1 /* 2 * WPA Supplicant / SSL/TLS interface functions for openssl 3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #ifndef CONFIG_SMARTCARD 18 #ifndef OPENSSL_NO_ENGINE 19 #define OPENSSL_NO_ENGINE 20 #endif 21 #endif 22 23 #include <openssl/ssl.h> 24 #include <openssl/err.h> 25 #include <openssl/pkcs12.h> 26 #include <openssl/x509v3.h> 27 #ifndef OPENSSL_NO_ENGINE 28 #include <openssl/engine.h> 29 #endif /* OPENSSL_NO_ENGINE */ 30 31 #include "common.h" 32 #include "tls.h" 33 34 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL 35 #define OPENSSL_d2i_TYPE const unsigned char ** 36 #else 37 #define OPENSSL_d2i_TYPE unsigned char ** 38 #endif 39 40 #ifdef SSL_F_SSL_SET_SESSION_TICKET_EXT 41 #ifdef SSL_OP_NO_TICKET 42 /* 43 * Session ticket override patch was merged into OpenSSL 0.9.9 tree on 44 * 2008-11-15. This version uses a bit different API compared to the old patch. 45 */ 46 #define CONFIG_OPENSSL_TICKET_OVERRIDE 47 #endif 48 #endif 49 50 static int tls_openssl_ref_count = 0; 51 52 struct tls_connection { 53 SSL *ssl; 54 BIO *ssl_in, *ssl_out; 55 #ifndef OPENSSL_NO_ENGINE 56 ENGINE *engine; /* functional reference to the engine */ 57 EVP_PKEY *private_key; /* the private key if using engine */ 58 #endif /* OPENSSL_NO_ENGINE */ 59 char *subject_match, *altsubject_match; 60 int read_alerts, write_alerts, failed; 61 62 tls_session_ticket_cb session_ticket_cb; 63 void *session_ticket_cb_ctx; 64 65 /* SessionTicket received from OpenSSL hello_extension_cb (server) */ 66 u8 *session_ticket; 67 size_t session_ticket_len; 68 }; 69 70 71 #ifdef CONFIG_NO_STDOUT_DEBUG 72 73 static void _tls_show_errors(void) 74 { 75 unsigned long err; 76 77 while ((err = ERR_get_error())) { 78 /* Just ignore the errors, since stdout is disabled */ 79 } 80 } 81 #define tls_show_errors(l, f, t) _tls_show_errors() 82 83 #else /* CONFIG_NO_STDOUT_DEBUG */ 84 85 static void tls_show_errors(int level, const char *func, const char *txt) 86 { 87 unsigned long err; 88 89 wpa_printf(level, "OpenSSL: %s - %s %s", 90 func, txt, ERR_error_string(ERR_get_error(), NULL)); 91 92 while ((err = ERR_get_error())) { 93 wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", 94 ERR_error_string(err, NULL)); 95 } 96 } 97 98 #endif /* CONFIG_NO_STDOUT_DEBUG */ 99 100 101 #ifdef CONFIG_NATIVE_WINDOWS 102 103 /* Windows CryptoAPI and access to certificate stores */ 104 #include <wincrypt.h> 105 106 #ifdef __MINGW32_VERSION 107 /* 108 * MinGW does not yet include all the needed definitions for CryptoAPI, so 109 * define here whatever extra is needed. 110 */ 111 #define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16) 112 #define CERT_STORE_READONLY_FLAG 0x00008000 113 #define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 114 115 #endif /* __MINGW32_VERSION */ 116 117 118 struct cryptoapi_rsa_data { 119 const CERT_CONTEXT *cert; 120 HCRYPTPROV crypt_prov; 121 DWORD key_spec; 122 BOOL free_crypt_prov; 123 }; 124 125 126 static void cryptoapi_error(const char *msg) 127 { 128 wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u", 129 msg, (unsigned int) GetLastError()); 130 } 131 132 133 static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from, 134 unsigned char *to, RSA *rsa, int padding) 135 { 136 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 137 return 0; 138 } 139 140 141 static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from, 142 unsigned char *to, RSA *rsa, int padding) 143 { 144 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 145 return 0; 146 } 147 148 149 static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from, 150 unsigned char *to, RSA *rsa, int padding) 151 { 152 struct cryptoapi_rsa_data *priv = 153 (struct cryptoapi_rsa_data *) rsa->meth->app_data; 154 HCRYPTHASH hash; 155 DWORD hash_size, len, i; 156 unsigned char *buf = NULL; 157 int ret = 0; 158 159 if (priv == NULL) { 160 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 161 ERR_R_PASSED_NULL_PARAMETER); 162 return 0; 163 } 164 165 if (padding != RSA_PKCS1_PADDING) { 166 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 167 RSA_R_UNKNOWN_PADDING_TYPE); 168 return 0; 169 } 170 171 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) { 172 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported", 173 __func__); 174 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 175 RSA_R_INVALID_MESSAGE_LENGTH); 176 return 0; 177 } 178 179 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash)) 180 { 181 cryptoapi_error("CryptCreateHash failed"); 182 return 0; 183 } 184 185 len = sizeof(hash_size); 186 if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len, 187 0)) { 188 cryptoapi_error("CryptGetHashParam failed"); 189 goto err; 190 } 191 192 if ((int) hash_size != flen) { 193 wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)", 194 (unsigned) hash_size, flen); 195 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 196 RSA_R_INVALID_MESSAGE_LENGTH); 197 goto err; 198 } 199 if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) { 200 cryptoapi_error("CryptSetHashParam failed"); 201 goto err; 202 } 203 204 len = RSA_size(rsa); 205 buf = os_malloc(len); 206 if (buf == NULL) { 207 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 208 goto err; 209 } 210 211 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) { 212 cryptoapi_error("CryptSignHash failed"); 213 goto err; 214 } 215 216 for (i = 0; i < len; i++) 217 to[i] = buf[len - i - 1]; 218 ret = len; 219 220 err: 221 os_free(buf); 222 CryptDestroyHash(hash); 223 224 return ret; 225 } 226 227 228 static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from, 229 unsigned char *to, RSA *rsa, int padding) 230 { 231 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); 232 return 0; 233 } 234 235 236 static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv) 237 { 238 if (priv == NULL) 239 return; 240 if (priv->crypt_prov && priv->free_crypt_prov) 241 CryptReleaseContext(priv->crypt_prov, 0); 242 if (priv->cert) 243 CertFreeCertificateContext(priv->cert); 244 os_free(priv); 245 } 246 247 248 static int cryptoapi_finish(RSA *rsa) 249 { 250 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data); 251 os_free((void *) rsa->meth); 252 rsa->meth = NULL; 253 return 1; 254 } 255 256 257 static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store) 258 { 259 HCERTSTORE cs; 260 const CERT_CONTEXT *ret = NULL; 261 262 cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0, 263 store | CERT_STORE_OPEN_EXISTING_FLAG | 264 CERT_STORE_READONLY_FLAG, L"MY"); 265 if (cs == NULL) { 266 cryptoapi_error("Failed to open 'My system store'"); 267 return NULL; 268 } 269 270 if (strncmp(name, "cert://", 7) == 0) { 271 unsigned short wbuf[255]; 272 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255); 273 ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING | 274 PKCS_7_ASN_ENCODING, 275 0, CERT_FIND_SUBJECT_STR, 276 wbuf, NULL); 277 } else if (strncmp(name, "hash://", 7) == 0) { 278 CRYPT_HASH_BLOB blob; 279 int len; 280 const char *hash = name + 7; 281 unsigned char *buf; 282 283 len = os_strlen(hash) / 2; 284 buf = os_malloc(len); 285 if (buf && hexstr2bin(hash, buf, len) == 0) { 286 blob.cbData = len; 287 blob.pbData = buf; 288 ret = CertFindCertificateInStore(cs, 289 X509_ASN_ENCODING | 290 PKCS_7_ASN_ENCODING, 291 0, CERT_FIND_HASH, 292 &blob, NULL); 293 } 294 os_free(buf); 295 } 296 297 CertCloseStore(cs, 0); 298 299 return ret; 300 } 301 302 303 static int tls_cryptoapi_cert(SSL *ssl, const char *name) 304 { 305 X509 *cert = NULL; 306 RSA *rsa = NULL, *pub_rsa; 307 struct cryptoapi_rsa_data *priv; 308 RSA_METHOD *rsa_meth; 309 310 if (name == NULL || 311 (strncmp(name, "cert://", 7) != 0 && 312 strncmp(name, "hash://", 7) != 0)) 313 return -1; 314 315 priv = os_zalloc(sizeof(*priv)); 316 rsa_meth = os_zalloc(sizeof(*rsa_meth)); 317 if (priv == NULL || rsa_meth == NULL) { 318 wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory " 319 "for CryptoAPI RSA method"); 320 os_free(priv); 321 os_free(rsa_meth); 322 return -1; 323 } 324 325 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER); 326 if (priv->cert == NULL) { 327 priv->cert = cryptoapi_find_cert( 328 name, CERT_SYSTEM_STORE_LOCAL_MACHINE); 329 } 330 if (priv->cert == NULL) { 331 wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate " 332 "'%s'", name); 333 goto err; 334 } 335 336 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded, 337 priv->cert->cbCertEncoded); 338 if (cert == NULL) { 339 wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER " 340 "encoding"); 341 goto err; 342 } 343 344 if (!CryptAcquireCertificatePrivateKey(priv->cert, 345 CRYPT_ACQUIRE_COMPARE_KEY_FLAG, 346 NULL, &priv->crypt_prov, 347 &priv->key_spec, 348 &priv->free_crypt_prov)) { 349 cryptoapi_error("Failed to acquire a private key for the " 350 "certificate"); 351 goto err; 352 } 353 354 rsa_meth->name = "Microsoft CryptoAPI RSA Method"; 355 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc; 356 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec; 357 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc; 358 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec; 359 rsa_meth->finish = cryptoapi_finish; 360 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; 361 rsa_meth->app_data = (char *) priv; 362 363 rsa = RSA_new(); 364 if (rsa == NULL) { 365 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 366 ERR_R_MALLOC_FAILURE); 367 goto err; 368 } 369 370 if (!SSL_use_certificate(ssl, cert)) { 371 RSA_free(rsa); 372 rsa = NULL; 373 goto err; 374 } 375 pub_rsa = cert->cert_info->key->pkey->pkey.rsa; 376 X509_free(cert); 377 cert = NULL; 378 379 rsa->n = BN_dup(pub_rsa->n); 380 rsa->e = BN_dup(pub_rsa->e); 381 if (!RSA_set_method(rsa, rsa_meth)) 382 goto err; 383 384 if (!SSL_use_RSAPrivateKey(ssl, rsa)) 385 goto err; 386 RSA_free(rsa); 387 388 return 0; 389 390 err: 391 if (cert) 392 X509_free(cert); 393 if (rsa) 394 RSA_free(rsa); 395 else { 396 os_free(rsa_meth); 397 cryptoapi_free_data(priv); 398 } 399 return -1; 400 } 401 402 403 static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name) 404 { 405 HCERTSTORE cs; 406 PCCERT_CONTEXT ctx = NULL; 407 X509 *cert; 408 char buf[128]; 409 const char *store; 410 #ifdef UNICODE 411 WCHAR *wstore; 412 #endif /* UNICODE */ 413 414 if (name == NULL || strncmp(name, "cert_store://", 13) != 0) 415 return -1; 416 417 store = name + 13; 418 #ifdef UNICODE 419 wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR)); 420 if (wstore == NULL) 421 return -1; 422 wsprintf(wstore, L"%S", store); 423 cs = CertOpenSystemStore(0, wstore); 424 os_free(wstore); 425 #else /* UNICODE */ 426 cs = CertOpenSystemStore(0, store); 427 #endif /* UNICODE */ 428 if (cs == NULL) { 429 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store " 430 "'%s': error=%d", __func__, store, 431 (int) GetLastError()); 432 return -1; 433 } 434 435 while ((ctx = CertEnumCertificatesInStore(cs, ctx))) { 436 cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded, 437 ctx->cbCertEncoded); 438 if (cert == NULL) { 439 wpa_printf(MSG_INFO, "CryptoAPI: Could not process " 440 "X509 DER encoding for CA cert"); 441 continue; 442 } 443 444 X509_NAME_oneline(X509_get_subject_name(cert), buf, 445 sizeof(buf)); 446 wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for " 447 "system certificate store: subject='%s'", buf); 448 449 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 450 tls_show_errors(MSG_WARNING, __func__, 451 "Failed to add ca_cert to OpenSSL " 452 "certificate store"); 453 } 454 455 X509_free(cert); 456 } 457 458 if (!CertCloseStore(cs, 0)) { 459 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store " 460 "'%s': error=%d", __func__, name + 13, 461 (int) GetLastError()); 462 } 463 464 return 0; 465 } 466 467 468 #else /* CONFIG_NATIVE_WINDOWS */ 469 470 static int tls_cryptoapi_cert(SSL *ssl, const char *name) 471 { 472 return -1; 473 } 474 475 #endif /* CONFIG_NATIVE_WINDOWS */ 476 477 478 static void ssl_info_cb(const SSL *ssl, int where, int ret) 479 { 480 const char *str; 481 int w; 482 483 wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret); 484 w = where & ~SSL_ST_MASK; 485 if (w & SSL_ST_CONNECT) 486 str = "SSL_connect"; 487 else if (w & SSL_ST_ACCEPT) 488 str = "SSL_accept"; 489 else 490 str = "undefined"; 491 492 if (where & SSL_CB_LOOP) { 493 wpa_printf(MSG_DEBUG, "SSL: %s:%s", 494 str, SSL_state_string_long(ssl)); 495 } else if (where & SSL_CB_ALERT) { 496 wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s", 497 where & SSL_CB_READ ? 498 "read (remote end reported an error)" : 499 "write (local SSL3 detected an error)", 500 SSL_alert_type_string_long(ret), 501 SSL_alert_desc_string_long(ret)); 502 if ((ret >> 8) == SSL3_AL_FATAL) { 503 struct tls_connection *conn = 504 SSL_get_app_data((SSL *) ssl); 505 if (where & SSL_CB_READ) 506 conn->read_alerts++; 507 else 508 conn->write_alerts++; 509 } 510 } else if (where & SSL_CB_EXIT && ret <= 0) { 511 wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", 512 str, ret == 0 ? "failed" : "error", 513 SSL_state_string_long(ssl)); 514 } 515 } 516 517 518 #ifndef OPENSSL_NO_ENGINE 519 /** 520 * tls_engine_load_dynamic_generic - load any openssl engine 521 * @pre: an array of commands and values that load an engine initialized 522 * in the engine specific function 523 * @post: an array of commands and values that initialize an already loaded 524 * engine (or %NULL if not required) 525 * @id: the engine id of the engine to load (only required if post is not %NULL 526 * 527 * This function is a generic function that loads any openssl engine. 528 * 529 * Returns: 0 on success, -1 on failure 530 */ 531 static int tls_engine_load_dynamic_generic(const char *pre[], 532 const char *post[], const char *id) 533 { 534 ENGINE *engine; 535 const char *dynamic_id = "dynamic"; 536 537 engine = ENGINE_by_id(id); 538 if (engine) { 539 ENGINE_free(engine); 540 wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " 541 "available", id); 542 return 0; 543 } 544 ERR_clear_error(); 545 546 engine = ENGINE_by_id(dynamic_id); 547 if (engine == NULL) { 548 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 549 dynamic_id, 550 ERR_error_string(ERR_get_error(), NULL)); 551 return -1; 552 } 553 554 /* Perform the pre commands. This will load the engine. */ 555 while (pre && pre[0]) { 556 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]); 557 if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) { 558 wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: " 559 "%s %s [%s]", pre[0], pre[1], 560 ERR_error_string(ERR_get_error(), NULL)); 561 ENGINE_free(engine); 562 return -1; 563 } 564 pre += 2; 565 } 566 567 /* 568 * Free the reference to the "dynamic" engine. The loaded engine can 569 * now be looked up using ENGINE_by_id(). 570 */ 571 ENGINE_free(engine); 572 573 engine = ENGINE_by_id(id); 574 if (engine == NULL) { 575 wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", 576 id, ERR_error_string(ERR_get_error(), NULL)); 577 return -1; 578 } 579 580 while (post && post[0]) { 581 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]); 582 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) { 583 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:" 584 " %s %s [%s]", post[0], post[1], 585 ERR_error_string(ERR_get_error(), NULL)); 586 ENGINE_remove(engine); 587 ENGINE_free(engine); 588 return -1; 589 } 590 post += 2; 591 } 592 ENGINE_free(engine); 593 594 return 0; 595 } 596 597 598 /** 599 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc 600 * @pkcs11_so_path: pksc11_so_path from the configuration 601 * @pcks11_module_path: pkcs11_module_path from the configuration 602 */ 603 static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, 604 const char *pkcs11_module_path) 605 { 606 char *engine_id = "pkcs11"; 607 const char *pre_cmd[] = { 608 "SO_PATH", NULL /* pkcs11_so_path */, 609 "ID", NULL /* engine_id */, 610 "LIST_ADD", "1", 611 /* "NO_VCHECK", "1", */ 612 "LOAD", NULL, 613 NULL, NULL 614 }; 615 const char *post_cmd[] = { 616 "MODULE_PATH", NULL /* pkcs11_module_path */, 617 NULL, NULL 618 }; 619 620 if (!pkcs11_so_path || !pkcs11_module_path) 621 return 0; 622 623 pre_cmd[1] = pkcs11_so_path; 624 pre_cmd[3] = engine_id; 625 post_cmd[1] = pkcs11_module_path; 626 627 wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", 628 pkcs11_so_path); 629 630 return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id); 631 } 632 633 634 /** 635 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc 636 * @opensc_so_path: opensc_so_path from the configuration 637 */ 638 static int tls_engine_load_dynamic_opensc(const char *opensc_so_path) 639 { 640 char *engine_id = "opensc"; 641 const char *pre_cmd[] = { 642 "SO_PATH", NULL /* opensc_so_path */, 643 "ID", NULL /* engine_id */, 644 "LIST_ADD", "1", 645 "LOAD", NULL, 646 NULL, NULL 647 }; 648 649 if (!opensc_so_path) 650 return 0; 651 652 pre_cmd[1] = opensc_so_path; 653 pre_cmd[3] = engine_id; 654 655 wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s", 656 opensc_so_path); 657 658 return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); 659 } 660 #endif /* OPENSSL_NO_ENGINE */ 661 662 663 void * tls_init(const struct tls_config *conf) 664 { 665 SSL_CTX *ssl; 666 667 if (tls_openssl_ref_count == 0) { 668 SSL_load_error_strings(); 669 SSL_library_init(); 670 #ifndef OPENSSL_NO_SHA256 671 EVP_add_digest(EVP_sha256()); 672 #endif /* OPENSSL_NO_SHA256 */ 673 /* TODO: if /dev/urandom is available, PRNG is seeded 674 * automatically. If this is not the case, random data should 675 * be added here. */ 676 677 #ifdef PKCS12_FUNCS 678 #ifndef OPENSSL_NO_RC2 679 /* 680 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it. 681 * This is enabled by PKCS12_PBE_add() in OpenSSL 0.9.8 682 * versions, but it looks like OpenSSL 1.0.0 does not do that 683 * anymore. 684 */ 685 EVP_add_cipher(EVP_rc2_40_cbc()); 686 #endif /* OPENSSL_NO_RC2 */ 687 PKCS12_PBE_add(); 688 #endif /* PKCS12_FUNCS */ 689 } 690 tls_openssl_ref_count++; 691 692 ssl = SSL_CTX_new(TLSv1_method()); 693 if (ssl == NULL) 694 return NULL; 695 696 SSL_CTX_set_info_callback(ssl, ssl_info_cb); 697 698 #ifndef OPENSSL_NO_ENGINE 699 if (conf && 700 (conf->opensc_engine_path || conf->pkcs11_engine_path || 701 conf->pkcs11_module_path)) { 702 wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); 703 ERR_load_ENGINE_strings(); 704 ENGINE_load_dynamic(); 705 706 if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || 707 tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, 708 conf->pkcs11_module_path)) { 709 tls_deinit(ssl); 710 return NULL; 711 } 712 } 713 #endif /* OPENSSL_NO_ENGINE */ 714 715 return ssl; 716 } 717 718 719 void tls_deinit(void *ssl_ctx) 720 { 721 SSL_CTX *ssl = ssl_ctx; 722 SSL_CTX_free(ssl); 723 724 tls_openssl_ref_count--; 725 if (tls_openssl_ref_count == 0) { 726 #ifndef OPENSSL_NO_ENGINE 727 ENGINE_cleanup(); 728 #endif /* OPENSSL_NO_ENGINE */ 729 CRYPTO_cleanup_all_ex_data(); 730 ERR_remove_state(0); 731 ERR_free_strings(); 732 EVP_cleanup(); 733 } 734 } 735 736 737 static int tls_engine_init(struct tls_connection *conn, const char *engine_id, 738 const char *pin, const char *key_id, 739 const char *cert_id, const char *ca_cert_id) 740 { 741 #ifndef OPENSSL_NO_ENGINE 742 int ret = -1; 743 if (engine_id == NULL) { 744 wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); 745 return -1; 746 } 747 if (pin == NULL) { 748 wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set"); 749 return -1; 750 } 751 if (key_id == NULL) { 752 wpa_printf(MSG_ERROR, "ENGINE: Key Id not set"); 753 return -1; 754 } 755 756 ERR_clear_error(); 757 conn->engine = ENGINE_by_id(engine_id); 758 if (!conn->engine) { 759 wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", 760 engine_id, ERR_error_string(ERR_get_error(), NULL)); 761 goto err; 762 } 763 if (ENGINE_init(conn->engine) != 1) { 764 wpa_printf(MSG_ERROR, "ENGINE: engine init failed " 765 "(engine: %s) [%s]", engine_id, 766 ERR_error_string(ERR_get_error(), NULL)); 767 goto err; 768 } 769 wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); 770 771 if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { 772 wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", 773 ERR_error_string(ERR_get_error(), NULL)); 774 goto err; 775 } 776 /* load private key first in-case PIN is required for cert */ 777 conn->private_key = ENGINE_load_private_key(conn->engine, 778 key_id, NULL, NULL); 779 if (!conn->private_key) { 780 wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id" 781 " '%s' [%s]", key_id, 782 ERR_error_string(ERR_get_error(), NULL)); 783 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 784 goto err; 785 } 786 787 /* handle a certificate and/or CA certificate */ 788 if (cert_id || ca_cert_id) { 789 const char *cmd_name = "LOAD_CERT_CTRL"; 790 791 /* test if the engine supports a LOAD_CERT_CTRL */ 792 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME, 793 0, (void *)cmd_name, NULL)) { 794 wpa_printf(MSG_ERROR, "ENGINE: engine does not support" 795 " loading certificates"); 796 ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 797 goto err; 798 } 799 } 800 801 return 0; 802 803 err: 804 if (conn->engine) { 805 ENGINE_free(conn->engine); 806 conn->engine = NULL; 807 } 808 809 if (conn->private_key) { 810 EVP_PKEY_free(conn->private_key); 811 conn->private_key = NULL; 812 } 813 814 return ret; 815 #else /* OPENSSL_NO_ENGINE */ 816 return 0; 817 #endif /* OPENSSL_NO_ENGINE */ 818 } 819 820 821 static void tls_engine_deinit(struct tls_connection *conn) 822 { 823 #ifndef OPENSSL_NO_ENGINE 824 wpa_printf(MSG_DEBUG, "ENGINE: engine deinit"); 825 if (conn->private_key) { 826 EVP_PKEY_free(conn->private_key); 827 conn->private_key = NULL; 828 } 829 if (conn->engine) { 830 ENGINE_finish(conn->engine); 831 conn->engine = NULL; 832 } 833 #endif /* OPENSSL_NO_ENGINE */ 834 } 835 836 837 int tls_get_errors(void *ssl_ctx) 838 { 839 int count = 0; 840 unsigned long err; 841 842 while ((err = ERR_get_error())) { 843 wpa_printf(MSG_INFO, "TLS - SSL error: %s", 844 ERR_error_string(err, NULL)); 845 count++; 846 } 847 848 return count; 849 } 850 851 struct tls_connection * tls_connection_init(void *ssl_ctx) 852 { 853 SSL_CTX *ssl = ssl_ctx; 854 struct tls_connection *conn; 855 long options; 856 857 conn = os_zalloc(sizeof(*conn)); 858 if (conn == NULL) 859 return NULL; 860 conn->ssl = SSL_new(ssl); 861 if (conn->ssl == NULL) { 862 tls_show_errors(MSG_INFO, __func__, 863 "Failed to initialize new SSL connection"); 864 os_free(conn); 865 return NULL; 866 } 867 868 SSL_set_app_data(conn->ssl, conn); 869 options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 870 SSL_OP_SINGLE_DH_USE; 871 #ifdef SSL_OP_NO_COMPRESSION 872 options |= SSL_OP_NO_COMPRESSION; 873 #endif /* SSL_OP_NO_COMPRESSION */ 874 SSL_set_options(conn->ssl, options); 875 876 conn->ssl_in = BIO_new(BIO_s_mem()); 877 if (!conn->ssl_in) { 878 tls_show_errors(MSG_INFO, __func__, 879 "Failed to create a new BIO for ssl_in"); 880 SSL_free(conn->ssl); 881 os_free(conn); 882 return NULL; 883 } 884 885 conn->ssl_out = BIO_new(BIO_s_mem()); 886 if (!conn->ssl_out) { 887 tls_show_errors(MSG_INFO, __func__, 888 "Failed to create a new BIO for ssl_out"); 889 SSL_free(conn->ssl); 890 BIO_free(conn->ssl_in); 891 os_free(conn); 892 return NULL; 893 } 894 895 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out); 896 897 return conn; 898 } 899 900 901 void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) 902 { 903 if (conn == NULL) 904 return; 905 SSL_free(conn->ssl); 906 tls_engine_deinit(conn); 907 os_free(conn->subject_match); 908 os_free(conn->altsubject_match); 909 os_free(conn->session_ticket); 910 os_free(conn); 911 } 912 913 914 int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) 915 { 916 return conn ? SSL_is_init_finished(conn->ssl) : 0; 917 } 918 919 920 int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) 921 { 922 if (conn == NULL) 923 return -1; 924 925 /* Shutdown previous TLS connection without notifying the peer 926 * because the connection was already terminated in practice 927 * and "close notify" shutdown alert would confuse AS. */ 928 SSL_set_quiet_shutdown(conn->ssl, 1); 929 SSL_shutdown(conn->ssl); 930 return 0; 931 } 932 933 934 static int tls_match_altsubject_component(X509 *cert, int type, 935 const char *value, size_t len) 936 { 937 GENERAL_NAME *gen; 938 void *ext; 939 int i, found = 0; 940 941 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 942 943 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { 944 gen = sk_GENERAL_NAME_value(ext, i); 945 if (gen->type != type) 946 continue; 947 if (os_strlen((char *) gen->d.ia5->data) == len && 948 os_memcmp(value, gen->d.ia5->data, len) == 0) 949 found++; 950 } 951 952 return found; 953 } 954 955 956 static int tls_match_altsubject(X509 *cert, const char *match) 957 { 958 int type; 959 const char *pos, *end; 960 size_t len; 961 962 pos = match; 963 do { 964 if (os_strncmp(pos, "EMAIL:", 6) == 0) { 965 type = GEN_EMAIL; 966 pos += 6; 967 } else if (os_strncmp(pos, "DNS:", 4) == 0) { 968 type = GEN_DNS; 969 pos += 4; 970 } else if (os_strncmp(pos, "URI:", 4) == 0) { 971 type = GEN_URI; 972 pos += 4; 973 } else { 974 wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " 975 "match '%s'", pos); 976 return 0; 977 } 978 end = os_strchr(pos, ';'); 979 while (end) { 980 if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || 981 os_strncmp(end + 1, "DNS:", 4) == 0 || 982 os_strncmp(end + 1, "URI:", 4) == 0) 983 break; 984 end = os_strchr(end + 1, ';'); 985 } 986 if (end) 987 len = end - pos; 988 else 989 len = os_strlen(pos); 990 if (tls_match_altsubject_component(cert, type, pos, len) > 0) 991 return 1; 992 pos = end + 1; 993 } while (end); 994 995 return 0; 996 } 997 998 999 static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) 1000 { 1001 char buf[256]; 1002 X509 *err_cert; 1003 int err, depth; 1004 SSL *ssl; 1005 struct tls_connection *conn; 1006 char *match, *altmatch; 1007 1008 err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); 1009 err = X509_STORE_CTX_get_error(x509_ctx); 1010 depth = X509_STORE_CTX_get_error_depth(x509_ctx); 1011 ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 1012 SSL_get_ex_data_X509_STORE_CTX_idx()); 1013 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); 1014 1015 conn = SSL_get_app_data(ssl); 1016 match = conn ? conn->subject_match : NULL; 1017 altmatch = conn ? conn->altsubject_match : NULL; 1018 1019 if (!preverify_ok) { 1020 wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," 1021 " error %d (%s) depth %d for '%s'", err, 1022 X509_verify_cert_error_string(err), depth, buf); 1023 } else { 1024 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - " 1025 "preverify_ok=%d err=%d (%s) depth=%d buf='%s'", 1026 preverify_ok, err, 1027 X509_verify_cert_error_string(err), depth, buf); 1028 if (depth == 0 && match && os_strstr(buf, match) == NULL) { 1029 wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " 1030 "match with '%s'", buf, match); 1031 preverify_ok = 0; 1032 } else if (depth == 0 && altmatch && 1033 !tls_match_altsubject(err_cert, altmatch)) { 1034 wpa_printf(MSG_WARNING, "TLS: altSubjectName match " 1035 "'%s' not found", altmatch); 1036 preverify_ok = 0; 1037 } 1038 } 1039 1040 return preverify_ok; 1041 } 1042 1043 1044 #ifndef OPENSSL_NO_STDIO 1045 static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert) 1046 { 1047 SSL_CTX *ssl_ctx = _ssl_ctx; 1048 X509_LOOKUP *lookup; 1049 int ret = 0; 1050 1051 lookup = X509_STORE_add_lookup(ssl_ctx->cert_store, 1052 X509_LOOKUP_file()); 1053 if (lookup == NULL) { 1054 tls_show_errors(MSG_WARNING, __func__, 1055 "Failed add lookup for X509 store"); 1056 return -1; 1057 } 1058 1059 if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) { 1060 unsigned long err = ERR_peek_error(); 1061 tls_show_errors(MSG_WARNING, __func__, 1062 "Failed load CA in DER format"); 1063 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1064 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1065 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1066 "cert already in hash table error", 1067 __func__); 1068 } else 1069 ret = -1; 1070 } 1071 1072 return ret; 1073 } 1074 #endif /* OPENSSL_NO_STDIO */ 1075 1076 1077 static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn, 1078 const char *ca_cert, const u8 *ca_cert_blob, 1079 size_t ca_cert_blob_len, const char *ca_path) 1080 { 1081 SSL_CTX *ssl_ctx = _ssl_ctx; 1082 1083 /* 1084 * Remove previously configured trusted CA certificates before adding 1085 * new ones. 1086 */ 1087 X509_STORE_free(ssl_ctx->cert_store); 1088 ssl_ctx->cert_store = X509_STORE_new(); 1089 if (ssl_ctx->cert_store == NULL) { 1090 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1091 "certificate store", __func__); 1092 return -1; 1093 } 1094 1095 if (ca_cert_blob) { 1096 X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob, 1097 ca_cert_blob_len); 1098 if (cert == NULL) { 1099 tls_show_errors(MSG_WARNING, __func__, 1100 "Failed to parse ca_cert_blob"); 1101 return -1; 1102 } 1103 1104 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1105 unsigned long err = ERR_peek_error(); 1106 tls_show_errors(MSG_WARNING, __func__, 1107 "Failed to add ca_cert_blob to " 1108 "certificate store"); 1109 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1110 ERR_GET_REASON(err) == 1111 X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1112 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " 1113 "cert already in hash table error", 1114 __func__); 1115 } else { 1116 X509_free(cert); 1117 return -1; 1118 } 1119 } 1120 X509_free(cert); 1121 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob " 1122 "to certificate store", __func__); 1123 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1124 return 0; 1125 } 1126 1127 #ifdef CONFIG_NATIVE_WINDOWS 1128 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) == 1129 0) { 1130 wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from " 1131 "system certificate store"); 1132 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1133 return 0; 1134 } 1135 #endif /* CONFIG_NATIVE_WINDOWS */ 1136 1137 if (ca_cert || ca_path) { 1138 #ifndef OPENSSL_NO_STDIO 1139 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) != 1140 1) { 1141 tls_show_errors(MSG_WARNING, __func__, 1142 "Failed to load root certificates"); 1143 if (ca_cert && 1144 tls_load_ca_der(ssl_ctx, ca_cert) == 0) { 1145 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded " 1146 "DER format CA certificate", 1147 __func__); 1148 } else 1149 return -1; 1150 } else { 1151 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1152 "certificate(s) loaded"); 1153 tls_get_errors(ssl_ctx); 1154 } 1155 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1156 #else /* OPENSSL_NO_STDIO */ 1157 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1158 __func__); 1159 return -1; 1160 #endif /* OPENSSL_NO_STDIO */ 1161 } else { 1162 /* No ca_cert configured - do not try to verify server 1163 * certificate */ 1164 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1165 } 1166 1167 return 0; 1168 } 1169 1170 1171 static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert) 1172 { 1173 if (ca_cert) { 1174 if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1) 1175 { 1176 tls_show_errors(MSG_WARNING, __func__, 1177 "Failed to load root certificates"); 1178 return -1; 1179 } 1180 1181 wpa_printf(MSG_DEBUG, "TLS: Trusted root " 1182 "certificate(s) loaded"); 1183 1184 #ifndef OPENSSL_NO_STDIO 1185 /* Add the same CAs to the client certificate requests */ 1186 SSL_CTX_set_client_CA_list(ssl_ctx, 1187 SSL_load_client_CA_file(ca_cert)); 1188 #endif /* OPENSSL_NO_STDIO */ 1189 } 1190 1191 return 0; 1192 } 1193 1194 1195 int tls_global_set_verify(void *ssl_ctx, int check_crl) 1196 { 1197 int flags; 1198 1199 if (check_crl) { 1200 X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx); 1201 if (cs == NULL) { 1202 tls_show_errors(MSG_INFO, __func__, "Failed to get " 1203 "certificate store when enabling " 1204 "check_crl"); 1205 return -1; 1206 } 1207 flags = X509_V_FLAG_CRL_CHECK; 1208 if (check_crl == 2) 1209 flags |= X509_V_FLAG_CRL_CHECK_ALL; 1210 X509_STORE_set_flags(cs, flags); 1211 } 1212 return 0; 1213 } 1214 1215 1216 static int tls_connection_set_subject_match(struct tls_connection *conn, 1217 const char *subject_match, 1218 const char *altsubject_match) 1219 { 1220 os_free(conn->subject_match); 1221 conn->subject_match = NULL; 1222 if (subject_match) { 1223 conn->subject_match = os_strdup(subject_match); 1224 if (conn->subject_match == NULL) 1225 return -1; 1226 } 1227 1228 os_free(conn->altsubject_match); 1229 conn->altsubject_match = NULL; 1230 if (altsubject_match) { 1231 conn->altsubject_match = os_strdup(altsubject_match); 1232 if (conn->altsubject_match == NULL) 1233 return -1; 1234 } 1235 1236 return 0; 1237 } 1238 1239 1240 int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, 1241 int verify_peer) 1242 { 1243 static int counter = 0; 1244 1245 if (conn == NULL) 1246 return -1; 1247 1248 if (verify_peer) { 1249 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER | 1250 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1251 SSL_VERIFY_CLIENT_ONCE, tls_verify_cb); 1252 } else { 1253 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); 1254 } 1255 1256 SSL_set_accept_state(conn->ssl); 1257 1258 /* 1259 * Set session id context in order to avoid fatal errors when client 1260 * tries to resume a session. However, set the context to a unique 1261 * value in order to effectively disable session resumption for now 1262 * since not all areas of the server code are ready for it (e.g., 1263 * EAP-TTLS needs special handling for Phase 2 after abbreviated TLS 1264 * handshake). 1265 */ 1266 counter++; 1267 SSL_set_session_id_context(conn->ssl, 1268 (const unsigned char *) &counter, 1269 sizeof(counter)); 1270 1271 return 0; 1272 } 1273 1274 1275 static int tls_connection_client_cert(struct tls_connection *conn, 1276 const char *client_cert, 1277 const u8 *client_cert_blob, 1278 size_t client_cert_blob_len) 1279 { 1280 if (client_cert == NULL && client_cert_blob == NULL) 1281 return 0; 1282 1283 if (client_cert_blob && 1284 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob, 1285 client_cert_blob_len) == 1) { 1286 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> " 1287 "OK"); 1288 return 0; 1289 } else if (client_cert_blob) { 1290 tls_show_errors(MSG_DEBUG, __func__, 1291 "SSL_use_certificate_ASN1 failed"); 1292 } 1293 1294 if (client_cert == NULL) 1295 return -1; 1296 1297 #ifndef OPENSSL_NO_STDIO 1298 if (SSL_use_certificate_file(conn->ssl, client_cert, 1299 SSL_FILETYPE_ASN1) == 1) { 1300 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" 1301 " --> OK"); 1302 return 0; 1303 } else { 1304 tls_show_errors(MSG_DEBUG, __func__, 1305 "SSL_use_certificate_file (DER) failed"); 1306 } 1307 1308 if (SSL_use_certificate_file(conn->ssl, client_cert, 1309 SSL_FILETYPE_PEM) == 1) { 1310 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" 1311 " --> OK"); 1312 return 0; 1313 } else { 1314 tls_show_errors(MSG_DEBUG, __func__, 1315 "SSL_use_certificate_file (PEM) failed"); 1316 } 1317 #else /* OPENSSL_NO_STDIO */ 1318 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1319 #endif /* OPENSSL_NO_STDIO */ 1320 1321 return -1; 1322 } 1323 1324 1325 static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) 1326 { 1327 #ifndef OPENSSL_NO_STDIO 1328 if (client_cert == NULL) 1329 return 0; 1330 1331 if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1332 SSL_FILETYPE_ASN1) != 1 && 1333 SSL_CTX_use_certificate_file(ssl_ctx, client_cert, 1334 SSL_FILETYPE_PEM) != 1) { 1335 tls_show_errors(MSG_INFO, __func__, 1336 "Failed to load client certificate"); 1337 return -1; 1338 } 1339 return 0; 1340 #else /* OPENSSL_NO_STDIO */ 1341 if (client_cert == NULL) 1342 return 0; 1343 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); 1344 return -1; 1345 #endif /* OPENSSL_NO_STDIO */ 1346 } 1347 1348 1349 static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) 1350 { 1351 if (password == NULL) { 1352 return 0; 1353 } 1354 os_strlcpy(buf, (char *) password, size); 1355 return os_strlen(buf); 1356 } 1357 1358 1359 #ifdef PKCS12_FUNCS 1360 static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, 1361 const char *passwd) 1362 { 1363 EVP_PKEY *pkey; 1364 X509 *cert; 1365 STACK_OF(X509) *certs; 1366 int res = 0; 1367 char buf[256]; 1368 1369 pkey = NULL; 1370 cert = NULL; 1371 certs = NULL; 1372 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { 1373 tls_show_errors(MSG_DEBUG, __func__, 1374 "Failed to parse PKCS12 file"); 1375 PKCS12_free(p12); 1376 return -1; 1377 } 1378 wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data"); 1379 1380 if (cert) { 1381 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1382 sizeof(buf)); 1383 wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: " 1384 "subject='%s'", buf); 1385 if (ssl) { 1386 if (SSL_use_certificate(ssl, cert) != 1) 1387 res = -1; 1388 } else { 1389 if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1) 1390 res = -1; 1391 } 1392 X509_free(cert); 1393 } 1394 1395 if (pkey) { 1396 wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12"); 1397 if (ssl) { 1398 if (SSL_use_PrivateKey(ssl, pkey) != 1) 1399 res = -1; 1400 } else { 1401 if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) 1402 res = -1; 1403 } 1404 EVP_PKEY_free(pkey); 1405 } 1406 1407 if (certs) { 1408 while ((cert = sk_X509_pop(certs)) != NULL) { 1409 X509_NAME_oneline(X509_get_subject_name(cert), buf, 1410 sizeof(buf)); 1411 wpa_printf(MSG_DEBUG, "TLS: additional certificate" 1412 " from PKCS12: subject='%s'", buf); 1413 /* 1414 * There is no SSL equivalent for the chain cert - so 1415 * always add it to the context... 1416 */ 1417 if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) { 1418 res = -1; 1419 break; 1420 } 1421 } 1422 sk_X509_free(certs); 1423 } 1424 1425 PKCS12_free(p12); 1426 1427 if (res < 0) 1428 tls_get_errors(ssl_ctx); 1429 1430 return res; 1431 } 1432 #endif /* PKCS12_FUNCS */ 1433 1434 1435 static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key, 1436 const char *passwd) 1437 { 1438 #ifdef PKCS12_FUNCS 1439 FILE *f; 1440 PKCS12 *p12; 1441 1442 f = fopen(private_key, "rb"); 1443 if (f == NULL) 1444 return -1; 1445 1446 p12 = d2i_PKCS12_fp(f, NULL); 1447 fclose(f); 1448 1449 if (p12 == NULL) { 1450 tls_show_errors(MSG_INFO, __func__, 1451 "Failed to use PKCS#12 file"); 1452 return -1; 1453 } 1454 1455 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 1456 1457 #else /* PKCS12_FUNCS */ 1458 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read " 1459 "p12/pfx files"); 1460 return -1; 1461 #endif /* PKCS12_FUNCS */ 1462 } 1463 1464 1465 static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl, 1466 const u8 *blob, size_t len, const char *passwd) 1467 { 1468 #ifdef PKCS12_FUNCS 1469 PKCS12 *p12; 1470 1471 p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len); 1472 if (p12 == NULL) { 1473 tls_show_errors(MSG_INFO, __func__, 1474 "Failed to use PKCS#12 blob"); 1475 return -1; 1476 } 1477 1478 return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); 1479 1480 #else /* PKCS12_FUNCS */ 1481 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse " 1482 "p12/pfx blobs"); 1483 return -1; 1484 #endif /* PKCS12_FUNCS */ 1485 } 1486 1487 1488 #ifndef OPENSSL_NO_ENGINE 1489 static int tls_engine_get_cert(struct tls_connection *conn, 1490 const char *cert_id, 1491 X509 **cert) 1492 { 1493 /* this runs after the private key is loaded so no PIN is required */ 1494 struct { 1495 const char *cert_id; 1496 X509 *cert; 1497 } params; 1498 params.cert_id = cert_id; 1499 params.cert = NULL; 1500 1501 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL", 1502 0, ¶ms, NULL, 1)) { 1503 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id" 1504 " '%s' [%s]", cert_id, 1505 ERR_error_string(ERR_get_error(), NULL)); 1506 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 1507 } 1508 if (!params.cert) { 1509 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id" 1510 " '%s'", cert_id); 1511 return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; 1512 } 1513 *cert = params.cert; 1514 return 0; 1515 } 1516 #endif /* OPENSSL_NO_ENGINE */ 1517 1518 1519 static int tls_connection_engine_client_cert(struct tls_connection *conn, 1520 const char *cert_id) 1521 { 1522 #ifndef OPENSSL_NO_ENGINE 1523 X509 *cert; 1524 1525 if (tls_engine_get_cert(conn, cert_id, &cert)) 1526 return -1; 1527 1528 if (!SSL_use_certificate(conn->ssl, cert)) { 1529 tls_show_errors(MSG_ERROR, __func__, 1530 "SSL_use_certificate failed"); 1531 X509_free(cert); 1532 return -1; 1533 } 1534 X509_free(cert); 1535 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> " 1536 "OK"); 1537 return 0; 1538 1539 #else /* OPENSSL_NO_ENGINE */ 1540 return -1; 1541 #endif /* OPENSSL_NO_ENGINE */ 1542 } 1543 1544 1545 static int tls_connection_engine_ca_cert(void *_ssl_ctx, 1546 struct tls_connection *conn, 1547 const char *ca_cert_id) 1548 { 1549 #ifndef OPENSSL_NO_ENGINE 1550 X509 *cert; 1551 SSL_CTX *ssl_ctx = _ssl_ctx; 1552 1553 if (tls_engine_get_cert(conn, ca_cert_id, &cert)) 1554 return -1; 1555 1556 /* start off the same as tls_connection_ca_cert */ 1557 X509_STORE_free(ssl_ctx->cert_store); 1558 ssl_ctx->cert_store = X509_STORE_new(); 1559 if (ssl_ctx->cert_store == NULL) { 1560 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new " 1561 "certificate store", __func__); 1562 X509_free(cert); 1563 return -1; 1564 } 1565 if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { 1566 unsigned long err = ERR_peek_error(); 1567 tls_show_errors(MSG_WARNING, __func__, 1568 "Failed to add CA certificate from engine " 1569 "to certificate store"); 1570 if (ERR_GET_LIB(err) == ERR_LIB_X509 && 1571 ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { 1572 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert" 1573 " already in hash table error", 1574 __func__); 1575 } else { 1576 X509_free(cert); 1577 return -1; 1578 } 1579 } 1580 X509_free(cert); 1581 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine " 1582 "to certificate store", __func__); 1583 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); 1584 return 0; 1585 1586 #else /* OPENSSL_NO_ENGINE */ 1587 return -1; 1588 #endif /* OPENSSL_NO_ENGINE */ 1589 } 1590 1591 1592 static int tls_connection_engine_private_key(struct tls_connection *conn) 1593 { 1594 #ifndef OPENSSL_NO_ENGINE 1595 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) { 1596 tls_show_errors(MSG_ERROR, __func__, 1597 "ENGINE: cannot use private key for TLS"); 1598 return -1; 1599 } 1600 if (!SSL_check_private_key(conn->ssl)) { 1601 tls_show_errors(MSG_INFO, __func__, 1602 "Private key failed verification"); 1603 return -1; 1604 } 1605 return 0; 1606 #else /* OPENSSL_NO_ENGINE */ 1607 wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but " 1608 "engine support was not compiled in"); 1609 return -1; 1610 #endif /* OPENSSL_NO_ENGINE */ 1611 } 1612 1613 1614 static int tls_connection_private_key(void *_ssl_ctx, 1615 struct tls_connection *conn, 1616 const char *private_key, 1617 const char *private_key_passwd, 1618 const u8 *private_key_blob, 1619 size_t private_key_blob_len) 1620 { 1621 SSL_CTX *ssl_ctx = _ssl_ctx; 1622 char *passwd; 1623 int ok; 1624 1625 if (private_key == NULL && private_key_blob == NULL) 1626 return 0; 1627 1628 if (private_key_passwd) { 1629 passwd = os_strdup(private_key_passwd); 1630 if (passwd == NULL) 1631 return -1; 1632 } else 1633 passwd = NULL; 1634 1635 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 1636 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 1637 1638 ok = 0; 1639 while (private_key_blob) { 1640 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl, 1641 (u8 *) private_key_blob, 1642 private_key_blob_len) == 1) { 1643 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 1644 "ASN1(EVP_PKEY_RSA) --> OK"); 1645 ok = 1; 1646 break; 1647 } else { 1648 tls_show_errors(MSG_DEBUG, __func__, 1649 "SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA)" 1650 " failed"); 1651 } 1652 1653 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, 1654 (u8 *) private_key_blob, 1655 private_key_blob_len) == 1) { 1656 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" 1657 "ASN1(EVP_PKEY_DSA) --> OK"); 1658 ok = 1; 1659 break; 1660 } else { 1661 tls_show_errors(MSG_DEBUG, __func__, 1662 "SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA)" 1663 " failed"); 1664 } 1665 1666 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, 1667 (u8 *) private_key_blob, 1668 private_key_blob_len) == 1) { 1669 wpa_printf(MSG_DEBUG, "OpenSSL: " 1670 "SSL_use_RSAPrivateKey_ASN1 --> OK"); 1671 ok = 1; 1672 break; 1673 } else { 1674 tls_show_errors(MSG_DEBUG, __func__, 1675 "SSL_use_RSAPrivateKey_ASN1 failed"); 1676 } 1677 1678 if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, 1679 private_key_blob_len, passwd) == 0) { 1680 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> " 1681 "OK"); 1682 ok = 1; 1683 break; 1684 } 1685 1686 break; 1687 } 1688 1689 while (!ok && private_key) { 1690 #ifndef OPENSSL_NO_STDIO 1691 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 1692 SSL_FILETYPE_ASN1) == 1) { 1693 wpa_printf(MSG_DEBUG, "OpenSSL: " 1694 "SSL_use_PrivateKey_File (DER) --> OK"); 1695 ok = 1; 1696 break; 1697 } else { 1698 tls_show_errors(MSG_DEBUG, __func__, 1699 "SSL_use_PrivateKey_File (DER) " 1700 "failed"); 1701 } 1702 1703 if (SSL_use_PrivateKey_file(conn->ssl, private_key, 1704 SSL_FILETYPE_PEM) == 1) { 1705 wpa_printf(MSG_DEBUG, "OpenSSL: " 1706 "SSL_use_PrivateKey_File (PEM) --> OK"); 1707 ok = 1; 1708 break; 1709 } else { 1710 tls_show_errors(MSG_DEBUG, __func__, 1711 "SSL_use_PrivateKey_File (PEM) " 1712 "failed"); 1713 } 1714 #else /* OPENSSL_NO_STDIO */ 1715 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", 1716 __func__); 1717 #endif /* OPENSSL_NO_STDIO */ 1718 1719 if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd) 1720 == 0) { 1721 wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file " 1722 "--> OK"); 1723 ok = 1; 1724 break; 1725 } 1726 1727 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) { 1728 wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to " 1729 "access certificate store --> OK"); 1730 ok = 1; 1731 break; 1732 } 1733 1734 break; 1735 } 1736 1737 if (!ok) { 1738 wpa_printf(MSG_INFO, "OpenSSL: Failed to load private key"); 1739 os_free(passwd); 1740 ERR_clear_error(); 1741 return -1; 1742 } 1743 ERR_clear_error(); 1744 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 1745 os_free(passwd); 1746 1747 if (!SSL_check_private_key(conn->ssl)) { 1748 tls_show_errors(MSG_INFO, __func__, "Private key failed " 1749 "verification"); 1750 return -1; 1751 } 1752 1753 wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully"); 1754 return 0; 1755 } 1756 1757 1758 static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key, 1759 const char *private_key_passwd) 1760 { 1761 char *passwd; 1762 1763 if (private_key == NULL) 1764 return 0; 1765 1766 if (private_key_passwd) { 1767 passwd = os_strdup(private_key_passwd); 1768 if (passwd == NULL) 1769 return -1; 1770 } else 1771 passwd = NULL; 1772 1773 SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); 1774 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); 1775 if ( 1776 #ifndef OPENSSL_NO_STDIO 1777 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 1778 SSL_FILETYPE_ASN1) != 1 && 1779 SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, 1780 SSL_FILETYPE_PEM) != 1 && 1781 #endif /* OPENSSL_NO_STDIO */ 1782 tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) { 1783 tls_show_errors(MSG_INFO, __func__, 1784 "Failed to load private key"); 1785 os_free(passwd); 1786 ERR_clear_error(); 1787 return -1; 1788 } 1789 os_free(passwd); 1790 ERR_clear_error(); 1791 SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); 1792 1793 if (!SSL_CTX_check_private_key(ssl_ctx)) { 1794 tls_show_errors(MSG_INFO, __func__, 1795 "Private key failed verification"); 1796 return -1; 1797 } 1798 1799 return 0; 1800 } 1801 1802 1803 static int tls_connection_dh(struct tls_connection *conn, const char *dh_file) 1804 { 1805 #ifdef OPENSSL_NO_DH 1806 if (dh_file == NULL) 1807 return 0; 1808 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 1809 "dh_file specified"); 1810 return -1; 1811 #else /* OPENSSL_NO_DH */ 1812 DH *dh; 1813 BIO *bio; 1814 1815 /* TODO: add support for dh_blob */ 1816 if (dh_file == NULL) 1817 return 0; 1818 if (conn == NULL) 1819 return -1; 1820 1821 bio = BIO_new_file(dh_file, "r"); 1822 if (bio == NULL) { 1823 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 1824 dh_file, ERR_error_string(ERR_get_error(), NULL)); 1825 return -1; 1826 } 1827 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 1828 BIO_free(bio); 1829 #ifndef OPENSSL_NO_DSA 1830 while (dh == NULL) { 1831 DSA *dsa; 1832 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 1833 " trying to parse as DSA params", dh_file, 1834 ERR_error_string(ERR_get_error(), NULL)); 1835 bio = BIO_new_file(dh_file, "r"); 1836 if (bio == NULL) 1837 break; 1838 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 1839 BIO_free(bio); 1840 if (!dsa) { 1841 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 1842 "'%s': %s", dh_file, 1843 ERR_error_string(ERR_get_error(), NULL)); 1844 break; 1845 } 1846 1847 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 1848 dh = DSA_dup_DH(dsa); 1849 DSA_free(dsa); 1850 if (dh == NULL) { 1851 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 1852 "params into DH params"); 1853 break; 1854 } 1855 break; 1856 } 1857 #endif /* !OPENSSL_NO_DSA */ 1858 if (dh == NULL) { 1859 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 1860 "'%s'", dh_file); 1861 return -1; 1862 } 1863 1864 if (SSL_set_tmp_dh(conn->ssl, dh) != 1) { 1865 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 1866 "%s", dh_file, 1867 ERR_error_string(ERR_get_error(), NULL)); 1868 DH_free(dh); 1869 return -1; 1870 } 1871 DH_free(dh); 1872 return 0; 1873 #endif /* OPENSSL_NO_DH */ 1874 } 1875 1876 1877 static int tls_global_dh(SSL_CTX *ssl_ctx, const char *dh_file) 1878 { 1879 #ifdef OPENSSL_NO_DH 1880 if (dh_file == NULL) 1881 return 0; 1882 wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " 1883 "dh_file specified"); 1884 return -1; 1885 #else /* OPENSSL_NO_DH */ 1886 DH *dh; 1887 BIO *bio; 1888 1889 /* TODO: add support for dh_blob */ 1890 if (dh_file == NULL) 1891 return 0; 1892 if (ssl_ctx == NULL) 1893 return -1; 1894 1895 bio = BIO_new_file(dh_file, "r"); 1896 if (bio == NULL) { 1897 wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", 1898 dh_file, ERR_error_string(ERR_get_error(), NULL)); 1899 return -1; 1900 } 1901 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 1902 BIO_free(bio); 1903 #ifndef OPENSSL_NO_DSA 1904 while (dh == NULL) { 1905 DSA *dsa; 1906 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" 1907 " trying to parse as DSA params", dh_file, 1908 ERR_error_string(ERR_get_error(), NULL)); 1909 bio = BIO_new_file(dh_file, "r"); 1910 if (bio == NULL) 1911 break; 1912 dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); 1913 BIO_free(bio); 1914 if (!dsa) { 1915 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " 1916 "'%s': %s", dh_file, 1917 ERR_error_string(ERR_get_error(), NULL)); 1918 break; 1919 } 1920 1921 wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); 1922 dh = DSA_dup_DH(dsa); 1923 DSA_free(dsa); 1924 if (dh == NULL) { 1925 wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " 1926 "params into DH params"); 1927 break; 1928 } 1929 break; 1930 } 1931 #endif /* !OPENSSL_NO_DSA */ 1932 if (dh == NULL) { 1933 wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " 1934 "'%s'", dh_file); 1935 return -1; 1936 } 1937 1938 if (SSL_CTX_set_tmp_dh(ssl_ctx, dh) != 1) { 1939 wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " 1940 "%s", dh_file, 1941 ERR_error_string(ERR_get_error(), NULL)); 1942 DH_free(dh); 1943 return -1; 1944 } 1945 DH_free(dh); 1946 return 0; 1947 #endif /* OPENSSL_NO_DH */ 1948 } 1949 1950 1951 int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, 1952 struct tls_keys *keys) 1953 { 1954 SSL *ssl; 1955 1956 if (conn == NULL || keys == NULL) 1957 return -1; 1958 ssl = conn->ssl; 1959 if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) 1960 return -1; 1961 1962 os_memset(keys, 0, sizeof(*keys)); 1963 keys->master_key = ssl->session->master_key; 1964 keys->master_key_len = ssl->session->master_key_length; 1965 keys->client_random = ssl->s3->client_random; 1966 keys->client_random_len = SSL3_RANDOM_SIZE; 1967 keys->server_random = ssl->s3->server_random; 1968 keys->server_random_len = SSL3_RANDOM_SIZE; 1969 1970 return 0; 1971 } 1972 1973 1974 int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, 1975 const char *label, int server_random_first, 1976 u8 *out, size_t out_len) 1977 { 1978 return -1; 1979 } 1980 1981 1982 u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, 1983 const u8 *in_data, size_t in_len, 1984 size_t *out_len, u8 **appl_data, 1985 size_t *appl_data_len) 1986 { 1987 int res; 1988 u8 *out_data; 1989 1990 if (appl_data) 1991 *appl_data = NULL; 1992 1993 /* 1994 * Give TLS handshake data from the server (if available) to OpenSSL 1995 * for processing. 1996 */ 1997 if (in_data && 1998 BIO_write(conn->ssl_in, in_data, in_len) < 0) { 1999 tls_show_errors(MSG_INFO, __func__, 2000 "Handshake failed - BIO_write"); 2001 return NULL; 2002 } 2003 2004 /* Initiate TLS handshake or continue the existing handshake */ 2005 res = SSL_connect(conn->ssl); 2006 if (res != 1) { 2007 int err = SSL_get_error(conn->ssl, res); 2008 if (err == SSL_ERROR_WANT_READ) 2009 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want " 2010 "more data"); 2011 else if (err == SSL_ERROR_WANT_WRITE) 2012 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " 2013 "write"); 2014 else { 2015 tls_show_errors(MSG_INFO, __func__, "SSL_connect"); 2016 conn->failed++; 2017 } 2018 } 2019 2020 /* Get the TLS handshake data to be sent to the server */ 2021 res = BIO_ctrl_pending(conn->ssl_out); 2022 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2023 out_data = os_malloc(res == 0 ? 1 : res); 2024 if (out_data == NULL) { 2025 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2026 "handshake output (%d bytes)", res); 2027 if (BIO_reset(conn->ssl_out) < 0) { 2028 tls_show_errors(MSG_INFO, __func__, 2029 "BIO_reset failed"); 2030 } 2031 *out_len = 0; 2032 return NULL; 2033 } 2034 res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res); 2035 if (res < 0) { 2036 tls_show_errors(MSG_INFO, __func__, 2037 "Handshake failed - BIO_read"); 2038 if (BIO_reset(conn->ssl_out) < 0) { 2039 tls_show_errors(MSG_INFO, __func__, 2040 "BIO_reset failed"); 2041 } 2042 *out_len = 0; 2043 return NULL; 2044 } 2045 *out_len = res; 2046 2047 if (SSL_is_init_finished(conn->ssl) && appl_data) { 2048 *appl_data = os_malloc(in_len); 2049 if (*appl_data) { 2050 res = SSL_read(conn->ssl, *appl_data, in_len); 2051 if (res < 0) { 2052 int err = SSL_get_error(conn->ssl, res); 2053 if (err == SSL_ERROR_WANT_READ || 2054 err == SSL_ERROR_WANT_WRITE) { 2055 wpa_printf(MSG_DEBUG, 2056 "SSL: No Application Data " 2057 "included"); 2058 } else { 2059 tls_show_errors(MSG_INFO, __func__, 2060 "Failed to read " 2061 "possible " 2062 "Application Data"); 2063 } 2064 os_free(*appl_data); 2065 *appl_data = NULL; 2066 } else { 2067 *appl_data_len = res; 2068 wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application" 2069 " Data in Finish message", 2070 *appl_data, *appl_data_len); 2071 } 2072 } 2073 } 2074 2075 return out_data; 2076 } 2077 2078 2079 u8 * tls_connection_server_handshake(void *ssl_ctx, 2080 struct tls_connection *conn, 2081 const u8 *in_data, size_t in_len, 2082 size_t *out_len) 2083 { 2084 int res; 2085 u8 *out_data; 2086 2087 /* 2088 * Give TLS handshake data from the client (if available) to OpenSSL 2089 * for processing. 2090 */ 2091 if (in_data && 2092 BIO_write(conn->ssl_in, in_data, in_len) < 0) { 2093 tls_show_errors(MSG_INFO, __func__, 2094 "Handshake failed - BIO_write"); 2095 return NULL; 2096 } 2097 2098 /* Initiate TLS handshake or continue the existing handshake */ 2099 res = SSL_accept(conn->ssl); 2100 if (res != 1) { 2101 int err = SSL_get_error(conn->ssl, res); 2102 if (err == SSL_ERROR_WANT_READ) 2103 wpa_printf(MSG_DEBUG, "SSL: SSL_accept - want " 2104 "more data"); 2105 else if (err == SSL_ERROR_WANT_WRITE) 2106 wpa_printf(MSG_DEBUG, "SSL: SSL_accept - want to " 2107 "write"); 2108 else { 2109 tls_show_errors(MSG_INFO, __func__, "SSL_accept"); 2110 return NULL; 2111 } 2112 } 2113 2114 /* Get the TLS handshake data to be sent to the client */ 2115 res = BIO_ctrl_pending(conn->ssl_out); 2116 wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); 2117 out_data = os_malloc(res == 0 ? 1 : res); 2118 if (out_data == NULL) { 2119 wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " 2120 "handshake output (%d bytes)", res); 2121 if (BIO_reset(conn->ssl_out) < 0) { 2122 tls_show_errors(MSG_INFO, __func__, 2123 "BIO_reset failed"); 2124 } 2125 *out_len = 0; 2126 return NULL; 2127 } 2128 res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res); 2129 if (res < 0) { 2130 tls_show_errors(MSG_INFO, __func__, 2131 "Handshake failed - BIO_read"); 2132 if (BIO_reset(conn->ssl_out) < 0) { 2133 tls_show_errors(MSG_INFO, __func__, 2134 "BIO_reset failed"); 2135 } 2136 *out_len = 0; 2137 return NULL; 2138 } 2139 *out_len = res; 2140 return out_data; 2141 } 2142 2143 2144 int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn, 2145 const u8 *in_data, size_t in_len, 2146 u8 *out_data, size_t out_len) 2147 { 2148 int res; 2149 2150 if (conn == NULL) 2151 return -1; 2152 2153 /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */ 2154 if ((res = BIO_reset(conn->ssl_in)) < 0 || 2155 (res = BIO_reset(conn->ssl_out)) < 0) { 2156 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2157 return res; 2158 } 2159 res = SSL_write(conn->ssl, in_data, in_len); 2160 if (res < 0) { 2161 tls_show_errors(MSG_INFO, __func__, 2162 "Encryption failed - SSL_write"); 2163 return res; 2164 } 2165 2166 /* Read encrypted data to be sent to the server */ 2167 res = BIO_read(conn->ssl_out, out_data, out_len); 2168 if (res < 0) { 2169 tls_show_errors(MSG_INFO, __func__, 2170 "Encryption failed - BIO_read"); 2171 return res; 2172 } 2173 2174 return res; 2175 } 2176 2177 2178 int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn, 2179 const u8 *in_data, size_t in_len, 2180 u8 *out_data, size_t out_len) 2181 { 2182 int res; 2183 2184 /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */ 2185 res = BIO_write(conn->ssl_in, in_data, in_len); 2186 if (res < 0) { 2187 tls_show_errors(MSG_INFO, __func__, 2188 "Decryption failed - BIO_write"); 2189 return res; 2190 } 2191 if (BIO_reset(conn->ssl_out) < 0) { 2192 tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); 2193 return res; 2194 } 2195 2196 /* Read decrypted data for further processing */ 2197 res = SSL_read(conn->ssl, out_data, out_len); 2198 if (res < 0) { 2199 tls_show_errors(MSG_INFO, __func__, 2200 "Decryption failed - SSL_read"); 2201 return res; 2202 } 2203 2204 return res; 2205 } 2206 2207 2208 int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) 2209 { 2210 return conn ? conn->ssl->hit : 0; 2211 } 2212 2213 2214 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, 2215 u8 *ciphers) 2216 { 2217 char buf[100], *pos, *end; 2218 u8 *c; 2219 int ret; 2220 2221 if (conn == NULL || conn->ssl == NULL || ciphers == NULL) 2222 return -1; 2223 2224 buf[0] = '\0'; 2225 pos = buf; 2226 end = pos + sizeof(buf); 2227 2228 c = ciphers; 2229 while (*c != TLS_CIPHER_NONE) { 2230 const char *suite; 2231 2232 switch (*c) { 2233 case TLS_CIPHER_RC4_SHA: 2234 suite = "RC4-SHA"; 2235 break; 2236 case TLS_CIPHER_AES128_SHA: 2237 suite = "AES128-SHA"; 2238 break; 2239 case TLS_CIPHER_RSA_DHE_AES128_SHA: 2240 suite = "DHE-RSA-AES128-SHA"; 2241 break; 2242 case TLS_CIPHER_ANON_DH_AES128_SHA: 2243 suite = "ADH-AES128-SHA"; 2244 break; 2245 default: 2246 wpa_printf(MSG_DEBUG, "TLS: Unsupported " 2247 "cipher selection: %d", *c); 2248 return -1; 2249 } 2250 ret = os_snprintf(pos, end - pos, ":%s", suite); 2251 if (ret < 0 || ret >= end - pos) 2252 break; 2253 pos += ret; 2254 2255 c++; 2256 } 2257 2258 wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); 2259 2260 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) { 2261 tls_show_errors(MSG_INFO, __func__, 2262 "Cipher suite configuration failed"); 2263 return -1; 2264 } 2265 2266 return 0; 2267 } 2268 2269 2270 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, 2271 char *buf, size_t buflen) 2272 { 2273 const char *name; 2274 if (conn == NULL || conn->ssl == NULL) 2275 return -1; 2276 2277 name = SSL_get_cipher(conn->ssl); 2278 if (name == NULL) 2279 return -1; 2280 2281 os_strlcpy(buf, name, buflen); 2282 return 0; 2283 } 2284 2285 2286 int tls_connection_enable_workaround(void *ssl_ctx, 2287 struct tls_connection *conn) 2288 { 2289 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 2290 2291 return 0; 2292 } 2293 2294 2295 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) 2296 /* ClientHello TLS extensions require a patch to openssl, so this function is 2297 * commented out unless explicitly needed for EAP-FAST in order to be able to 2298 * build this file with unmodified openssl. */ 2299 int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, 2300 int ext_type, const u8 *data, 2301 size_t data_len) 2302 { 2303 if (conn == NULL || conn->ssl == NULL || ext_type != 35) 2304 return -1; 2305 2306 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2307 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data, 2308 data_len) != 1) 2309 return -1; 2310 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2311 if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data, 2312 data_len) != 1) 2313 return -1; 2314 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2315 2316 return 0; 2317 } 2318 #endif /* EAP_FAST || EAP_FAST_DYNAMIC */ 2319 2320 2321 int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) 2322 { 2323 if (conn == NULL) 2324 return -1; 2325 return conn->failed; 2326 } 2327 2328 2329 int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) 2330 { 2331 if (conn == NULL) 2332 return -1; 2333 return conn->read_alerts; 2334 } 2335 2336 2337 int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) 2338 { 2339 if (conn == NULL) 2340 return -1; 2341 return conn->write_alerts; 2342 } 2343 2344 2345 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, 2346 const struct tls_connection_params *params) 2347 { 2348 int ret; 2349 unsigned long err; 2350 2351 if (conn == NULL) 2352 return -1; 2353 2354 while ((err = ERR_get_error())) { 2355 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 2356 __func__, ERR_error_string(err, NULL)); 2357 } 2358 2359 if (params->engine) { 2360 wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine"); 2361 ret = tls_engine_init(conn, params->engine_id, params->pin, 2362 params->key_id, params->cert_id, 2363 params->ca_cert_id); 2364 if (ret) 2365 return ret; 2366 } 2367 if (tls_connection_set_subject_match(conn, 2368 params->subject_match, 2369 params->altsubject_match)) 2370 return -1; 2371 2372 if (params->engine && params->ca_cert_id) { 2373 if (tls_connection_engine_ca_cert(tls_ctx, conn, 2374 params->ca_cert_id)) 2375 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2376 } else if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, 2377 params->ca_cert_blob, 2378 params->ca_cert_blob_len, 2379 params->ca_path)) 2380 return -1; 2381 2382 if (params->engine && params->cert_id) { 2383 if (tls_connection_engine_client_cert(conn, params->cert_id)) 2384 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2385 } else if (tls_connection_client_cert(conn, params->client_cert, 2386 params->client_cert_blob, 2387 params->client_cert_blob_len)) 2388 return -1; 2389 2390 if (params->engine && params->key_id) { 2391 wpa_printf(MSG_DEBUG, "TLS: Using private key from engine"); 2392 if (tls_connection_engine_private_key(conn)) 2393 return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; 2394 } else if (tls_connection_private_key(tls_ctx, conn, 2395 params->private_key, 2396 params->private_key_passwd, 2397 params->private_key_blob, 2398 params->private_key_blob_len)) { 2399 wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'", 2400 params->private_key); 2401 return -1; 2402 } 2403 2404 if (tls_connection_dh(conn, params->dh_file)) { 2405 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 2406 params->dh_file); 2407 return -1; 2408 } 2409 2410 tls_get_errors(tls_ctx); 2411 2412 return 0; 2413 } 2414 2415 2416 int tls_global_set_params(void *tls_ctx, 2417 const struct tls_connection_params *params) 2418 { 2419 SSL_CTX *ssl_ctx = tls_ctx; 2420 unsigned long err; 2421 2422 while ((err = ERR_get_error())) { 2423 wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", 2424 __func__, ERR_error_string(err, NULL)); 2425 } 2426 2427 if (tls_global_ca_cert(ssl_ctx, params->ca_cert)) 2428 return -1; 2429 2430 if (tls_global_client_cert(ssl_ctx, params->client_cert)) 2431 return -1; 2432 2433 if (tls_global_private_key(ssl_ctx, params->private_key, 2434 params->private_key_passwd)) 2435 return -1; 2436 2437 if (tls_global_dh(ssl_ctx, params->dh_file)) { 2438 wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", 2439 params->dh_file); 2440 return -1; 2441 } 2442 2443 return 0; 2444 } 2445 2446 2447 int tls_connection_get_keyblock_size(void *tls_ctx, 2448 struct tls_connection *conn) 2449 { 2450 const EVP_CIPHER *c; 2451 const EVP_MD *h; 2452 2453 if (conn == NULL || conn->ssl == NULL || 2454 conn->ssl->enc_read_ctx == NULL || 2455 conn->ssl->enc_read_ctx->cipher == NULL || 2456 conn->ssl->read_hash == NULL) 2457 return -1; 2458 2459 c = conn->ssl->enc_read_ctx->cipher; 2460 #if OPENSSL_VERSION_NUMBER >= 0x00909000L 2461 h = EVP_MD_CTX_md(conn->ssl->read_hash); 2462 #else 2463 h = conn->ssl->read_hash; 2464 #endif 2465 2466 return 2 * (EVP_CIPHER_key_length(c) + 2467 EVP_MD_size(h) + 2468 EVP_CIPHER_iv_length(c)); 2469 } 2470 2471 2472 unsigned int tls_capabilities(void *tls_ctx) 2473 { 2474 return 0; 2475 } 2476 2477 2478 int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, 2479 int tls_ia) 2480 { 2481 return -1; 2482 } 2483 2484 2485 int tls_connection_ia_send_phase_finished(void *tls_ctx, 2486 struct tls_connection *conn, 2487 int final, 2488 u8 *out_data, size_t out_len) 2489 { 2490 return -1; 2491 } 2492 2493 2494 int tls_connection_ia_final_phase_finished(void *tls_ctx, 2495 struct tls_connection *conn) 2496 { 2497 return -1; 2498 } 2499 2500 2501 int tls_connection_ia_permute_inner_secret(void *tls_ctx, 2502 struct tls_connection *conn, 2503 const u8 *key, size_t key_len) 2504 { 2505 return -1; 2506 } 2507 2508 2509 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) 2510 /* Pre-shared secred requires a patch to openssl, so this function is 2511 * commented out unless explicitly needed for EAP-FAST in order to be able to 2512 * build this file with unmodified openssl. */ 2513 2514 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, 2515 STACK_OF(SSL_CIPHER) *peer_ciphers, 2516 SSL_CIPHER **cipher, void *arg) 2517 { 2518 struct tls_connection *conn = arg; 2519 int ret; 2520 2521 if (conn == NULL || conn->session_ticket_cb == NULL) 2522 return 0; 2523 2524 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, 2525 conn->session_ticket, 2526 conn->session_ticket_len, 2527 s->s3->client_random, 2528 s->s3->server_random, secret); 2529 os_free(conn->session_ticket); 2530 conn->session_ticket = NULL; 2531 2532 if (ret <= 0) 2533 return 0; 2534 2535 *secret_len = SSL_MAX_MASTER_KEY_LENGTH; 2536 return 1; 2537 } 2538 2539 2540 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2541 static int tls_session_ticket_ext_cb(SSL *s, const unsigned char *data, 2542 int len, void *arg) 2543 { 2544 struct tls_connection *conn = arg; 2545 2546 if (conn == NULL || conn->session_ticket_cb == NULL) 2547 return 0; 2548 2549 wpa_printf(MSG_DEBUG, "OpenSSL: %s: length=%d", __func__, len); 2550 2551 os_free(conn->session_ticket); 2552 conn->session_ticket = NULL; 2553 2554 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2555 "extension", data, len); 2556 2557 conn->session_ticket = os_malloc(len); 2558 if (conn->session_ticket == NULL) 2559 return 0; 2560 2561 os_memcpy(conn->session_ticket, data, len); 2562 conn->session_ticket_len = len; 2563 2564 return 1; 2565 } 2566 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2567 #ifdef SSL_OP_NO_TICKET 2568 static void tls_hello_ext_cb(SSL *s, int client_server, int type, 2569 unsigned char *data, int len, void *arg) 2570 { 2571 struct tls_connection *conn = arg; 2572 2573 if (conn == NULL || conn->session_ticket_cb == NULL) 2574 return; 2575 2576 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 2577 type, len); 2578 2579 if (type == TLSEXT_TYPE_session_ticket && !client_server) { 2580 os_free(conn->session_ticket); 2581 conn->session_ticket = NULL; 2582 2583 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2584 "extension", data, len); 2585 conn->session_ticket = os_malloc(len); 2586 if (conn->session_ticket == NULL) 2587 return; 2588 2589 os_memcpy(conn->session_ticket, data, len); 2590 conn->session_ticket_len = len; 2591 } 2592 } 2593 #else /* SSL_OP_NO_TICKET */ 2594 static int tls_hello_ext_cb(SSL *s, TLS_EXTENSION *ext, void *arg) 2595 { 2596 struct tls_connection *conn = arg; 2597 2598 if (conn == NULL || conn->session_ticket_cb == NULL) 2599 return 0; 2600 2601 wpa_printf(MSG_DEBUG, "OpenSSL: %s: type=%d length=%d", __func__, 2602 ext->type, ext->length); 2603 2604 os_free(conn->session_ticket); 2605 conn->session_ticket = NULL; 2606 2607 if (ext->type == 35) { 2608 wpa_hexdump(MSG_DEBUG, "OpenSSL: ClientHello SessionTicket " 2609 "extension", ext->data, ext->length); 2610 conn->session_ticket = os_malloc(ext->length); 2611 if (conn->session_ticket == NULL) 2612 return SSL_AD_INTERNAL_ERROR; 2613 2614 os_memcpy(conn->session_ticket, ext->data, ext->length); 2615 conn->session_ticket_len = ext->length; 2616 } 2617 2618 return 0; 2619 } 2620 #endif /* SSL_OP_NO_TICKET */ 2621 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2622 #endif /* EAP_FAST || EAP_FAST_DYNAMIC */ 2623 2624 2625 int tls_connection_set_session_ticket_cb(void *tls_ctx, 2626 struct tls_connection *conn, 2627 tls_session_ticket_cb cb, 2628 void *ctx) 2629 { 2630 #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) 2631 conn->session_ticket_cb = cb; 2632 conn->session_ticket_cb_ctx = ctx; 2633 2634 if (cb) { 2635 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, 2636 conn) != 1) 2637 return -1; 2638 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2639 SSL_set_session_ticket_ext_cb(conn->ssl, 2640 tls_session_ticket_ext_cb, conn); 2641 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2642 #ifdef SSL_OP_NO_TICKET 2643 SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb); 2644 SSL_set_tlsext_debug_arg(conn->ssl, conn); 2645 #else /* SSL_OP_NO_TICKET */ 2646 if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb, 2647 conn) != 1) 2648 return -1; 2649 #endif /* SSL_OP_NO_TICKET */ 2650 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2651 } else { 2652 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) 2653 return -1; 2654 #ifdef CONFIG_OPENSSL_TICKET_OVERRIDE 2655 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL); 2656 #else /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2657 #ifdef SSL_OP_NO_TICKET 2658 SSL_set_tlsext_debug_callback(conn->ssl, NULL); 2659 SSL_set_tlsext_debug_arg(conn->ssl, conn); 2660 #else /* SSL_OP_NO_TICKET */ 2661 if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1) 2662 return -1; 2663 #endif /* SSL_OP_NO_TICKET */ 2664 #endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */ 2665 } 2666 2667 return 0; 2668 #else /* EAP_FAST || EAP_FAST_DYNAMIC */ 2669 return -1; 2670 #endif /* EAP_FAST || EAP_FAST_DYNAMIC */ 2671 } 2672