projects / exim.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge branch 'master' into dane
[exim.git] / src / src / dane-openssl.c
... / ...
CommitLineData
1#include <stdio.h>
2#include <string.h>
3#include <stdint.h>
4
5#include <openssl/opensslv.h>
6#include <openssl/err.h>
7#include <openssl/crypto.h>
8#include <openssl/safestack.h>
9#include <openssl/objects.h>
10#include <openssl/x509.h>
11#include <openssl/x509v3.h>
12#include <openssl/evp.h>
13
14#if OPENSSL_VERSION_NUMBER < 0x1000000fL
15# error "OpenSSL 1.0.0 or higher required"
16#else /* remainder of file */
17
18#include "danessl.h"
19
20#define DANE_F_ADD_SKID 100
21#define DANE_F_CHECK_END_ENTITY 101
22#define DANE_F_GROW_CHAIN 102
23#define DANE_F_LIST_ALLOC 103
24#define DANE_F_MATCH 104
25#define DANE_F_PUSH_EXT 105
26#define DANE_F_SET_TRUST_ANCHOR 106
27#define DANE_F_SSL_CTX_DANE_INIT 107
28#define DANE_F_SSL_DANE_ADD_TLSA 108
29#define DANE_F_SSL_DANE_INIT 109
30#define DANE_F_SSL_DANE_LIBRARY_INIT 110
31#define DANE_F_VERIFY_CERT 111
32#define DANE_F_WRAP_CERT 112
33
34#define DANE_R_BAD_CERT 100
35#define DANE_R_BAD_CERT_PKEY 101
36#define DANE_R_BAD_DATA_LENGTH 102
37#define DANE_R_BAD_DIGEST 103
38#define DANE_R_BAD_NULL_DATA 104
39#define DANE_R_BAD_PKEY 105
40#define DANE_R_BAD_SELECTOR 106
41#define DANE_R_BAD_USAGE 107
42#define DANE_R_DANE_INIT 108
43#define DANE_R_DANE_SUPPORT 109
44#define DANE_R_LIBRARY_INIT 110
45#define DANE_R_NOSIGN_KEY 111
46#define DANE_R_SCTX_INIT 112
47
48#ifndef OPENSSL_NO_ERR
49# define DANE_F_PLACEHOLDER 0 /* FIRST! Value TBD */
50static ERR_STRING_DATA dane_str_functs[] =
51{
52 {DANE_F_PLACEHOLDER, "DANE library"}, /* FIRST!!! */
53 {DANE_F_ADD_SKID, "add_skid"},
54 {DANE_F_CHECK_END_ENTITY, "check_end_entity"},
55 {DANE_F_GROW_CHAIN, "grow_chain"},
56 {DANE_F_LIST_ALLOC, "list_alloc"},
57 {DANE_F_MATCH, "match"},
58 {DANE_F_PUSH_EXT, "push_ext"},
59 {DANE_F_SET_TRUST_ANCHOR, "set_trust_anchor"},
60 {DANE_F_SSL_CTX_DANE_INIT, "SSL_CTX_dane_init"},
61 {DANE_F_SSL_DANE_ADD_TLSA, "SSL_dane_add_tlsa"},
62 {DANE_F_SSL_DANE_INIT, "SSL_dane_init"},
63 {DANE_F_SSL_DANE_LIBRARY_INIT, "SSL_dane_library_init"},
64 {DANE_F_VERIFY_CERT, "verify_cert"},
65 {DANE_F_WRAP_CERT, "wrap_cert"},
66 {0, NULL}
67};
68static ERR_STRING_DATA dane_str_reasons[] =
69{
70 {DANE_R_BAD_CERT, "Bad TLSA record certificate"},
71 {DANE_R_BAD_CERT_PKEY, "Bad TLSA record certificate public key"},
72 {DANE_R_BAD_DATA_LENGTH, "Bad TLSA record digest length"},
73 {DANE_R_BAD_DIGEST, "Bad TLSA record digest"},
74 {DANE_R_BAD_NULL_DATA, "Bad TLSA record null data"},
75 {DANE_R_BAD_PKEY, "Bad TLSA record public key"},
76 {DANE_R_BAD_SELECTOR, "Bad TLSA record selector"},
77 {DANE_R_BAD_USAGE, "Bad TLSA record usage"},
78 {DANE_R_DANE_INIT, "SSL_dane_init() required"},
79 {DANE_R_DANE_SUPPORT, "DANE library features not supported"},
80 {DANE_R_LIBRARY_INIT, "SSL_dane_library_init() required"},
81 {DANE_R_SCTX_INIT, "SSL_CTX_dane_init() required"},
82 {DANE_R_NOSIGN_KEY, "Certificate usage 2 requires EC support"},
83 {0, NULL}
84};
85#endif /*OPENSSL_NO_ERR*/
86
87#define DANEerr(f, r) ERR_PUT_error(err_lib_dane, (f), (r), __FILE__, __LINE__)
88
89static int err_lib_dane = -1;
90static int dane_idx = -1;
91
92#ifdef X509_V_FLAG_PARTIAL_CHAIN /* OpenSSL >= 1.0.2 */
93static int wrap_to_root = 0;
94#else
95static int wrap_to_root = 1;
96#endif
97
98static void (*cert_free)(void *) = (void (*)(void *)) X509_free;
99static void (*pkey_free)(void *) = (void (*)(void *)) EVP_PKEY_free;
100
101typedef struct dane_list
102{
103 struct dane_list *next;
104 void *value;
105} *dane_list;
106
107#define LINSERT(h, e) do { (e)->next = (h); (h) = (e); } while (0)
108
109typedef struct dane_host_list
110{
111 struct dane_host_list *next;
112 char *value;
113} *dane_host_list;
114
115typedef struct dane_data
116{
117 size_t datalen;
118 unsigned char data[0];
119} *dane_data;
120
121typedef struct dane_data_list
122{
123 struct dane_data_list *next;
124 dane_data value;
125} *dane_data_list;
126
127typedef struct dane_mtype
128{
129 int mdlen;
130 const EVP_MD *md;
131 dane_data_list data;
132} *dane_mtype;
133
134typedef struct dane_mtype_list
135{
136 struct dane_mtype_list *next;
137 dane_mtype value;
138} *dane_mtype_list;
139
140typedef struct dane_selector
141{
142 uint8_t selector;
143 dane_mtype_list mtype;
144} *dane_selector;
145
146typedef struct dane_selector_list
147{
148 struct dane_selector_list *next;
149 dane_selector value;
150} *dane_selector_list;
151
152typedef struct dane_pkey_list
153{
154 struct dane_pkey_list *next;
155 EVP_PKEY *value;
156} *dane_pkey_list;
157
158typedef struct dane_cert_list
159{
160 struct dane_cert_list *next;
161 X509 *value;
162} *dane_cert_list;
163
164typedef struct ssl_dane
165{
166 int (*verify)(X509_STORE_CTX *);
167 STACK_OF(X509) *roots;
168 STACK_OF(X509) *chain;
169 const char *thost; /* TLSA base domain */
170 char *mhost; /* Matched, peer name */
171 dane_pkey_list pkeys;
172 dane_cert_list certs;
173 dane_host_list hosts;
174 dane_selector_list selectors[SSL_DANE_USAGE_LAST + 1];
175 int depth;
176 int multi; /* Multi-label wildcards? */
177 int count; /* Number of TLSA records */
178} ssl_dane;
179
180#ifndef X509_V_ERR_HOSTNAME_MISMATCH
181# define X509_V_ERR_HOSTNAME_MISMATCH X509_V_ERR_APPLICATION_VERIFICATION
182#endif
183
184static int
185match(dane_selector_list slist, X509 *cert, int depth)
186{
187int matched;
188
189/*
190 * Note, set_trust_anchor() needs to know whether the match was for a
191 * pkey digest or a certificate digest. We return MATCHED_PKEY or
192 * MATCHED_CERT accordingly.
193 */
194#define MATCHED_CERT (SSL_DANE_SELECTOR_CERT + 1)
195#define MATCHED_PKEY (SSL_DANE_SELECTOR_SPKI + 1)
196
197/*
198 * Loop over each selector, mtype, and associated data element looking
199 * for a match.
200 */
201for(matched = 0; !matched && slist; slist = slist->next)
202 {
203 dane_mtype_list m;
204 unsigned char mdbuf[EVP_MAX_MD_SIZE];
205 unsigned char *buf = NULL;
206 unsigned char *buf2;
207 unsigned int len = 0;
208
209 /*
210 * Extract ASN.1 DER form of certificate or public key.
211 */
212 switch(slist->value->selector)
213 {
214 case SSL_DANE_SELECTOR_CERT:
215 len = i2d_X509(cert, NULL);
216 buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
217 if(buf) i2d_X509(cert, &buf2);
218 break;
219 case SSL_DANE_SELECTOR_SPKI:
220 len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
221 buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
222 if(buf) i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf2);
223 break;
224 }
225
226 if(!buf)
227 {
228 DANEerr(DANE_F_MATCH, ERR_R_MALLOC_FAILURE);
229 return 0;
230 }
231 OPENSSL_assert(buf2 - buf == len);
232
233 /*
234 * Loop over each mtype and data element
235 */
236 for(m = slist->value->mtype; !matched && m; m = m->next)
237 {
238 dane_data_list d;
239 unsigned char *cmpbuf = buf;
240 unsigned int cmplen = len;
241
242 /*
243 * If it is a digest, compute the corresponding digest of the
244 * DER data for comparison, otherwise, use the full object.
245 */
246 if(m->value->md)
247 {
248 cmpbuf = mdbuf;
249 if(!EVP_Digest(buf, len, cmpbuf, &cmplen, m->value->md, 0))
250 matched = -1;
251 }
252 for(d = m->value->data; !matched && d; d = d->next)
253 if( cmplen == d->value->datalen
254 && memcmp(cmpbuf, d->value->data, cmplen) == 0)
255 matched = slist->value->selector + 1;
256 }
257
258 OPENSSL_free(buf);
259 }
260
261return matched;
262}
263
264static int
265push_ext(X509 *cert, X509_EXTENSION *ext)
266{
267X509_EXTENSIONS *exts;
268
269if(ext)
270 {
271 if(!(exts = cert->cert_info->extensions))
272 exts = cert->cert_info->extensions = sk_X509_EXTENSION_new_null();
273 if (exts && sk_X509_EXTENSION_push(exts, ext))
274 return 1;
275 X509_EXTENSION_free(ext);
276 }
277DANEerr(DANE_F_PUSH_EXT, ERR_R_MALLOC_FAILURE);
278return 0;
279}
280
281static int
282add_ext(X509 *issuer, X509 *subject, int ext_nid, char *ext_val)
283{
284X509V3_CTX v3ctx;
285
286X509V3_set_ctx(&v3ctx, issuer, subject, 0, 0, 0);
287return push_ext(subject, X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val));
288}
289
290static int
291set_serial(X509 *cert, AUTHORITY_KEYID *akid, X509 *subject)
292{
293int ret = 0;
294BIGNUM *bn;
295
296if(akid && akid->serial)
297 return (X509_set_serialNumber(cert, akid->serial));
298
299/*
300 * Add one to subject's serial to avoid collisions between TA serial and
301 * serial of signing root.
302 */
303if( (bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(subject), 0)) != 0
304 && BN_add_word(bn, 1)
305 && BN_to_ASN1_INTEGER(bn, X509_get_serialNumber(cert)))
306 ret = 1;
307
308if(bn)
309 BN_free(bn);
310return ret;
311}
312
313static int
314add_akid(X509 *cert, AUTHORITY_KEYID *akid)
315{
316int nid = NID_authority_key_identifier;
317ASN1_STRING *id;
318unsigned char c = 0;
319int ret = 0;
320
321/*
322 * 0 will never be our subject keyid from a SHA-1 hash, but it could be
323 * our subject keyid if forced from child's akid. If so, set our
324 * authority keyid to 1. This way we are never self-signed, and thus
325 * exempt from any potential (off by default for now in OpenSSL)
326 * self-signature checks!
327 */
328id = (ASN1_STRING *) ((akid && akid->keyid) ? akid->keyid : 0);
329if(id && M_ASN1_STRING_length(id) == 1 && *M_ASN1_STRING_data(id) == c)
330 c = 1;
331
332if( (akid = AUTHORITY_KEYID_new()) != 0
333 && (akid->keyid = ASN1_OCTET_STRING_new()) != 0
334 && M_ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1)
335 && X509_add1_ext_i2d(cert, nid, akid, 0, X509V3_ADD_APPEND))
336 ret = 1;
337if(akid)
338 AUTHORITY_KEYID_free(akid);
339return ret;
340}
341
342static int
343add_skid(X509 *cert, AUTHORITY_KEYID *akid)
344{
345int nid = NID_subject_key_identifier;
346
347if(!akid || !akid->keyid)
348 return add_ext(0, cert, nid, "hash");
349return X509_add1_ext_i2d(cert, nid, akid->keyid, 0, X509V3_ADD_APPEND) > 0;
350}
351
352static X509_NAME *
353akid_issuer_name(AUTHORITY_KEYID *akid)
354{
355if(akid && akid->issuer)
356 {
357 int i;
358 GENERAL_NAMES *gens = akid->issuer;
359
360 for(i = 0; i < sk_GENERAL_NAME_num(gens); ++i)
361 {
362 GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);
363
364 if(gn->type == GEN_DIRNAME)
365 return (gn->d.dirn);
366 }
367 }
368return 0;
369}
370
371static int
372set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid)
373{
374X509_NAME *name = akid_issuer_name(akid);
375
376/*
377 * If subject's akid specifies an authority key identifer issuer name, we
378 * must use that.
379 */
380return X509_set_issuer_name(cert,
381 name ? name : X509_get_subject_name(cert));
382}
383
384static int
385grow_chain(ssl_dane *dane, int trusted, X509 *cert)
386{
387STACK_OF(X509) **xs = trusted ? &dane->roots : &dane->chain;
388static ASN1_OBJECT *serverAuth = 0;
389
390#define UNTRUSTED 0
391#define TRUSTED 1
392
393if( trusted && !serverAuth
394 && !(serverAuth = OBJ_nid2obj(NID_server_auth)))
395 {
396 DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE);
397 return 0;
398 }
399if(!*xs && !(*xs = sk_X509_new_null()))
400 {
401 DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE);
402 return 0;
403 }
404
405if(cert)
406 {
407 if(trusted && !X509_add1_trust_object(cert, serverAuth))
408 return 0;
409 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
410 if (!sk_X509_push(*xs, cert))
411 {
412 X509_free(cert);
413 DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE);
414 return 0;
415 }
416 }
417return 1;
418}
419
420static int
421wrap_issuer(ssl_dane *dane, EVP_PKEY *key, X509 *subject, int depth, int top)
422{
423int ret = 1;
424X509 *cert = 0;
425AUTHORITY_KEYID *akid;
426X509_NAME *name = X509_get_issuer_name(subject);
427EVP_PKEY *newkey = key ? key : X509_get_pubkey(subject);
428
429#define WRAP_MID 0 /* Ensure intermediate. */
430#define WRAP_TOP 1 /* Ensure self-signed. */
431
432if(!name || !newkey || !(cert = X509_new()))
433 return 0;
434
435/*
436 * Record the depth of the trust-anchor certificate.
437 */
438if(dane->depth < 0)
439 dane->depth = depth + 1;
440
441/*
442 * XXX: Uncaught error condition:
443 *
444 * The return value is NULL both when the extension is missing, and when
445 * OpenSSL rans out of memory while parsing the extension.
446 */
447ERR_clear_error();
448akid = X509_get_ext_d2i(subject, NID_authority_key_identifier, 0, 0);
449/* XXX: Should we peek at the error stack here??? */
450
451/*
452 * If top is true generate a self-issued root CA, otherwise an
453 * intermediate CA and possibly its self-signed issuer.
454 *
455 * CA cert valid for +/- 30 days
456 */
457if( !X509_set_version(cert, 2)
458 || !set_serial(cert, akid, subject)
459 || !X509_set_subject_name(cert, name)
460 || !set_issuer_name(cert, akid)
461 || !X509_gmtime_adj(X509_get_notBefore(cert), -30 * 86400L)
462 || !X509_gmtime_adj(X509_get_notAfter(cert), 30 * 86400L)
463 || !X509_set_pubkey(cert, newkey)
464 || !add_ext(0, cert, NID_basic_constraints, "CA:TRUE")
465 || (!top && !add_akid(cert, akid))
466 || !add_skid(cert, akid)
467 || ( !top && wrap_to_root
468 && !wrap_issuer(dane, newkey, cert, depth, WRAP_TOP)))
469 ret = 0;
470
471if(akid)
472 AUTHORITY_KEYID_free(akid);
473if(!key)
474 EVP_PKEY_free(newkey);
475if(ret)
476 ret = grow_chain(dane, !top && wrap_to_root ? UNTRUSTED : TRUSTED, cert);
477if(cert)
478 X509_free(cert);
479return ret;
480}
481
482static int
483wrap_cert(ssl_dane *dane, X509 *tacert, int depth)
484{
485if(dane->depth < 0)
486 dane->depth = depth + 1;
487
488/*
489 * If the TA certificate is self-issued, or need not be, use it directly.
490 * Otherwise, synthesize requisuite ancestors.
491 */
492if( !wrap_to_root
493 || X509_check_issued(tacert, tacert) == X509_V_OK)
494 return grow_chain(dane, TRUSTED, tacert);
495
496if(wrap_issuer(dane, 0, tacert, depth, WRAP_MID))
497 return grow_chain(dane, UNTRUSTED, tacert);
498return 0;
499}
500
501static int
502ta_signed(ssl_dane *dane, X509 *cert, int depth)
503{
504dane_cert_list x;
505dane_pkey_list k;
506EVP_PKEY *pk;
507int done = 0;
508
509/*
510 * First check whether issued and signed by a TA cert, this is cheaper
511 * than the bare-public key checks below, since we can determine whether
512 * the candidate TA certificate issued the certificate to be checked
513 * first (name comparisons), before we bother with signature checks
514 * (public key operations).
515 */
516for (x = dane->certs; !done && x; x = x->next)
517 {
518 if(X509_check_issued(x->value, cert) == X509_V_OK)
519 {
520 if(!(pk = X509_get_pubkey(x->value)))
521 {
522 /*
523 * The cert originally contained a valid pkey, which does
524 * not just vanish, so this is most likely a memory error.
525 */
526 done = -1;
527 break;
528 }
529 /* Check signature, since some other TA may work if not this. */
530 if(X509_verify(cert, pk) > 0)
531 done = wrap_cert(dane, x->value, depth) ? 1 : -1;
532 EVP_PKEY_free(pk);
533 }
534 }
535
536/*
537 * With bare TA public keys, we can't check whether the trust chain is
538 * issued by the key, but we can determine whether it is signed by the
539 * key, so we go with that.
540 *
541 * Ideally, the corresponding certificate was presented in the chain, and we
542 * matched it by its public key digest one level up. This code is here
543 * to handle adverse conditions imposed by sloppy administrators of
544 * receiving systems with poorly constructed chains.
545 *
546 * We'd like to optimize out keys that should not match when the cert's
547 * authority key id does not match the key id of this key computed via
548 * the RFC keyid algorithm (SHA-1 digest of public key bit-string sans
549 * ASN1 tag and length thus also excluding the unused bits field that is
550 * logically part of the length). However, some CAs have a non-standard
551 * authority keyid, so we lose. Too bad.
552 *
553 * This may push errors onto the stack when the certificate signature is
554 * not of the right type or length, throw these away,
555 */
556for(k = dane->pkeys; !done && k; k = k->next)
557 if(X509_verify(cert, k->value) > 0)
558 done = wrap_issuer(dane, k->value, cert, depth, WRAP_MID) ? 1 : -1;
559 else
560 ERR_clear_error();
561
562return done;
563}
564
565static int
566set_trust_anchor(X509_STORE_CTX *ctx, ssl_dane *dane, X509 *cert)
567{
568int matched = 0;
569int n;
570int i;
571int depth = 0;
572EVP_PKEY *takey;
573X509 *ca;
574STACK_OF(X509) *in = ctx->untrusted; /* XXX: Accessor? */
575
576if(!grow_chain(dane, UNTRUSTED, 0))
577 return -1;
578
579/*
580 * Accept a degenerate case: depth 0 self-signed trust-anchor.
581 */
582if(X509_check_issued(cert, cert) == X509_V_OK)
583 {
584 dane->depth = 0;
585 matched = match(dane->selectors[SSL_DANE_USAGE_TRUSTED_CA], cert, 0);
586 if(matched > 0 && !grow_chain(dane, TRUSTED, cert))
587 matched = -1;
588 return matched;
589 }
590
591/* Make a shallow copy of the input untrusted chain. */
592if(!(in = sk_X509_dup(in)))
593 {
594 DANEerr(DANE_F_SET_TRUST_ANCHOR, ERR_R_MALLOC_FAILURE);
595 return -1;
596 }
597
598/*
599 * At each iteration we consume the issuer of the current cert. This
600 * reduces the length of the "in" chain by one. If no issuer is found,
601 * we are done. We also stop when a certificate matches a TA in the
602 * peer's TLSA RRset.
603 *
604 * Caller ensures that the initial certificate is not self-signed.
605 */
606for(n = sk_X509_num(in); n > 0; --n, ++depth)
607 {
608 for(i = 0; i < n; ++i)
609 if(X509_check_issued(sk_X509_value(in, i), cert) == X509_V_OK)
610 break;
611
612 /*
613 * Final untrusted element with no issuer in the peer's chain, it may
614 * however be signed by a pkey or cert obtained via a TLSA RR.
615 */
616 if(i == n)
617 break;
618
619 /* Peer's chain contains an issuer ca. */
620 ca = sk_X509_delete(in, i);
621
622 /* If not a trust anchor, record untrusted ca and continue. */
623 if((matched = match(dane->selectors[SSL_DANE_USAGE_TRUSTED_CA], ca, depth+1))
624 == 0)
625 {
626 if(grow_chain(dane, UNTRUSTED, ca))
627 {
628 if(!X509_check_issued(ca, ca) == X509_V_OK)
629 {
630 /* Restart with issuer as subject */
631 cert = ca;
632 continue;
633 }
634 /* Final self-signed element, skip ta_signed() check. */
635 cert = 0;
636 }
637 else
638 matched = -1;
639 }
640 else if(matched == MATCHED_CERT)
641 {
642 if(!wrap_cert(dane, ca, depth))
643 matched = -1;
644 }
645 else if(matched == MATCHED_PKEY)
646 {
647 if( !(takey = X509_get_pubkey(ca))
648 || !wrap_issuer(dane, takey, cert, depth, WRAP_MID))
649 {
650 if(takey)
651 EVP_PKEY_free(takey);
652 else
653 DANEerr(DANE_F_SET_TRUST_ANCHOR, ERR_R_MALLOC_FAILURE);
654 matched = -1;
655 }
656 }
657 break;
658 }
659
660/* Shallow free the duplicated input untrusted chain. */
661sk_X509_free(in);
662
663/*
664 * When the loop exits, if "cert" is set, it is not self-signed and has
665 * no issuer in the chain, we check for a possible signature via a DNS
666 * obtained TA cert or public key.
667 */
668if(matched == 0 && cert)
669 matched = ta_signed(dane, cert, depth);
670
671return matched;
672}
673
674static int
675check_end_entity(X509_STORE_CTX *ctx, ssl_dane *dane, X509 *cert)
676{
677int matched;
678
679matched = match(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF], cert, 0);
680if(matched > 0)
681 if(!ctx->chain)
682 {
683 if( (ctx->chain = sk_X509_new_null())
684 && sk_X509_push(ctx->chain, cert))
685 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
686 else
687 {
688 DANEerr(DANE_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE);
689 return -1;
690 }
691 }
692return matched;
693}
694
695static int
696match_name(const char *certid, ssl_dane *dane)
697{
698int multi = dane->multi;
699dane_host_list hosts;
700
701for(hosts = dane->hosts; hosts; hosts = hosts->next)
702 {
703 int match_subdomain = 0;
704 const char *domain = hosts->value;
705 const char *parent;
706 int idlen;
707 int domlen;
708
709 if(*domain == '.' && domain[1] != '\0')
710 {
711 ++domain;
712 match_subdomain = 1;
713 }
714
715 /*
716 * Sub-domain match: certid is any sub-domain of hostname.
717 */
718 if(match_subdomain)
719 {
720 if( (idlen = strlen(certid)) > (domlen = strlen(domain)) + 1
721 && certid[idlen - domlen - 1] == '.'
722 && !strcasecmp(certid + (idlen - domlen), domain))
723 return 1;
724 else
725 continue;
726 }
727
728 /*
729 * Exact match and initial "*" match. The initial "*" in a certid
730 * matches one (if multi is false) or more hostname components under
731 * the condition that the certid contains multiple hostname components.
732 */
733 if( !strcasecmp(certid, domain)
734 || ( certid[0] == '*' && certid[1] == '.' && certid[2] != 0
735 && (parent = strchr(domain, '.')) != 0
736 && (idlen = strlen(certid + 1)) <= (domlen = strlen(parent))
737 && strcasecmp(multi ? parent + domlen - idlen : parent, certid+1) == 0))
738 return 1;
739 }
740return 0;
741}
742
743static char *
744check_name(char *name, int len)
745{
746char *cp = name + len;
747
748while(len > 0 && !*--cp)
749 --len; /* Ignore trailing NULs */
750if(len <= 0)
751 return 0;
752for(cp = name; *cp; cp++)
753 {
754 char c = *cp;
755 if (!((c >= 'a' && c <= 'z') ||
756 (c >= '0' && c <= '9') ||
757 (c >= 'A' && c <= 'Z') ||
758 (c == '.' || c == '-') ||
759 (c == '*')))
760 return 0; /* Only LDH, '.' and '*' */
761 }
762if(cp - name != len) /* Guard against internal NULs */
763 return 0;
764return name;
765}
766
767static char *
768parse_dns_name(const GENERAL_NAME *gn)
769{
770if(gn->type != GEN_DNS)
771 return 0;
772if(ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING)
773 return 0;
774return check_name((char *) ASN1_STRING_data(gn->d.ia5),
775 ASN1_STRING_length(gn->d.ia5));
776}
777
778static char *
779parse_subject_name(X509 *cert)
780{
781X509_NAME *name = X509_get_subject_name(cert);
782X509_NAME_ENTRY *entry;
783ASN1_STRING *entry_str;
784unsigned char *namebuf;
785int nid = NID_commonName;
786int len;
787int i;
788
789if(!name || (i = X509_NAME_get_index_by_NID(name, nid, -1)) < 0)
790 return 0;
791if(!(entry = X509_NAME_get_entry(name, i)))
792 return 0;
793if(!(entry_str = X509_NAME_ENTRY_get_data(entry)))
794 return 0;
795
796if((len = ASN1_STRING_to_UTF8(&namebuf, entry_str)) < 0)
797 return 0;
798if(len <= 0 || check_name((char *) namebuf, len) == 0)
799 {
800 OPENSSL_free(namebuf);
801 return 0;
802 }
803return (char *) namebuf;
804}
805
806static int
807name_check(ssl_dane *dane, X509 *cert)
808{
809int matched = 0;
810BOOL got_altname = FALSE;
811GENERAL_NAMES *gens;
812
813gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0);
814if(gens)
815 {
816 int n = sk_GENERAL_NAME_num(gens);
817 int i;
818
819 for(i = 0; i < n; ++i)
820 {
821 const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);
822 const char *certid;
823
824 if(gn->type != GEN_DNS)
825 continue;
826 got_altname = TRUE;
827 certid = parse_dns_name(gn);
828 if(certid && *certid)
829 {
830 if((matched = match_name(certid, dane)) == 0)
831 continue;
832 if(!(dane->mhost = OPENSSL_strdup(certid)))
833 matched = -1;
834 break;
835 }
836 }
837 GENERAL_NAMES_free(gens);
838 }
839
840/*
841 * XXX: Should the subjectName be skipped when *any* altnames are present,
842 * or only when DNS altnames are present?
843 */
844if(got_altname)
845 {
846 char *certid = parse_subject_name(cert);
847 if(certid != 0 && *certid && (matched = match_name(certid, dane)) != 0)
848 dane->mhost = certid; /* Already a copy */
849 }
850return matched;
851}
852
853static int
854verify_chain(X509_STORE_CTX *ctx)
855{
856dane_selector_list issuer_rrs;
857dane_selector_list leaf_rrs;
858int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb;
859int ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
860SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_idx);
861ssl_dane *dane = SSL_get_ex_data(ssl, dane_idx);
862X509 *cert = ctx->cert; /* XXX: accessor? */
863int matched = 0;
864int chain_length = sk_X509_num(ctx->chain);
865
866DEBUG(D_tls) debug_printf("Dane verify-chain\n");
867
868issuer_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_ISSUER];
869leaf_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_LEAF];
870ctx->verify = dane->verify;
871
872if((matched = name_check(dane, cert)) < 0)
873 {
874 X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
875 return 0;
876 }
877
878if(!matched)
879 {
880 ctx->error_depth = 0;
881 ctx->current_cert = cert;
882 X509_STORE_CTX_set_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH);
883 if(!cb(0, ctx))
884 return 0;
885 }
886matched = 0;
887
888/*
889 * Satisfy at least one usage 0 or 1 constraint, unless we've already
890 * matched a usage 2 trust anchor.
891 *
892 * XXX: internal_verify() doesn't callback with top certs that are not
893 * self-issued. This should be fixed in a future OpenSSL.
894 */
895if(dane->roots && sk_X509_num(dane->roots))
896 {
897#ifndef NO_CALLBACK_WORKAROUND
898 X509 *top = sk_X509_value(ctx->chain, dane->depth);
899
900 if(X509_check_issued(top, top) != X509_V_OK)
901 {
902 ctx->error_depth = dane->depth;
903 ctx->current_cert = top;
904 if(!cb(1, ctx))
905 return 0;
906 }
907#endif
908 /* Pop synthetic trust-anchor ancestors off the chain! */
909 while (--chain_length > dane->depth)
910 X509_free(sk_X509_pop(ctx->chain));
911 }
912else if(issuer_rrs || leaf_rrs)
913 {
914 int n = chain_length;
915
916 /*
917 * Check for an EE match, then a CA match at depths > 0, and
918 * finally, if the EE cert is self-issued, for a depth 0 CA match.
919 */
920 if(leaf_rrs)
921 matched = match(leaf_rrs, cert, 0);
922 while(!matched && issuer_rrs && --n >= 0)
923 {
924 X509 *xn = sk_X509_value(ctx->chain, n);
925
926 if(n > 0 || X509_check_issued(xn, xn) == X509_V_OK)
927 matched = match(issuer_rrs, xn, n);
928 }
929
930 if(matched < 0)
931 {
932 X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
933 return 0;
934 }
935
936 if(!matched)
937 {
938 ctx->current_cert = cert;
939 ctx->error_depth = 0;
940 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_UNTRUSTED);
941 if(!cb(0, ctx))
942 return 0;
943 }
944 }
945
946return ctx->verify(ctx);
947}
948
949static int
950verify_cert(X509_STORE_CTX *ctx, void *unused_ctx)
951{
952static int ssl_idx = -1;
953SSL *ssl;
954ssl_dane *dane;
955int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb;
956int matched;
957X509 *cert = ctx->cert; /* XXX: accessor? */
958
959DEBUG(D_tls) debug_printf("Dane verify-cert\n");
960
961if(ssl_idx < 0)
962 ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
963if(dane_idx < 0)
964 {
965 DANEerr(DANE_F_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
966 return -1;
967 }
968
969ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_idx);
970if(!(dane = SSL_get_ex_data(ssl, dane_idx)) || !cert)
971 return X509_verify_cert(ctx);
972
973if(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF])
974 {
975 if((matched = check_end_entity(ctx, dane, cert)) > 0)
976 {
977 ctx->error_depth = 0;
978 ctx->current_cert = cert;
979 return cb(1, ctx);
980 }
981 if(matched < 0)
982 {
983 X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
984 return -1;
985 }
986 }
987
988if(dane->selectors[SSL_DANE_USAGE_TRUSTED_CA])
989 {
990 if((matched = set_trust_anchor(ctx, dane, cert)) < 0)
991 {
992 X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
993 return -1;
994 }
995 if(matched)
996 {
997 /*
998 * Check that setting the untrusted chain updates the expected
999 * structure member at the expected offset.
1000 */
1001 X509_STORE_CTX_trusted_stack(ctx, dane->roots);
1002 X509_STORE_CTX_set_chain(ctx, dane->chain);
1003 OPENSSL_assert(ctx->untrusted == dane->chain);
1004 }
1005 }
1006
1007/*
1008 * Name checks and usage 0/1 constraint enforcement are delayed until
1009 * X509_verify_cert() builds the full chain and calls our verify_chain()
1010 * wrapper.
1011 */
1012dane->verify = ctx->verify;
1013ctx->verify = verify_chain;
1014
1015return X509_verify_cert(ctx);
1016}
1017
1018static dane_list
1019list_alloc(size_t vsize)
1020{
1021void *value = (void *) OPENSSL_malloc(vsize);
1022dane_list l;
1023
1024if(!value)
1025 {
1026 DANEerr(DANE_F_LIST_ALLOC, ERR_R_MALLOC_FAILURE);
1027 return 0;
1028 }
1029if(!(l = (dane_list) OPENSSL_malloc(sizeof(*l))))
1030 {
1031 OPENSSL_free(value);
1032 DANEerr(DANE_F_LIST_ALLOC, ERR_R_MALLOC_FAILURE);
1033 return 0;
1034 }
1035l->next = 0;
1036l->value = value;
1037return l;
1038}
1039
1040static void
1041list_free(void *list, void (*f)(void *))
1042{
1043dane_list head;
1044dane_list next;
1045
1046for(head = (dane_list) list; head; head = next)
1047 {
1048 next = head->next;
1049 if (f && head->value)
1050 f(head->value);
1051 OPENSSL_free(head);
1052 }
1053}
1054
1055static void
1056dane_mtype_free(void *p)
1057{
1058list_free(((dane_mtype) p)->data, OPENSSL_freeFunc);
1059OPENSSL_free(p);
1060}
1061
1062static void
1063dane_selector_free(void *p)
1064{
1065list_free(((dane_selector) p)->mtype, dane_mtype_free);
1066OPENSSL_free(p);
1067}
1068
1069
1070
1071/*
1072
1073Tidy up once the connection is finished with.
1074
1075Arguments
1076 ssl The ssl connection handle
1077
1078=> Before calling SSL_free()
1079tls_close() and tls_getc() [the error path] are the obvious places.
1080Could we do it earlier - right after verification? In tls_client_start()
1081right after SSL_connect() returns, in that case.
1082
1083*/
1084
1085void
1086DANESSL_cleanup(SSL *ssl)
1087{
1088ssl_dane *dane;
1089int u;
1090
1091DEBUG(D_tls) debug_printf("Dane lib-cleanup\n");
1092
1093if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx)))
1094 return;
1095(void) SSL_set_ex_data(ssl, dane_idx, 0);
1096
1097if(dane->hosts)
1098 list_free(dane->hosts, OPENSSL_freeFunc);
1099if(dane->mhost)
1100 OPENSSL_free(dane->mhost);
1101for(u = 0; u <= SSL_DANE_USAGE_LAST; ++u)
1102 if(dane->selectors[u])
1103 list_free(dane->selectors[u], dane_selector_free);
1104if(dane->pkeys)
1105 list_free(dane->pkeys, pkey_free);
1106if(dane->certs)
1107 list_free(dane->certs, cert_free);
1108if(dane->roots)
1109 sk_X509_pop_free(dane->roots, X509_free);
1110if(dane->chain)
1111 sk_X509_pop_free(dane->chain, X509_free);
1112OPENSSL_free(dane);
1113}
1114
1115static dane_host_list
1116host_list_init(const char **src)
1117{
1118dane_host_list head = NULL;
1119
1120while(*src)
1121 {
1122 dane_host_list elem = (dane_host_list) OPENSSL_malloc(sizeof(*elem));
1123 if(!elem)
1124 {
1125 list_free(head, OPENSSL_freeFunc);
1126 return 0;
1127 }
1128 elem->value = OPENSSL_strdup(*src++);
1129 LINSERT(head, elem);
1130 }
1131return head;
1132}
1133
1134
1135
1136
1137/*
1138
1139Call this for each TLSA record found for the target, after the
1140DANE setup has been done on the ssl connection handle.
1141
1142Arguments:
1143 ssl Connection handle
1144 usage TLSA record field
1145 selector TLSA record field
1146 mdname ??? message digest name?
1147 data ??? TLSA record megalump?
1148 dlen length of data
1149
1150Return
1151 -1 on error
1152 0 action not taken
1153 1 record accepted
1154*/
1155
1156int
1157DANESSL_add_tlsa(SSL *ssl, uint8_t usage, uint8_t selector, const char *mdname,
1158 unsigned const char *data, size_t dlen)
1159{
1160ssl_dane *dane;
1161dane_selector_list s = 0;
1162dane_mtype_list m = 0;
1163dane_data_list d = 0;
1164dane_cert_list xlist = 0;
1165dane_pkey_list klist = 0;
1166const EVP_MD *md = 0;
1167
1168DEBUG(D_tls) debug_printf("Dane add-tlsa: usage %u sel %u mdname \"%s\"\n",
1169 usage, selector, mdname);
1170
1171if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx)))
1172 {
1173 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_DANE_INIT);
1174 return -1;
1175 }
1176
1177if(usage > SSL_DANE_USAGE_LAST)
1178 {
1179 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_USAGE);
1180 return 0;
1181 }
1182if(selector > SSL_DANE_SELECTOR_LAST)
1183 {
1184 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_SELECTOR);
1185 return 0;
1186 }
1187if(mdname && !(md = EVP_get_digestbyname(mdname)))
1188 {
1189 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_DIGEST);
1190 return 0;
1191 }
1192if(!data)
1193 {
1194 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_NULL_DATA);
1195 return 0;
1196 }
1197if(mdname && dlen != EVP_MD_size(md))
1198 {
1199 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_DATA_LENGTH);
1200 return 0;
1201 }
1202
1203if(!mdname)
1204 {
1205 X509 *x = 0;
1206 EVP_PKEY *k = 0;
1207 const unsigned char *p = data;
1208
1209#define xklistinit(lvar, ltype, var, freeFunc) do { \
1210 (lvar) = (ltype) OPENSSL_malloc(sizeof(*(lvar))); \
1211 if (!(lvar)) { \
1212 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, ERR_R_MALLOC_FAILURE); \
1213 freeFunc((var)); \
1214 return 0; \
1215 } \
1216 (lvar)->next = 0; \
1217 lvar->value = var; \
1218 } while (0)
1219#define xkfreeret(ret) do { \
1220 if (xlist) list_free(xlist, cert_free); \
1221 if (klist) list_free(klist, pkey_free); \
1222 return (ret); \
1223 } while (0)
1224
1225 switch(selector)
1226 {
1227 case SSL_DANE_SELECTOR_CERT:
1228 if(!d2i_X509(&x, &p, dlen) || dlen != p - data)
1229 {
1230 if (x)
1231 X509_free(x);
1232 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_CERT);
1233 return 0;
1234 }
1235 k = X509_get_pubkey(x);
1236 EVP_PKEY_free(k);
1237 if(!k)
1238 {
1239 X509_free(x);
1240 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_CERT_PKEY);
1241 return 0;
1242 }
1243 if(usage == SSL_DANE_USAGE_TRUSTED_CA)
1244 xklistinit(xlist, dane_cert_list, x, X509_free);
1245 break;
1246
1247 case SSL_DANE_SELECTOR_SPKI:
1248 if(!d2i_PUBKEY(&k, &p, dlen) || dlen != p - data)
1249 {
1250 if(k)
1251 EVP_PKEY_free(k);
1252 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_PKEY);
1253 return 0;
1254 }
1255 if(usage == SSL_DANE_USAGE_TRUSTED_CA)
1256 xklistinit(klist, dane_pkey_list, k, EVP_PKEY_free);
1257 break;
1258 }
1259 }
1260
1261/* Find insertion point and don't add duplicate elements. */
1262for(s = dane->selectors[usage]; s; s = s->next)
1263 if(s->value->selector == selector)
1264 for(m = s->value->mtype; m; m = m->next)
1265 if(m->value->md == md)
1266 for(d = m->value->data; d; d = d->next)
1267 if( d->value->datalen == dlen
1268 && memcmp(d->value->data, data, dlen) == 0)
1269 xkfreeret(1);
1270
1271if(!(d = (dane_data_list) list_alloc(sizeof(*d->value) + dlen)))
1272 xkfreeret(0);
1273d->value->datalen = dlen;
1274memcpy(d->value->data, data, dlen);
1275if(!m)
1276 {
1277 if(!(m = (dane_mtype_list) list_alloc(sizeof(*m->value))))
1278 {
1279 list_free(d, OPENSSL_freeFunc);
1280 xkfreeret(0);
1281 }
1282 m->value->data = 0;
1283 if((m->value->md = md) != 0)
1284 m->value->mdlen = dlen;
1285 if(!s)
1286 {
1287 if(!(s = (dane_selector_list) list_alloc(sizeof(*s->value))))
1288 {
1289 list_free(m, dane_mtype_free);
1290 xkfreeret(0);
1291 }
1292 s->value->mtype = 0;
1293 s->value->selector = selector;
1294 LINSERT(dane->selectors[usage], s);
1295 }
1296 LINSERT(s->value->mtype, m);
1297 }
1298LINSERT(m->value->data, d);
1299
1300if(xlist)
1301 LINSERT(dane->certs, xlist);
1302else if(klist)
1303 LINSERT(dane->pkeys, klist);
1304++dane->count;
1305return 1;
1306}
1307
1308
1309
1310
1311/*
1312Call this once we have an ssl connection handle but before
1313making the TLS connection.
1314
1315=> In tls_client_start() after the call to SSL_new()
1316and before the call to SSL_connect(). Exactly where
1317probably does not matter.
1318We probably want to keep our existing SNI handling;
1319call this with NULL.
1320
1321Arguments:
1322 ssl Connection handle
1323 sni_domain Optional peer server name
1324 hostnames list of names to chack against peer cert
1325
1326Return
1327 -1 on fatal error
1328 0 nonfatal error
1329 1 success
1330*/
1331
1332int
1333DANESSL_init(SSL *ssl, const char *sni_domain, const char **hostnames)
1334{
1335ssl_dane *dane;
1336int i;
1337#ifdef OPENSSL_INTERNAL
1338SSL_CTX *sctx = SSL_get_SSL_CTX(ssl);
1339
1340
1341if(sctx->app_verify_callback != verify_cert)
1342 {
1343 DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_SCTX_INIT);
1344 return -1;
1345 }
1346#else
1347DEBUG(D_tls) debug_printf("Dane ssl-init\n");
1348if(dane_idx < 0)
1349 {
1350 DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_LIBRARY_INIT);
1351 return -1;
1352 }
1353#endif
1354
1355if(sni_domain && !SSL_set_tlsext_host_name(ssl, sni_domain))
1356 return 0;
1357
1358if(!(dane = (ssl_dane *) OPENSSL_malloc(sizeof(ssl_dane))))
1359 {
1360 DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE);
1361 return 0;
1362 }
1363if(!SSL_set_ex_data(ssl, dane_idx, dane))
1364 {
1365 DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE);
1366 OPENSSL_free(dane);
1367 return 0;
1368 }
1369
1370dane->verify = 0;
1371dane->hosts = 0;
1372dane->thost = 0;
1373dane->pkeys = 0;
1374dane->certs = 0;
1375dane->chain = 0;
1376dane->roots = 0;
1377dane->depth = -1;
1378dane->mhost = 0; /* Future SSL control interface */
1379dane->multi = 0; /* Future SSL control interface */
1380dane->count = 0;
1381
1382for(i = 0; i <= SSL_DANE_USAGE_LAST; ++i)
1383 dane->selectors[i] = 0;
1384
1385if(hostnames && !(dane->hosts = host_list_init(hostnames)))
1386 {
1387 DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE);
1388 DANESSL_cleanup(ssl);
1389 return 0;
1390 }
1391
1392return 1;
1393}
1394
1395
1396/*
1397
1398Call this once we have a context to work with, but
1399before DANESSL_init()
1400
1401=> in tls_client_start(), after tls_init() call gives us the ctx,
1402if we decide we want to (policy) and can (TLSA records available)
1403replacing (? what about fallback) everything from testing tls_verify_hosts
1404down to just before calling SSL_new() for the conn handle.
1405
1406Arguments
1407 ctx SSL context
1408
1409Return
1410 -1 Error
1411 1 Success
1412*/
1413
1414int
1415DANESSL_CTX_init(SSL_CTX *ctx)
1416{
1417DEBUG(D_tls) debug_printf("Dane ctx-init\n");
1418if(dane_idx >= 0)
1419 {
1420 SSL_CTX_set_cert_verify_callback(ctx, verify_cert, 0);
1421 return 1;
1422 }
1423DANEerr(DANE_F_SSL_CTX_DANE_INIT, DANE_R_LIBRARY_INIT);
1424return -1;
1425}
1426
1427static int
1428init_once(volatile int *value, int (*init)(void), void (*postinit)(void))
1429{
1430int wlock = 0;
1431
1432CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
1433if(*value < 0)
1434 {
1435 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
1436 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
1437 wlock = 1;
1438 if(*value < 0)
1439 {
1440 *value = init();
1441 if(postinit)
1442 postinit();
1443 }
1444 }
1445if (wlock)
1446 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1447else
1448 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
1449return *value;
1450}
1451
1452static void
1453dane_init(void)
1454{
1455/*
1456 * Store library id in zeroth function slot, used to locate the library
1457 * name. This must be done before we load the error strings.
1458 */
1459#ifndef OPENSSL_NO_ERR
1460dane_str_functs[0].error |= ERR_PACK(err_lib_dane, 0, 0);
1461ERR_load_strings(err_lib_dane, dane_str_functs);
1462ERR_load_strings(err_lib_dane, dane_str_reasons);
1463#endif
1464
1465/*
1466 * Register SHA-2 digests, if implemented and not already registered.
1467 */
1468#if defined(LN_sha256) && defined(NID_sha256) && !defined(OPENSSL_NO_SHA256)
1469if(!EVP_get_digestbyname(LN_sha224)) EVP_add_digest(EVP_sha224());
1470if(!EVP_get_digestbyname(LN_sha256)) EVP_add_digest(EVP_sha256());
1471#endif
1472#if defined(LN_sha512) && defined(NID_sha512) && !defined(OPENSSL_NO_SHA512)
1473if(!EVP_get_digestbyname(LN_sha384)) EVP_add_digest(EVP_sha384());
1474if(!EVP_get_digestbyname(LN_sha512)) EVP_add_digest(EVP_sha512());
1475#endif
1476
1477/*
1478 * Register an SSL index for the connection-specific ssl_dane structure.
1479 * Using a separate index makes it possible to add DANE support to
1480 * existing OpenSSL releases that don't have a suitable pointer in the
1481 * SSL structure.
1482 */
1483dane_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0);
1484}
1485
1486
1487
1488/*
1489
1490Call this once. Probably early in startup will do; may need
1491to be after SSL library init.
1492
1493=> put after call to tls_init() for now
1494
1495Return
1496 1 Success
1497 0 Fail
1498*/
1499
1500int
1501DANESSL_library_init(void)
1502{
1503DEBUG(D_tls) debug_printf("Dane lib-init\n");
1504if(err_lib_dane < 0)
1505 init_once(&err_lib_dane, ERR_get_next_error_library, dane_init);
1506
1507#if defined(LN_sha256)
1508/* No DANE without SHA256 support */
1509if(dane_idx >= 0 && EVP_get_digestbyname(LN_sha256) != 0)
1510 return 1;
1511#endif
1512
1513DANEerr(DANE_F_SSL_DANE_LIBRARY_INIT, DANE_R_DANE_SUPPORT);
1514return 0;
1515}
1516
1517
1518#endif /* OPENSSL_VERSION_NUMBER */
1519/* vi: aw ai sw=2
1520*/
Unnamed repository; edit this file 'description' to name the repository.