1 /* 2 * Verify or create TLS authentication with DANE (RFC6698) 3 * 4 * (c) NLnetLabs 2012 5 * 6 * See the file LICENSE for the license. 7 * 8 */ 9 10 #include <ldns/config.h> 11 #ifdef USE_DANE 12 13 #include <ldns/ldns.h> 14 #include <ldns/dane.h> 15 16 #include <unistd.h> 17 #include <stdlib.h> 18 #include <sys/types.h> 19 #ifdef HAVE_SYS_SOCKET_H 20 #include <sys/socket.h> 21 #endif 22 #ifdef HAVE_NETDB_H 23 #include <netdb.h> 24 #endif 25 26 #ifdef HAVE_SSL 27 #include <openssl/ssl.h> 28 #include <openssl/err.h> 29 #include <openssl/x509v3.h> 30 #endif 31 32 ldns_status 33 ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, 34 uint16_t port, ldns_dane_transport transport) 35 { 36 char buf[LDNS_MAX_DOMAINLEN]; 37 size_t s; 38 39 assert(tlsa_owner != NULL); 40 assert(name != NULL); 41 assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME); 42 43 s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port); 44 buf[0] = (char)(s - 1); 45 46 switch(transport) { 47 case LDNS_DANE_TRANSPORT_TCP: 48 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp"); 49 break; 50 51 case LDNS_DANE_TRANSPORT_UDP: 52 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp"); 53 break; 54 55 case LDNS_DANE_TRANSPORT_SCTP: 56 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp"); 57 break; 58 59 default: 60 return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT; 61 } 62 if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) { 63 return LDNS_STATUS_DOMAINNAME_OVERFLOW; 64 } 65 memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name)); 66 *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, 67 s + ldns_rdf_size(name), buf); 68 if (*tlsa_owner == NULL) { 69 return LDNS_STATUS_MEM_ERR; 70 } 71 return LDNS_STATUS_OK; 72 } 73 74 75 #ifdef HAVE_SSL 76 ldns_status 77 ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, 78 ldns_tlsa_selector selector, 79 ldns_tlsa_matching_type matching_type) 80 { 81 unsigned char* buf = NULL; 82 size_t len; 83 84 X509_PUBKEY* xpubkey; 85 EVP_PKEY* epubkey; 86 87 unsigned char* digest; 88 89 assert(rdf != NULL); 90 assert(cert != NULL); 91 92 switch(selector) { 93 case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE: 94 95 len = (size_t)i2d_X509(cert, &buf); 96 break; 97 98 case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO: 99 100 #ifndef S_SPLINT_S 101 xpubkey = X509_get_X509_PUBKEY(cert); 102 #endif 103 if (! xpubkey) { 104 return LDNS_STATUS_SSL_ERR; 105 } 106 epubkey = X509_PUBKEY_get(xpubkey); 107 if (! epubkey) { 108 return LDNS_STATUS_SSL_ERR; 109 } 110 len = (size_t)i2d_PUBKEY(epubkey, &buf); 111 break; 112 113 default: 114 return LDNS_STATUS_DANE_UNKNOWN_SELECTOR; 115 } 116 117 switch(matching_type) { 118 case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED: 119 120 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf); 121 122 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; 123 break; 124 125 case LDNS_TLSA_MATCHING_TYPE_SHA256: 126 127 digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH); 128 if (digest == NULL) { 129 LDNS_FREE(buf); 130 return LDNS_STATUS_MEM_ERR; 131 } 132 (void) ldns_sha256(buf, (unsigned int)len, digest); 133 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH, 134 digest); 135 LDNS_FREE(buf); 136 137 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; 138 break; 139 140 case LDNS_TLSA_MATCHING_TYPE_SHA512: 141 142 digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH); 143 if (digest == NULL) { 144 LDNS_FREE(buf); 145 return LDNS_STATUS_MEM_ERR; 146 } 147 (void) ldns_sha512(buf, (unsigned int)len, digest); 148 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH, 149 digest); 150 LDNS_FREE(buf); 151 152 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; 153 break; 154 155 default: 156 LDNS_FREE(buf); 157 return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE; 158 } 159 } 160 161 162 /* Ordinary PKIX validation of cert (with extra_certs to help) 163 * against the CA's in store 164 */ 165 static ldns_status 166 ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs, 167 X509_STORE* store) 168 { 169 X509_STORE_CTX* vrfy_ctx; 170 ldns_status s; 171 172 if (! store) { 173 return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 174 } 175 vrfy_ctx = X509_STORE_CTX_new(); 176 if (! vrfy_ctx) { 177 178 return LDNS_STATUS_SSL_ERR; 179 180 } else if (X509_STORE_CTX_init(vrfy_ctx, store, 181 cert, extra_certs) != 1) { 182 s = LDNS_STATUS_SSL_ERR; 183 184 } else if (X509_verify_cert(vrfy_ctx) == 1) { 185 186 s = LDNS_STATUS_OK; 187 188 } else { 189 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 190 } 191 X509_STORE_CTX_free(vrfy_ctx); 192 return s; 193 } 194 195 196 /* Orinary PKIX validation of cert (with extra_certs to help) 197 * against the CA's in store, but also return the validation chain. 198 */ 199 static ldns_status 200 ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert, 201 STACK_OF(X509)* extra_certs, X509_STORE* store) 202 { 203 ldns_status s; 204 X509_STORE* empty_store = NULL; 205 X509_STORE_CTX* vrfy_ctx; 206 207 assert(chain != NULL); 208 209 if (! store) { 210 store = empty_store = X509_STORE_new(); 211 } 212 s = LDNS_STATUS_SSL_ERR; 213 vrfy_ctx = X509_STORE_CTX_new(); 214 if (! vrfy_ctx) { 215 216 goto exit_free_empty_store; 217 218 } else if (X509_STORE_CTX_init(vrfy_ctx, store, 219 cert, extra_certs) != 1) { 220 goto exit_free_vrfy_ctx; 221 222 } else if (X509_verify_cert(vrfy_ctx) == 1) { 223 224 s = LDNS_STATUS_OK; 225 226 } else { 227 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 228 } 229 *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); 230 if (! *chain) { 231 s = LDNS_STATUS_SSL_ERR; 232 } 233 234 exit_free_vrfy_ctx: 235 X509_STORE_CTX_free(vrfy_ctx); 236 237 exit_free_empty_store: 238 if (empty_store) { 239 X509_STORE_free(empty_store); 240 } 241 return s; 242 } 243 244 245 /* Return the validation chain that can be build out of cert, with extra_certs. 246 */ 247 static ldns_status 248 ldns_dane_pkix_get_chain(STACK_OF(X509)** chain, 249 X509* cert, STACK_OF(X509)* extra_certs) 250 { 251 ldns_status s; 252 X509_STORE* empty_store = NULL; 253 X509_STORE_CTX* vrfy_ctx; 254 255 assert(chain != NULL); 256 257 empty_store = X509_STORE_new(); 258 s = LDNS_STATUS_SSL_ERR; 259 vrfy_ctx = X509_STORE_CTX_new(); 260 if (! vrfy_ctx) { 261 262 goto exit_free_empty_store; 263 264 } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, 265 cert, extra_certs) != 1) { 266 goto exit_free_vrfy_ctx; 267 } 268 (void) X509_verify_cert(vrfy_ctx); 269 *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); 270 if (! *chain) { 271 s = LDNS_STATUS_SSL_ERR; 272 } else { 273 s = LDNS_STATUS_OK; 274 } 275 exit_free_vrfy_ctx: 276 X509_STORE_CTX_free(vrfy_ctx); 277 278 exit_free_empty_store: 279 X509_STORE_free(empty_store); 280 return s; 281 } 282 283 284 /* Pop n+1 certs and return the last popped. 285 */ 286 static ldns_status 287 ldns_dane_get_nth_cert_from_validation_chain( 288 X509** cert, STACK_OF(X509)* chain, int n, bool ca) 289 { 290 if (n >= sk_X509_num(chain) || n < 0) { 291 return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE; 292 } 293 *cert = sk_X509_pop(chain); 294 while (n-- > 0) { 295 X509_free(*cert); 296 *cert = sk_X509_pop(chain); 297 } 298 if (ca && ! X509_check_ca(*cert)) { 299 return LDNS_STATUS_DANE_NON_CA_CERTIFICATE; 300 } 301 return LDNS_STATUS_OK; 302 } 303 304 305 /* Create validation chain with cert and extra_certs and returns the last 306 * self-signed (if present). 307 */ 308 static ldns_status 309 ldns_dane_pkix_get_last_self_signed(X509** out_cert, 310 X509* cert, STACK_OF(X509)* extra_certs) 311 { 312 ldns_status s; 313 X509_STORE* empty_store = NULL; 314 X509_STORE_CTX* vrfy_ctx; 315 316 assert(out_cert != NULL); 317 318 empty_store = X509_STORE_new(); 319 s = LDNS_STATUS_SSL_ERR; 320 vrfy_ctx = X509_STORE_CTX_new(); 321 if (! vrfy_ctx) { 322 goto exit_free_empty_store; 323 324 } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, 325 cert, extra_certs) != 1) { 326 goto exit_free_vrfy_ctx; 327 328 } 329 (void) X509_verify_cert(vrfy_ctx); 330 if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || 331 X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){ 332 333 *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx); 334 s = LDNS_STATUS_OK; 335 } else { 336 s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR; 337 } 338 exit_free_vrfy_ctx: 339 X509_STORE_CTX_free(vrfy_ctx); 340 341 exit_free_empty_store: 342 X509_STORE_free(empty_store); 343 return s; 344 } 345 346 347 ldns_status 348 ldns_dane_select_certificate(X509** selected_cert, 349 X509* cert, STACK_OF(X509)* extra_certs, 350 X509_STORE* pkix_validation_store, 351 ldns_tlsa_certificate_usage cert_usage, int offset) 352 { 353 ldns_status s; 354 STACK_OF(X509)* pkix_validation_chain = NULL; 355 356 assert(selected_cert != NULL); 357 assert(cert != NULL); 358 359 /* With PKIX validation explicitly turned off (pkix_validation_store 360 * == NULL), treat the "CA constraint" and "Service certificate 361 * constraint" the same as "Trust anchor assertion" and "Domain issued 362 * certificate" respectively. 363 */ 364 if (pkix_validation_store == NULL) { 365 switch (cert_usage) { 366 367 case LDNS_TLSA_USAGE_CA_CONSTRAINT: 368 369 cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION; 370 break; 371 372 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: 373 374 cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE; 375 break; 376 377 default: 378 break; 379 } 380 } 381 382 /* Now what to do with each Certificate usage... 383 */ 384 switch (cert_usage) { 385 386 case LDNS_TLSA_USAGE_CA_CONSTRAINT: 387 388 s = ldns_dane_pkix_validate_and_get_chain( 389 &pkix_validation_chain, 390 cert, extra_certs, 391 pkix_validation_store); 392 if (! pkix_validation_chain) { 393 return s; 394 } 395 if (s == LDNS_STATUS_OK) { 396 if (offset == -1) { 397 offset = 0; 398 } 399 s = ldns_dane_get_nth_cert_from_validation_chain( 400 selected_cert, pkix_validation_chain, 401 offset, true); 402 } 403 sk_X509_pop_free(pkix_validation_chain, X509_free); 404 return s; 405 break; 406 407 408 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: 409 410 *selected_cert = cert; 411 return ldns_dane_pkix_validate(cert, extra_certs, 412 pkix_validation_store); 413 break; 414 415 416 case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: 417 418 if (offset == -1) { 419 s = ldns_dane_pkix_get_last_self_signed( 420 selected_cert, cert, extra_certs); 421 return s; 422 } else { 423 s = ldns_dane_pkix_get_chain( 424 &pkix_validation_chain, 425 cert, extra_certs); 426 if (s == LDNS_STATUS_OK) { 427 s = 428 ldns_dane_get_nth_cert_from_validation_chain( 429 selected_cert, pkix_validation_chain, 430 offset, false); 431 } else if (! pkix_validation_chain) { 432 return s; 433 } 434 sk_X509_pop_free(pkix_validation_chain, X509_free); 435 return s; 436 } 437 break; 438 439 440 case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: 441 442 *selected_cert = cert; 443 return LDNS_STATUS_OK; 444 break; 445 446 default: 447 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; 448 break; 449 } 450 } 451 452 453 ldns_status 454 ldns_dane_create_tlsa_rr(ldns_rr** tlsa, 455 ldns_tlsa_certificate_usage certificate_usage, 456 ldns_tlsa_selector selector, 457 ldns_tlsa_matching_type matching_type, 458 X509* cert) 459 { 460 ldns_rdf* rdf; 461 ldns_status s; 462 463 assert(tlsa != NULL); 464 assert(cert != NULL); 465 466 /* create rr */ 467 *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA); 468 if (*tlsa == NULL) { 469 return LDNS_STATUS_MEM_ERR; 470 } 471 472 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, 473 (uint8_t)certificate_usage); 474 if (rdf == NULL) { 475 goto memerror; 476 } 477 (void) ldns_rr_set_rdf(*tlsa, rdf, 0); 478 479 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector); 480 if (rdf == NULL) { 481 goto memerror; 482 } 483 (void) ldns_rr_set_rdf(*tlsa, rdf, 1); 484 485 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type); 486 if (rdf == NULL) { 487 goto memerror; 488 } 489 (void) ldns_rr_set_rdf(*tlsa, rdf, 2); 490 491 s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type); 492 if (s == LDNS_STATUS_OK) { 493 (void) ldns_rr_set_rdf(*tlsa, rdf, 3); 494 return LDNS_STATUS_OK; 495 } 496 ldns_rr_free(*tlsa); 497 *tlsa = NULL; 498 return s; 499 500 memerror: 501 ldns_rr_free(*tlsa); 502 *tlsa = NULL; 503 return LDNS_STATUS_MEM_ERR; 504 } 505 506 507 #ifdef USE_DANE_VERIFY 508 /* Return tlsas that actually are TLSA resource records with known values 509 * for the Certificate usage, Selector and Matching type rdata fields. 510 */ 511 static ldns_rr_list* 512 ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas) 513 { 514 size_t i; 515 ldns_rr_list* r = ldns_rr_list_new(); 516 ldns_rr* tlsa_rr; 517 518 if (! r) { 519 return NULL; 520 } 521 for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) { 522 tlsa_rr = ldns_rr_list_rr(tlsas, i); 523 if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA && 524 ldns_rr_rd_count(tlsa_rr) == 4 && 525 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 && 526 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 && 527 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) { 528 529 if (! ldns_rr_list_push_rr(r, tlsa_rr)) { 530 ldns_rr_list_free(r); 531 return NULL; 532 } 533 } 534 } 535 return r; 536 } 537 538 539 #if !defined(USE_DANE_TA_USAGE) 540 /* Return whether cert/selector/matching_type matches data. 541 */ 542 static ldns_status 543 ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector, 544 ldns_tlsa_matching_type matching_type, ldns_rdf* data) 545 { 546 ldns_status s; 547 ldns_rdf* match_data; 548 549 s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type); 550 if (s == LDNS_STATUS_OK) { 551 if (ldns_rdf_compare(data, match_data) != 0) { 552 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; 553 } 554 ldns_rdf_free(match_data); 555 } 556 return s; 557 } 558 559 560 /* Return whether any certificate from the chain with selector/matching_type 561 * matches data. 562 * ca should be true if the certificate has to be a CA certificate too. 563 */ 564 static ldns_status 565 ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain, 566 ldns_tlsa_selector selector, 567 ldns_tlsa_matching_type matching_type, 568 ldns_rdf* data, bool ca) 569 { 570 ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; 571 size_t n, i; 572 X509* cert; 573 574 n = (size_t)sk_X509_num(chain); 575 for (i = 0; i < n; i++) { 576 cert = sk_X509_pop(chain); 577 if (! cert) { 578 s = LDNS_STATUS_SSL_ERR; 579 break; 580 } 581 s = ldns_dane_match_cert_with_data(cert, 582 selector, matching_type, data); 583 if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) { 584 s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE; 585 } 586 X509_free(cert); 587 if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) { 588 break; 589 } 590 /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, 591 * try to match the next certificate 592 */ 593 } 594 return s; 595 } 596 #endif /* !defined(USE_DANE_TA_USAGE) */ 597 #endif /* USE_DANE_VERIFY */ 598 599 #ifdef USE_DANE_VERIFY 600 ldns_status 601 ldns_dane_verify_rr(const ldns_rr* tlsa_rr, 602 X509* cert, STACK_OF(X509)* extra_certs, 603 X509_STORE* pkix_validation_store) 604 { 605 #if defined(USE_DANE_TA_USAGE) 606 SSL_CTX *ssl_ctx = NULL; 607 SSL *ssl = NULL; 608 X509_STORE_CTX *store_ctx = NULL; 609 #else 610 STACK_OF(X509)* pkix_validation_chain = NULL; 611 #endif 612 ldns_status s = LDNS_STATUS_OK; 613 614 ldns_tlsa_certificate_usage usage; 615 ldns_tlsa_selector selector; 616 ldns_tlsa_matching_type mtype; 617 ldns_rdf* data; 618 619 if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA || 620 ldns_rr_rd_count(tlsa_rr) != 4 || 621 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 || 622 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 || 623 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) { 624 /* No (usable) TLSA, so regular PKIX validation 625 */ 626 return ldns_dane_pkix_validate(cert, extra_certs, 627 pkix_validation_store); 628 } 629 usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)); 630 selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)); 631 mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)); 632 data = ldns_rr_rdf(tlsa_rr, 3) ; 633 634 #if defined(USE_DANE_TA_USAGE) 635 /* Rely on OpenSSL dane functions. 636 * 637 * OpenSSL does not provide offline dane verification. The dane unit 638 * tests within openssl use the undocumented SSL_get0_dane() and 639 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and 640 * SSL_CTX to a X509_STORE_CTX that can be used to do offline 641 * verification. We use these undocumented means with the ldns 642 * dane function prototypes which did only offline dane verification. 643 */ 644 if (!(ssl_ctx = SSL_CTX_new(TLS_client_method()))) 645 s = LDNS_STATUS_MEM_ERR; 646 647 else if (SSL_CTX_dane_enable(ssl_ctx) <= 0) 648 s = LDNS_STATUS_SSL_ERR; 649 650 else if (SSL_CTX_dane_set_flags( 651 ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS), 652 !(ssl = SSL_new(ssl_ctx))) 653 s = LDNS_STATUS_MEM_ERR; 654 655 else if (SSL_set_connect_state(ssl), 656 (SSL_dane_enable(ssl, NULL) <= 0)) 657 s = LDNS_STATUS_SSL_ERR; 658 659 else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype, 660 ldns_rdf_data(data), ldns_rdf_size(data)) <= 0) 661 s = LDNS_STATUS_SSL_ERR; 662 663 else if (!(store_ctx = X509_STORE_CTX_new())) 664 s = LDNS_STATUS_MEM_ERR; 665 666 else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs)) 667 s = LDNS_STATUS_SSL_ERR; 668 669 else { 670 int ret; 671 672 X509_STORE_CTX_set_default(store_ctx, 673 SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); 674 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), 675 SSL_get0_param(ssl)); 676 X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl)); 677 if (SSL_get_verify_callback(ssl)) 678 X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); 679 680 ret = X509_verify_cert(store_ctx); 681 if (!ret) { 682 if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH) 683 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; 684 else 685 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 686 } 687 X509_STORE_CTX_cleanup(store_ctx); 688 } 689 if (store_ctx) 690 X509_STORE_CTX_free(store_ctx); 691 if (ssl) 692 SSL_free(ssl); 693 if (ssl_ctx) 694 SSL_CTX_free(ssl_ctx); 695 return s; 696 #else 697 switch (usage) { 698 case LDNS_TLSA_USAGE_CA_CONSTRAINT: 699 s = ldns_dane_pkix_validate_and_get_chain( 700 &pkix_validation_chain, 701 cert, extra_certs, 702 pkix_validation_store); 703 if (! pkix_validation_chain) { 704 return s; 705 } 706 if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) { 707 /* 708 * NO PKIX validation. We still try to match *any* 709 * certificate from the chain, so we return 710 * TLSA errors over PKIX errors. 711 * 712 * i.e. When the TLSA matches no certificate, we return 713 * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE 714 */ 715 s = ldns_dane_match_any_cert_with_data( 716 pkix_validation_chain, 717 selector, mtype, data, true); 718 719 if (s == LDNS_STATUS_OK) { 720 /* A TLSA record did match a cert from the 721 * chain, thus the error is failed PKIX 722 * validation. 723 */ 724 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 725 } 726 727 } else if (s == LDNS_STATUS_OK) { 728 /* PKIX validated, does the TLSA match too? */ 729 730 s = ldns_dane_match_any_cert_with_data( 731 pkix_validation_chain, 732 selector, mtype, data, true); 733 } 734 sk_X509_pop_free(pkix_validation_chain, X509_free); 735 return s; 736 break; 737 738 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: 739 740 s = ldns_dane_match_cert_with_data(cert, 741 selector, mtype, data); 742 743 if (s == LDNS_STATUS_OK) { 744 return ldns_dane_pkix_validate(cert, extra_certs, 745 pkix_validation_store); 746 } 747 return s; 748 break; 749 750 case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: 751 #if 0 752 s = ldns_dane_pkix_get_chain(&pkix_validation_chain, 753 cert, extra_certs); 754 755 if (s == LDNS_STATUS_OK) { 756 s = ldns_dane_match_any_cert_with_data( 757 pkix_validation_chain, 758 selector, mtype, data, false); 759 760 } else if (! pkix_validation_chain) { 761 return s; 762 } 763 sk_X509_pop_free(pkix_validation_chain, X509_free); 764 return s; 765 #else 766 return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA; 767 #endif 768 break; 769 770 case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: 771 return ldns_dane_match_cert_with_data(cert, 772 selector, mtype, data); 773 break; 774 775 default: 776 break; 777 } 778 #endif 779 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; 780 } 781 782 783 ldns_status 784 ldns_dane_verify(const ldns_rr_list* tlsas, 785 X509* cert, STACK_OF(X509)* extra_certs, 786 X509_STORE* pkix_validation_store) 787 { 788 #if defined(USE_DANE_TA_USAGE) 789 SSL_CTX *ssl_ctx = NULL; 790 ldns_rdf *basename_rdf = NULL; 791 char *basename = NULL; 792 SSL *ssl = NULL; 793 X509_STORE_CTX *store_ctx = NULL; 794 #else 795 ldns_status ps; 796 #endif 797 size_t i; 798 ldns_rr* tlsa_rr; 799 ldns_rr_list *usable_tlsas; 800 ldns_status s = LDNS_STATUS_OK; 801 802 assert(cert != NULL); 803 804 if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) 805 /* No TLSA's, so regular PKIX validation 806 */ 807 return ldns_dane_pkix_validate(cert, extra_certs, 808 pkix_validation_store); 809 810 /* To enable name checks (which we don't) */ 811 #if defined(USE_DANE_TA_USAGE) && 0 812 else if (!(basename_rdf = ldns_dname_clone_from( 813 ldns_rr_list_owner(tlsas), 2))) 814 /* Could nog get DANE base name */ 815 s = LDNS_STATUS_ERR; 816 817 else if (!(basename = ldns_rdf2str(basename_rdf))) 818 s = LDNS_STATUS_MEM_ERR; 819 820 else if (strlen(basename) && (basename[strlen(basename)-1] = 0)) 821 s = LDNS_STATUS_ERR; /* Intended to be unreachable */ 822 #endif 823 824 else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas))) 825 return LDNS_STATUS_MEM_ERR; 826 827 else if (ldns_rr_list_rr_count(usable_tlsas) == 0) { 828 /* No TLSA's, so regular PKIX validation 829 */ 830 ldns_rr_list_free(usable_tlsas); 831 return ldns_dane_pkix_validate(cert, extra_certs, 832 pkix_validation_store); 833 } 834 #if defined(USE_DANE_TA_USAGE) 835 /* Rely on OpenSSL dane functions. 836 * 837 * OpenSSL does not provide offline dane verification. The dane unit 838 * tests within openssl use the undocumented SSL_get0_dane() and 839 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and 840 * SSL_CTX to a X509_STORE_CTX that can be used to do offline 841 * verification. We use these undocumented means with the ldns 842 * dane function prototypes which did only offline dane verification. 843 */ 844 if (!(ssl_ctx = SSL_CTX_new(TLS_client_method()))) 845 s = LDNS_STATUS_MEM_ERR; 846 847 else if (SSL_CTX_dane_enable(ssl_ctx) <= 0) 848 s = LDNS_STATUS_SSL_ERR; 849 850 else if (SSL_CTX_dane_set_flags( 851 ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS), 852 !(ssl = SSL_new(ssl_ctx))) 853 s = LDNS_STATUS_MEM_ERR; 854 855 else if (SSL_set_connect_state(ssl), 856 (SSL_dane_enable(ssl, basename) <= 0)) 857 s = LDNS_STATUS_SSL_ERR; 858 859 else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) { 860 ldns_tlsa_certificate_usage usage; 861 ldns_tlsa_selector selector; 862 ldns_tlsa_matching_type mtype; 863 ldns_rdf* data; 864 865 tlsa_rr = ldns_rr_list_rr(usable_tlsas, i); 866 usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0)); 867 selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1)); 868 mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2)); 869 data = ldns_rr_rdf(tlsa_rr,3) ; 870 871 if (SSL_dane_tlsa_add(ssl, usage, selector, mtype, 872 ldns_rdf_data(data), 873 ldns_rdf_size(data)) <= 0) { 874 s = LDNS_STATUS_SSL_ERR; 875 break; 876 } 877 } 878 if (!s && !(store_ctx = X509_STORE_CTX_new())) 879 s = LDNS_STATUS_MEM_ERR; 880 881 else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs)) 882 s = LDNS_STATUS_SSL_ERR; 883 884 else { 885 int ret; 886 887 X509_STORE_CTX_set_default(store_ctx, 888 SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); 889 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), 890 SSL_get0_param(ssl)); 891 X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl)); 892 if (SSL_get_verify_callback(ssl)) 893 X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); 894 895 ret = X509_verify_cert(store_ctx); 896 if (!ret) { 897 if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH) 898 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; 899 else 900 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; 901 } 902 X509_STORE_CTX_cleanup(store_ctx); 903 } 904 if (store_ctx) 905 X509_STORE_CTX_free(store_ctx); 906 if (ssl) 907 SSL_free(ssl); 908 if (ssl_ctx) 909 SSL_CTX_free(ssl_ctx); 910 if (basename) 911 free(basename); 912 ldns_rdf_deep_free(basename_rdf); 913 #else 914 for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) { 915 tlsa_rr = ldns_rr_list_rr(usable_tlsas, i); 916 ps = s; 917 s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs, 918 pkix_validation_store); 919 920 if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH && 921 s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE && 922 s != LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA) { 923 924 /* which would be LDNS_STATUS_OK (match) 925 * or some fatal error preventing use from 926 * trying the next TLSA record. 927 */ 928 break; 929 } 930 s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA 931 * over PKIX_DID_NOT_VALIDATE 932 * over TLSA_DID_NOT_MATCH 933 */ 934 } 935 #endif 936 ldns_rr_list_free(usable_tlsas); 937 return s; 938 } 939 #endif /* USE_DANE_VERIFY */ 940 #endif /* HAVE_SSL */ 941 #endif /* USE_DANE */ 942