CoCalc -- dane.c

GitHub Repository: freebsd/freebsd-src
Path: blob/main/contrib/ldns/dane.c
³⁹⁵⁶⁴ views
1
/*
2
 * Verify or create TLS authentication with DANE (RFC6698)
3
 *
4
 * (c) NLnetLabs 2012-2020
5
 *
6
 * See the file LICENSE for the license.
7
 *
8
 */
9

10
#include <ldns/config.h>
11
#ifdef USE_DANE
12

13
#include <ldns/ldns.h>
14
#include <ldns/dane.h>
15

16
#include <unistd.h>
17
#include <stdlib.h>
18
#include <sys/types.h>
19
#ifdef HAVE_SYS_SOCKET_H
20
#include <sys/socket.h>
21
#endif
22
#ifdef HAVE_NETDB_H
23
#include <netdb.h>
24
#endif
25

26
#ifdef HAVE_SSL
27
#include <openssl/ssl.h>
28
#include <openssl/err.h>
29
#include <openssl/x509v3.h>
30
#endif
31

32
/* OpenSSL context options. At the moment, disable SSLv2, SSLv3
33
 * and Compression, if available. TLSv1.0 is allowed at the moment.
34
 * TLSv1.1 is the first to provide elliptic curves, so it is usually
35
 * allowed in a TLS stack. TLSv1.2 is the first to provide authentication
36
 * modes of operation, like GCM. The defines below are a moving
37
 * target based on OpenSSL library version. Grep is useful to find
38
 * the defines: grep -IR SSL_OP_NO_ /usr/include/openssl.
39
 */
40
#ifdef HAVE_SSL
41
# ifdef SSL_OP_NO_SSLv2
42
	const long NoOpenSSLv2 = SSL_OP_NO_SSLv2;
43
# else
44
	const long NoOpenSSLv2 = 0L;
45
# endif
46
# ifdef SSL_OP_NO_SSLv3
47
	const long NoOpenSSLv3 = SSL_OP_NO_SSLv3;
48
# else
49
	const long NoOpenSSLv3 = 0L;
50
# endif
51
# ifdef SSL_OP_NO_TLSv1
52
	const long NoOpenTLSv1 = SSL_OP_NO_TLSv1;
53
# else
54
	const long NoOpenTLSv1 = 0L;
55
# endif
56
# ifdef SSL_OP_NO_DTLSv1
57
	const long NoOpenDTLSv1 = SSL_OP_NO_DTLSv1;
58
# else
59
	const long NoOpenDTLSv1 = 0L;
60
# endif
61
# ifdef SSL_OP_NO_COMPRESSION
62
	const long NoOpenSSLCompression = SSL_OP_NO_COMPRESSION;
63
# else
64
	const long NoOpenSSLCompression = 0L;
65
# endif
66
#endif
67

68
#if defined(USE_DANE_VERIFY) && defined(USE_DANE_TA_USAGE)
69
static SSL_CTX*
70
ldns_dane_new_ssl_context(void)
71
{
72
	SSL_CTX* ssl_ctx;
73

74
	ssl_ctx = SSL_CTX_new(TLS_client_method());
75
	if (ssl_ctx != NULL)
76
	{
77
		/* ldns allows TLS and DTLS v1.0 at the moment. Some may disagree.
78
		 * Sometime in the future they may be disabled, too. Maybe
79
		 * --disable-tlsv1 and --disable-dtlsv1 should be configure options.
80
		 */
81
		long flags = NoOpenSSLv2 | NoOpenSSLv3 | NoOpenSSLCompression;
82
		SSL_CTX_set_options(ssl_ctx, flags);
83
	}
84

85
	return ssl_ctx;
86
}
87
#endif
88

89
ldns_status
90
ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
91
		uint16_t port, ldns_dane_transport transport)
92
{
93
	char buf[LDNS_MAX_DOMAINLEN];
94
	size_t s;
95

96
	assert(tlsa_owner != NULL);
97
	assert(name != NULL);
98
	assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
99

100
	s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
101
	buf[0] = (char)(s - 1);
102

103
	switch(transport) {
104
	case LDNS_DANE_TRANSPORT_TCP:
105
		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
106
		break;
107
	
108
	case LDNS_DANE_TRANSPORT_UDP:
109
		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
110
		break;
111

112
	case LDNS_DANE_TRANSPORT_SCTP:
113
		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
114
		break;
115
	
116
	default:
117
		return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT;
118
	}
119
	if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) {
120
		return LDNS_STATUS_DOMAINNAME_OVERFLOW;
121
	}
122
	memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
123
	*tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
124
			s + ldns_rdf_size(name), buf);
125
	if (*tlsa_owner == NULL) {
126
		return LDNS_STATUS_MEM_ERR;
127
	}
128
	return LDNS_STATUS_OK;
129
}
130

131

132
#ifdef HAVE_SSL
133
ldns_status
134
ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
135
		ldns_tlsa_selector      selector,
136
		ldns_tlsa_matching_type matching_type)
137
{
138
	unsigned char* buf = NULL;
139
	size_t len;
140

141
	X509_PUBKEY* xpubkey;
142
	EVP_PKEY* epubkey;
143

144
	unsigned char* digest;
145

146
	assert(rdf != NULL);
147
	assert(cert != NULL);
148

149
	switch(selector) {
150
	case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
151

152
		len = (size_t)i2d_X509(cert, &buf);
153
		break;
154

155
	case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
156

157
#ifndef S_SPLINT_S
158
		xpubkey = X509_get_X509_PUBKEY(cert);
159
#endif
160
		if (! xpubkey) {
161
			return LDNS_STATUS_SSL_ERR;
162
		}
163
		epubkey = X509_PUBKEY_get(xpubkey);
164
		if (! epubkey) {
165
			return LDNS_STATUS_SSL_ERR;
166
		}
167
		len = (size_t)i2d_PUBKEY(epubkey, &buf);
168
		break;
169
	
170
	default:
171
		return LDNS_STATUS_DANE_UNKNOWN_SELECTOR;
172
	}
173

174
	switch(matching_type) {
175
	case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
176

177
		*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
178
		
179
		return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
180
		break;
181
	
182
	case LDNS_TLSA_MATCHING_TYPE_SHA256:
183

184
		digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH);
185
		if (digest == NULL) {
186
			LDNS_FREE(buf);
187
			return LDNS_STATUS_MEM_ERR;
188
		}
189
		(void) ldns_sha256(buf, (unsigned int)len, digest);
190
		*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH,
191
				digest);
192
		LDNS_FREE(buf);
193

194
		return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
195
		break;
196

197
	case LDNS_TLSA_MATCHING_TYPE_SHA512:
198

199
		digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH);
200
		if (digest == NULL) {
201
			LDNS_FREE(buf);
202
			return LDNS_STATUS_MEM_ERR;
203
		}
204
		(void) ldns_sha512(buf, (unsigned int)len, digest);
205
		*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH,
206
				digest);
207
		LDNS_FREE(buf);
208

209
		return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
210
		break;
211
	
212
	default:
213
		LDNS_FREE(buf);
214
		return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE;
215
	}
216
}
217

218

219
/* Ordinary PKIX validation of cert (with extra_certs to help)
220
 * against the CA's in store
221
 */
222
static ldns_status
223
ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
224
		X509_STORE* store)
225
{
226
	X509_STORE_CTX* vrfy_ctx;
227
	ldns_status s;
228

229
	if (! store) {
230
		return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
231
	}
232
	vrfy_ctx = X509_STORE_CTX_new();
233
	if (! vrfy_ctx) {
234

235
		return LDNS_STATUS_SSL_ERR;
236

237
	} else if (X509_STORE_CTX_init(vrfy_ctx, store,
238
				cert, extra_certs) != 1) {
239
		s = LDNS_STATUS_SSL_ERR;
240

241
	} else if (X509_verify_cert(vrfy_ctx) == 1) {
242

243
		s = LDNS_STATUS_OK;
244

245
	} else {
246
		s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
247
	}
248
	X509_STORE_CTX_free(vrfy_ctx);
249
	return s;
250
}
251

252

253
/* Ordinary PKIX validation of cert (with extra_certs to help)
254
 * against the CA's in store, but also return the validation chain.
255
 */
256
static ldns_status
257
ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
258
		STACK_OF(X509)* extra_certs, X509_STORE* store)
259
{
260
	ldns_status s;
261
	X509_STORE* empty_store = NULL;
262
	X509_STORE_CTX* vrfy_ctx;
263

264
	assert(chain != NULL);
265

266
	if (! store) {
267
		store = empty_store = X509_STORE_new();
268
	}
269
	s = LDNS_STATUS_SSL_ERR;
270
	vrfy_ctx = X509_STORE_CTX_new();
271
	if (! vrfy_ctx) {
272

273
		goto exit_free_empty_store;
274

275
	} else if (X509_STORE_CTX_init(vrfy_ctx, store,
276
					cert, extra_certs) != 1) {
277
		goto exit_free_vrfy_ctx;
278

279
	} else if (X509_verify_cert(vrfy_ctx) == 1) {
280

281
		s = LDNS_STATUS_OK;
282

283
	} else {
284
		s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
285
	}
286
	*chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
287
	if (! *chain) {
288
		s = LDNS_STATUS_SSL_ERR;
289
	}
290

291
exit_free_vrfy_ctx:
292
	X509_STORE_CTX_free(vrfy_ctx);
293

294
exit_free_empty_store:
295
	if (empty_store) {
296
		X509_STORE_free(empty_store);
297
	}
298
	return s;
299
}
300

301

302
/* Return the validation chain that can be build out of cert, with extra_certs.
303
 */
304
static ldns_status
305
ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
306
		X509* cert, STACK_OF(X509)* extra_certs)
307
{
308
	ldns_status s;
309
	X509_STORE* empty_store = NULL;
310
	X509_STORE_CTX* vrfy_ctx;
311

312
	assert(chain != NULL);
313

314
	empty_store = X509_STORE_new();
315
	s = LDNS_STATUS_SSL_ERR;
316
	vrfy_ctx = X509_STORE_CTX_new();
317
	if (! vrfy_ctx) {
318

319
		goto exit_free_empty_store;
320

321
	} else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
322
					cert, extra_certs) != 1) {
323
		goto exit_free_vrfy_ctx;
324
	}
325
	(void) X509_verify_cert(vrfy_ctx);
326
	*chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
327
	if (! *chain) {
328
		s = LDNS_STATUS_SSL_ERR;
329
	} else {
330
		s = LDNS_STATUS_OK;
331
	}
332
exit_free_vrfy_ctx:
333
	X509_STORE_CTX_free(vrfy_ctx);
334

335
exit_free_empty_store:
336
	X509_STORE_free(empty_store);
337
	return s;
338
}
339

340

341
/* Pop n+1 certs and return the last popped.
342
 */
343
static ldns_status
344
ldns_dane_get_nth_cert_from_validation_chain(
345
		X509** cert, STACK_OF(X509)* chain, int n, bool ca)
346
{
347
	if (n >= sk_X509_num(chain) || n < 0) {
348
		return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE;
349
	}
350
	*cert = sk_X509_pop(chain);
351
	while (n-- > 0) {
352
		X509_free(*cert);
353
		*cert = sk_X509_pop(chain);
354
	}
355
	if (ca && ! X509_check_ca(*cert)) {
356
		return LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
357
	}
358
	return LDNS_STATUS_OK;
359
}
360

361

362
/* Create validation chain with cert and extra_certs and returns the last
363
 * self-signed (if present).
364
 */
365
static ldns_status
366
ldns_dane_pkix_get_last_self_signed(X509** out_cert,
367
		X509* cert, STACK_OF(X509)* extra_certs)
368
{
369
	ldns_status s;
370
	X509_STORE* empty_store = NULL;
371
	X509_STORE_CTX* vrfy_ctx;
372

373
	assert(out_cert != NULL);
374

375
	empty_store = X509_STORE_new();
376
	s = LDNS_STATUS_SSL_ERR;
377
	vrfy_ctx = X509_STORE_CTX_new();
378
	if (! vrfy_ctx) {
379
		goto exit_free_empty_store;
380

381
	} else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
382
					cert, extra_certs) != 1) {
383
		goto exit_free_vrfy_ctx;
384

385
	}
386
	(void) X509_verify_cert(vrfy_ctx);
387
	if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
388
	    X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
389

390
		*out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
391
		s = LDNS_STATUS_OK;
392
	} else {
393
		s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR;
394
	}
395
exit_free_vrfy_ctx:
396
	X509_STORE_CTX_free(vrfy_ctx);
397

398
exit_free_empty_store:
399
	X509_STORE_free(empty_store);
400
	return s;
401
}
402

403

404
ldns_status
405
ldns_dane_select_certificate(X509** selected_cert,
406
		X509* cert, STACK_OF(X509)* extra_certs,
407
		X509_STORE* pkix_validation_store,
408
		ldns_tlsa_certificate_usage cert_usage, int offset)
409
{
410
	ldns_status s;
411
	STACK_OF(X509)* pkix_validation_chain = NULL;
412

413
	assert(selected_cert != NULL);
414
	assert(cert != NULL);
415

416
	/* With PKIX validation explicitly turned off (pkix_validation_store
417
	 *  == NULL), treat the "CA constraint" and "Service certificate
418
	 * constraint" the same as "Trust anchor assertion" and "Domain issued
419
	 * certificate" respectively.
420
	 */
421
	if (pkix_validation_store == NULL) {
422
		switch (cert_usage) {
423

424
		case LDNS_TLSA_USAGE_CA_CONSTRAINT:
425

426
			cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION;
427
			break;
428

429
		case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
430

431
			cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE;
432
			break;
433

434
		default:
435
			break;
436
		}
437
	}
438

439
	/* Now what to do with each Certificate usage...
440
	 */
441
	switch (cert_usage) {
442

443
	case LDNS_TLSA_USAGE_CA_CONSTRAINT:
444

445
		s = ldns_dane_pkix_validate_and_get_chain(
446
				&pkix_validation_chain,
447
				cert, extra_certs,
448
				pkix_validation_store);
449
		if (! pkix_validation_chain) {
450
			return s;
451
		}
452
		if (s == LDNS_STATUS_OK) {
453
			if (offset == -1) {
454
				offset = 0;
455
			}
456
			s = ldns_dane_get_nth_cert_from_validation_chain(
457
					selected_cert, pkix_validation_chain,
458
					offset, true);
459
		}
460
		sk_X509_pop_free(pkix_validation_chain, X509_free);
461
		return s;
462
		break;
463

464

465
	case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
466

467
		*selected_cert = cert;
468
		return ldns_dane_pkix_validate(cert, extra_certs,
469
				pkix_validation_store);
470
		break;
471

472

473
	case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
474

475
		if (offset == -1) {
476
			s = ldns_dane_pkix_get_last_self_signed(
477
					selected_cert, cert, extra_certs);
478
			return s;
479
		} else {
480
			s = ldns_dane_pkix_get_chain(
481
					&pkix_validation_chain,
482
					cert, extra_certs);
483
			if (s == LDNS_STATUS_OK) {
484
				s =
485
				ldns_dane_get_nth_cert_from_validation_chain(
486
					selected_cert, pkix_validation_chain,
487
					offset, false);
488
			} else if (! pkix_validation_chain) {
489
				return s;
490
			}
491
			sk_X509_pop_free(pkix_validation_chain, X509_free);
492
			return s;
493
		}
494
		break;
495

496

497
	case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
498

499
		*selected_cert = cert;
500
		return LDNS_STATUS_OK;
501
		break;
502
	
503
	default:
504
		return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
505
		break;
506
	}
507
}
508

509

510
ldns_status
511
ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
512
		ldns_tlsa_certificate_usage certificate_usage,
513
		ldns_tlsa_selector          selector,
514
		ldns_tlsa_matching_type     matching_type,
515
		X509* cert)
516
{
517
	ldns_rdf* rdf;
518
	ldns_status s;
519

520
	assert(tlsa != NULL);
521
	assert(cert != NULL);
522

523
	/* create rr */
524
	*tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA);
525
	if (*tlsa == NULL) {
526
		return LDNS_STATUS_MEM_ERR;
527
	}
528

529
	rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
530
			(uint8_t)certificate_usage);
531
	if (rdf == NULL) {
532
		goto memerror;
533
	}
534
	(void) ldns_rr_set_rdf(*tlsa, rdf, 0);
535

536
	rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector);
537
	if (rdf == NULL) {
538
		goto memerror;
539
	}
540
	(void) ldns_rr_set_rdf(*tlsa, rdf, 1);
541

542
	rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type);
543
	if (rdf == NULL) {
544
		goto memerror;
545
	}
546
	(void) ldns_rr_set_rdf(*tlsa, rdf, 2);
547

548
	s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
549
	if (s == LDNS_STATUS_OK) {
550
		(void) ldns_rr_set_rdf(*tlsa, rdf, 3);
551
		return LDNS_STATUS_OK;
552
	}
553
	ldns_rr_free(*tlsa);
554
	*tlsa = NULL;
555
	return s;
556

557
memerror:
558
	ldns_rr_free(*tlsa);
559
	*tlsa = NULL;
560
	return LDNS_STATUS_MEM_ERR;
561
}
562

563

564
#ifdef USE_DANE_VERIFY
565
/* Return tlsas that actually are TLSA resource records with known values
566
 * for the Certificate usage, Selector and Matching type rdata fields.
567
 */
568
static ldns_rr_list*
569
ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
570
{
571
	size_t i;
572
	ldns_rr_list* r = ldns_rr_list_new();
573
	ldns_rr* tlsa_rr;
574

575
	if (! r) {
576
		return NULL;
577
	}
578
	for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
579
		tlsa_rr = ldns_rr_list_rr(tlsas, i);
580
		if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA &&
581
		    ldns_rr_rd_count(tlsa_rr) == 4 &&
582
		    ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 &&
583
		    ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 &&
584
		    ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) {
585

586
			if (! ldns_rr_list_push_rr(r, tlsa_rr)) {
587
				ldns_rr_list_free(r);
588
				return NULL;
589
			}
590
		}
591
	}
592
	return r;
593
}
594

595

596
#if !defined(USE_DANE_TA_USAGE)
597
/* Return whether cert/selector/matching_type matches data.
598
 */
599
static ldns_status
600
ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector,
601
		ldns_tlsa_matching_type matching_type, ldns_rdf* data)
602
{
603
	ldns_status s;
604
	ldns_rdf* match_data;
605

606
	s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type);
607
	if (s == LDNS_STATUS_OK) {
608
		if (ldns_rdf_compare(data, match_data) != 0) {
609
			s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
610
		}
611
		ldns_rdf_free(match_data);
612
	}
613
	return s;
614
}
615

616

617
/* Return whether any certificate from the chain with selector/matching_type
618
 * matches data.
619
 * ca should be true if the certificate has to be a CA certificate too.
620
 */
621
static ldns_status
622
ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
623
		ldns_tlsa_selector      selector,
624
		ldns_tlsa_matching_type matching_type,
625
		ldns_rdf* data, bool ca)
626
{
627
	ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
628
	size_t n, i;
629
	X509* cert;
630

631
	n = (size_t)sk_X509_num(chain);
632
	for (i = 0; i < n; i++) {
633
		cert = sk_X509_pop(chain);
634
		if (! cert) {
635
			s = LDNS_STATUS_SSL_ERR;
636
			break;
637
		}
638
		s = ldns_dane_match_cert_with_data(cert,
639
				selector, matching_type, data);
640
		if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) {
641
			s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
642
		}
643
		X509_free(cert);
644
		if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) {
645
			break;
646
		}
647
		/* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
648
		 * try to match the next certificate
649
		 */
650
	}
651
	return s;
652
}
653
#endif /* !defined(USE_DANE_TA_USAGE) */
654
#endif /* USE_DANE_VERIFY */
655

656
#ifdef USE_DANE_VERIFY
657
ldns_status
658
ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
659
		X509* cert, STACK_OF(X509)* extra_certs,
660
		X509_STORE* pkix_validation_store)
661
{
662
#if defined(USE_DANE_TA_USAGE)
663
	SSL_CTX *ssl_ctx = NULL;
664
	SSL *ssl = NULL;
665
	X509_STORE_CTX *store_ctx = NULL;
666
#else
667
	STACK_OF(X509)* pkix_validation_chain = NULL;
668
#endif
669
	ldns_status s = LDNS_STATUS_OK;
670

671
	ldns_tlsa_certificate_usage usage;
672
	ldns_tlsa_selector          selector;
673
	ldns_tlsa_matching_type     mtype;
674
	ldns_rdf*                   data;
675

676
	if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA ||
677
			ldns_rr_rd_count(tlsa_rr) != 4 ||
678
			ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 ||
679
			ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 ||
680
			ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) {
681
		/* No (usable) TLSA, so regular PKIX validation
682
		 */
683
		return ldns_dane_pkix_validate(cert, extra_certs,
684
				pkix_validation_store);
685
	}
686
	usage    = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
687
	selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
688
	mtype    = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
689
	data     =                      ldns_rr_rdf(tlsa_rr, 3) ;
690

691
#if defined(USE_DANE_TA_USAGE)
692
	/* Rely on OpenSSL dane functions.
693
	 *
694
	 * OpenSSL does not provide offline dane verification.  The dane unit
695
	 * tests within openssl use the undocumented SSL_get0_dane() and 
696
	 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
697
	 * SSL_CTX to a X509_STORE_CTX that can be used to do offline
698
	 * verification.  We use these undocumented means with the ldns
699
	 * dane function prototypes which did only offline dane verification.
700
	 */
701
	if (!(ssl_ctx = ldns_dane_new_ssl_context()))
702
		s = LDNS_STATUS_MEM_ERR;
703

704
	else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
705
		s = LDNS_STATUS_SSL_ERR;
706

707
	else if (SSL_CTX_dane_set_flags(
708
				ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
709
			!(ssl = SSL_new(ssl_ctx)))
710
		s = LDNS_STATUS_MEM_ERR;
711

712
	else if (SSL_set_connect_state(ssl),
713
			(SSL_dane_enable(ssl, NULL) <= 0))
714
		s = LDNS_STATUS_SSL_ERR;
715

716
	else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
717
				ldns_rdf_data(data), ldns_rdf_size(data)) <= 0)
718
		s = LDNS_STATUS_SSL_ERR;
719

720
	else if (!(store_ctx =  X509_STORE_CTX_new()))
721
		s = LDNS_STATUS_MEM_ERR;
722

723
	else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
724
		s = LDNS_STATUS_SSL_ERR;
725

726
	else {
727
		int ret;
728

729
		X509_STORE_CTX_set_default(store_ctx,
730
				SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
731
		X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
732
				SSL_get0_param(ssl));
733
		X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
734
		if (SSL_get_verify_callback(ssl))
735
			X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
736

737
		ret = X509_verify_cert(store_ctx);
738
		if (!ret) {
739
			if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
740
				s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
741
			else
742
				s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
743
		}
744
		X509_STORE_CTX_cleanup(store_ctx);
745
	}
746
	if (store_ctx)
747
		X509_STORE_CTX_free(store_ctx);
748
	if (ssl)
749
		SSL_free(ssl);
750
	if (ssl_ctx)
751
		SSL_CTX_free(ssl_ctx);
752
	return s;
753
#else
754
	switch (usage) {
755
	case LDNS_TLSA_USAGE_CA_CONSTRAINT:
756
		s = ldns_dane_pkix_validate_and_get_chain(
757
				&pkix_validation_chain, 
758
				cert, extra_certs,
759
				pkix_validation_store);
760
		if (! pkix_validation_chain) {
761
			return s;
762
		}
763
		if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
764
			/*
765
			 * NO PKIX validation. We still try to match *any*
766
			 * certificate from the chain, so we return
767
			 * TLSA errors over PKIX errors.
768
			 *
769
			 * i.e. When the TLSA matches no certificate, we return
770
			 * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
771
			 */
772
			s = ldns_dane_match_any_cert_with_data(
773
					pkix_validation_chain,
774
					selector, mtype, data, true);
775

776
			if (s == LDNS_STATUS_OK) {
777
				/* A TLSA record did match a cert from the
778
				 * chain, thus the error is failed PKIX
779
				 * validation.
780
				 */
781
				s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
782
			}
783

784
		} else if (s == LDNS_STATUS_OK) { 
785
			/* PKIX validated, does the TLSA match too? */
786

787
			s = ldns_dane_match_any_cert_with_data(
788
					pkix_validation_chain,
789
					selector, mtype, data, true);
790
		}
791
		sk_X509_pop_free(pkix_validation_chain, X509_free);
792
		return s;
793
		break;
794

795
	case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
796

797
		s = ldns_dane_match_cert_with_data(cert,
798
				selector, mtype, data);
799

800
		if (s == LDNS_STATUS_OK) {
801
			return ldns_dane_pkix_validate(cert, extra_certs,
802
					pkix_validation_store);
803
		}
804
		return s;
805
		break;
806

807
	case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
808
#if 0
809
		s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
810
				cert, extra_certs);
811

812
		if (s == LDNS_STATUS_OK) {
813
			s = ldns_dane_match_any_cert_with_data(
814
					pkix_validation_chain,
815
					selector, mtype, data, false);
816

817
		} else if (! pkix_validation_chain) {
818
			return s;
819
		}
820
		sk_X509_pop_free(pkix_validation_chain, X509_free);
821
		return s;
822
#else
823
		return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA;
824
#endif
825
		break;
826

827
	case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
828
		return ldns_dane_match_cert_with_data(cert,
829
				selector, mtype, data);
830
		break;
831

832
	default:
833
		break;
834
	}
835
#endif
836
	return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
837
}
838

839

840
ldns_status
841
ldns_dane_verify(const ldns_rr_list* tlsas,
842
		X509* cert, STACK_OF(X509)* extra_certs,
843
		X509_STORE* pkix_validation_store)
844
{
845
#if defined(USE_DANE_TA_USAGE)
846
	SSL_CTX *ssl_ctx = NULL;
847
	ldns_rdf *basename_rdf = NULL;
848
	char *basename = NULL;
849
	SSL *ssl = NULL;
850
	X509_STORE_CTX *store_ctx = NULL;
851
#else
852
	ldns_status ps;
853
#endif
854
	size_t i;
855
	ldns_rr* tlsa_rr;
856
	ldns_rr_list *usable_tlsas;
857
	ldns_status s = LDNS_STATUS_OK;
858

859
	assert(cert != NULL);
860

861
	if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0)
862
		/* No TLSA's, so regular PKIX validation
863
		 */
864
		return ldns_dane_pkix_validate(cert, extra_certs,
865
				pkix_validation_store);
866

867
/* To enable name checks (which we don't) */
868
#if defined(USE_DANE_TA_USAGE) && 0
869
	else if (!(basename_rdf = ldns_dname_clone_from(
870
					ldns_rr_list_owner(tlsas), 2)))
871
		/* Could nog get DANE base name */
872
		s = LDNS_STATUS_ERR;
873

874
	else if (!(basename = ldns_rdf2str(basename_rdf)))
875
		s = LDNS_STATUS_MEM_ERR;
876

877
	else if (strlen(basename) && (basename[strlen(basename)-1]  = 0))
878
		s = LDNS_STATUS_ERR; /* Intended to be unreachable */
879
#endif
880

881
	else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas)))
882
		return LDNS_STATUS_MEM_ERR;
883

884
	else if (ldns_rr_list_rr_count(usable_tlsas) == 0) {
885
		/* No TLSA's, so regular PKIX validation
886
		 */
887
		ldns_rr_list_free(usable_tlsas);
888
		return ldns_dane_pkix_validate(cert, extra_certs,
889
				pkix_validation_store);
890
	}
891
#if defined(USE_DANE_TA_USAGE)
892
	/* Rely on OpenSSL dane functions.
893
	 *
894
	 * OpenSSL does not provide offline dane verification.  The dane unit
895
	 * tests within openssl use the undocumented SSL_get0_dane() and 
896
	 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
897
	 * SSL_CTX to a X509_STORE_CTX that can be used to do offline
898
	 * verification.  We use these undocumented means with the ldns
899
	 * dane function prototypes which did only offline dane verification.
900
	 */
901
	if (!(ssl_ctx = ldns_dane_new_ssl_context()))
902
		s = LDNS_STATUS_MEM_ERR;
903

904
	else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
905
		s = LDNS_STATUS_SSL_ERR;
906

907
	else if (SSL_CTX_dane_set_flags(
908
				ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
909
			!(ssl = SSL_new(ssl_ctx)))
910
		s = LDNS_STATUS_MEM_ERR;
911

912
	else if (SSL_set_connect_state(ssl),
913
			(SSL_dane_enable(ssl, basename) <= 0))
914
		s = LDNS_STATUS_SSL_ERR;
915

916
	else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
917
		ldns_tlsa_certificate_usage usage;
918
		ldns_tlsa_selector          selector;
919
		ldns_tlsa_matching_type     mtype;
920
		ldns_rdf*                   data;
921

922
		tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
923
		usage   = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0));
924
		selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1));
925
		mtype   = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2));
926
		data    =                      ldns_rr_rdf(tlsa_rr,3) ;
927

928
		if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
929
					ldns_rdf_data(data),
930
					ldns_rdf_size(data)) <= 0) {
931
			s = LDNS_STATUS_SSL_ERR;
932
			break;
933
		}
934
	}
935
	if (!s && !(store_ctx =  X509_STORE_CTX_new()))
936
		s = LDNS_STATUS_MEM_ERR;
937

938
	else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
939
		s = LDNS_STATUS_SSL_ERR;
940

941
	else {
942
		int ret;
943

944
		X509_STORE_CTX_set_default(store_ctx,
945
				SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
946
		X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
947
				SSL_get0_param(ssl));
948
		X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
949
		if (SSL_get_verify_callback(ssl))
950
			X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
951

952
		ret = X509_verify_cert(store_ctx);
953
		if (!ret) {
954
			if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
955
				s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
956
			else
957
				s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
958
		}
959
		X509_STORE_CTX_cleanup(store_ctx);
960
	}
961
	if (store_ctx)
962
		X509_STORE_CTX_free(store_ctx);
963
	if (ssl)
964
		SSL_free(ssl);
965
	if (ssl_ctx)
966
		SSL_CTX_free(ssl_ctx);
967
	if (basename)
968
		free(basename);
969
	ldns_rdf_deep_free(basename_rdf);
970
#else
971
	for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
972
		tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
973
		ps = s;
974
		s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
975
				pkix_validation_store);
976

977
		if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
978
		    s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE &&
979
		    s != LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA) {
980

981
			/* which would be LDNS_STATUS_OK (match)
982
			 * or some fatal error preventing use from
983
			 * trying the next TLSA record.
984
			 */
985
			break;
986
		}
987
		s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA
988
		                        * over PKIX_DID_NOT_VALIDATE
989
					* over TLSA_DID_NOT_MATCH
990
					*/
991
	}
992
#endif
993
	ldns_rr_list_free(usable_tlsas);
994
	return s;
995
}
996
#endif /* USE_DANE_VERIFY */
997
#endif /* HAVE_SSL */
998
#endif /* USE_DANE */
999

1000
Product

Resources

Company
