dane.c
Go to the documentation of this file.
1 /*
2  * Verify or create TLS authentication with DANE (RFC6698)
3  *
4  * (c) NLnetLabs 2012-2020
5  *
6  * See the file LICENSE for the license.
7  *
8  */
9 
10 #include <ldns/config.h>
11 #ifdef USE_DANE
12 
13 #include <ldns/ldns.h>
14 #include <ldns/dane.h>
15 
16 #include <unistd.h>
17 #include <stdlib.h>
18 #include <sys/types.h>
19 #ifdef HAVE_SYS_SOCKET_H
20 #include <sys/socket.h>
21 #endif
22 #ifdef HAVE_NETDB_H
23 #include <netdb.h>
24 #endif
25 
26 #ifdef HAVE_SSL
27 #include <openssl/ssl.h>
28 #include <openssl/err.h>
29 #include <openssl/x509v3.h>
30 #endif
31 
32 /* OpenSSL context options. At the moment, disable SSLv2, SSLv3
33  * and Compression, if available. TLSv1.0 is allowed at the moment.
34  * TLSv1.1 is the first to provide elliptic curves, so it is usually
35  * allowed in a TLS stack. TLSv1.2 is the first to provide authentication
36  * modes of operation, like GCM. The defines below are a moving
37  * target based on OpenSSL library version. Grep is useful to find
38  * the defines: grep -IR SSL_OP_NO_ /usr/include/openssl.
39  */
40 #ifdef HAVE_SSL
41 # ifdef SSL_OP_NO_SSLv2
42  const long NoOpenSSLv2 = SSL_OP_NO_SSLv2;
43 # else
44  const long NoOpenSSLv2 = 0L;
45 # endif
46 # ifdef SSL_OP_NO_SSLv3
47  const long NoOpenSSLv3 = SSL_OP_NO_SSLv3;
48 # else
49  const long NoOpenSSLv3 = 0L;
50 # endif
51 # ifdef SSL_OP_NO_TLSv1
52  const long NoOpenTLSv1 = SSL_OP_NO_TLSv1;
53 # else
54  const long NoOpenTLSv1 = 0L;
55 # endif
56 # ifdef SSL_OP_NO_DTLSv1
57  const long NoOpenDTLSv1 = SSL_OP_NO_DTLSv1;
58 # else
59  const long NoOpenDTLSv1 = 0L;
60 # endif
61 # ifdef SSL_OP_NO_COMPRESSION
62  const long NoOpenSSLCompression = SSL_OP_NO_COMPRESSION;
63 # else
64  const long NoOpenSSLCompression = 0L;
65 # endif
66 #endif
67 
68 #if defined(USE_DANE_VERIFY) && defined(USE_DANE_TA_USAGE)
69 static SSL_CTX*
70 ldns_dane_new_ssl_context(void)
71 {
72  SSL_CTX* ssl_ctx;
73 
74  ssl_ctx = SSL_CTX_new(TLS_client_method());
75  if (ssl_ctx != NULL)
76  {
77  /* ldns allows TLS and DTLS v1.0 at the moment. Some may disagree.
78  * Sometime in the future they may be disabled, too. Maybe
79  * --disable-tlsv1 and --disable-dtlsv1 should be configure options.
80  */
82  SSL_CTX_set_options(ssl_ctx, flags);
83  }
84 
85  return ssl_ctx;
86 }
87 #endif
88 
90 ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
91  uint16_t port, ldns_dane_transport transport)
92 {
93  char buf[LDNS_MAX_DOMAINLEN];
94  size_t s;
95 
96  assert(tlsa_owner != NULL);
97  assert(name != NULL);
98  assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
99 
100  s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
101  buf[0] = (char)(s - 1);
102 
103  switch(transport) {
105  s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
106  break;
107 
109  s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
110  break;
111 
113  s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
114  break;
115 
116  default:
118  }
119  if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) {
121  }
122  memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
124  s + ldns_rdf_size(name), buf);
125  if (*tlsa_owner == NULL) {
126  return LDNS_STATUS_MEM_ERR;
127  }
128  return LDNS_STATUS_OK;
129 }
130 
131 
132 #ifdef HAVE_SSL
134 ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
135  ldns_tlsa_selector selector,
136  ldns_tlsa_matching_type matching_type)
137 {
138  unsigned char* buf = NULL;
139  size_t len;
140 
141  X509_PUBKEY* xpubkey;
142  EVP_PKEY* epubkey;
143 
144  unsigned char* digest;
145 
146  assert(rdf != NULL);
147  assert(cert != NULL);
148 
149  switch(selector) {
151 
152  len = (size_t)i2d_X509(cert, &buf);
153  break;
154 
156 
157 #ifndef S_SPLINT_S
158  xpubkey = X509_get_X509_PUBKEY(cert);
159 #endif
160  if (! xpubkey) {
161  return LDNS_STATUS_SSL_ERR;
162  }
163  epubkey = X509_PUBKEY_get(xpubkey);
164  if (! epubkey) {
165  return LDNS_STATUS_SSL_ERR;
166  }
167  len = (size_t)i2d_PUBKEY(epubkey, &buf);
168  break;
169 
170  default:
172  }
173 
174  switch(matching_type) {
176 
177  *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
178 
179  return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
180  break;
181 
183 
184  digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH);
185  if (digest == NULL) {
186  LDNS_FREE(buf);
187  return LDNS_STATUS_MEM_ERR;
188  }
189  (void) ldns_sha256(buf, (unsigned int)len, digest);
191  digest);
192  LDNS_FREE(buf);
193 
194  return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
195  break;
196 
198 
199  digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH);
200  if (digest == NULL) {
201  LDNS_FREE(buf);
202  return LDNS_STATUS_MEM_ERR;
203  }
204  (void) ldns_sha512(buf, (unsigned int)len, digest);
206  digest);
207  LDNS_FREE(buf);
208 
209  return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
210  break;
211 
212  default:
213  LDNS_FREE(buf);
215  }
216 }
217 
218 
219 /* Ordinary PKIX validation of cert (with extra_certs to help)
220  * against the CA's in store
221  */
222 static ldns_status
223 ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
224  X509_STORE* store)
225 {
226  X509_STORE_CTX* vrfy_ctx;
227  ldns_status s;
228 
229  if (! store) {
231  }
232  vrfy_ctx = X509_STORE_CTX_new();
233  if (! vrfy_ctx) {
234 
235  return LDNS_STATUS_SSL_ERR;
236 
237  } else if (X509_STORE_CTX_init(vrfy_ctx, store,
238  cert, extra_certs) != 1) {
240 
241  } else if (X509_verify_cert(vrfy_ctx) == 1) {
242 
243  s = LDNS_STATUS_OK;
244 
245  } else {
247  }
248  X509_STORE_CTX_free(vrfy_ctx);
249  return s;
250 }
251 
252 
253 /* Ordinary PKIX validation of cert (with extra_certs to help)
254  * against the CA's in store, but also return the validation chain.
255  */
256 static ldns_status
257 ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
258  STACK_OF(X509)* extra_certs, X509_STORE* store)
259 {
260  ldns_status s;
261  X509_STORE* empty_store = NULL;
262  X509_STORE_CTX* vrfy_ctx;
263 
264  assert(chain != NULL);
265 
266  if (! store) {
267  store = empty_store = X509_STORE_new();
268  }
270  vrfy_ctx = X509_STORE_CTX_new();
271  if (! vrfy_ctx) {
272 
273  goto exit_free_empty_store;
274 
275  } else if (X509_STORE_CTX_init(vrfy_ctx, store,
276  cert, extra_certs) != 1) {
277  goto exit_free_vrfy_ctx;
278 
279  } else if (X509_verify_cert(vrfy_ctx) == 1) {
280 
281  s = LDNS_STATUS_OK;
282 
283  } else {
285  }
286  *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
287  if (! *chain) {
289  }
290 
291 exit_free_vrfy_ctx:
292  X509_STORE_CTX_free(vrfy_ctx);
293 
294 exit_free_empty_store:
295  if (empty_store) {
296  X509_STORE_free(empty_store);
297  }
298  return s;
299 }
300 
301 
302 /* Return the validation chain that can be build out of cert, with extra_certs.
303  */
304 static ldns_status
305 ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
306  X509* cert, STACK_OF(X509)* extra_certs)
307 {
308  ldns_status s;
309  X509_STORE* empty_store = NULL;
310  X509_STORE_CTX* vrfy_ctx;
311 
312  assert(chain != NULL);
313 
314  empty_store = X509_STORE_new();
316  vrfy_ctx = X509_STORE_CTX_new();
317  if (! vrfy_ctx) {
318 
319  goto exit_free_empty_store;
320 
321  } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
322  cert, extra_certs) != 1) {
323  goto exit_free_vrfy_ctx;
324  }
325  (void) X509_verify_cert(vrfy_ctx);
326  *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
327  if (! *chain) {
329  } else {
330  s = LDNS_STATUS_OK;
331  }
332 exit_free_vrfy_ctx:
333  X509_STORE_CTX_free(vrfy_ctx);
334 
335 exit_free_empty_store:
336  X509_STORE_free(empty_store);
337  return s;
338 }
339 
340 
341 /* Pop n+1 certs and return the last popped.
342  */
343 static ldns_status
344 ldns_dane_get_nth_cert_from_validation_chain(
345  X509** cert, STACK_OF(X509)* chain, int n, bool ca)
346 {
347  if (n >= sk_X509_num(chain) || n < 0) {
349  }
350  *cert = sk_X509_pop(chain);
351  while (n-- > 0) {
352  X509_free(*cert);
353  *cert = sk_X509_pop(chain);
354  }
355  if (ca && ! X509_check_ca(*cert)) {
357  }
358  return LDNS_STATUS_OK;
359 }
360 
361 
362 /* Create validation chain with cert and extra_certs and returns the last
363  * self-signed (if present).
364  */
365 static ldns_status
366 ldns_dane_pkix_get_last_self_signed(X509** out_cert,
367  X509* cert, STACK_OF(X509)* extra_certs)
368 {
369  ldns_status s;
370  X509_STORE* empty_store = NULL;
371  X509_STORE_CTX* vrfy_ctx;
372 
373  assert(out_cert != NULL);
374 
375  empty_store = X509_STORE_new();
377  vrfy_ctx = X509_STORE_CTX_new();
378  if (! vrfy_ctx) {
379  goto exit_free_empty_store;
380 
381  } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
382  cert, extra_certs) != 1) {
383  goto exit_free_vrfy_ctx;
384 
385  }
386  (void) X509_verify_cert(vrfy_ctx);
387  if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
388  X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
389 
390  *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
391  s = LDNS_STATUS_OK;
392  } else {
394  }
395 exit_free_vrfy_ctx:
396  X509_STORE_CTX_free(vrfy_ctx);
397 
398 exit_free_empty_store:
399  X509_STORE_free(empty_store);
400  return s;
401 }
402 
403 
405 ldns_dane_select_certificate(X509** selected_cert,
406  X509* cert, STACK_OF(X509)* extra_certs,
407  X509_STORE* pkix_validation_store,
408  ldns_tlsa_certificate_usage cert_usage, int offset)
409 {
410  ldns_status s;
411  STACK_OF(X509)* pkix_validation_chain = NULL;
412 
413  assert(selected_cert != NULL);
414  assert(cert != NULL);
415 
416  /* With PKIX validation explicitly turned off (pkix_validation_store
417  * == NULL), treat the "CA constraint" and "Service certificate
418  * constraint" the same as "Trust anchor assertion" and "Domain issued
419  * certificate" respectively.
420  */
421  if (pkix_validation_store == NULL) {
422  switch (cert_usage) {
423 
425 
427  break;
428 
430 
432  break;
433 
434  default:
435  break;
436  }
437  }
438 
439  /* Now what to do with each Certificate usage...
440  */
441  switch (cert_usage) {
442 
444 
445  s = ldns_dane_pkix_validate_and_get_chain(
446  &pkix_validation_chain,
447  cert, extra_certs,
448  pkix_validation_store);
449  if (! pkix_validation_chain) {
450  return s;
451  }
452  if (s == LDNS_STATUS_OK) {
453  if (offset == -1) {
454  offset = 0;
455  }
456  s = ldns_dane_get_nth_cert_from_validation_chain(
457  selected_cert, pkix_validation_chain,
458  offset, true);
459  }
460  sk_X509_pop_free(pkix_validation_chain, X509_free);
461  return s;
462  break;
463 
464 
466 
467  *selected_cert = cert;
468  return ldns_dane_pkix_validate(cert, extra_certs,
469  pkix_validation_store);
470  break;
471 
472 
474 
475  if (offset == -1) {
476  s = ldns_dane_pkix_get_last_self_signed(
477  selected_cert, cert, extra_certs);
478  return s;
479  } else {
480  s = ldns_dane_pkix_get_chain(
481  &pkix_validation_chain,
482  cert, extra_certs);
483  if (s == LDNS_STATUS_OK) {
484  s =
485  ldns_dane_get_nth_cert_from_validation_chain(
486  selected_cert, pkix_validation_chain,
487  offset, false);
488  } else if (! pkix_validation_chain) {
489  return s;
490  }
491  sk_X509_pop_free(pkix_validation_chain, X509_free);
492  return s;
493  }
494  break;
495 
496 
498 
499  *selected_cert = cert;
500  return LDNS_STATUS_OK;
501  break;
502 
503  default:
505  break;
506  }
507 }
508 
509 
512  ldns_tlsa_certificate_usage certificate_usage,
513  ldns_tlsa_selector selector,
514  ldns_tlsa_matching_type matching_type,
515  X509* cert)
516 {
517  ldns_rdf* rdf;
518  ldns_status s;
519 
520  assert(tlsa != NULL);
521  assert(cert != NULL);
522 
523  /* create rr */
525  if (*tlsa == NULL) {
526  return LDNS_STATUS_MEM_ERR;
527  }
528 
530  (uint8_t)certificate_usage);
531  if (rdf == NULL) {
532  goto memerror;
533  }
534  (void) ldns_rr_set_rdf(*tlsa, rdf, 0);
535 
536  rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector);
537  if (rdf == NULL) {
538  goto memerror;
539  }
540  (void) ldns_rr_set_rdf(*tlsa, rdf, 1);
541 
542  rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type);
543  if (rdf == NULL) {
544  goto memerror;
545  }
546  (void) ldns_rr_set_rdf(*tlsa, rdf, 2);
547 
548  s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
549  if (s == LDNS_STATUS_OK) {
550  (void) ldns_rr_set_rdf(*tlsa, rdf, 3);
551  return LDNS_STATUS_OK;
552  }
553  ldns_rr_free(*tlsa);
554  *tlsa = NULL;
555  return s;
556 
557 memerror:
558  ldns_rr_free(*tlsa);
559  *tlsa = NULL;
560  return LDNS_STATUS_MEM_ERR;
561 }
562 
563 
564 #ifdef USE_DANE_VERIFY
565 /* Return tlsas that actually are TLSA resource records with known values
566  * for the Certificate usage, Selector and Matching type rdata fields.
567  */
568 static ldns_rr_list*
569 ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
570 {
571  size_t i;
573  ldns_rr* tlsa_rr;
574 
575  if (! r) {
576  return NULL;
577  }
578  for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
579  tlsa_rr = ldns_rr_list_rr(tlsas, i);
580  if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA &&
581  ldns_rr_rd_count(tlsa_rr) == 4 &&
582  ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 &&
583  ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 &&
584  ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) {
585 
586  if (! ldns_rr_list_push_rr(r, tlsa_rr)) {
588  return NULL;
589  }
590  }
591  }
592  return r;
593 }
594 
595 
596 #if !defined(USE_DANE_TA_USAGE)
597 /* Return whether cert/selector/matching_type matches data.
598  */
599 static ldns_status
600 ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector,
601  ldns_tlsa_matching_type matching_type, ldns_rdf* data)
602 {
603  ldns_status s;
604  ldns_rdf* match_data;
605 
606  s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type);
607  if (s == LDNS_STATUS_OK) {
608  if (ldns_rdf_compare(data, match_data) != 0) {
610  }
611  ldns_rdf_free(match_data);
612  }
613  return s;
614 }
615 
616 
617 /* Return whether any certificate from the chain with selector/matching_type
618  * matches data.
619  * ca should be true if the certificate has to be a CA certificate too.
620  */
621 static ldns_status
622 ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
623  ldns_tlsa_selector selector,
624  ldns_tlsa_matching_type matching_type,
625  ldns_rdf* data, bool ca)
626 {
628  int n, i;
629  X509* cert;
630 
631  n = sk_X509_num(chain);
632  for (i = 0; i < n; i++) {
633  cert = sk_X509_pop(chain);
634  if (! cert) {
636  break;
637  }
638  s = ldns_dane_match_cert_with_data(cert,
639  selector, matching_type, data);
640  if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) {
642  }
643  X509_free(cert);
645  break;
646  }
647  /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
648  * try to match the next certificate
649  */
650  }
651  return s;
652 }
653 #endif /* !defined(USE_DANE_TA_USAGE) */
654 #endif /* USE_DANE_VERIFY */
655 
656 #ifdef USE_DANE_VERIFY
658 ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
659  X509* cert, STACK_OF(X509)* extra_certs,
660  X509_STORE* pkix_validation_store)
661 {
662 #if defined(USE_DANE_TA_USAGE)
663  SSL_CTX *ssl_ctx = NULL;
664  SSL *ssl = NULL;
665  X509_STORE_CTX *store_ctx = NULL;
666 #else
667  STACK_OF(X509)* pkix_validation_chain = NULL;
668 #endif
670 
672  ldns_tlsa_selector selector;
674  ldns_rdf* data;
675 
676  if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA ||
677  ldns_rr_rd_count(tlsa_rr) != 4 ||
678  ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 ||
679  ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 ||
680  ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) {
681  /* No (usable) TLSA, so regular PKIX validation
682  */
683  return ldns_dane_pkix_validate(cert, extra_certs,
684  pkix_validation_store);
685  }
686  usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
687  selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
688  mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
689  data = ldns_rr_rdf(tlsa_rr, 3) ;
690 
691 #if defined(USE_DANE_TA_USAGE)
692  /* Rely on OpenSSL dane functions.
693  *
694  * OpenSSL does not provide offline dane verification. The dane unit
695  * tests within openssl use the undocumented SSL_get0_dane() and
696  * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
697  * SSL_CTX to a X509_STORE_CTX that can be used to do offline
698  * verification. We use these undocumented means with the ldns
699  * dane function prototypes which did only offline dane verification.
700  */
701  if (!(ssl_ctx = ldns_dane_new_ssl_context()))
703 
704  else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
706 
707  else if (SSL_CTX_dane_set_flags(
708  ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
709  !(ssl = SSL_new(ssl_ctx)))
711 
712  else if (SSL_set_connect_state(ssl),
713  (SSL_dane_enable(ssl, NULL) <= 0))
715 
716  else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
717  ldns_rdf_data(data), ldns_rdf_size(data)) <= 0)
719 
720  else if (!(store_ctx = X509_STORE_CTX_new()))
722 
723  else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
725 
726  else {
727  int ret;
728 
729  X509_STORE_CTX_set_default(store_ctx,
730  SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
731  X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
732  SSL_get0_param(ssl));
733  X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
734  if (SSL_get_verify_callback(ssl))
735  X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
736 
737  ret = X509_verify_cert(store_ctx);
738  if (!ret) {
739  if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
741  else
743  }
744  X509_STORE_CTX_cleanup(store_ctx);
745  }
746  if (store_ctx)
747  X509_STORE_CTX_free(store_ctx);
748  if (ssl)
749  SSL_free(ssl);
750  if (ssl_ctx)
751  SSL_CTX_free(ssl_ctx);
752  return s;
753 #else
754  switch (usage) {
756  s = ldns_dane_pkix_validate_and_get_chain(
757  &pkix_validation_chain,
758  cert, extra_certs,
759  pkix_validation_store);
760  if (! pkix_validation_chain) {
761  return s;
762  }
764  /*
765  * NO PKIX validation. We still try to match *any*
766  * certificate from the chain, so we return
767  * TLSA errors over PKIX errors.
768  *
769  * i.e. When the TLSA matches no certificate, we return
770  * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
771  */
772  s = ldns_dane_match_any_cert_with_data(
773  pkix_validation_chain,
774  selector, mtype, data, true);
775 
776  if (s == LDNS_STATUS_OK) {
777  /* A TLSA record did match a cert from the
778  * chain, thus the error is failed PKIX
779  * validation.
780  */
782  }
783 
784  } else if (s == LDNS_STATUS_OK) {
785  /* PKIX validated, does the TLSA match too? */
786 
787  s = ldns_dane_match_any_cert_with_data(
788  pkix_validation_chain,
789  selector, mtype, data, true);
790  }
791  sk_X509_pop_free(pkix_validation_chain, X509_free);
792  return s;
793  break;
794 
796 
797  s = ldns_dane_match_cert_with_data(cert,
798  selector, mtype, data);
799 
800  if (s == LDNS_STATUS_OK) {
801  return ldns_dane_pkix_validate(cert, extra_certs,
802  pkix_validation_store);
803  }
804  return s;
805  break;
806 
808 #if 0
809  s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
810  cert, extra_certs);
811 
812  if (s == LDNS_STATUS_OK) {
813  s = ldns_dane_match_any_cert_with_data(
814  pkix_validation_chain,
815  selector, mtype, data, false);
816 
817  } else if (! pkix_validation_chain) {
818  return s;
819  }
820  sk_X509_pop_free(pkix_validation_chain, X509_free);
821  return s;
822 #else
824 #endif
825  break;
826 
828  return ldns_dane_match_cert_with_data(cert,
829  selector, mtype, data);
830  break;
831 
832  default:
833  break;
834  }
835 #endif
837 }
838 
839 
841 ldns_dane_verify(const ldns_rr_list* tlsas,
842  X509* cert, STACK_OF(X509)* extra_certs,
843  X509_STORE* pkix_validation_store)
844 {
845 #if defined(USE_DANE_TA_USAGE)
846  SSL_CTX *ssl_ctx = NULL;
847  ldns_rdf *basename_rdf = NULL;
848  char *basename = NULL;
849  SSL *ssl = NULL;
850  X509_STORE_CTX *store_ctx = NULL;
851 #else
852  ldns_status ps;
853 #endif
854  size_t i;
855  ldns_rr* tlsa_rr;
856  ldns_rr_list *usable_tlsas;
858 
859  assert(cert != NULL);
860 
861  if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0)
862  /* No TLSA's, so regular PKIX validation
863  */
864  return ldns_dane_pkix_validate(cert, extra_certs,
865  pkix_validation_store);
866 
867 /* To enable name checks (which we don't) */
868 #if defined(USE_DANE_TA_USAGE) && 0
869  else if (!(basename_rdf = ldns_dname_clone_from(
870  ldns_rr_list_owner(tlsas), 2)))
871  /* Could nog get DANE base name */
872  s = LDNS_STATUS_ERR;
873 
874  else if (!(basename = ldns_rdf2str(basename_rdf)))
876 
877  else if (strlen(basename) && (basename[strlen(basename)-1] = 0))
878  s = LDNS_STATUS_ERR; /* Intended to be unreachable */
879 #endif
880 
881  else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas)))
882  return LDNS_STATUS_MEM_ERR;
883 
884  else if (ldns_rr_list_rr_count(usable_tlsas) == 0) {
885  /* No TLSA's, so regular PKIX validation
886  */
887  ldns_rr_list_free(usable_tlsas);
888  return ldns_dane_pkix_validate(cert, extra_certs,
889  pkix_validation_store);
890  }
891 #if defined(USE_DANE_TA_USAGE)
892  /* Rely on OpenSSL dane functions.
893  *
894  * OpenSSL does not provide offline dane verification. The dane unit
895  * tests within openssl use the undocumented SSL_get0_dane() and
896  * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
897  * SSL_CTX to a X509_STORE_CTX that can be used to do offline
898  * verification. We use these undocumented means with the ldns
899  * dane function prototypes which did only offline dane verification.
900  */
901  if (!(ssl_ctx = ldns_dane_new_ssl_context()))
903 
904  else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
906 
907  else if (SSL_CTX_dane_set_flags(
908  ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
909  !(ssl = SSL_new(ssl_ctx)))
911 
912  else if (SSL_set_connect_state(ssl),
913  (SSL_dane_enable(ssl, basename) <= 0))
915 
916  else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
918  ldns_tlsa_selector selector;
920  ldns_rdf* data;
921 
922  tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
923  usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0));
924  selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1));
925  mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2));
926  data = ldns_rr_rdf(tlsa_rr,3) ;
927 
928  if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
929  ldns_rdf_data(data),
930  ldns_rdf_size(data)) <= 0) {
932  break;
933  }
934  }
935  if (!s && !(store_ctx = X509_STORE_CTX_new()))
937 
938  else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
940 
941  else {
942  int ret;
943 
944  X509_STORE_CTX_set_default(store_ctx,
945  SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
946  X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
947  SSL_get0_param(ssl));
948  X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
949  if (SSL_get_verify_callback(ssl))
950  X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
951 
952  ret = X509_verify_cert(store_ctx);
953  if (!ret) {
954  if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
956  else
958  }
959  X509_STORE_CTX_cleanup(store_ctx);
960  }
961  if (store_ctx)
962  X509_STORE_CTX_free(store_ctx);
963  if (ssl)
964  SSL_free(ssl);
965  if (ssl_ctx)
966  SSL_CTX_free(ssl_ctx);
967  if (basename)
968  free(basename);
969  ldns_rdf_deep_free(basename_rdf);
970 #else
971  for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
972  tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
973  ps = s;
974  s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
975  pkix_validation_store);
976 
980 
981  /* which would be LDNS_STATUS_OK (match)
982  * or some fatal error preventing use from
983  * trying the next TLSA record.
984  */
985  break;
986  }
987  s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA
988  * over PKIX_DID_NOT_VALIDATE
989  * over TLSA_DID_NOT_MATCH
990  */
991  }
992 #endif
993  ldns_rr_list_free(usable_tlsas);
994  return s;
995 }
996 #endif /* USE_DANE_VERIFY */
997 #endif /* HAVE_SSL */
998 #endif /* USE_DANE */
ldns_status ldns_dane_cert2rdf(ldns_rdf **rdf, X509 *cert, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type)
Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data chosen by the selector and encoded usin...
Definition: dane.c:134
ldns_status ldns_dane_create_tlsa_rr(ldns_rr **tlsa, ldns_tlsa_certificate_usage certificate_usage, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type, X509 *cert)
Creates a TLSA resource record from the certificate.
Definition: dane.c:511
const long NoOpenSSLv2
Definition: dane.c:44
const long NoOpenSSLCompression
Definition: dane.c:64
ldns_status ldns_dane_select_certificate(X509 **selected_cert, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store, ldns_tlsa_certificate_usage cert_usage, int offset)
Selects the certificate from cert, extra_certs or the pkix_validation_store based on the value of cer...
Definition: dane.c:405
const long NoOpenSSLv3
Definition: dane.c:49
const long NoOpenDTLSv1
Definition: dane.c:59
ldns_status ldns_dane_create_tlsa_owner(ldns_rdf **tlsa_owner, const ldns_rdf *name, uint16_t port, ldns_dane_transport transport)
Creates a dname consisting of the given name, prefixed by the service port and type of transport: _po...
Definition: dane.c:90
const long NoOpenTLSv1
Definition: dane.c:54
This module contains base functions for creating and verifying TLSA RR's with PKIX certificates,...
@ LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO
Definition: dane.h:77
@ LDNS_TLSA_SELECTOR_FULL_CERTIFICATE
Definition: dane.h:70
enum ldns_enum_tlsa_selector ldns_tlsa_selector
Definition: dane.h:82
enum ldns_enum_dane_transport ldns_dane_transport
Definition: dane.h:115
@ LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT
Definition: dane.h:48
@ LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE
Definition: dane.h:54
@ LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION
Definition: dane.h:51
@ LDNS_TLSA_USAGE_CA_CONSTRAINT
Definition: dane.h:45
ldns_status ldns_dane_verify_rr(const ldns_rr *tlsa_rr, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store)
BEWARE! We strongly recommend to use OpenSSL 1.1.0 dane verification functions instead of the ones pr...
ldns_status ldns_dane_verify(const ldns_rr_list *tlsas, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store)
BEWARE! We strongly recommend to use OpenSSL 1.1.0 dane verification functions instead of the ones pr...
enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage
Definition: dane.h:58
enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type
Definition: dane.h:101
@ LDNS_DANE_TRANSPORT_UDP
UDP.
Definition: dane.h:111
@ LDNS_DANE_TRANSPORT_TCP
TCP.
Definition: dane.h:109
@ LDNS_DANE_TRANSPORT_SCTP
SCTP.
Definition: dane.h:113
@ LDNS_TLSA_MATCHING_TYPE_SHA256
Definition: dane.h:94
@ LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED
Definition: dane.h:91
@ LDNS_TLSA_MATCHING_TYPE_SHA512
Definition: dane.h:97
ldns_rdf * ldns_dname_clone_from(const ldns_rdf *d, uint16_t n)
Clones the given dname from the nth label on.
Definition: dname.c:160
@ LDNS_STATUS_DANE_UNKNOWN_SELECTOR
Definition: error.h:108
@ LDNS_STATUS_DANE_UNKNOWN_TRANSPORT
Definition: error.h:111
@ LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
Definition: error.h:119
@ LDNS_STATUS_SSL_ERR
Definition: error.h:36
@ LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA
Definition: error.h:132
@ LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
Definition: error.h:117
@ LDNS_STATUS_ERR
Definition: error.h:37
@ LDNS_STATUS_MEM_ERR
Definition: error.h:34
@ LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE
Definition: error.h:109
@ LDNS_STATUS_DANE_NON_CA_CERTIFICATE
Definition: error.h:118
@ LDNS_STATUS_OK
Definition: error.h:26
@ LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE
Definition: error.h:114
@ LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE
Definition: error.h:107
@ LDNS_STATUS_DOMAINNAME_OVERFLOW
Definition: error.h:29
@ LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR
Definition: error.h:120
enum ldns_enum_status ldns_status
Definition: error.h:148
char * ldns_rdf2str(const ldns_rdf *rdf)
Converts the data in the rdata field to presentation format and returns that as a char *.
Definition: host2str.c:3276
Including this file will include all ldns files, and define some lookup tables.
ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd)
returns the type of the rdf.
Definition: rdata.c:31
ldns_rdf * ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
returns the rdf containing the native uint8_t repr.
Definition: rdata.c:126
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
Definition: rdata.c:230
ldns_rdf * ldns_rdf_new(ldns_rdf_type type, size_t size, void *data)
allocates a new rdf structure and fills it.
Definition: rdata.c:179
uint8_t ldns_rdf2native_int8(const ldns_rdf *rd)
returns the native uint8_t representation from the rdf.
Definition: rdata.c:70
@ LDNS_RDF_TYPE_DNAME
domain name
Definition: rdata.h:50
@ LDNS_RDF_TYPE_HEX
hex string
Definition: rdata.h:70
@ LDNS_RDF_TYPE_INT8
8 bits
Definition: rdata.h:52
size_t ldns_rdf_size(const ldns_rdf *rd)
returns the size of the rdf.
Definition: rdata.c:24
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
Definition: rdata.c:38
void ldns_rdf_free(ldns_rdf *rd)
frees a rdf structure, leaving the data pointer intact.
Definition: rdata.c:241
int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2)
compares two rdf's on their wire formats.
Definition: rdata.c:657
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
Definition: rdata.c:193
void ldns_rr_list_free(ldns_rr_list *rr_list)
frees an rr_list structure.
Definition: rr.c:1015
ldns_rr * ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr)
returns a specific rr of an rrlist.
Definition: rr.c:994
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
Definition: rr.c:81
ldns_rr * ldns_rr_new_frm_type(ldns_rr_type t)
creates a new rr structure, based on the given type.
Definition: rr.c:48
@ LDNS_RR_TYPE_TLSA
Definition: rr.h:179
signed char ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr)
pushes an rr to an rrlist.
Definition: rr.c:1136
size_t ldns_rr_rd_count(const ldns_rr *rr)
returns the rd_count of an rr structure.
Definition: rr.c:941
ldns_rdf * ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position)
sets a rdf member, it will be set on the position given.
Definition: rr.c:844
size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list)
returns the number of rr's in an rr_list.
Definition: rr.c:961
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
Definition: rr.c:947
ldns_rdf * ldns_rr_list_owner(const ldns_rr_list *rr_list)
Returns the owner domain name rdf of the first element of the RR If there are no elements present,...
Definition: rr.c:2789
ldns_rr_list * ldns_rr_list_new(void)
creates a new rr_list structure.
Definition: rr.c:1004
#define LDNS_MAX_DOMAINLEN
Maximum length of a complete dname.
Definition: rr.h:33
ldns_rdf * ldns_rr_rdf(const ldns_rr *rr, size_t nr)
returns the rdata field member counter.
Definition: rr.c:913
unsigned char * ldns_sha256(const unsigned char *data, unsigned int data_len, unsigned char *digest)
Convenience function to digest a fixed block of data at once.
Definition: sha2.c:624
#define LDNS_SHA512_DIGEST_LENGTH
Definition: sha2.h:69
unsigned char * ldns_sha512(const unsigned char *data, unsigned int data_len, unsigned char *digest)
Convenience function to digest a fixed block of data at once.
Definition: sha2.c:938
#define LDNS_SHA256_DIGEST_LENGTH
Definition: sha2.h:63
Resource record data field.
Definition: rdata.h:197
List or Set of Resource Records.
Definition: rr.h:346
Resource Record.
Definition: rr.h:318
#define LDNS_FREE(ptr)
Definition: util.h:60
#define LDNS_XMALLOC(type, count)
Definition: util.h:51