1 /* 2 * Verify or create TLS authentication with DANE (RFC6698) 3 * 4 * (c) NLnetLabs 2012-2020 5 * 6 * See the file LICENSE for the license. 7 * 8 */ 9 10 #include <ldns/config.h> 11 #ifdef USE_DANE 12 13 #include <ldns/ldns.h> 14 #include <ldns/dane.h> 15 16 #include <unistd.h> 17 #include <stdlib.h> 18 #include <sys/types.h> 19 #ifdef HAVE_SYS_SOCKET_H 20 #include <sys/socket.h> 21 #endif 22 #ifdef HAVE_NETDB_H 23 #include <netdb.h> 24 #endif 25 26 #ifdef HAVE_SSL 27 #include <openssl/ssl.h> 28 #include <openssl/err.h> 29 #include <openssl/x509v3.h> 30 #endif 31 32 /* OpenSSL context options. At the moment, disable SSLv2, SSLv3 33 * and Compression, if available. TLSv1.0 is allowed at the moment. 34 * TLSv1.1 is the first to provide elliptic curves, so it is usually 35 * allowed in a TLS stack. TLSv1.2 is the first to provide authentication 36 * modes of operation, like GCM. The defines below are a moving 37 * target based on OpenSSL library version. Grep is useful to find 38 * the defines: grep -IR SSL_OP_NO_ /usr/include/openssl. 39 */ 40 #ifdef HAVE_SSL 41 # ifdef SSL_OP_NO_SSLv2 42 const long NoOpenSSLv2 = SSL_OP_NO_SSLv2; 43 # else 44 const long NoOpenSSLv2 = 0L; 45 # endif 46 # ifdef SSL_OP_NO_SSLv3 47 const long NoOpenSSLv3 = SSL_OP_NO_SSLv3; 48 # else 49 const long NoOpenSSLv3 = 0L; 50 # endif 51 # ifdef SSL_OP_NO_TLSv1 52 const long NoOpenTLSv1 = SSL_OP_NO_TLSv1; 53 # else 54 const long NoOpenTLSv1 = 0L; 55 # endif 56 # ifdef SSL_OP_NO_DTLSv1 57 const long NoOpenDTLSv1 = SSL_OP_NO_DTLSv1; 58 # else 59 const long NoOpenDTLSv1 = 0L; 60 # endif 61 # ifdef SSL_OP_NO_COMPRESSION 62 const long NoOpenSSLCompression = SSL_OP_NO_COMPRESSION; 63 # else 64 const long NoOpenSSLCompression = 0L; 65 # endif 66 #endif 67 68 #if defined(USE_DANE_VERIFY) && defined(USE_DANE_TA_USAGE) 69 static SSL_CTX* 70 ldns_dane_new_ssl_context(void) 71 { 72 SSL_CTX* ssl_ctx; 73 74 ssl_ctx = SSL_CTX_new(TLS_client_method()); 75 if (ssl_ctx != NULL) 76 { 77 /* ldns allows TLS and DTLS v1.0 at the moment. Some may disagree. 78 * Sometime in the future they may be disabled, too. Maybe 79 * --disable-tlsv1 and --disable-dtlsv1 should be configure options. 80 */ 81 long flags = NoOpenSSLv2 | NoOpenSSLv3 | NoOpenSSLCompression; 82 SSL_CTX_set_options(ssl_ctx, flags); 83 } 84 85 return ssl_ctx; 86 } 87 #endif 88 89 ldns_status 90 ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, 91 uint16_t port, ldns_dane_transport transport) 92 { 93 char buf[LDNS_MAX_DOMAINLEN]; 94 size_t s; 95 96 assert(tlsa_owner != NULL); 97 assert(name != NULL); 98 assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME); 99 100 s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port); 101 buf[0] = (char)(s - 1); 102 103 switch(transport) { 104 case LDNS_DANE_TRANSPORT_TCP: 105 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp"); 106 break; 107 108 case LDNS_DANE_TRANSPORT_UDP: 109 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp"); 110 break; 111 112 case LDNS_DANE_TRANSPORT_SCTP: 113 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp"); 114 break; 115 116 default: 117 return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT; 118 } 119 if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) { 120 return LDNS_STATUS_DOMAINNAME_OVERFLOW; 121 } 122 memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name)); 123 *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, 124 s + ldns_rdf_size(name), buf); 125 if (*tlsa_owner == NULL) { 126 return LDNS_STATUS_MEM_ERR; 127 } 128 return LDNS_STATUS_OK; 129 } 130 131 132 #ifdef HAVE_SSL 133 ldns_status 134 ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, 135 ldns_tlsa_selector selector, 136 ldns_tlsa_matching_type matching_type) 137 { 138 unsigned char* buf = NULL; 139 size_t len; 140 141 X509_PUBKEY* xpubkey; 142 EVP_PKEY* epubkey; 143 144 unsigned char* digest; 145 146 assert(rdf != NULL); 147 assert(cert != NULL); 148 149 switch(selector) { 150 case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE: 151 152 len = (size_t)i2d_X509(cert, &buf); 153 break; 154 155 case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO: 156 157 #ifndef S_SPLINT_S 158 xpubkey = X509_get_X509_PUBKEY(cert); 159 #endif 160 if (! xpubkey) { 161 return LDNS_STATUS_SSL_ERR; 162 } 163 epubkey = X509_PUBKEY_get(xpubkey); 164 if (! epubkey) { 165 return LDNS_STATUS_SSL_ERR; 166 } 167 len = (size_t)i2d_PUBKEY(epubkey, &buf); 168 break; 169 170 default: 171 return LDNS_STATUS_DANE_UNKNOWN_SELECTOR; 172 } 173 174 switch(matching_type) { 175 case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED: 176 177 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf); 178 179 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; 180 break; 181 182 case LDNS_TLSA_MATCHING_TYPE_SHA256: 183 184 digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH); 185 if (digest == NULL) { 186 LDNS_FREE(buf); 187 return LDNS_STATUS_MEM_ERR; 188 } 189 (void) ldns_sha256(buf, (unsigned int)len, digest); 190 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH, 191 digest); 192 LDNS_FREE(buf); 193 194 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; 195 break; 196 197 case LDNS_TLSA_MATCHING_TYPE_SHA512: 198 199 digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH); 200 if (digest == NULL) { 201 LDNS_FREE(buf); 202 return LDNS_STATUS_MEM_ERR; 203 } 204 (void) ldns_sha512(buf, (unsigned int)len, digest); 205 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH, 206 digest); 207 LDNS_FREE(buf); 208 209 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; 210 break; 211 212 default: 213 LDNS_FREE(buf); 214 return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE; 215 } 216 } 217 218 219 /* Ordinary PKIX validation of cert (with extra_certs to help) 220 * against the CA's in store 221 */ 222 static ldns_status 223 ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs, 224 X509_STORE* store) 225 { 226 X509_STORE_CTX* vrfy_ctx; 227 ldns_status s; 228 229 if (! store) { 230 return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 231 } 232 vrfy_ctx = X509_STORE_CTX_new(); 233 if (! vrfy_ctx) { 234 235 return LDNS_STATUS_SSL_ERR; 236 237 } else if (X509_STORE_CTX_init(vrfy_ctx, store, 238 cert, extra_certs) != 1) { 239 s = LDNS_STATUS_SSL_ERR; 240 241 } else if (X509_verify_cert(vrfy_ctx) == 1) { 242 243 s = LDNS_STATUS_OK; 244 245 } else { 246 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 247 } 248 X509_STORE_CTX_free(vrfy_ctx); 249 return s; 250 } 251 252 253 /* Ordinary PKIX validation of cert (with extra_certs to help) 254 * against the CA's in store, but also return the validation chain. 255 */ 256 static ldns_status 257 ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert, 258 STACK_OF(X509)* extra_certs, X509_STORE* store) 259 { 260 ldns_status s; 261 X509_STORE* empty_store = NULL; 262 X509_STORE_CTX* vrfy_ctx; 263 264 assert(chain != NULL); 265 266 if (! store) { 267 store = empty_store = X509_STORE_new(); 268 } 269 s = LDNS_STATUS_SSL_ERR; 270 vrfy_ctx = X509_STORE_CTX_new(); 271 if (! vrfy_ctx) { 272 273 goto exit_free_empty_store; 274 275 } else if (X509_STORE_CTX_init(vrfy_ctx, store, 276 cert, extra_certs) != 1) { 277 goto exit_free_vrfy_ctx; 278 279 } else if (X509_verify_cert(vrfy_ctx) == 1) { 280 281 s = LDNS_STATUS_OK; 282 283 } else { 284 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 285 } 286 *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); 287 if (! *chain) { 288 s = LDNS_STATUS_SSL_ERR; 289 } 290 291 exit_free_vrfy_ctx: 292 X509_STORE_CTX_free(vrfy_ctx); 293 294 exit_free_empty_store: 295 if (empty_store) { 296 X509_STORE_free(empty_store); 297 } 298 return s; 299 } 300 301 302 /* Return the validation chain that can be build out of cert, with extra_certs. 303 */ 304 static ldns_status 305 ldns_dane_pkix_get_chain(STACK_OF(X509)** chain, 306 X509* cert, STACK_OF(X509)* extra_certs) 307 { 308 ldns_status s; 309 X509_STORE* empty_store = NULL; 310 X509_STORE_CTX* vrfy_ctx; 311 312 assert(chain != NULL); 313 314 empty_store = X509_STORE_new(); 315 s = LDNS_STATUS_SSL_ERR; 316 vrfy_ctx = X509_STORE_CTX_new(); 317 if (! vrfy_ctx) { 318 319 goto exit_free_empty_store; 320 321 } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, 322 cert, extra_certs) != 1) { 323 goto exit_free_vrfy_ctx; 324 } 325 (void) X509_verify_cert(vrfy_ctx); 326 *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); 327 if (! *chain) { 328 s = LDNS_STATUS_SSL_ERR; 329 } else { 330 s = LDNS_STATUS_OK; 331 } 332 exit_free_vrfy_ctx: 333 X509_STORE_CTX_free(vrfy_ctx); 334 335 exit_free_empty_store: 336 X509_STORE_free(empty_store); 337 return s; 338 } 339 340 341 /* Pop n+1 certs and return the last popped. 342 */ 343 static ldns_status 344 ldns_dane_get_nth_cert_from_validation_chain( 345 X509** cert, STACK_OF(X509)* chain, int n, bool ca) 346 { 347 if (n >= sk_X509_num(chain) || n < 0) { 348 return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE; 349 } 350 *cert = sk_X509_pop(chain); 351 while (n-- > 0) { 352 X509_free(*cert); 353 *cert = sk_X509_pop(chain); 354 } 355 if (ca && ! X509_check_ca(*cert)) { 356 return LDNS_STATUS_DANE_NON_CA_CERTIFICATE; 357 } 358 return LDNS_STATUS_OK; 359 } 360 361 362 /* Create validation chain with cert and extra_certs and returns the last 363 * self-signed (if present). 364 */ 365 static ldns_status 366 ldns_dane_pkix_get_last_self_signed(X509** out_cert, 367 X509* cert, STACK_OF(X509)* extra_certs) 368 { 369 ldns_status s; 370 X509_STORE* empty_store = NULL; 371 X509_STORE_CTX* vrfy_ctx; 372 373 assert(out_cert != NULL); 374 375 empty_store = X509_STORE_new(); 376 s = LDNS_STATUS_SSL_ERR; 377 vrfy_ctx = X509_STORE_CTX_new(); 378 if (! vrfy_ctx) { 379 goto exit_free_empty_store; 380 381 } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, 382 cert, extra_certs) != 1) { 383 goto exit_free_vrfy_ctx; 384 385 } 386 (void) X509_verify_cert(vrfy_ctx); 387 if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || 388 X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){ 389 390 *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx); 391 s = LDNS_STATUS_OK; 392 } else { 393 s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR; 394 } 395 exit_free_vrfy_ctx: 396 X509_STORE_CTX_free(vrfy_ctx); 397 398 exit_free_empty_store: 399 X509_STORE_free(empty_store); 400 return s; 401 } 402 403 404 ldns_status 405 ldns_dane_select_certificate(X509** selected_cert, 406 X509* cert, STACK_OF(X509)* extra_certs, 407 X509_STORE* pkix_validation_store, 408 ldns_tlsa_certificate_usage cert_usage, int offset) 409 { 410 ldns_status s; 411 STACK_OF(X509)* pkix_validation_chain = NULL; 412 413 assert(selected_cert != NULL); 414 assert(cert != NULL); 415 416 /* With PKIX validation explicitly turned off (pkix_validation_store 417 * == NULL), treat the "CA constraint" and "Service certificate 418 * constraint" the same as "Trust anchor assertion" and "Domain issued 419 * certificate" respectively. 420 */ 421 if (pkix_validation_store == NULL) { 422 switch (cert_usage) { 423 424 case LDNS_TLSA_USAGE_CA_CONSTRAINT: 425 426 cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION; 427 break; 428 429 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: 430 431 cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE; 432 break; 433 434 default: 435 break; 436 } 437 } 438 439 /* Now what to do with each Certificate usage... 440 */ 441 switch (cert_usage) { 442 443 case LDNS_TLSA_USAGE_CA_CONSTRAINT: 444 445 s = ldns_dane_pkix_validate_and_get_chain( 446 &pkix_validation_chain, 447 cert, extra_certs, 448 pkix_validation_store); 449 if (! pkix_validation_chain) { 450 return s; 451 } 452 if (s == LDNS_STATUS_OK) { 453 if (offset == -1) { 454 offset = 0; 455 } 456 s = ldns_dane_get_nth_cert_from_validation_chain( 457 selected_cert, pkix_validation_chain, 458 offset, true); 459 } 460 sk_X509_pop_free(pkix_validation_chain, X509_free); 461 return s; 462 break; 463 464 465 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: 466 467 *selected_cert = cert; 468 return ldns_dane_pkix_validate(cert, extra_certs, 469 pkix_validation_store); 470 break; 471 472 473 case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: 474 475 if (offset == -1) { 476 s = ldns_dane_pkix_get_last_self_signed( 477 selected_cert, cert, extra_certs); 478 return s; 479 } else { 480 s = ldns_dane_pkix_get_chain( 481 &pkix_validation_chain, 482 cert, extra_certs); 483 if (s == LDNS_STATUS_OK) { 484 s = 485 ldns_dane_get_nth_cert_from_validation_chain( 486 selected_cert, pkix_validation_chain, 487 offset, false); 488 } else if (! pkix_validation_chain) { 489 return s; 490 } 491 sk_X509_pop_free(pkix_validation_chain, X509_free); 492 return s; 493 } 494 break; 495 496 497 case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: 498 499 *selected_cert = cert; 500 return LDNS_STATUS_OK; 501 break; 502 503 default: 504 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; 505 break; 506 } 507 } 508 509 510 ldns_status 511 ldns_dane_create_tlsa_rr(ldns_rr** tlsa, 512 ldns_tlsa_certificate_usage certificate_usage, 513 ldns_tlsa_selector selector, 514 ldns_tlsa_matching_type matching_type, 515 X509* cert) 516 { 517 ldns_rdf* rdf; 518 ldns_status s; 519 520 assert(tlsa != NULL); 521 assert(cert != NULL); 522 523 /* create rr */ 524 *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA); 525 if (*tlsa == NULL) { 526 return LDNS_STATUS_MEM_ERR; 527 } 528 529 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, 530 (uint8_t)certificate_usage); 531 if (rdf == NULL) { 532 goto memerror; 533 } 534 (void) ldns_rr_set_rdf(*tlsa, rdf, 0); 535 536 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector); 537 if (rdf == NULL) { 538 goto memerror; 539 } 540 (void) ldns_rr_set_rdf(*tlsa, rdf, 1); 541 542 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type); 543 if (rdf == NULL) { 544 goto memerror; 545 } 546 (void) ldns_rr_set_rdf(*tlsa, rdf, 2); 547 548 s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type); 549 if (s == LDNS_STATUS_OK) { 550 (void) ldns_rr_set_rdf(*tlsa, rdf, 3); 551 return LDNS_STATUS_OK; 552 } 553 ldns_rr_free(*tlsa); 554 *tlsa = NULL; 555 return s; 556 557 memerror: 558 ldns_rr_free(*tlsa); 559 *tlsa = NULL; 560 return LDNS_STATUS_MEM_ERR; 561 } 562 563 564 #ifdef USE_DANE_VERIFY 565 /* Return tlsas that actually are TLSA resource records with known values 566 * for the Certificate usage, Selector and Matching type rdata fields. 567 */ 568 static ldns_rr_list* 569 ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas) 570 { 571 size_t i; 572 ldns_rr_list* r = ldns_rr_list_new(); 573 ldns_rr* tlsa_rr; 574 575 if (! r) { 576 return NULL; 577 } 578 for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) { 579 tlsa_rr = ldns_rr_list_rr(tlsas, i); 580 if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA && 581 ldns_rr_rd_count(tlsa_rr) == 4 && 582 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 && 583 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 && 584 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) { 585 586 if (! ldns_rr_list_push_rr(r, tlsa_rr)) { 587 ldns_rr_list_free(r); 588 return NULL; 589 } 590 } 591 } 592 return r; 593 } 594 595 596 #if !defined(USE_DANE_TA_USAGE) 597 /* Return whether cert/selector/matching_type matches data. 598 */ 599 static ldns_status 600 ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector, 601 ldns_tlsa_matching_type matching_type, ldns_rdf* data) 602 { 603 ldns_status s; 604 ldns_rdf* match_data; 605 606 s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type); 607 if (s == LDNS_STATUS_OK) { 608 if (ldns_rdf_compare(data, match_data) != 0) { 609 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; 610 } 611 ldns_rdf_free(match_data); 612 } 613 return s; 614 } 615 616 617 /* Return whether any certificate from the chain with selector/matching_type 618 * matches data. 619 * ca should be true if the certificate has to be a CA certificate too. 620 */ 621 static ldns_status 622 ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain, 623 ldns_tlsa_selector selector, 624 ldns_tlsa_matching_type matching_type, 625 ldns_rdf* data, bool ca) 626 { 627 ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; 628 size_t n, i; 629 X509* cert; 630 631 n = (size_t)sk_X509_num(chain); 632 for (i = 0; i < n; i++) { 633 cert = sk_X509_pop(chain); 634 if (! cert) { 635 s = LDNS_STATUS_SSL_ERR; 636 break; 637 } 638 s = ldns_dane_match_cert_with_data(cert, 639 selector, matching_type, data); 640 if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) { 641 s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE; 642 } 643 X509_free(cert); 644 if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) { 645 break; 646 } 647 /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, 648 * try to match the next certificate 649 */ 650 } 651 return s; 652 } 653 #endif /* !defined(USE_DANE_TA_USAGE) */ 654 #endif /* USE_DANE_VERIFY */ 655 656 #ifdef USE_DANE_VERIFY 657 ldns_status 658 ldns_dane_verify_rr(const ldns_rr* tlsa_rr, 659 X509* cert, STACK_OF(X509)* extra_certs, 660 X509_STORE* pkix_validation_store) 661 { 662 #if defined(USE_DANE_TA_USAGE) 663 SSL_CTX *ssl_ctx = NULL; 664 SSL *ssl = NULL; 665 X509_STORE_CTX *store_ctx = NULL; 666 #else 667 STACK_OF(X509)* pkix_validation_chain = NULL; 668 #endif 669 ldns_status s = LDNS_STATUS_OK; 670 671 ldns_tlsa_certificate_usage usage; 672 ldns_tlsa_selector selector; 673 ldns_tlsa_matching_type mtype; 674 ldns_rdf* data; 675 676 if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA || 677 ldns_rr_rd_count(tlsa_rr) != 4 || 678 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 || 679 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 || 680 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) { 681 /* No (usable) TLSA, so regular PKIX validation 682 */ 683 return ldns_dane_pkix_validate(cert, extra_certs, 684 pkix_validation_store); 685 } 686 usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)); 687 selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)); 688 mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)); 689 data = ldns_rr_rdf(tlsa_rr, 3) ; 690 691 #if defined(USE_DANE_TA_USAGE) 692 /* Rely on OpenSSL dane functions. 693 * 694 * OpenSSL does not provide offline dane verification. The dane unit 695 * tests within openssl use the undocumented SSL_get0_dane() and 696 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and 697 * SSL_CTX to a X509_STORE_CTX that can be used to do offline 698 * verification. We use these undocumented means with the ldns 699 * dane function prototypes which did only offline dane verification. 700 */ 701 if (!(ssl_ctx = ldns_dane_new_ssl_context())) 702 s = LDNS_STATUS_MEM_ERR; 703 704 else if (SSL_CTX_dane_enable(ssl_ctx) <= 0) 705 s = LDNS_STATUS_SSL_ERR; 706 707 else if (SSL_CTX_dane_set_flags( 708 ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS), 709 !(ssl = SSL_new(ssl_ctx))) 710 s = LDNS_STATUS_MEM_ERR; 711 712 else if (SSL_set_connect_state(ssl), 713 (SSL_dane_enable(ssl, NULL) <= 0)) 714 s = LDNS_STATUS_SSL_ERR; 715 716 else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype, 717 ldns_rdf_data(data), ldns_rdf_size(data)) <= 0) 718 s = LDNS_STATUS_SSL_ERR; 719 720 else if (!(store_ctx = X509_STORE_CTX_new())) 721 s = LDNS_STATUS_MEM_ERR; 722 723 else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs)) 724 s = LDNS_STATUS_SSL_ERR; 725 726 else { 727 int ret; 728 729 X509_STORE_CTX_set_default(store_ctx, 730 SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); 731 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), 732 SSL_get0_param(ssl)); 733 X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl)); 734 if (SSL_get_verify_callback(ssl)) 735 X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); 736 737 ret = X509_verify_cert(store_ctx); 738 if (!ret) { 739 if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH) 740 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; 741 else 742 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 743 } 744 X509_STORE_CTX_cleanup(store_ctx); 745 } 746 if (store_ctx) 747 X509_STORE_CTX_free(store_ctx); 748 if (ssl) 749 SSL_free(ssl); 750 if (ssl_ctx) 751 SSL_CTX_free(ssl_ctx); 752 return s; 753 #else 754 switch (usage) { 755 case LDNS_TLSA_USAGE_CA_CONSTRAINT: 756 s = ldns_dane_pkix_validate_and_get_chain( 757 &pkix_validation_chain, 758 cert, extra_certs, 759 pkix_validation_store); 760 if (! pkix_validation_chain) { 761 return s; 762 } 763 if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) { 764 /* 765 * NO PKIX validation. We still try to match *any* 766 * certificate from the chain, so we return 767 * TLSA errors over PKIX errors. 768 * 769 * i.e. When the TLSA matches no certificate, we return 770 * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE 771 */ 772 s = ldns_dane_match_any_cert_with_data( 773 pkix_validation_chain, 774 selector, mtype, data, true); 775 776 if (s == LDNS_STATUS_OK) { 777 /* A TLSA record did match a cert from the 778 * chain, thus the error is failed PKIX 779 * validation. 780 */ 781 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 782 } 783 784 } else if (s == LDNS_STATUS_OK) { 785 /* PKIX validated, does the TLSA match too? */ 786 787 s = ldns_dane_match_any_cert_with_data( 788 pkix_validation_chain, 789 selector, mtype, data, true); 790 } 791 sk_X509_pop_free(pkix_validation_chain, X509_free); 792 return s; 793 break; 794 795 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: 796 797 s = ldns_dane_match_cert_with_data(cert, 798 selector, mtype, data); 799 800 if (s == LDNS_STATUS_OK) { 801 return ldns_dane_pkix_validate(cert, extra_certs, 802 pkix_validation_store); 803 } 804 return s; 805 break; 806 807 case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: 808 #if 0 809 s = ldns_dane_pkix_get_chain(&pkix_validation_chain, 810 cert, extra_certs); 811 812 if (s == LDNS_STATUS_OK) { 813 s = ldns_dane_match_any_cert_with_data( 814 pkix_validation_chain, 815 selector, mtype, data, false); 816 817 } else if (! pkix_validation_chain) { 818 return s; 819 } 820 sk_X509_pop_free(pkix_validation_chain, X509_free); 821 return s; 822 #else 823 return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA; 824 #endif 825 break; 826 827 case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: 828 return ldns_dane_match_cert_with_data(cert, 829 selector, mtype, data); 830 break; 831 832 default: 833 break; 834 } 835 #endif 836 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; 837 } 838 839 840 ldns_status 841 ldns_dane_verify(const ldns_rr_list* tlsas, 842 X509* cert, STACK_OF(X509)* extra_certs, 843 X509_STORE* pkix_validation_store) 844 { 845 #if defined(USE_DANE_TA_USAGE) 846 SSL_CTX *ssl_ctx = NULL; 847 ldns_rdf *basename_rdf = NULL; 848 char *basename = NULL; 849 SSL *ssl = NULL; 850 X509_STORE_CTX *store_ctx = NULL; 851 #else 852 ldns_status ps; 853 #endif 854 size_t i; 855 ldns_rr* tlsa_rr; 856 ldns_rr_list *usable_tlsas; 857 ldns_status s = LDNS_STATUS_OK; 858 859 assert(cert != NULL); 860 861 if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) 862 /* No TLSA's, so regular PKIX validation 863 */ 864 return ldns_dane_pkix_validate(cert, extra_certs, 865 pkix_validation_store); 866 867 /* To enable name checks (which we don't) */ 868 #if defined(USE_DANE_TA_USAGE) && 0 869 else if (!(basename_rdf = ldns_dname_clone_from( 870 ldns_rr_list_owner(tlsas), 2))) 871 /* Could nog get DANE base name */ 872 s = LDNS_STATUS_ERR; 873 874 else if (!(basename = ldns_rdf2str(basename_rdf))) 875 s = LDNS_STATUS_MEM_ERR; 876 877 else if (strlen(basename) && (basename[strlen(basename)-1] = 0)) 878 s = LDNS_STATUS_ERR; /* Intended to be unreachable */ 879 #endif 880 881 else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas))) 882 return LDNS_STATUS_MEM_ERR; 883 884 else if (ldns_rr_list_rr_count(usable_tlsas) == 0) { 885 /* No TLSA's, so regular PKIX validation 886 */ 887 ldns_rr_list_free(usable_tlsas); 888 return ldns_dane_pkix_validate(cert, extra_certs, 889 pkix_validation_store); 890 } 891 #if defined(USE_DANE_TA_USAGE) 892 /* Rely on OpenSSL dane functions. 893 * 894 * OpenSSL does not provide offline dane verification. The dane unit 895 * tests within openssl use the undocumented SSL_get0_dane() and 896 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and 897 * SSL_CTX to a X509_STORE_CTX that can be used to do offline 898 * verification. We use these undocumented means with the ldns 899 * dane function prototypes which did only offline dane verification. 900 */ 901 if (!(ssl_ctx = ldns_dane_new_ssl_context())) 902 s = LDNS_STATUS_MEM_ERR; 903 904 else if (SSL_CTX_dane_enable(ssl_ctx) <= 0) 905 s = LDNS_STATUS_SSL_ERR; 906 907 else if (SSL_CTX_dane_set_flags( 908 ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS), 909 !(ssl = SSL_new(ssl_ctx))) 910 s = LDNS_STATUS_MEM_ERR; 911 912 else if (SSL_set_connect_state(ssl), 913 (SSL_dane_enable(ssl, basename) <= 0)) 914 s = LDNS_STATUS_SSL_ERR; 915 916 else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) { 917 ldns_tlsa_certificate_usage usage; 918 ldns_tlsa_selector selector; 919 ldns_tlsa_matching_type mtype; 920 ldns_rdf* data; 921 922 tlsa_rr = ldns_rr_list_rr(usable_tlsas, i); 923 usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0)); 924 selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1)); 925 mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2)); 926 data = ldns_rr_rdf(tlsa_rr,3) ; 927 928 if (SSL_dane_tlsa_add(ssl, usage, selector, mtype, 929 ldns_rdf_data(data), 930 ldns_rdf_size(data)) <= 0) { 931 s = LDNS_STATUS_SSL_ERR; 932 break; 933 } 934 } 935 if (!s && !(store_ctx = X509_STORE_CTX_new())) 936 s = LDNS_STATUS_MEM_ERR; 937 938 else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs)) 939 s = LDNS_STATUS_SSL_ERR; 940 941 else { 942 int ret; 943 944 X509_STORE_CTX_set_default(store_ctx, 945 SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); 946 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), 947 SSL_get0_param(ssl)); 948 X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl)); 949 if (SSL_get_verify_callback(ssl)) 950 X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); 951 952 ret = X509_verify_cert(store_ctx); 953 if (!ret) { 954 if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH) 955 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; 956 else 957 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 958 } 959 X509_STORE_CTX_cleanup(store_ctx); 960 } 961 if (store_ctx) 962 X509_STORE_CTX_free(store_ctx); 963 if (ssl) 964 SSL_free(ssl); 965 if (ssl_ctx) 966 SSL_CTX_free(ssl_ctx); 967 if (basename) 968 free(basename); 969 ldns_rdf_deep_free(basename_rdf); 970 #else 971 for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) { 972 tlsa_rr = ldns_rr_list_rr(usable_tlsas, i); 973 ps = s; 974 s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs, 975 pkix_validation_store); 976 977 if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH && 978 s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE && 979 s != LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA) { 980 981 /* which would be LDNS_STATUS_OK (match) 982 * or some fatal error preventing use from 983 * trying the next TLSA record. 984 */ 985 break; 986 } 987 s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA 988 * over PKIX_DID_NOT_VALIDATE 989 * over TLSA_DID_NOT_MATCH 990 */ 991 } 992 #endif 993 ldns_rr_list_free(usable_tlsas); 994 return s; 995 } 996 #endif /* USE_DANE_VERIFY */ 997 #endif /* HAVE_SSL */ 998 #endif /* USE_DANE */ 999