xref: /freebsd/contrib/ldns/dane.c (revision 6829dae12bb055451fa467da4589c43bd03b1e64)
1 /*
2  * Verify or create TLS authentication with DANE (RFC6698)
3  *
4  * (c) NLnetLabs 2012
5  *
6  * See the file LICENSE for the license.
7  *
8  */
9 
10 #include <ldns/config.h>
11 #ifdef USE_DANE
12 
13 #include <ldns/ldns.h>
14 #include <ldns/dane.h>
15 
16 #include <unistd.h>
17 #include <stdlib.h>
18 #include <sys/types.h>
19 #ifdef HAVE_SYS_SOCKET_H
20 #include <sys/socket.h>
21 #endif
22 #ifdef HAVE_NETDB_H
23 #include <netdb.h>
24 #endif
25 
26 #ifdef HAVE_SSL
27 #include <openssl/ssl.h>
28 #include <openssl/err.h>
29 #include <openssl/x509v3.h>
30 #endif
31 
32 ldns_status
33 ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
34 		uint16_t port, ldns_dane_transport transport)
35 {
36 	char buf[LDNS_MAX_DOMAINLEN];
37 	size_t s;
38 
39 	assert(tlsa_owner != NULL);
40 	assert(name != NULL);
41 	assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
42 
43 	s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
44 	buf[0] = (char)(s - 1);
45 
46 	switch(transport) {
47 	case LDNS_DANE_TRANSPORT_TCP:
48 		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
49 		break;
50 
51 	case LDNS_DANE_TRANSPORT_UDP:
52 		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
53 		break;
54 
55 	case LDNS_DANE_TRANSPORT_SCTP:
56 		s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
57 		break;
58 
59 	default:
60 		return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT;
61 	}
62 	if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) {
63 		return LDNS_STATUS_DOMAINNAME_OVERFLOW;
64 	}
65 	memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
66 	*tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
67 			s + ldns_rdf_size(name), buf);
68 	if (*tlsa_owner == NULL) {
69 		return LDNS_STATUS_MEM_ERR;
70 	}
71 	return LDNS_STATUS_OK;
72 }
73 
74 
75 #ifdef HAVE_SSL
76 ldns_status
77 ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
78 		ldns_tlsa_selector      selector,
79 		ldns_tlsa_matching_type matching_type)
80 {
81 	unsigned char* buf = NULL;
82 	size_t len;
83 
84 	X509_PUBKEY* xpubkey;
85 	EVP_PKEY* epubkey;
86 
87 	unsigned char* digest;
88 
89 	assert(rdf != NULL);
90 	assert(cert != NULL);
91 
92 	switch(selector) {
93 	case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
94 
95 		len = (size_t)i2d_X509(cert, &buf);
96 		break;
97 
98 	case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
99 
100 #ifndef S_SPLINT_S
101 		xpubkey = X509_get_X509_PUBKEY(cert);
102 #endif
103 		if (! xpubkey) {
104 			return LDNS_STATUS_SSL_ERR;
105 		}
106 		epubkey = X509_PUBKEY_get(xpubkey);
107 		if (! epubkey) {
108 			return LDNS_STATUS_SSL_ERR;
109 		}
110 		len = (size_t)i2d_PUBKEY(epubkey, &buf);
111 		break;
112 
113 	default:
114 		return LDNS_STATUS_DANE_UNKNOWN_SELECTOR;
115 	}
116 
117 	switch(matching_type) {
118 	case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
119 
120 		*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
121 
122 		return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
123 		break;
124 
125 	case LDNS_TLSA_MATCHING_TYPE_SHA256:
126 
127 		digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH);
128 		if (digest == NULL) {
129 			LDNS_FREE(buf);
130 			return LDNS_STATUS_MEM_ERR;
131 		}
132 		(void) ldns_sha256(buf, (unsigned int)len, digest);
133 		*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH,
134 				digest);
135 		LDNS_FREE(buf);
136 
137 		return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
138 		break;
139 
140 	case LDNS_TLSA_MATCHING_TYPE_SHA512:
141 
142 		digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH);
143 		if (digest == NULL) {
144 			LDNS_FREE(buf);
145 			return LDNS_STATUS_MEM_ERR;
146 		}
147 		(void) ldns_sha512(buf, (unsigned int)len, digest);
148 		*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH,
149 				digest);
150 		LDNS_FREE(buf);
151 
152 		return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
153 		break;
154 
155 	default:
156 		LDNS_FREE(buf);
157 		return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE;
158 	}
159 }
160 
161 
162 /* Ordinary PKIX validation of cert (with extra_certs to help)
163  * against the CA's in store
164  */
165 static ldns_status
166 ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
167 		X509_STORE* store)
168 {
169 	X509_STORE_CTX* vrfy_ctx;
170 	ldns_status s;
171 
172 	if (! store) {
173 		return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
174 	}
175 	vrfy_ctx = X509_STORE_CTX_new();
176 	if (! vrfy_ctx) {
177 
178 		return LDNS_STATUS_SSL_ERR;
179 
180 	} else if (X509_STORE_CTX_init(vrfy_ctx, store,
181 				cert, extra_certs) != 1) {
182 		s = LDNS_STATUS_SSL_ERR;
183 
184 	} else if (X509_verify_cert(vrfy_ctx) == 1) {
185 
186 		s = LDNS_STATUS_OK;
187 
188 	} else {
189 		s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
190 	}
191 	X509_STORE_CTX_free(vrfy_ctx);
192 	return s;
193 }
194 
195 
196 /* Orinary PKIX validation of cert (with extra_certs to help)
197  * against the CA's in store, but also return the validation chain.
198  */
199 static ldns_status
200 ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
201 		STACK_OF(X509)* extra_certs, X509_STORE* store)
202 {
203 	ldns_status s;
204 	X509_STORE* empty_store = NULL;
205 	X509_STORE_CTX* vrfy_ctx;
206 
207 	assert(chain != NULL);
208 
209 	if (! store) {
210 		store = empty_store = X509_STORE_new();
211 	}
212 	s = LDNS_STATUS_SSL_ERR;
213 	vrfy_ctx = X509_STORE_CTX_new();
214 	if (! vrfy_ctx) {
215 
216 		goto exit_free_empty_store;
217 
218 	} else if (X509_STORE_CTX_init(vrfy_ctx, store,
219 					cert, extra_certs) != 1) {
220 		goto exit_free_vrfy_ctx;
221 
222 	} else if (X509_verify_cert(vrfy_ctx) == 1) {
223 
224 		s = LDNS_STATUS_OK;
225 
226 	} else {
227 		s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
228 	}
229 	*chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
230 	if (! *chain) {
231 		s = LDNS_STATUS_SSL_ERR;
232 	}
233 
234 exit_free_vrfy_ctx:
235 	X509_STORE_CTX_free(vrfy_ctx);
236 
237 exit_free_empty_store:
238 	if (empty_store) {
239 		X509_STORE_free(empty_store);
240 	}
241 	return s;
242 }
243 
244 
245 /* Return the validation chain that can be build out of cert, with extra_certs.
246  */
247 static ldns_status
248 ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
249 		X509* cert, STACK_OF(X509)* extra_certs)
250 {
251 	ldns_status s;
252 	X509_STORE* empty_store = NULL;
253 	X509_STORE_CTX* vrfy_ctx;
254 
255 	assert(chain != NULL);
256 
257 	empty_store = X509_STORE_new();
258 	s = LDNS_STATUS_SSL_ERR;
259 	vrfy_ctx = X509_STORE_CTX_new();
260 	if (! vrfy_ctx) {
261 
262 		goto exit_free_empty_store;
263 
264 	} else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
265 					cert, extra_certs) != 1) {
266 		goto exit_free_vrfy_ctx;
267 	}
268 	(void) X509_verify_cert(vrfy_ctx);
269 	*chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
270 	if (! *chain) {
271 		s = LDNS_STATUS_SSL_ERR;
272 	} else {
273 		s = LDNS_STATUS_OK;
274 	}
275 exit_free_vrfy_ctx:
276 	X509_STORE_CTX_free(vrfy_ctx);
277 
278 exit_free_empty_store:
279 	X509_STORE_free(empty_store);
280 	return s;
281 }
282 
283 
284 /* Pop n+1 certs and return the last popped.
285  */
286 static ldns_status
287 ldns_dane_get_nth_cert_from_validation_chain(
288 		X509** cert, STACK_OF(X509)* chain, int n, bool ca)
289 {
290 	if (n >= sk_X509_num(chain) || n < 0) {
291 		return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE;
292 	}
293 	*cert = sk_X509_pop(chain);
294 	while (n-- > 0) {
295 		X509_free(*cert);
296 		*cert = sk_X509_pop(chain);
297 	}
298 	if (ca && ! X509_check_ca(*cert)) {
299 		return LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
300 	}
301 	return LDNS_STATUS_OK;
302 }
303 
304 
305 /* Create validation chain with cert and extra_certs and returns the last
306  * self-signed (if present).
307  */
308 static ldns_status
309 ldns_dane_pkix_get_last_self_signed(X509** out_cert,
310 		X509* cert, STACK_OF(X509)* extra_certs)
311 {
312 	ldns_status s;
313 	X509_STORE* empty_store = NULL;
314 	X509_STORE_CTX* vrfy_ctx;
315 
316 	assert(out_cert != NULL);
317 
318 	empty_store = X509_STORE_new();
319 	s = LDNS_STATUS_SSL_ERR;
320 	vrfy_ctx = X509_STORE_CTX_new();
321 	if (! vrfy_ctx) {
322 		goto exit_free_empty_store;
323 
324 	} else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
325 					cert, extra_certs) != 1) {
326 		goto exit_free_vrfy_ctx;
327 
328 	}
329 	(void) X509_verify_cert(vrfy_ctx);
330 	if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
331 	    X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
332 
333 		*out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
334 		s = LDNS_STATUS_OK;
335 	} else {
336 		s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR;
337 	}
338 exit_free_vrfy_ctx:
339 	X509_STORE_CTX_free(vrfy_ctx);
340 
341 exit_free_empty_store:
342 	X509_STORE_free(empty_store);
343 	return s;
344 }
345 
346 
347 ldns_status
348 ldns_dane_select_certificate(X509** selected_cert,
349 		X509* cert, STACK_OF(X509)* extra_certs,
350 		X509_STORE* pkix_validation_store,
351 		ldns_tlsa_certificate_usage cert_usage, int offset)
352 {
353 	ldns_status s;
354 	STACK_OF(X509)* pkix_validation_chain = NULL;
355 
356 	assert(selected_cert != NULL);
357 	assert(cert != NULL);
358 
359 	/* With PKIX validation explicitly turned off (pkix_validation_store
360 	 *  == NULL), treat the "CA constraint" and "Service certificate
361 	 * constraint" the same as "Trust anchor assertion" and "Domain issued
362 	 * certificate" respectively.
363 	 */
364 	if (pkix_validation_store == NULL) {
365 		switch (cert_usage) {
366 
367 		case LDNS_TLSA_USAGE_CA_CONSTRAINT:
368 
369 			cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION;
370 			break;
371 
372 		case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
373 
374 			cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE;
375 			break;
376 
377 		default:
378 			break;
379 		}
380 	}
381 
382 	/* Now what to do with each Certificate usage...
383 	 */
384 	switch (cert_usage) {
385 
386 	case LDNS_TLSA_USAGE_CA_CONSTRAINT:
387 
388 		s = ldns_dane_pkix_validate_and_get_chain(
389 				&pkix_validation_chain,
390 				cert, extra_certs,
391 				pkix_validation_store);
392 		if (! pkix_validation_chain) {
393 			return s;
394 		}
395 		if (s == LDNS_STATUS_OK) {
396 			if (offset == -1) {
397 				offset = 0;
398 			}
399 			s = ldns_dane_get_nth_cert_from_validation_chain(
400 					selected_cert, pkix_validation_chain,
401 					offset, true);
402 		}
403 		sk_X509_pop_free(pkix_validation_chain, X509_free);
404 		return s;
405 		break;
406 
407 
408 	case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
409 
410 		*selected_cert = cert;
411 		return ldns_dane_pkix_validate(cert, extra_certs,
412 				pkix_validation_store);
413 		break;
414 
415 
416 	case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
417 
418 		if (offset == -1) {
419 			s = ldns_dane_pkix_get_last_self_signed(
420 					selected_cert, cert, extra_certs);
421 			return s;
422 		} else {
423 			s = ldns_dane_pkix_get_chain(
424 					&pkix_validation_chain,
425 					cert, extra_certs);
426 			if (s == LDNS_STATUS_OK) {
427 				s =
428 				ldns_dane_get_nth_cert_from_validation_chain(
429 					selected_cert, pkix_validation_chain,
430 					offset, false);
431 			} else if (! pkix_validation_chain) {
432 				return s;
433 			}
434 			sk_X509_pop_free(pkix_validation_chain, X509_free);
435 			return s;
436 		}
437 		break;
438 
439 
440 	case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
441 
442 		*selected_cert = cert;
443 		return LDNS_STATUS_OK;
444 		break;
445 
446 	default:
447 		return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
448 		break;
449 	}
450 }
451 
452 
453 ldns_status
454 ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
455 		ldns_tlsa_certificate_usage certificate_usage,
456 		ldns_tlsa_selector          selector,
457 		ldns_tlsa_matching_type     matching_type,
458 		X509* cert)
459 {
460 	ldns_rdf* rdf;
461 	ldns_status s;
462 
463 	assert(tlsa != NULL);
464 	assert(cert != NULL);
465 
466 	/* create rr */
467 	*tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA);
468 	if (*tlsa == NULL) {
469 		return LDNS_STATUS_MEM_ERR;
470 	}
471 
472 	rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
473 			(uint8_t)certificate_usage);
474 	if (rdf == NULL) {
475 		goto memerror;
476 	}
477 	(void) ldns_rr_set_rdf(*tlsa, rdf, 0);
478 
479 	rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector);
480 	if (rdf == NULL) {
481 		goto memerror;
482 	}
483 	(void) ldns_rr_set_rdf(*tlsa, rdf, 1);
484 
485 	rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type);
486 	if (rdf == NULL) {
487 		goto memerror;
488 	}
489 	(void) ldns_rr_set_rdf(*tlsa, rdf, 2);
490 
491 	s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
492 	if (s == LDNS_STATUS_OK) {
493 		(void) ldns_rr_set_rdf(*tlsa, rdf, 3);
494 		return LDNS_STATUS_OK;
495 	}
496 	ldns_rr_free(*tlsa);
497 	*tlsa = NULL;
498 	return s;
499 
500 memerror:
501 	ldns_rr_free(*tlsa);
502 	*tlsa = NULL;
503 	return LDNS_STATUS_MEM_ERR;
504 }
505 
506 
507 #ifdef USE_DANE_VERIFY
508 /* Return tlsas that actually are TLSA resource records with known values
509  * for the Certificate usage, Selector and Matching type rdata fields.
510  */
511 static ldns_rr_list*
512 ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
513 {
514 	size_t i;
515 	ldns_rr_list* r = ldns_rr_list_new();
516 	ldns_rr* tlsa_rr;
517 
518 	if (! r) {
519 		return NULL;
520 	}
521 	for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
522 		tlsa_rr = ldns_rr_list_rr(tlsas, i);
523 		if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA &&
524 		    ldns_rr_rd_count(tlsa_rr) == 4 &&
525 		    ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 &&
526 		    ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 &&
527 		    ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) {
528 
529 			if (! ldns_rr_list_push_rr(r, tlsa_rr)) {
530 				ldns_rr_list_free(r);
531 				return NULL;
532 			}
533 		}
534 	}
535 	return r;
536 }
537 
538 
539 #if !defined(USE_DANE_TA_USAGE)
540 /* Return whether cert/selector/matching_type matches data.
541  */
542 static ldns_status
543 ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector,
544 		ldns_tlsa_matching_type matching_type, ldns_rdf* data)
545 {
546 	ldns_status s;
547 	ldns_rdf* match_data;
548 
549 	s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type);
550 	if (s == LDNS_STATUS_OK) {
551 		if (ldns_rdf_compare(data, match_data) != 0) {
552 			s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
553 		}
554 		ldns_rdf_free(match_data);
555 	}
556 	return s;
557 }
558 
559 
560 /* Return whether any certificate from the chain with selector/matching_type
561  * matches data.
562  * ca should be true if the certificate has to be a CA certificate too.
563  */
564 static ldns_status
565 ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
566 		ldns_tlsa_selector      selector,
567 		ldns_tlsa_matching_type matching_type,
568 		ldns_rdf* data, bool ca)
569 {
570 	ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
571 	size_t n, i;
572 	X509* cert;
573 
574 	n = (size_t)sk_X509_num(chain);
575 	for (i = 0; i < n; i++) {
576 		cert = sk_X509_pop(chain);
577 		if (! cert) {
578 			s = LDNS_STATUS_SSL_ERR;
579 			break;
580 		}
581 		s = ldns_dane_match_cert_with_data(cert,
582 				selector, matching_type, data);
583 		if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) {
584 			s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
585 		}
586 		X509_free(cert);
587 		if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) {
588 			break;
589 		}
590 		/* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
591 		 * try to match the next certificate
592 		 */
593 	}
594 	return s;
595 }
596 #endif /* !defined(USE_DANE_TA_USAGE) */
597 #endif /* USE_DANE_VERIFY */
598 
599 #ifdef USE_DANE_VERIFY
600 ldns_status
601 ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
602 		X509* cert, STACK_OF(X509)* extra_certs,
603 		X509_STORE* pkix_validation_store)
604 {
605 #if defined(USE_DANE_TA_USAGE)
606 	SSL_CTX *ssl_ctx = NULL;
607 	SSL *ssl = NULL;
608 	X509_STORE_CTX *store_ctx = NULL;
609 #else
610 	STACK_OF(X509)* pkix_validation_chain = NULL;
611 #endif
612 	ldns_status s = LDNS_STATUS_OK;
613 
614 	ldns_tlsa_certificate_usage usage;
615 	ldns_tlsa_selector          selector;
616 	ldns_tlsa_matching_type     mtype;
617 	ldns_rdf*                   data;
618 
619 	if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA ||
620 			ldns_rr_rd_count(tlsa_rr) != 4 ||
621 			ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 ||
622 			ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 ||
623 			ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) {
624 		/* No (usable) TLSA, so regular PKIX validation
625 		 */
626 		return ldns_dane_pkix_validate(cert, extra_certs,
627 				pkix_validation_store);
628 	}
629 	usage    = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
630 	selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
631 	mtype    = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
632 	data     =                      ldns_rr_rdf(tlsa_rr, 3) ;
633 
634 #if defined(USE_DANE_TA_USAGE)
635 	/* Rely on OpenSSL dane functions.
636 	 *
637 	 * OpenSSL does not provide offline dane verification.  The dane unit
638 	 * tests within openssl use the undocumented SSL_get0_dane() and
639 	 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
640 	 * SSL_CTX to a X509_STORE_CTX that can be used to do offline
641 	 * verification.  We use these undocumented means with the ldns
642 	 * dane function prototypes which did only offline dane verification.
643 	 */
644 	if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
645 		s = LDNS_STATUS_MEM_ERR;
646 
647 	else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
648 		s = LDNS_STATUS_SSL_ERR;
649 
650 	else if (SSL_CTX_dane_set_flags(
651 				ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
652 			!(ssl = SSL_new(ssl_ctx)))
653 		s = LDNS_STATUS_MEM_ERR;
654 
655 	else if (SSL_set_connect_state(ssl),
656 			(SSL_dane_enable(ssl, NULL) <= 0))
657 		s = LDNS_STATUS_SSL_ERR;
658 
659 	else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
660 				ldns_rdf_data(data), ldns_rdf_size(data)) <= 0)
661 		s = LDNS_STATUS_SSL_ERR;
662 
663 	else if (!(store_ctx =  X509_STORE_CTX_new()))
664 		s = LDNS_STATUS_MEM_ERR;
665 
666 	else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
667 		s = LDNS_STATUS_SSL_ERR;
668 
669 	else {
670 		int ret;
671 
672 		X509_STORE_CTX_set_default(store_ctx,
673 				SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
674 		X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
675 				SSL_get0_param(ssl));
676 		X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
677 		if (SSL_get_verify_callback(ssl))
678 			X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
679 
680 		ret = X509_verify_cert(store_ctx);
681 		if (!ret) {
682 			if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
683 				s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
684 			else
685 				s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
686 		}
687 		X509_STORE_CTX_cleanup(store_ctx);
688 	}
689 	if (store_ctx)
690 		X509_STORE_CTX_free(store_ctx);
691 	if (ssl)
692 		SSL_free(ssl);
693 	if (ssl_ctx)
694 		SSL_CTX_free(ssl_ctx);
695 	return s;
696 #else
697 	switch (usage) {
698 	case LDNS_TLSA_USAGE_CA_CONSTRAINT:
699 		s = ldns_dane_pkix_validate_and_get_chain(
700 				&pkix_validation_chain,
701 				cert, extra_certs,
702 				pkix_validation_store);
703 		if (! pkix_validation_chain) {
704 			return s;
705 		}
706 		if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
707 			/*
708 			 * NO PKIX validation. We still try to match *any*
709 			 * certificate from the chain, so we return
710 			 * TLSA errors over PKIX errors.
711 			 *
712 			 * i.e. When the TLSA matches no certificate, we return
713 			 * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
714 			 */
715 			s = ldns_dane_match_any_cert_with_data(
716 					pkix_validation_chain,
717 					selector, mtype, data, true);
718 
719 			if (s == LDNS_STATUS_OK) {
720 				/* A TLSA record did match a cert from the
721 				 * chain, thus the error is failed PKIX
722 				 * validation.
723 				 */
724 				s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
725 			}
726 
727 		} else if (s == LDNS_STATUS_OK) {
728 			/* PKIX validated, does the TLSA match too? */
729 
730 			s = ldns_dane_match_any_cert_with_data(
731 					pkix_validation_chain,
732 					selector, mtype, data, true);
733 		}
734 		sk_X509_pop_free(pkix_validation_chain, X509_free);
735 		return s;
736 		break;
737 
738 	case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
739 
740 		s = ldns_dane_match_cert_with_data(cert,
741 				selector, mtype, data);
742 
743 		if (s == LDNS_STATUS_OK) {
744 			return ldns_dane_pkix_validate(cert, extra_certs,
745 					pkix_validation_store);
746 		}
747 		return s;
748 		break;
749 
750 	case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
751 #if 0
752 		s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
753 				cert, extra_certs);
754 
755 		if (s == LDNS_STATUS_OK) {
756 			s = ldns_dane_match_any_cert_with_data(
757 					pkix_validation_chain,
758 					selector, mtype, data, false);
759 
760 		} else if (! pkix_validation_chain) {
761 			return s;
762 		}
763 		sk_X509_pop_free(pkix_validation_chain, X509_free);
764 		return s;
765 #else
766 		return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA;
767 #endif
768 		break;
769 
770 	case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
771 		return ldns_dane_match_cert_with_data(cert,
772 				selector, mtype, data);
773 		break;
774 
775 	default:
776 		break;
777 	}
778 #endif
779 	return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
780 }
781 
782 
783 ldns_status
784 ldns_dane_verify(const ldns_rr_list* tlsas,
785 		X509* cert, STACK_OF(X509)* extra_certs,
786 		X509_STORE* pkix_validation_store)
787 {
788 #if defined(USE_DANE_TA_USAGE)
789 	SSL_CTX *ssl_ctx = NULL;
790 	ldns_rdf *basename_rdf = NULL;
791 	char *basename = NULL;
792 	SSL *ssl = NULL;
793 	X509_STORE_CTX *store_ctx = NULL;
794 #else
795 	ldns_status ps;
796 #endif
797 	size_t i;
798 	ldns_rr* tlsa_rr;
799 	ldns_rr_list *usable_tlsas;
800 	ldns_status s = LDNS_STATUS_OK;
801 
802 	assert(cert != NULL);
803 
804 	if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0)
805 		/* No TLSA's, so regular PKIX validation
806 		 */
807 		return ldns_dane_pkix_validate(cert, extra_certs,
808 				pkix_validation_store);
809 
810 /* To enable name checks (which we don't) */
811 #if defined(USE_DANE_TA_USAGE) && 0
812 	else if (!(basename_rdf = ldns_dname_clone_from(
813 					ldns_rr_list_owner(tlsas), 2)))
814 		/* Could nog get DANE base name */
815 		s = LDNS_STATUS_ERR;
816 
817 	else if (!(basename = ldns_rdf2str(basename_rdf)))
818 		s = LDNS_STATUS_MEM_ERR;
819 
820 	else if (strlen(basename) && (basename[strlen(basename)-1]  = 0))
821 		s = LDNS_STATUS_ERR; /* Intended to be unreachable */
822 #endif
823 
824 	else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas)))
825 		return LDNS_STATUS_MEM_ERR;
826 
827 	else if (ldns_rr_list_rr_count(usable_tlsas) == 0) {
828 		/* No TLSA's, so regular PKIX validation
829 		 */
830 		ldns_rr_list_free(usable_tlsas);
831 		return ldns_dane_pkix_validate(cert, extra_certs,
832 				pkix_validation_store);
833 	}
834 #if defined(USE_DANE_TA_USAGE)
835 	/* Rely on OpenSSL dane functions.
836 	 *
837 	 * OpenSSL does not provide offline dane verification.  The dane unit
838 	 * tests within openssl use the undocumented SSL_get0_dane() and
839 	 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
840 	 * SSL_CTX to a X509_STORE_CTX that can be used to do offline
841 	 * verification.  We use these undocumented means with the ldns
842 	 * dane function prototypes which did only offline dane verification.
843 	 */
844 	if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
845 		s = LDNS_STATUS_MEM_ERR;
846 
847 	else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
848 		s = LDNS_STATUS_SSL_ERR;
849 
850 	else if (SSL_CTX_dane_set_flags(
851 				ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
852 			!(ssl = SSL_new(ssl_ctx)))
853 		s = LDNS_STATUS_MEM_ERR;
854 
855 	else if (SSL_set_connect_state(ssl),
856 			(SSL_dane_enable(ssl, basename) <= 0))
857 		s = LDNS_STATUS_SSL_ERR;
858 
859 	else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
860 		ldns_tlsa_certificate_usage usage;
861 		ldns_tlsa_selector          selector;
862 		ldns_tlsa_matching_type     mtype;
863 		ldns_rdf*                   data;
864 
865 		tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
866 		usage   = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0));
867 		selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1));
868 		mtype   = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2));
869 		data    =                      ldns_rr_rdf(tlsa_rr,3) ;
870 
871 		if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
872 					ldns_rdf_data(data),
873 					ldns_rdf_size(data)) <= 0) {
874 			s = LDNS_STATUS_SSL_ERR;
875 			break;
876 		}
877 	}
878 	if (!s && !(store_ctx =  X509_STORE_CTX_new()))
879 		s = LDNS_STATUS_MEM_ERR;
880 
881 	else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
882 		s = LDNS_STATUS_SSL_ERR;
883 
884 	else {
885 		int ret;
886 
887 		X509_STORE_CTX_set_default(store_ctx,
888 				SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
889 		X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
890 				SSL_get0_param(ssl));
891 		X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
892 		if (SSL_get_verify_callback(ssl))
893 			X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
894 
895 		ret = X509_verify_cert(store_ctx);
896 		if (!ret) {
897 			if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
898 				s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
899 			else
900 				s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
901 		}
902 		X509_STORE_CTX_cleanup(store_ctx);
903 	}
904 	if (store_ctx)
905 		X509_STORE_CTX_free(store_ctx);
906 	if (ssl)
907 		SSL_free(ssl);
908 	if (ssl_ctx)
909 		SSL_CTX_free(ssl_ctx);
910 	if (basename)
911 		free(basename);
912 	ldns_rdf_deep_free(basename_rdf);
913 #else
914 	for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
915 		tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
916 		ps = s;
917 		s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
918 				pkix_validation_store);
919 
920 		if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
921 		    s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE &&
922 		    s != LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA) {
923 
924 			/* which would be LDNS_STATUS_OK (match)
925 			 * or some fatal error preventing use from
926 			 * trying the next TLSA record.
927 			 */
928 			break;
929 		}
930 		s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA
931 		                        * over PKIX_DID_NOT_VALIDATE
932 					* over TLSA_DID_NOT_MATCH
933 					*/
934 	}
935 #endif
936 	ldns_rr_list_free(usable_tlsas);
937 	return s;
938 }
939 #endif /* USE_DANE_VERIFY */
940 #endif /* HAVE_SSL */
941 #endif /* USE_DANE */
942