 3400 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'", 3401 params->private_key); 3402 return -1; 3403 } 3404 3405 if (tls_connection_dh(conn, params->dh_file)) { 3406 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 3407 params->dh_file); 3408 return -1; 3409 } 3410 3411 if (params->openssl_ciphers && 3412 SSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) { 3413 wpa_printf(MSG_INFO, 3414 "OpenSSL: Failed to set cipher string '%s'", 3415 params->openssl_ciphers); 3416 return -1; 3417 } 3418 3419 #ifdef SSL_OP_NO_TICKET 3420 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET) 3421 SSL_set_options(conn->ssl, SSL_OP_NO_TICKET); 3422 #ifdef SSL_clear_options 3423 else 3424 SSL_clear_options(conn->ssl, SSL_OP_NO_TICKET); 3425 #endif /* SSL_clear_options */ 3426 #endif /* SSL_OP_NO_TICKET */ 3427 3428 #ifdef SSL_OP_NO_TLSv1_1 3429 if (params->flags & TLS_CONN_DISABLE_TLSv1_1) 3430 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_1); 3431 else 3432 SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_1); 3433 #endif /* SSL_OP_NO_TLSv1_1 */ 3434 #ifdef SSL_OP_NO_TLSv1_2 3435 if (params->flags & TLS_CONN_DISABLE_TLSv1_2) 3436 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_2); 3437 else 3438 SSL_clear_options(conn->ssl, SSL_OP_NO_TLSv1_2); 3439 #endif /* SSL_OP_NO_TLSv1_2 */ 3440 3441 #ifdef HAVE_OCSP 3442 if (params->flags & TLS_CONN_REQUEST_OCSP) { 3443 SSL_CTX *ssl_ctx = tls_ctx; 3444 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp); 3445 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb); 3446 SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn); 3447 } 3448 #endif /* HAVE_OCSP */ 3449 3450 conn->flags = params->flags; 3451 3452 tls_get_errors(tls_ctx); 3453 3454 return 0; 3455 } 3456 3457 3458 int tls_global_set_params(void *tls_ctx, 3459 const struct tls_connection_params *params) 3460 { 3461 SSL_CTX *ssl_ctx = tls_ctx; 3462 unsigned long err; 3463 3464 while ((err = ERR_get_error())) { 3465 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 3466 __func__, ERR_error_string(err, NULL)); 3467 } 3468 3469 if (tls_global_ca_cert(ssl_ctx, params->ca_cert)) 3470 return -1; 3471 3472 if (tls_global_client_cert(ssl_ctx, params->client_cert)) 3473 return -1; 3474 3475 if (tls_global_private_key(ssl_ctx, params->private_key, 3476 params->private_key_passwd)) 3477 return -1; 3478 3479 if (tls_global_dh(ssl_ctx, params->dh_file)) { 3480 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 3481 params->dh_file); 3482 return -1; 3483 } 3484 3485 if (params->openssl_ciphers && 3486 SSL_CTX_set_cipher_list(ssl_ctx, params->openssl_ciphers) != 1) { 3487 wpa_printf(MSG_INFO, 3488 "OpenSSL: Failed to set cipher string '%s'", 3489 params->openssl_ciphers); 3490 return -1; 3491 } 3492 3493 #ifdef SSL_OP_NO_TICKET 3494 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET) 3495 SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET); 3496 #ifdef SSL_CTX_clear_options 3497 else 3498 SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TICKET); 3499 #endif /* SSL_clear_options */ 3500 #endif /* SSL_OP_NO_TICKET */ 3501 3502 #ifdef HAVE_OCSP 3503 SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_status_cb); 3504 SSL_CTX_set_tlsext_status_arg(ssl_ctx, ssl_ctx); 3505 os_free(tls_global->ocsp_stapling_response); 3506 if (params->ocsp_stapling_response) 3507 tls_global->ocsp_stapling_response = 3508 os_strdup(params->ocsp_stapling_response); 3509 else 3510 tls_global->ocsp_stapling_response = NULL; 3511 #endif /* HAVE_OCSP */ 3512 3513 return 0; 3514 } 3515 3516 3517 int tls_connection_get_keyblock_size(void *tls_ctx, 3518 struct tls_connection *conn) 3519 { 3520 const EVP_CIPHER *c; 3521 const EVP_MD *h; 3522 int md_size; 3523 3524 if (conn == NULL || conn->ssl == NULL || 3525 conn->ssl->enc_read_ctx == NULL || 3526 conn->ssl->enc_read_ctx->cipher == NULL || 3527 conn->ssl->read_hash == NULL) 3528 return -1; 3529 3530 c = conn->ssl->enc_read_ctx->cipher; 3531 #if OPENSSL_VERSION_NUMBER >= 0x00909000L 3532 h = EVP_MD_CTX_md(conn->ssl->read_hash); 3533 #else 3534 h = conn->ssl->read_hash; 3535 #endif 3536 if (h) 3537 md_size = EVP_MD_size(h); 3538 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 3539 else if (conn->ssl->s3) 3540 md_size = conn->ssl->s3->tmp.new_mac_secret_size; 3541 #endif 3542 else 3543 return -1; 3544 3545 wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d " 3546 "IV_len=%d", EVP_CIPHER_key_length(c), md_size, 3547 EVP_CIPHER_iv_length(c)); 3548 return 2 * (EVP_CIPHER_key_length(c) + 3549 md_size + 3550 EVP_CIPHER_iv_length(c)); 3551 } 3552 3553 3554 unsigned int tls_capabilities(void *tls_ctx) 3555 { 3556 return 0; 3557 } 3558 3559 3560 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3561 /* Pre-shared secred requires a patch to openssl, so this function is 3562 * commented out unless explicitly needed for EAP-FAST in order to be able to 3563 * build this file with unmodified openssl. */ 3564 3565 #ifdef OPENSSL_IS_BORINGSSL 3566 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, 3567 STACK_OF(SSL_CIPHER) *peer_ciphers, 3568 const SSL_CIPHER **cipher, void *arg) 3569 #else /* OPENSSL_IS_BORINGSSL */ 3570 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, 3571 STACK_OF(SSL_CIPHER) *peer_ciphers, 3572 SSL_CIPHER **cipher, void *arg) 3573 #endif /* OPENSSL_IS_BORINGSSL */ 3574 { 3575 struct tls_connection *conn = arg; 3576 int ret; 3577 3578 if (conn == NULL || conn->session_ticket_cb == NULL) 3579 return 0; 3580 3581 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, 3582 conn->session_ticket, 3583 conn->session_ticket_len, 3584 s->s3->client_random, 3585 s->s3->server_random, secret); 3586 os_free(conn->session_ticket); 3587 conn->session_ticket = NULL; 3588 3589 if (ret <= 0) 3590 return 0; 3591 3592 *secret_len = SSL_MAX_MASTER_KEY_LENGTH; 3593 return 1; 3594 } 3595 3596 3597 static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data, 3598 int len, void *arg) 3599 { 3600 struct tls_connection *conn = arg; 3601 3602 if (conn == NULL || conn->session_ticket_cb == NULL) 3603 return 0; 3604 3605 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len); 3606 3607 os_free(conn->session_ticket); 3608 conn->session_ticket = NULL; 3609 3610 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 3611 "extension", data, len); 3612 3613 conn->session_ticket = os_malloc(len); 3614 if (conn->session_ticket == NULL) 3615 return 0; 3616 3617 os_memcpy(conn->session_ticket, data, len); 3618 conn->session_ticket_len = len; 3619 3620 return 1; 3621 } 3622 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3623 3624 3625 int tls_connection_set_session_ticket_cb(void *tls_ctx, 3626 struct tls_connection *conn, 3627 tls_session_ticket_cb cb, 3628 void *ctx) 3629 { 3630 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) 3631 conn->session_ticket_cb = cb; 3632 conn->session_ticket_cb_ctx = ctx; 3633 3634 if (cb) { 3635 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, 3636 conn) != 1) 3637 return -1; 3638 SSL_set_session_ticket_ext_cb(conn->ssl, 3639 tls_session_ticket_ext_cb, conn); 3640 } else { 3641 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) 3642 return -1; 3643 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL); 3644 } 3645 3646 return 0; 3647 #else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3648 return -1; 3649 #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ 3650 } 3651 3652 3653 int tls_get_library_version(char *buf, size_t buf_len) 3654 { 3655 return os_snprintf(buf, buf_len, "OpenSSL build=%s run=%s", 3656 OPENSSL_VERSION_TEXT, 3657 SSLeay_version(SSLEAY_VERSION)); 3658 } 3659