Lines Matching +full:ext +full:- +full:gen
3 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
91 if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
93 os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
101 if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
103 os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
112 if (!session || session->master_key_length < 0 ||
113 (size_t) session->master_key_length > outlen)
115 if ((size_t) session->master_key_length < outlen)
116 outlen = session->master_key_length;
117 os_memcpy(out, session->master_key, outlen);
140 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL)
161 return -1;
167 if (info->x509)
168 X509_STORE_add_cert(ctx, info->x509);
169 if (info->crl)
170 X509_STORE_add_crl(ctx, info->crl);
182 int rc = -1;
187 wpa_printf(MSG_WARNING, "Invalid hex-encoded alias: %s",
208 static int tls_ex_idx_session = -1;
290 dl_list_init(&context->sessions);
292 context->event_cb = conf->event_cb;
293 context->cb_ctx = conf->cb_ctx;
294 context->cert_in_cb = conf->cert_in_cb;
318 wpa_printf(level, "OpenSSL: %s - %s %s",
338 "OpenSSL: %s - failed to allocate new certificate store",
395 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
403 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
412 (struct cryptoapi_rsa_data *) rsa->meth->app_data;
430 if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) {
431 wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported",
438 if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash))
470 if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) {
476 to[i] = buf[len - i - 1];
490 wpa_printf(MSG_DEBUG, "%s - not implemented", __func__);
499 if (priv->crypt_prov && priv->free_crypt_prov)
500 CryptReleaseContext(priv->crypt_prov, 0);
501 if (priv->cert)
502 CertFreeCertificateContext(priv->cert);
509 cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data);
510 os_free((void *) rsa->meth);
511 rsa->meth = NULL;
531 MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255);
572 return -1;
581 return -1;
584 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
585 if (priv->cert == NULL) {
586 priv->cert = cryptoapi_find_cert(
589 if (priv->cert == NULL) {
596 (const unsigned char **) &priv->cert->pbCertEncoded,
597 priv->cert->cbCertEncoded);
604 if (!CryptAcquireCertificatePrivateKey(priv->cert,
606 NULL, &priv->crypt_prov,
607 &priv->key_spec,
608 &priv->free_crypt_prov)) {
614 rsa_meth->name = "Microsoft CryptoAPI RSA Method";
615 rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc;
616 rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec;
617 rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc;
618 rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec;
619 rsa_meth->finish = cryptoapi_finish;
620 rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
621 rsa_meth->app_data = (char *) priv;
635 pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
639 rsa->n = BN_dup(pub_rsa->n);
640 rsa->e = BN_dup(pub_rsa->e);
659 return -1;
675 return -1;
681 return -1;
692 return -1;
697 (const unsigned char **) &ctx->pbCertEncoded,
698 ctx->cbCertEncoded);
734 return -1;
767 conn->read_alerts++;
769 conn->write_alerts++;
771 if (conn->context->event_cb != NULL) {
773 struct tls_context *context = conn->context;
778 context->event_cb(context->cb_ctx, TLS_ALERT, &ev);
790 * tls_engine_load_dynamic_generic - load any openssl engine
799 * Returns: 0 on success, -1 on failure
812 * If it was auto-loaded by ENGINE_by_id() we might still
814 * (non-p11-kit) environments. Do so now; even if it was
827 return -1;
838 return -1;
853 return -1;
864 return -1;
875 * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
914 * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc
947 dl_list_for_each(data, &context->sessions, struct tls_session_data,
949 if (data->buf == buf)
983 dl_list_del(&found->list);
1003 conf ? conf->opensc_engine_path : NULL;
1009 conf ? conf->pkcs11_engine_path : NULL;
1015 conf ? conf->pkcs11_module_path : NULL;
1029 if (conf && conf->fips_mode) {
1046 if (conf && conf->fips_mode) {
1068 * 40-bit RC2 is commonly used in PKCS#12 files, so enable it.
1091 tls_openssl_ref_count--;
1101 data->ssl = ssl;
1103 data->tls_session_lifetime = conf->tls_session_lifetime;
1104 data->crl_reload_interval = conf->crl_reload_interval;
1122 if (data->tls_session_lifetime > 0) {
1126 * by the per-EAP method context in tls_connection_set_verify().
1130 SSL_CTX_set_timeout(ssl, data->tls_session_lifetime);
1135 /* One session ticket is sufficient for EAP-TLS */
1170 if (conf && conf->openssl_ciphers)
1171 ciphers = conf->openssl_ciphers;
1189 SSL_CTX *ssl = data->ssl;
1193 if (data->tls_session_lifetime > 0) {
1196 wpa_printf(MSG_DEBUG, "OpenSSL: Flush sessions - done");
1198 while ((sess_data = dl_list_first(&context->sessions,
1201 "OpenSSL: Freeing not-flushed session data %p",
1202 sess_data->buf);
1203 wpabuf_free(sess_data->buf);
1204 dl_list_del(&sess_data->list);
1209 os_free(data->ca_cert);
1212 tls_openssl_ref_count--;
1223 os_free(tls_global->ocsp_stapling_response);
1224 tls_global->ocsp_stapling_response = NULL;
1229 os_free(data->check_cert_subject);
1230 os_free(data->openssl_ciphers);
1257 /* EVP_PKEY_from_keystore comes from system/security/keystore-engine. */
1271 conn->engine = NULL;
1272 conn->private_key = EVP_PKEY_from_keystore(key_id);
1273 if (!conn->private_key) {
1283 int ret = -1;
1286 return -1;
1293 conn->engine = ENGINE_by_id(engine_id);
1294 if (!conn->engine) {
1299 if (ENGINE_init(conn->engine) != 1) {
1308 if (pin && ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
1324 /* load private key first in-case PIN is required for cert */
1325 conn->private_key = ENGINE_load_private_key(conn->engine,
1328 if (!conn->private_key) {
1348 if (!ENGINE_ctrl(conn->engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
1360 if (conn->engine) {
1361 ENGINE_free(conn->engine);
1362 conn->engine = NULL;
1365 if (conn->private_key) {
1366 EVP_PKEY_free(conn->private_key);
1367 conn->private_key = NULL;
1381 if (conn->private_key) {
1382 EVP_PKEY_free(conn->private_key);
1383 conn->private_key = NULL;
1385 if (conn->engine) {
1387 ENGINE_finish(conn->engine);
1389 conn->engine = NULL;
1401 wpa_printf(MSG_INFO, "TLS - SSL error: %s",
1500 if (end - pos < 3)
1505 if ((size_t) (end - pos) < payload_len)
1510 if (end - pos < 2 + SSL3_RANDOM_SIZE)
1515 if (end - pos < 1)
1518 if ((size_t) (end - pos) < id_len)
1522 if (end - pos < 2)
1524 conn->cipher_suite = WPA_GET_BE16(pos);
1526 conn->cipher_suite);
1538 if (!(conn->flags & TLS_CONN_SUITEB))
1541 /* DHE is enabled only with DHE-RSA-AES256-GCM-SHA384 */
1542 if (conn->cipher_suite != 0x9f)
1545 if (end - pos < 3)
1550 if ((size_t) (end - pos) < payload_len)
1554 if (end - pos < 2)
1559 if ((size_t) (end - pos) < dh_len)
1568 conn->server_dh_prime_len = bits;
1570 conn->server_dh_prime_len);
1587 "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
1608 conn->invalid_hb_used = 1;
1633 * https://gitlab.com/wireshark/wireshark/-/wikis/TLS#tls-decryption
1637 * rm -f /tmp/sslkey.log
1640 * rm -f /tmp/sslkey.log
1643 * rm -f /tmp/sslkey.log
1686 SSL_CTX *ssl = data->ssl;
1694 if (data->crl_reload_interval > 0 && os_get_reltime(&now) == 0 &&
1695 os_reltime_expired(&now, &data->crl_last_reload,
1696 data->crl_reload_interval)) {
1699 new_cert_store = tls_crl_cert_reload(data->ca_cert,
1700 data->check_crl);
1707 data->crl_last_reload = now;
1714 conn->data = data;
1715 conn->ssl_ctx = ssl;
1716 conn->ssl = SSL_new(ssl);
1717 if (conn->ssl == NULL) {
1724 conn->context = context;
1725 SSL_set_app_data(conn->ssl, conn);
1726 SSL_set_msg_callback(conn->ssl, tls_msg_cb);
1727 SSL_set_msg_callback_arg(conn->ssl, conn);
1733 SSL_set_options(conn->ssl, options);
1737 SSL_clear_options(conn->ssl, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
1744 SSL_CTX_set_keylog_callback(conn->ssl_ctx, tls_keylog_cb);
1748 conn->ssl_in = BIO_new(BIO_s_mem());
1749 if (!conn->ssl_in) {
1752 SSL_free(conn->ssl);
1757 conn->ssl_out = BIO_new(BIO_s_mem());
1758 if (!conn->ssl_out) {
1761 SSL_free(conn->ssl);
1762 BIO_free(conn->ssl_in);
1767 SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out);
1777 if (conn->success_data) {
1782 SSL_set_quiet_shutdown(conn->ssl, 1);
1783 SSL_shutdown(conn->ssl);
1785 SSL_free(conn->ssl);
1787 os_free(conn->subject_match);
1788 os_free(conn->altsubject_match);
1789 os_free(conn->suffix_match);
1790 os_free(conn->domain_match);
1791 os_free(conn->check_cert_subject);
1792 os_free(conn->session_ticket);
1793 os_free(conn->peer_subject);
1800 return conn ? SSL_is_init_finished(conn->ssl) : 0;
1811 if (!conn->peer_cert)
1814 ser = X509_get_serialNumber(conn->peer_cert);
1832 return -1;
1837 SSL_set_quiet_shutdown(conn->ssl, 1);
1838 SSL_shutdown(conn->ssl);
1839 return SSL_clear(conn->ssl) == 1 ? 0 : -1;
1846 GENERAL_NAME *gen;
1847 void *ext;
1851 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1853 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
1854 gen = sk_GENERAL_NAME_value(ext, i);
1855 if (gen->type != type)
1857 if (os_strlen((char *) gen->d.ia5->data) == len &&
1858 os_memcmp(value, gen->d.ia5->data, len) == 0)
1862 sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
1899 len = end - pos;
1920 wpa_printf(MSG_DEBUG, "TLS: Embedded null in a string - reject");
1928 if (os_strncasecmp((const char *) val + len - match_len, match,
1935 if (val[len - match_len - 1] == '.')
1960 return dn_cnt->cn;
1962 return dn_cnt->c;
1964 return dn_cnt->l;
1966 return dn_cnt->st;
1968 return dn_cnt->o;
1970 return dn_cnt->ou;
1972 return dn_cnt->email;
1977 return -1;
1983 * match_dn_field - Match configuration DN field against Certificate DN field
2009 for (i = -1; (i = X509_NAME_get_index_by_NID(name, nid, i)) > -1;) {
2031 if (len > 0 && value[len - 1] == '*') {
2035 ret = ASN1_STRING_length(cn) >= len - 1 &&
2037 len - 1) == 0;
2058 * get_value_from_field - Get value from DN field
2082 dn_cnt->cn++;
2085 dn_cnt->c++;
2088 dn_cnt->l++;
2091 dn_cnt->st++;
2094 dn_cnt->o++;
2097 dn_cnt->ou++;
2100 dn_cnt->email++;
2120 * tls_match_dn_field - Match subject DN field with check_cert_subject
2137 if (last - token >= (int) sizeof(field)) {
2143 os_memcpy(field, token, last - token);
2144 field[last - token] = '\0';
2161 GENERAL_NAME *gen;
2162 void *ext;
2171 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
2173 for (j = 0; ext && j < sk_GENERAL_NAME_num(ext); j++) {
2174 gen = sk_GENERAL_NAME_value(ext, j);
2175 if (gen->type != GEN_DNS)
2179 gen->d.dNSName->data,
2180 gen->d.dNSName->length);
2181 if (domain_suffix_match(gen->d.dNSName->data,
2182 gen->d.dNSName->length,
2186 sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
2190 sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
2198 i = -1;
2204 if (i == -1)
2213 cn->data, cn->length);
2214 if (domain_suffix_match(cn->data, cn->length,
2233 return -1;
2239 if (tls_match_suffix_helper(cert, token, last - token, full))
2312 struct tls_context *context = conn->context;
2314 if (context->event_cb == NULL)
2325 context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev);
2332 CERTIFICATEPOLICIES *ext;
2338 ext = X509_get_ext_d2i(cert, NID_certificate_policies, NULL, NULL);
2339 if (!ext)
2342 for (i = 0; i < sk_POLICYINFO_num(ext); i++) {
2345 policy = sk_POLICYINFO_value(ext, i);
2346 res = OBJ_obj2txt(buf, sizeof(buf), policy->policyid, 0);
2351 tod = 1; /* TOD-STRICT */
2353 tod = 2; /* TOD-TOFU */
2355 sk_POLICYINFO_pop_free(ext, POLICYINFO_free);
2367 struct tls_context *context = conn->context;
2370 GENERAL_NAME *gen;
2371 void *ext;
2379 if (context->event_cb == NULL)
2383 if (conn->cert_probe || (conn->flags & TLS_CONN_EXT_CERT_CHECK) ||
2384 context->cert_in_cb) {
2411 ext = X509_get_ext_d2i(err_cert, NID_subject_alt_name, NULL, NULL);
2412 for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
2417 gen = sk_GENERAL_NAME_value(ext, i);
2418 if (gen->type != GEN_EMAIL &&
2419 gen->type != GEN_DNS &&
2420 gen->type != GEN_URI)
2423 pos = os_malloc(10 + gen->d.ia5->length + 1);
2428 switch (gen->type) {
2443 os_memcpy(pos, gen->d.ia5->data, gen->d.ia5->length);
2444 pos += gen->d.ia5->length;
2447 sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
2455 context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev);
2514 os_snprintf(buf, sizeof(buf), "Peer certificate - depth %d", depth);
2523 conn->peer_cert = err_cert;
2525 conn->peer_issuer = err_cert;
2527 conn->peer_issuer_issuer = err_cert;
2529 context = conn->context;
2530 match = conn->subject_match;
2531 altmatch = conn->altsubject_match;
2532 suffix_match = conn->suffix_match;
2533 domain_match = conn->domain_match;
2535 if (!preverify_ok && !conn->ca_cert_verify)
2537 if (!preverify_ok && depth > 0 && conn->server_cert_only)
2539 if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
2546 if (!preverify_ok && !conn->data->check_crl_strict &&
2561 if (depth == 0 && conn->server_cert_only) {
2575 os_memcmp(conn->srv_cert_hash, hash, 32) != 0) {
2625 wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d "
2628 conn->ca_cert_verify, depth, buf);
2629 check_cert_subject = conn->check_cert_subject;
2631 check_cert_subject = conn->data->check_cert_subject;
2674 if (conn->cert_probe && preverify_ok && depth == 0) {
2676 "on probe-only run");
2684 if (conn->flags & TLS_CONN_SUITEB) {
2686 int len = -1;
2710 if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) &&
2714 res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert,
2715 conn->peer_issuer,
2716 conn->peer_issuer_issuer);
2726 (conn->flags & TLS_CONN_REQUIRE_OCSP)) {
2735 if (depth == 0 && preverify_ok && context->event_cb != NULL)
2736 context->event_cb(context->cb_ctx,
2740 os_free(conn->peer_subject);
2741 conn->peer_subject = os_strdup(buf);
2751 SSL_CTX *ssl_ctx = data->ssl;
2760 return -1;
2769 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
2773 ret = -1;
2786 SSL_CTX *ssl_ctx = data->ssl;
2795 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
2797 return -1;
2801 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2802 conn->ca_cert_verify = 1;
2807 conn->cert_probe = 1;
2808 conn->ca_cert_verify = 0;
2818 return -1;
2824 return -1;
2826 if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) {
2829 return -1;
2831 conn->server_cert_only = 1;
2836 wpa_printf(MSG_INFO, "No SHA256 included in the build - "
2838 return -1;
2858 return -1;
2875 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
2880 return -1;
2884 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
2894 return -1;
2895 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2908 return -1;
2914 "OpenSSL: %s - Failed to add ca_cert %s from keystore",
2916 rc = -1;
2924 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
2930 if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) ==
2946 wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded "
2950 return -1;
2957 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
2959 return -1;
2962 /* No ca_cert configured - do not try to verify server
2964 conn->ca_cert_verify = 0;
2973 SSL_CTX *ssl_ctx = data->ssl;
2980 return -1;
2992 os_free(data->ca_cert);
2993 data->ca_cert = os_strdup(ca_cert);
3006 X509_STORE *cs = SSL_CTX_get_cert_store(data->ssl);
3011 return -1;
3018 data->check_crl = check_crl;
3019 data->check_crl_strict = strict;
3020 os_get_reltime(&data->crl_last_reload);
3033 os_free(conn->subject_match);
3034 conn->subject_match = NULL;
3036 conn->subject_match = os_strdup(subject_match);
3037 if (conn->subject_match == NULL)
3038 return -1;
3041 os_free(conn->altsubject_match);
3042 conn->altsubject_match = NULL;
3044 conn->altsubject_match = os_strdup(altsubject_match);
3045 if (conn->altsubject_match == NULL)
3046 return -1;
3049 os_free(conn->suffix_match);
3050 conn->suffix_match = NULL;
3052 conn->suffix_match = os_strdup(suffix_match);
3053 if (conn->suffix_match == NULL)
3054 return -1;
3057 os_free(conn->domain_match);
3058 conn->domain_match = NULL;
3060 conn->domain_match = os_strdup(domain_match);
3061 if (conn->domain_match == NULL)
3062 return -1;
3065 os_free(conn->check_cert_subject);
3066 conn->check_cert_subject = NULL;
3068 conn->check_cert_subject = os_strdup(check_cert_subject);
3069 if (!conn->check_cert_subject)
3070 return -1;
3089 if (!(conn->flags & TLS_CONN_SUITEB))
3092 /* DHE is enabled only with DHE-RSA-AES256-GCM-SHA384 */
3093 if (conn->cipher_suite != 0x9f)
3096 if (conn->server_dh_prime_len >= 3072)
3100 "OpenSSL: Server DH prime length (%d bits) not sufficient for Suite B RSA - reject handshake",
3101 conn->server_dh_prime_len);
3110 SSL *ssl = conn->ssl;
3165 return -1;
3171 return -1;
3193 SSL_set_security_level(conn->ssl, need_level);
3199 openssl_ciphers = conn->data->openssl_ciphers;
3204 SSL_CTX_set_verify_algorithm_prefs(conn->ssl_ctx, NULL, 0);
3207 const char *ciphers = "DHE-RSA-AES256-GCM-SHA384";
3218 return -1;
3225 "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384";
3237 return -1;
3244 return -1;
3251 return -1;
3259 return -1;
3278 if (SSL_CTX_set_verify_algorithm_prefs(conn->ssl_ctx, sigalgs,
3282 return -1;
3293 return -1;
3310 return -1;
3313 if (SSL_CTX_set_verify_algorithm_prefs(conn->ssl_ctx, sigalgs,
3317 return -1;
3326 return -1;
3334 return -1;
3341 "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:" \
3342 "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:" \
3343 "ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:" \
3344 "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:" \
3345 "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:" \
3346 "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:" \
3347 "ADH-AES256-GCM-SHA384:ADH-AES128-GCM-SHA256:" \
3348 "ADH-AES256-SHA256:ADH-AES128-SHA256:ADH-AES256-SHA:ADH-AES128-SHA"
3357 * cipher suites for EAP-TEAP.
3359 SSL_set_security_level(conn->ssl, 0);
3363 "OpenSSL: Enable cipher suites for anonymous EAP-TEAP provisioning: %s",
3365 if (SSL_set_cipher_list(conn->ssl, cs) != 1) {
3368 return -1;
3384 return -1;
3387 conn->ca_cert_verify = 1;
3388 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
3391 conn->ca_cert_verify = 1;
3392 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER |
3396 conn->ca_cert_verify = 0;
3397 SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
3401 return -1;
3402 conn->flags = flags;
3404 SSL_set_accept_state(conn->ssl);
3406 if (data->tls_session_lifetime == 0) {
3413 SSL_set_session_id_context(conn->ssl,
3417 SSL_set_session_id_context(conn->ssl, session_ctx,
3440 SSL_CTX_clear_extra_chain_certs(conn->ssl_ctx);
3445 SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
3447 wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
3462 return -1;
3465 if (!x509 || SSL_use_certificate(conn->ssl, x509) != 1) {
3468 return -1;
3476 SSL_add0_chain_cert(conn->ssl, x509);
3484 return -1;
3490 int ret = -1;
3495 if (SSL_use_certificate(conn->ssl, x509) == 1)
3505 SSL_add0_chain_cert(conn->ssl, x509);
3516 if (SSL_use_certificate_file(conn->ssl, client_cert,
3519 " --> OK");
3525 if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
3528 " --> OK");
3532 if (SSL_use_certificate_file(conn->ssl, client_cert,
3536 " --> OK");
3544 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
3547 return -1;
3555 SSL_CTX *ssl_ctx = data->ssl;
3567 return -1;
3573 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
3574 return -1;
3598 return -1;
3609 res = -1;
3611 if (SSL_CTX_use_certificate(data->ssl, cert) != 1)
3612 res = -1;
3621 res = -1;
3623 if (SSL_CTX_use_PrivateKey(data->ssl, pkey) != 1)
3624 res = -1;
3634 SSL_CTX_clear_chain_certs(data->ssl);
3641 (!ssl && SSL_CTX_add1_chain_cert(data->ssl,
3645 res = -1;
3663 data->ssl,
3680 SSL_CTX_clear_extra_chain_certs(data->ssl);
3687 * There is no SSL equivalent for the chain cert - so
3690 if (SSL_CTX_add_extra_chain_cert(data->ssl, cert) != 1)
3693 res = -1;
3720 return -1;
3728 return -1;
3734 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read "
3736 return -1;
3751 return -1;
3757 wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse "
3759 return -1;
3777 if (!ENGINE_ctrl_cmd(conn->engine, "LOAD_CERT_CTRL",
3806 return -1;
3808 if (!SSL_use_certificate(conn->ssl, cert)) {
3812 return -1;
3815 wpa_printf(MSG_DEBUG, "ENGINE: SSL_use_certificate --> "
3820 return -1;
3831 SSL_CTX *ssl_ctx = data->ssl;
3835 return -1;
3840 wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
3843 return -1;
3853 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
3858 return -1;
3862 wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
3864 SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
3865 conn->ca_cert_verify = 1;
3870 return -1;
3878 if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) {
3881 return -1;
3883 if (!SSL_check_private_key(conn->ssl)) {
3886 return -1;
3892 return -1;
3920 return -1;
3925 wpa_printf(MSG_DEBUG, "OpenSSL: %s (DER) --> loaded", __func__);
3930 return -1;
3935 return -1;
3936 wpa_printf(MSG_DEBUG, "OpenSSL: %s (PEM) --> loaded", __func__);
3944 ret = SSL_CTX_use_PrivateKey(data->ssl, pkey);
3947 return ret == 1 ? 0 : -1;
3949 wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
3950 return -1;
3970 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
3974 "ASN1(EVP_PKEY_RSA) --> OK");
3979 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
3983 "ASN1(EVP_PKEY_DSA) --> OK");
3989 if (SSL_use_PrivateKey_ASN1(EVP_PKEY_EC, conn->ssl,
3993 "OpenSSL: SSL_use_PrivateKey_ASN1(EVP_PKEY_EC) --> OK");
4000 if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
4004 "SSL_use_RSAPrivateKey_ASN1 --> OK");
4019 if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
4021 "OpenSSL: SSL_use_PrivateKey --> OK");
4032 if (tls_read_pkcs12_blob(data, conn->ssl, private_key_blob,
4035 wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> "
4045 if (tls_use_private_key_file(data, conn->ssl, private_key,
4051 if (tls_read_pkcs12(data, conn->ssl, private_key,
4054 "--> OK");
4059 if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) {
4061 "access certificate store --> OK");
4072 return -1;
4076 if (!SSL_check_private_key(conn->ssl)) {
4079 return -1;
4091 SSL_CTX *ssl_ctx = data->ssl;
4102 return -1;
4109 return -1;
4162 return -1;
4165 SSL_CTX *ssl_ctx = data->ssl;
4172 return -1;
4182 return -1;
4194 return -1;
4201 return -1;
4209 return -1;
4221 return -1;
4232 return -1;
4236 SSL_CTX *ssl_ctx = data->ssl;
4241 return -1;
4253 return -1;
4260 wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
4289 return -1;
4297 return -1;
4312 return -1;
4313 ssl = conn->ssl;
4315 return -1;
4318 keys->client_random = conn->client_random;
4319 keys->client_random_len = SSL_get_client_random(
4320 ssl, conn->client_random, sizeof(conn->client_random));
4321 keys->server_random = conn->server_random;
4322 keys->server_random_len = SSL_get_server_random(
4323 ssl, conn->server_random, sizeof(conn->server_random));
4337 if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL ||
4338 ssl->read_hash == NULL)
4339 return -1;
4341 c = ssl->enc_read_ctx->cipher;
4342 h = EVP_MD_CTX_md(ssl->read_hash);
4345 else if (ssl->s3)
4346 md_size = ssl->s3->tmp.new_mac_secret_size;
4348 return -1;
4365 return -1;
4371 return -1;
4374 return -1;
4378 return -1;
4391 return -1;
4409 SSL_export_keying_material(conn->ssl, out, out_len, label,
4412 return -1;
4424 int ret = -1;
4435 * TLS library did not support EAP-FAST key generation, so get the
4441 return -1;
4442 ssl = conn->ssl;
4444 return -1;
4448 return -1;
4452 return -1;
4455 return -1;
4461 return -1;
4491 "OpenSSL: EAP-FAST keys cannot be exported in FIPS mode");
4492 return -1;
4500 struct tls_context *context = conn->context;
4509 BIO_write(conn->ssl_in, wpabuf_head(in_data), wpabuf_len(in_data))
4512 "Handshake failed - BIO_write");
4517 if (conn->server)
4518 res = SSL_accept(conn->ssl);
4520 res = SSL_connect(conn->ssl);
4522 int err = SSL_get_error(conn->ssl, res);
4524 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want "
4527 wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
4534 if (context->event_cb &&
4538 context->event_cb(
4539 context->cb_ctx,
4543 conn->failed++;
4544 if (!conn->server && !conn->client_hello_generated) {
4552 conn->write_alerts++;
4558 if (!conn->server && !conn->failed)
4559 conn->client_hello_generated = 1;
4562 if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
4563 os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
4564 conn->server_dh_prime_len < 3072) {
4568 * protection if anything goes wrong with the more low-level
4573 conn->server_dh_prime_len);
4575 if (context->event_cb) {
4582 context->event_cb(context->cb_ctx, TLS_ALERT, &ev);
4588 conn->failed++;
4589 conn->write_alerts++;
4595 res = BIO_ctrl_pending(conn->ssl_out);
4601 if (BIO_reset(conn->ssl_out) < 0) {
4607 res = res == 0 ? 0 : BIO_read(conn->ssl_out, wpabuf_mhead(out_data),
4611 "Handshake failed - BIO_read");
4612 if (BIO_reset(conn->ssl_out) < 0) {
4635 res = SSL_read(conn->ssl, wpabuf_mhead(appl_data),
4638 int err = SSL_get_error(conn->ssl, res);
4673 if (conn->invalid_hb_used) {
4674 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
4679 if (SSL_is_init_finished(conn->ssl)) {
4681 "OpenSSL: Handshake finished - resumed=%d",
4682 tls_connection_resumed(conn->ssl_ctx, conn));
4683 if (conn->server) {
4689 if (SSL_get_shared_ciphers(conn->ssl, buf,
4691 buf[buflen - 1] = '\0';
4704 if (conn->invalid_hb_used) {
4705 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
4732 conn->server = 1;
4748 if ((res = BIO_reset(conn->ssl_in)) < 0 ||
4749 (res = BIO_reset(conn->ssl_out)) < 0) {
4753 res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
4756 "Encryption failed - SSL_write");
4764 res = BIO_read(conn->ssl_out, wpabuf_mhead(buf), wpabuf_size(buf));
4767 "Encryption failed - BIO_read");
4785 res = BIO_write(conn->ssl_in, wpabuf_head(in_data),
4789 "Decryption failed - BIO_write");
4792 if (BIO_reset(conn->ssl_out) < 0) {
4807 res = SSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf));
4809 int err = SSL_get_error(conn->ssl, res);
4813 "SSL: SSL_connect - want more data");
4817 "Decryption failed - SSL_read");
4824 if (conn->invalid_hb_used) {
4825 wpa_printf(MSG_INFO, "TLS: Heartbeat attack detected - do not send response");
4836 return conn ? SSL_session_reused(conn->ssl) : 0;
4847 if (conn == NULL || conn->ssl == NULL || ciphers == NULL)
4848 return -1;
4860 suite = "RC4-SHA";
4863 suite = "AES128-SHA";
4866 suite = "DHE-RSA-AES128-SHA";
4869 suite = "ADH-AES128-SHA";
4872 suite = "DHE-RSA-AES256-SHA";
4875 suite = "AES256-SHA";
4880 return -1;
4882 ret = os_snprintf(pos, end - pos, ":%s", suite);
4883 if (os_snprintf_error(end - pos, ret))
4891 return -1;
4898 if (os_strstr(buf, ":ADH-")) {
4901 * cipher suites for EAP-FAST.
4903 SSL_set_security_level(conn->ssl, 0);
4904 } else if (SSL_get_security_level(conn->ssl) == 0) {
4906 SSL_set_security_level(conn->ssl, 1);
4911 if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) {
4914 return -1;
4925 if (conn == NULL || conn->ssl == NULL)
4926 return -1;
4928 name = SSL_get_version(conn->ssl);
4930 return -1;
4941 if (conn == NULL || conn->ssl == NULL)
4942 return -1;
4944 name = SSL_get_cipher(conn->ssl);
4946 return -1;
4956 SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
4964 * commented out unless explicitly needed for EAP-FAST in order to be able to
4970 if (conn == NULL || conn->ssl == NULL || ext_type != 35)
4971 return -1;
4973 if (SSL_set_session_ticket_ext(conn->ssl, (void *) data,
4975 return -1;
4985 return -1;
4986 return conn->failed;
4993 return -1;
4994 return conn->read_alerts;
5001 return -1;
5002 return conn->write_alerts;
5072 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
5098 store = SSL_CTX_get_cert_store(conn->ssl_ctx);
5099 if (conn->peer_issuer) {
5100 debug_print_cert(conn->peer_issuer, "Add OCSP issuer");
5102 if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) {
5109 cert = X509_dup(conn->peer_issuer);
5118 if (certs && conn->peer_issuer_issuer) {
5119 cert = X509_dup(conn->peer_issuer_issuer);
5142 if (!conn->peer_cert) {
5149 if (!conn->peer_issuer) {
5156 id = OCSP_cert_to_id(EVP_sha256(), conn->peer_cert, conn->peer_issuer);
5169 id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer);
5185 (conn->flags & TLS_CONN_REQUIRE_OCSP) ? "" :
5190 return (conn->flags & TLS_CONN_REQUIRE_OCSP) ? 0 : 1;
5194 if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) {
5212 if (conn->flags & TLS_CONN_REQUIRE_OCSP) {
5227 if (tls_global->ocsp_stapling_response == NULL) {
5228 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - no response configured");
5232 resp = os_readfile(tls_global->ocsp_stapling_response, &len);
5234 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - could not read response file");
5239 wpa_printf(MSG_DEBUG, "OpenSSL: OCSP status callback - send cached response");
5317 "-----BEGIN TSS2 PRIVATE KEY-----",
5318 "-----BEGIN TSS2 KEY BLOB-----",
5333 const char *key_id = params->key_id;
5334 const char *cert_id = params->cert_id;
5335 const char *ca_cert_id = params->ca_cert_id;
5336 const char *engine_id = params->engine ? params->engine_id : NULL;
5340 return -1;
5342 if (params->flags & TLS_CONN_REQUIRE_OCSP_ALL) {
5345 return -1;
5356 if (!key_id && params->private_key && can_pkcs11 &&
5357 os_strncmp(params->private_key, "pkcs11:", 7) == 0) {
5359 key_id = params->private_key;
5362 if (!cert_id && params->client_cert && can_pkcs11 &&
5363 os_strncmp(params->client_cert, "pkcs11:", 7) == 0) {
5365 cert_id = params->client_cert;
5368 if (!ca_cert_id && params->ca_cert && can_pkcs11 &&
5369 os_strncmp(params->ca_cert, "pkcs11:", 7) == 0) {
5371 ca_cert_id = params->ca_cert;
5378 /* If private_key points to a TPM2-wrapped key, automatically enable
5380 if (params->private_key &&
5382 is_tpm2_key(params->private_key)) {
5384 params->private_key);
5385 key_id = key_id ? key_id : params->private_key;
5391 if (params->flags & TLS_CONN_EAP_FAST) {
5393 "OpenSSL: Use TLSv1_method() for EAP-FAST");
5394 if (SSL_set_ssl_method(conn->ssl, TLSv1_method()) != 1) {
5396 "Failed to set TLSv1_method() for EAP-FAST");
5397 return -1;
5403 if (params->flags & TLS_CONN_EAP_FAST) {
5406 * list (no TLS v1.3 ciphersuites included) for EAP-FAST. */
5407 wpa_printf(MSG_DEBUG, "OpenSSL: Disable TLSv1.3 for EAP-FAST");
5408 SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
5419 if (tls_set_conn_flags(conn, params->flags,
5420 params->openssl_ciphers) < 0)
5421 return -1;
5426 ret = tls_engine_init(conn, engine_id, params->pin,
5432 params->subject_match,
5433 params->altsubject_match,
5434 params->suffix_match,
5435 params->domain_match,
5436 params->check_cert_subject))
5437 return -1;
5442 } else if (tls_connection_ca_cert(data, conn, params->ca_cert,
5443 params->ca_cert_blob,
5444 params->ca_cert_blob_len,
5445 params->ca_path))
5446 return -1;
5451 } else if (tls_connection_client_cert(conn, params->client_cert,
5452 params->client_cert_blob,
5453 params->client_cert_blob_len))
5454 return -1;
5461 params->private_key,
5462 params->private_key_passwd,
5463 params->private_key_blob,
5464 params->private_key_blob_len)) {
5466 params->private_key);
5467 return -1;
5470 ciphers = params->openssl_ciphers;
5477 ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384";
5481 if (ciphers && SSL_set_cipher_list(conn->ssl, ciphers) != 1) {
5485 return -1;
5488 if (!params->openssl_ecdh_curves) {
5492 if (SSL_set_ecdh_auto(conn->ssl, 1) != 1) {
5495 return -1;
5500 } else if (params->openssl_ecdh_curves[0]) {
5504 return -1;
5507 if (SSL_set1_curves_list(conn->ssl,
5508 params->openssl_ecdh_curves) != 1) {
5511 params->openssl_ecdh_curves);
5512 return -1;
5516 return -1;
5522 if (params->flags & TLS_CONN_REQUEST_OCSP) {
5523 SSL_enable_ocsp_stapling(conn->ssl);
5527 if (params->flags & TLS_CONN_REQUEST_OCSP) {
5528 SSL_CTX *ssl_ctx = data->ssl;
5529 SSL_set_tlsext_status_type(conn->ssl, TLSEXT_STATUSTYPE_ocsp);
5534 if (params->flags & TLS_CONN_REQUIRE_OCSP) {
5536 "OpenSSL: No OCSP support included - reject configuration");
5537 return -1;
5539 if (params->flags & TLS_CONN_REQUEST_OCSP) {
5541 "OpenSSL: No OCSP support included - allow optional OCSP case to continue");
5546 conn->flags = params->flags;
5634 for (i = sk_X509_num(certs); i > 0; i--)
5636 i - 1));
5670 SSL_CTX *ssl_ctx = data->ssl;
5678 os_free(data->check_cert_subject);
5679 data->check_cert_subject = NULL;
5680 if (params->check_cert_subject) {
5681 data->check_cert_subject =
5682 os_strdup(params->check_cert_subject);
5683 if (!data->check_cert_subject)
5684 return -1;
5687 if (tls_global_ca_cert(data, params->ca_cert) ||
5688 tls_global_client_cert(data, params->client_cert) ||
5689 tls_global_private_key(data, params->private_key,
5690 params->private_key_passwd) ||
5691 tls_global_client_cert(data, params->client_cert2) ||
5692 tls_global_private_key(data, params->private_key2,
5693 params->private_key_passwd2) ||
5694 tls_global_dh(data, params->dh_file)) {
5696 return -1;
5699 os_free(data->openssl_ciphers);
5700 if (params->openssl_ciphers) {
5701 data->openssl_ciphers = os_strdup(params->openssl_ciphers);
5702 if (!data->openssl_ciphers)
5703 return -1;
5705 data->openssl_ciphers = NULL;
5707 if (params->openssl_ciphers &&
5708 SSL_CTX_set_cipher_list(ssl_ctx, params->openssl_ciphers) != 1) {
5711 params->openssl_ciphers);
5712 return -1;
5715 if (!params->openssl_ecdh_curves) {
5722 return -1;
5727 } else if (params->openssl_ecdh_curves[0]) {
5731 return -1;
5738 params->openssl_ecdh_curves) !=
5742 params->openssl_ecdh_curves);
5743 return -1;
5747 return -1;
5753 if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
5762 os_free(tls_global->ocsp_stapling_response);
5763 if (params->ocsp_stapling_response)
5764 tls_global->ocsp_stapling_response =
5765 os_strdup(params->ocsp_stapling_response);
5767 tls_global->ocsp_stapling_response = NULL;
5777 /* Pre-shared secred requires a patch to openssl, so this function is
5778 * commented out unless explicitly needed for EAP-FAST in order to be able to
5795 if (conn == NULL || conn->session_ticket_cb == NULL)
5798 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
5799 conn->session_ticket,
5800 conn->session_ticket_len,
5801 s->s3->client_random,
5802 s->s3->server_random, secret);
5807 if (conn == NULL || conn->session_ticket_cb == NULL)
5813 ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx,
5814 conn->session_ticket,
5815 conn->session_ticket_len,
5820 os_free(conn->session_ticket);
5821 conn->session_ticket = NULL;
5836 if (conn == NULL || conn->session_ticket_cb == NULL)
5841 os_free(conn->session_ticket);
5842 conn->session_ticket = NULL;
5847 conn->session_ticket = os_memdup(data, len);
5848 if (conn->session_ticket == NULL)
5851 conn->session_ticket_len = len;
5864 conn->session_ticket_cb = cb;
5865 conn->session_ticket_cb_ctx = ctx;
5868 if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
5870 return -1;
5871 SSL_set_session_ticket_ext_cb(conn->ssl,
5874 if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1)
5875 return -1;
5876 SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL);
5881 return -1;
5909 sess = SSL_get_session(conn->ssl);
5916 found = get_session_data(conn->context, old);
5921 dl_list_del(&found->list);
5932 sess_data->buf = data;
5933 dl_list_add(&conn->context->sessions, &sess_data->list);
5936 conn->success_data = 1;
5950 conn->success_data = 1;
5960 !(sess = SSL_get_session(conn->ssl)))
5970 sess = SSL_get_session(conn->ssl);
5974 if (SSL_CTX_remove_session(conn->ssl_ctx, sess) != 1)
5988 reused = SSL_session_reused(conn->ssl);
5989 if ((conn->server && !reused) || (!conn->server && reused))
5990 len = SSL_get_peer_finished(conn->ssl, buf, max_len);
5992 len = SSL_get_finished(conn->ssl, buf, max_len);
5995 return -1;
6005 cipher = SSL_get_current_cipher(conn->ssl);
6019 return conn->peer_subject;
6027 return SSL_get_certificate(conn->ssl) != NULL;