projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Framework to build dane support
[exim.git] / src / src / dane-openssl.c
1 #include <stdio.h>
2 #include <string.h>
3 #include <stdint.h>
4
5 #include <openssl/opensslv.h>
6 #include <openssl/err.h>
7 #include <openssl/crypto.h>
8 #include <openssl/safestack.h>
9 #include <openssl/objects.h>
10 #include <openssl/x509.h>
11 #include <openssl/x509v3.h>
12 #include <openssl/evp.h>
13
14 #if OPENSSL_VERSION_NUMBER < 0x1000000fL
15 #error "OpenSSL 1.0.0 or higher required"
16 #else
17
18 #include "danessl.h"
19
20 #define DANE_F_ADD_SKID 100
21 #define DANE_F_CHECK_END_ENTITY 101
22 #define DANE_F_GROW_CHAIN 102
23 #define DANE_F_LIST_ALLOC 103
24 #define DANE_F_MATCH 104
25 #define DANE_F_PUSH_EXT 105
26 #define DANE_F_SET_TRUST_ANCHOR 106
27 #define DANE_F_SSL_CTX_DANE_INIT 107
28 #define DANE_F_SSL_DANE_ADD_TLSA 108
29 #define DANE_F_SSL_DANE_INIT 109
30 #define DANE_F_SSL_DANE_LIBRARY_INIT 110
31 #define DANE_F_VERIFY_CERT 111
32 #define DANE_F_WRAP_CERT 112
33
34 #define DANE_R_BAD_CERT 100
35 #define DANE_R_BAD_CERT_PKEY 101
36 #define DANE_R_BAD_DATA_LENGTH 102
37 #define DANE_R_BAD_DIGEST 103
38 #define DANE_R_BAD_NULL_DATA 104
39 #define DANE_R_BAD_PKEY 105
40 #define DANE_R_BAD_SELECTOR 106
41 #define DANE_R_BAD_USAGE 107
42 #define DANE_R_DANE_INIT 108
43 #define DANE_R_DANE_SUPPORT 109
44 #define DANE_R_LIBRARY_INIT 110
45 #define DANE_R_NOSIGN_KEY 111
46 #define DANE_R_SCTX_INIT 112
47
48 #ifndef OPENSSL_NO_ERR
49 #define DANE_F_PLACEHOLDER 0 /* FIRST! Value TBD */
50 static ERR_STRING_DATA dane_str_functs[] = {
51 {DANE_F_PLACEHOLDER, "DANE library"}, /* FIRST!!! */
52 {DANE_F_ADD_SKID, "add_skid"},
53 {DANE_F_CHECK_END_ENTITY, "check_end_entity"},
54 {DANE_F_GROW_CHAIN, "grow_chain"},
55 {DANE_F_LIST_ALLOC, "list_alloc"},
56 {DANE_F_MATCH, "match"},
57 {DANE_F_PUSH_EXT, "push_ext"},
58 {DANE_F_SET_TRUST_ANCHOR, "set_trust_anchor"},
59 {DANE_F_SSL_CTX_DANE_INIT, "SSL_CTX_dane_init"},
60 {DANE_F_SSL_DANE_ADD_TLSA, "SSL_dane_add_tlsa"},
61 {DANE_F_SSL_DANE_INIT, "SSL_dane_init"},
62 {DANE_F_SSL_DANE_LIBRARY_INIT, "SSL_dane_library_init"},
63 {DANE_F_VERIFY_CERT, "verify_cert"},
64 {DANE_F_WRAP_CERT, "wrap_cert"},
65 {0, NULL}
66 };
67 static ERR_STRING_DATA dane_str_reasons[] = {
68 {DANE_R_BAD_CERT, "Bad TLSA record certificate"},
69 {DANE_R_BAD_CERT_PKEY, "Bad TLSA record certificate public key"},
70 {DANE_R_BAD_DATA_LENGTH, "Bad TLSA record digest length"},
71 {DANE_R_BAD_DIGEST, "Bad TLSA record digest"},
72 {DANE_R_BAD_NULL_DATA, "Bad TLSA record null data"},
73 {DANE_R_BAD_PKEY, "Bad TLSA record public key"},
74 {DANE_R_BAD_SELECTOR, "Bad TLSA record selector"},
75 {DANE_R_BAD_USAGE, "Bad TLSA record usage"},
76 {DANE_R_DANE_INIT, "SSL_dane_init() required"},
77 {DANE_R_DANE_SUPPORT, "DANE library features not supported"},
78 {DANE_R_LIBRARY_INIT, "SSL_dane_library_init() required"},
79 {DANE_R_SCTX_INIT, "SSL_CTX_dane_init() required"},
80 {DANE_R_NOSIGN_KEY, "Certificate usage 2 requires EC support"},
81 {0, NULL}
82 };
83 #endif
84
85 #define DANEerr(f, r) ERR_PUT_error(err_lib_dane, (f), (r), __FILE__, __LINE__)
86
87 static int err_lib_dane = -1;
88 static int dane_idx = -1;
89
90 #ifdef X509_V_FLAG_PARTIAL_CHAIN /* OpenSSL >= 1.0.2 */
91 static int wrap_to_root = 0;
92 #else
93 static int wrap_to_root = 1;
94 #endif
95
96 static void (*cert_free)(void *) = (void (*)(void *)) X509_free;
97 static void (*pkey_free)(void *) = (void (*)(void *)) EVP_PKEY_free;
98
99 typedef struct dane_list {
100 struct dane_list *next;
101 void *value;
102 } *dane_list;
103
104 #define LINSERT(h, e) do { (e)->next = (h); (h) = (e); } while (0)
105
106 typedef struct DANE_HOST_LIST {
107 struct DANE_HOST_LIST *next;
108 char *value;
109 } *DANE_HOST_LIST;
110
111 typedef struct dane_data {
112 size_t datalen;
113 unsigned char data[0];
114 } *dane_data;
115
116 typedef struct DANE_DATA_LIST {
117 struct DANE_DATA_LIST *next;
118 dane_data value;
119 } *DANE_DATA_LIST;
120
121 typedef struct dane_mtype {
122 int mdlen;
123 const EVP_MD *md;
124 DANE_DATA_LIST data;
125 } *dane_mtype;
126
127 typedef struct DANE_MTYPE_LIST {
128 struct DANE_MTYPE_LIST *next;
129 dane_mtype value;
130 } *DANE_MTYPE_LIST;
131
132 typedef struct dane_selector {
133 uint8_t selector;
134 DANE_MTYPE_LIST mtype;
135 } *dane_selector;
136
137 typedef struct DANE_SELECTOR_LIST {
138 struct DANE_SELECTOR_LIST *next;
139 dane_selector value;
140 } *DANE_SELECTOR_LIST;
141
142 typedef struct DANE_PKEY_LIST {
143 struct DANE_PKEY_LIST *next;
144 EVP_PKEY *value;
145 } *DANE_PKEY_LIST;
146
147 typedef struct DANE_CERT_LIST {
148 struct DANE_CERT_LIST *next;
149 X509 *value;
150 } *DANE_CERT_LIST;
151
152 typedef struct SSL_DANE {
153 int (*verify)(X509_STORE_CTX *);
154 STACK_OF(X509) *roots;
155 STACK_OF(X509) *chain;
156 const char *thost; /* TLSA base domain */
157 char *mhost; /* Matched, peer name */
158 DANE_PKEY_LIST pkeys;
159 DANE_CERT_LIST certs;
160 DANE_HOST_LIST hosts;
161 DANE_SELECTOR_LIST selectors[SSL_DANE_USAGE_LAST + 1];
162 int depth;
163 int multi; /* Multi-label wildcards? */
164 int count; /* Number of TLSA records */
165 } SSL_DANE;
166
167 #ifndef X509_V_ERR_HOSTNAME_MISMATCH
168 #define X509_V_ERR_HOSTNAME_MISMATCH X509_V_ERR_APPLICATION_VERIFICATION
169 #endif
170
171 static int match(DANE_SELECTOR_LIST slist, X509 *cert, int depth)
172 {
173 int matched;
174
175 /*
176 * Note, set_trust_anchor() needs to know whether the match was for a
177 * pkey digest or a certificate digest. We return MATCHED_PKEY or
178 * MATCHED_CERT accordingly.
179 */
180 #define MATCHED_CERT (SSL_DANE_SELECTOR_CERT + 1)
181 #define MATCHED_PKEY (SSL_DANE_SELECTOR_SPKI + 1)
182
183 /*
184 * Loop over each selector, mtype, and associated data element looking
185 * for a match.
186 */
187 for (matched = 0; !matched && slist; slist = slist->next) {
188 DANE_MTYPE_LIST m;
189 unsigned char mdbuf[EVP_MAX_MD_SIZE];
190 unsigned char *buf;
191 unsigned char *buf2;
192 unsigned int len;
193
194 /*
195 * Extract ASN.1 DER form of certificate or public key.
196 */
197 switch (slist->value->selector) {
198 case SSL_DANE_SELECTOR_CERT:
199 len = i2d_X509(cert, NULL);
200 buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
201 if (buf)
202 i2d_X509(cert, &buf2);
203 break;
204 case SSL_DANE_SELECTOR_SPKI:
205 len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
206 buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
207 if (buf)
208 i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf2);
209 break;
210 }
211
212 if (buf == NULL) {
213 DANEerr(DANE_F_MATCH, ERR_R_MALLOC_FAILURE);
214 return 0;
215 }
216 OPENSSL_assert(buf2 - buf == len);
217
218 /*
219 * Loop over each mtype and data element
220 */
221 for (m = slist->value->mtype; !matched && m; m = m->next) {
222 DANE_DATA_LIST d;
223 unsigned char *cmpbuf = buf;
224 unsigned int cmplen = len;
225
226 /*
227 * If it is a digest, compute the corresponding digest of the
228 * DER data for comparison, otherwise, use the full object.
229 */
230 if (m->value->md) {
231 cmpbuf = mdbuf;
232 if (!EVP_Digest(buf, len, cmpbuf, &cmplen, m->value->md, 0))
233 matched = -1;
234 }
235 for (d = m->value->data; !matched && d; d = d->next)
236 if (cmplen == d->value->datalen &&
237 memcmp(cmpbuf, d->value->data, cmplen) == 0)
238 matched = slist->value->selector + 1;
239 }
240
241 OPENSSL_free(buf);
242 }
243
244 return matched;
245 }
246
247 static int push_ext(X509 *cert, X509_EXTENSION *ext)
248 {
249 X509_EXTENSIONS *exts;
250
251 if (ext) {
252 if ((exts = cert->cert_info->extensions) == 0)
253 exts = cert->cert_info->extensions = sk_X509_EXTENSION_new_null();
254 if (exts && sk_X509_EXTENSION_push(exts, ext))
255 return 1;
256 X509_EXTENSION_free(ext);
257 }
258 DANEerr(DANE_F_PUSH_EXT, ERR_R_MALLOC_FAILURE);
259 return 0;
260 }
261
262 static int add_ext(X509 *issuer, X509 *subject, int ext_nid, char *ext_val)
263 {
264 X509V3_CTX v3ctx;
265
266 X509V3_set_ctx(&v3ctx, issuer, subject, 0, 0, 0);
267 return push_ext(subject, X509V3_EXT_conf_nid(0, &v3ctx, ext_nid, ext_val));
268 }
269
270 static int set_serial(X509 *cert, AUTHORITY_KEYID *akid, X509 *subject)
271 {
272 int ret = 0;
273 BIGNUM *bn;
274
275 if (akid && akid->serial)
276 return (X509_set_serialNumber(cert, akid->serial));
277
278 /*
279 * Add one to subject's serial to avoid collisions between TA serial and
280 * serial of signing root.
281 */
282 if ((bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(subject), 0)) != 0
283 && BN_add_word(bn, 1)
284 && BN_to_ASN1_INTEGER(bn, X509_get_serialNumber(cert)))
285 ret = 1;
286
287 if (bn)
288 BN_free(bn);
289 return ret;
290 }
291
292 static int add_akid(X509 *cert, AUTHORITY_KEYID *akid)
293 {
294 int nid = NID_authority_key_identifier;
295 ASN1_STRING *id;
296 unsigned char c = 0;
297 int ret = 0;
298
299 /*
300 * 0 will never be our subject keyid from a SHA-1 hash, but it could be
301 * our subject keyid if forced from child's akid. If so, set our
302 * authority keyid to 1. This way we are never self-signed, and thus
303 * exempt from any potential (off by default for now in OpenSSL)
304 * self-signature checks!
305 */
306 id = (ASN1_STRING *) ((akid && akid->keyid) ? akid->keyid : 0);
307 if (id && M_ASN1_STRING_length(id) == 1 && *M_ASN1_STRING_data(id) == c)
308 c = 1;
309
310 if ((akid = AUTHORITY_KEYID_new()) != 0
311 && (akid->keyid = ASN1_OCTET_STRING_new()) != 0
312 && M_ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1)
313 && X509_add1_ext_i2d(cert, nid, akid, 0, X509V3_ADD_APPEND))
314 ret = 1;
315 if (akid)
316 AUTHORITY_KEYID_free(akid);
317 return ret;
318 }
319
320 static int add_skid(X509 *cert, AUTHORITY_KEYID *akid)
321 {
322 int nid = NID_subject_key_identifier;
323
324 if (!akid || !akid->keyid)
325 return add_ext(0, cert, nid, "hash");
326 return X509_add1_ext_i2d(cert, nid, akid->keyid, 0, X509V3_ADD_APPEND) > 0;
327 }
328
329 static X509_NAME *akid_issuer_name(AUTHORITY_KEYID *akid)
330 {
331 if (akid && akid->issuer) {
332 int i;
333 GENERAL_NAMES *gens = akid->issuer;
334
335 for (i = 0; i < sk_GENERAL_NAME_num(gens); ++i) {
336 GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);
337
338 if (gn->type == GEN_DIRNAME)
339 return (gn->d.dirn);
340 }
341 }
342 return 0;
343 }
344
345 static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid)
346 {
347 X509_NAME *name = akid_issuer_name(akid);
348
349 /*
350 * If subject's akid specifies an authority key identifer issuer name, we
351 * must use that.
352 */
353 if (name)
354 return X509_set_issuer_name(cert, name);
355 return X509_set_issuer_name(cert, X509_get_subject_name(cert));
356 }
357
358 static int grow_chain(SSL_DANE *dane, int trusted, X509 *cert)
359 {
360 STACK_OF(X509) **xs = trusted ? &dane->roots : &dane->chain;
361 static ASN1_OBJECT *serverAuth = 0;
362
363 #define UNTRUSTED 0
364 #define TRUSTED 1
365
366 if (trusted && serverAuth == 0 &&
367 (serverAuth = OBJ_nid2obj(NID_server_auth)) == 0) {
368 DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE);
369 return 0;
370 }
371 if (!*xs && (*xs = sk_X509_new_null()) == 0) {
372 DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE);
373 return 0;
374 }
375
376 if (cert) {
377 if (trusted && !X509_add1_trust_object(cert, serverAuth))
378 return 0;
379 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
380 if (!sk_X509_push(*xs, cert)) {
381 X509_free(cert);
382 DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE);
383 return 0;
384 }
385 }
386 return 1;
387 }
388
389 static int wrap_issuer(
390 SSL_DANE *dane,
391 EVP_PKEY *key,
392 X509 *subject,
393 int depth,
394 int top
395 )
396 {
397 int ret = 1;
398 X509 *cert = 0;
399 AUTHORITY_KEYID *akid;
400 X509_NAME *name = X509_get_issuer_name(subject);
401 EVP_PKEY *newkey = key ? key : X509_get_pubkey(subject);
402
403 #define WRAP_MID 0 /* Ensure intermediate. */
404 #define WRAP_TOP 1 /* Ensure self-signed. */
405
406 if (name == 0 || newkey == 0 || (cert = X509_new()) == 0)
407 return 0;
408
409 /*
410 * Record the depth of the trust-anchor certificate.
411 */
412 if (dane->depth < 0)
413 dane->depth = depth + 1;
414
415 /*
416 * XXX: Uncaught error condition:
417 *
418 * The return value is NULL both when the extension is missing, and when
419 * OpenSSL rans out of memory while parsing the extension.
420 */
421 ERR_clear_error();
422 akid = X509_get_ext_d2i(subject, NID_authority_key_identifier, 0, 0);
423 /* XXX: Should we peek at the error stack here??? */
424
425 /*
426 * If top is true generate a self-issued root CA, otherwise an
427 * intermediate CA and possibly its self-signed issuer.
428 *
429 * CA cert valid for +/- 30 days
430 */
431 if (!X509_set_version(cert, 2)
432 || !set_serial(cert, akid, subject)
433 || !X509_set_subject_name(cert, name)
434 || !set_issuer_name(cert, akid)
435 || !X509_gmtime_adj(X509_get_notBefore(cert), -30 * 86400L)
436 || !X509_gmtime_adj(X509_get_notAfter(cert), 30 * 86400L)
437 || !X509_set_pubkey(cert, newkey)
438 || !add_ext(0, cert, NID_basic_constraints, "CA:TRUE")
439 || (!top && !add_akid(cert, akid))
440 || !add_skid(cert, akid)
441 || (!top && wrap_to_root &&
442 !wrap_issuer(dane, newkey, cert, depth, WRAP_TOP))) {
443 ret = 0;
444 }
445 if (akid)
446 AUTHORITY_KEYID_free(akid);
447 if (!key)
448 EVP_PKEY_free(newkey);
449 if (ret) {
450 if (!top && wrap_to_root)
451 ret = grow_chain(dane, UNTRUSTED, cert);
452 else
453 ret = grow_chain(dane, TRUSTED, cert);
454 }
455 if (cert)
456 X509_free(cert);
457 return ret;
458 }
459
460 static int wrap_cert(SSL_DANE *dane, X509 *tacert, int depth)
461 {
462 if (dane->depth < 0)
463 dane->depth = depth + 1;
464
465 /*
466 * If the TA certificate is self-issued, or need not be, use it directly.
467 * Otherwise, synthesize requisuite ancestors.
468 */
469 if (!wrap_to_root
470 || X509_check_issued(tacert, tacert) == X509_V_OK)
471 return grow_chain(dane, TRUSTED, tacert);
472
473 if (wrap_issuer(dane, 0, tacert, depth, WRAP_MID))
474 return grow_chain(dane, UNTRUSTED, tacert);
475 return 0;
476 }
477
478 static int ta_signed(SSL_DANE *dane, X509 *cert, int depth)
479 {
480 DANE_CERT_LIST x;
481 DANE_PKEY_LIST k;
482 EVP_PKEY *pk;
483 int done = 0;
484
485 /*
486 * First check whether issued and signed by a TA cert, this is cheaper
487 * than the bare-public key checks below, since we can determine whether
488 * the candidate TA certificate issued the certificate to be checked
489 * first (name comparisons), before we bother with signature checks
490 * (public key operations).
491 */
492 for (x = dane->certs; !done && x; x = x->next) {
493 if (X509_check_issued(x->value, cert) == X509_V_OK) {
494 if ((pk = X509_get_pubkey(x->value)) == 0) {
495 /*
496 * The cert originally contained a valid pkey, which does
497 * not just vanish, so this is most likely a memory error.
498 */
499 done = -1;
500 break;
501 }
502 /* Check signature, since some other TA may work if not this. */
503 if (X509_verify(cert, pk) > 0)
504 done = wrap_cert(dane, x->value, depth) ? 1 : -1;
505 EVP_PKEY_free(pk);
506 }
507 }
508
509 /*
510 * With bare TA public keys, we can't check whether the trust chain is
511 * issued by the key, but we can determine whether it is signed by the
512 * key, so we go with that.
513 *
514 * Ideally, the corresponding certificate was presented in the chain, and we
515 * matched it by its public key digest one level up. This code is here
516 * to handle adverse conditions imposed by sloppy administrators of
517 * receiving systems with poorly constructed chains.
518 *
519 * We'd like to optimize out keys that should not match when the cert's
520 * authority key id does not match the key id of this key computed via
521 * the RFC keyid algorithm (SHA-1 digest of public key bit-string sans
522 * ASN1 tag and length thus also excluding the unused bits field that is
523 * logically part of the length). However, some CAs have a non-standard
524 * authority keyid, so we lose. Too bad.
525 *
526 * This may push errors onto the stack when the certificate signature is
527 * not of the right type or length, throw these away,
528 */
529 for (k = dane->pkeys; !done && k; k = k->next)
530 if (X509_verify(cert, k->value) > 0)
531 done = wrap_issuer(dane, k->value, cert, depth, WRAP_MID) ? 1 : -1;
532 else
533 ERR_clear_error();
534
535 return done;
536 }
537
538 static int set_trust_anchor(X509_STORE_CTX *ctx, SSL_DANE *dane, X509 *cert)
539 {
540 int matched = 0;
541 int n;
542 int i;
543 int depth = 0;
544 EVP_PKEY *takey;
545 X509 *ca;
546 STACK_OF(X509) *in = ctx->untrusted; /* XXX: Accessor? */
547
548 if (!grow_chain(dane, UNTRUSTED, 0))
549 return -1;
550
551 /*
552 * Accept a degenerate case: depth 0 self-signed trust-anchor.
553 */
554 if (X509_check_issued(cert, cert) == X509_V_OK) {
555 dane->depth = 0;
556 matched = match(dane->selectors[SSL_DANE_USAGE_TRUSTED_CA], cert, 0);
557 if (matched > 0 && !grow_chain(dane, TRUSTED, cert))
558 matched = -1;
559 return matched;
560 }
561
562 /* Make a shallow copy of the input untrusted chain. */
563 if ((in = sk_X509_dup(in)) == 0) {
564 DANEerr(DANE_F_SET_TRUST_ANCHOR, ERR_R_MALLOC_FAILURE);
565 return -1;
566 }
567
568 /*
569 * At each iteration we consume the issuer of the current cert. This
570 * reduces the length of the "in" chain by one. If no issuer is found,
571 * we are done. We also stop when a certificate matches a TA in the
572 * peer's TLSA RRset.
573 *
574 * Caller ensures that the initial certificate is not self-signed.
575 */
576 for (n = sk_X509_num(in); n > 0; --n, ++depth) {
577 for (i = 0; i < n; ++i)
578 if (X509_check_issued(sk_X509_value(in, i), cert) == X509_V_OK)
579 break;
580
581 /*
582 * Final untrusted element with no issuer in the peer's chain, it may
583 * however be signed by a pkey or cert obtained via a TLSA RR.
584 */
585 if (i == n)
586 break;
587
588 /* Peer's chain contains an issuer ca. */
589 ca = sk_X509_delete(in, i);
590
591 /* If not a trust anchor, record untrusted ca and continue. */
592 if ((matched = match(dane->selectors[SSL_DANE_USAGE_TRUSTED_CA], ca,
593 depth + 1)) == 0) {
594 if (grow_chain(dane, UNTRUSTED, ca)) {
595 if (!X509_check_issued(ca, ca) == X509_V_OK) {
596 /* Restart with issuer as subject */
597 cert = ca;
598 continue;
599 }
600 /* Final self-signed element, skip ta_signed() check. */
601 cert = 0;
602 } else
603 matched = -1;
604 } else if (matched == MATCHED_CERT) {
605 if (!wrap_cert(dane, ca, depth))
606 matched = -1;
607 } else if (matched == MATCHED_PKEY) {
608 if ((takey = X509_get_pubkey(ca)) == 0 ||
609 !wrap_issuer(dane, takey, cert, depth, WRAP_MID)) {
610 if (takey)
611 EVP_PKEY_free(takey);
612 else
613 DANEerr(DANE_F_SET_TRUST_ANCHOR, ERR_R_MALLOC_FAILURE);
614 matched = -1;
615 }
616 }
617 break;
618 }
619
620 /* Shallow free the duplicated input untrusted chain. */
621 sk_X509_free(in);
622
623 /*
624 * When the loop exits, if "cert" is set, it is not self-signed and has
625 * no issuer in the chain, we check for a possible signature via a DNS
626 * obtained TA cert or public key.
627 */
628 if (matched == 0 && cert)
629 matched = ta_signed(dane, cert, depth);
630
631 return matched;
632 }
633
634 static int check_end_entity(X509_STORE_CTX *ctx, SSL_DANE *dane, X509 *cert)
635 {
636 int matched;
637
638 matched = match(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF], cert, 0);
639 if (matched > 0) {
640 if (ctx->chain == 0) {
641 if ((ctx->chain = sk_X509_new_null()) != 0 &&
642 sk_X509_push(ctx->chain, cert)) {
643 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
644 } else {
645 DANEerr(DANE_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE);
646 return -1;
647 }
648 }
649 }
650 return matched;
651 }
652
653 static int match_name(const char *certid, SSL_DANE *dane)
654 {
655 int multi = dane->multi;
656 DANE_HOST_LIST hosts = dane->hosts;
657
658 for (/* NOP */; hosts; hosts = hosts->next) {
659 int match_subdomain = 0;
660 const char *domain = hosts->value;
661 const char *parent;
662 int idlen;
663 int domlen;
664
665 if (*domain == '.' && domain[1] != '\0') {
666 ++domain;
667 match_subdomain = 1;
668 }
669
670 /*
671 * Sub-domain match: certid is any sub-domain of hostname.
672 */
673 if (match_subdomain) {
674 if ((idlen = strlen(certid)) > (domlen = strlen(domain)) + 1
675 && certid[idlen - domlen - 1] == '.'
676 && !strcasecmp(certid + (idlen - domlen), domain))
677 return 1;
678 else
679 continue;
680 }
681
682 /*
683 * Exact match and initial "*" match. The initial "*" in a certid
684 * matches one (if multi is false) or more hostname components under
685 * the condition that the certid contains multiple hostname components.
686 */
687 if (!strcasecmp(certid, domain)
688 || (certid[0] == '*' && certid[1] == '.' && certid[2] != 0
689 && (parent = strchr(domain, '.')) != 0
690 && (idlen = strlen(certid + 1)) <= (domlen = strlen(parent))
691 && strcasecmp(multi ? parent + domlen - idlen : parent,
692 certid + 1) == 0))
693 return 1;
694 }
695 return 0;
696 }
697
698 static char *check_name(char *name, int len)
699 {
700 register char *cp = name + len;
701
702 while (len > 0 && *--cp == 0)
703 --len; /* Ignore trailing NULs */
704 if (len <= 0)
705 return 0;
706 for (cp = name; *cp; cp++) {
707 register char c = *cp;
708 if (!((c >= 'a' && c <= 'z') ||
709 (c >= '0' && c <= '9') ||
710 (c >= 'A' && c <= 'Z') ||
711 (c == '.' || c == '-') ||
712 (c == '*')))
713 return 0; /* Only LDH, '.' and '*' */
714 }
715 if (cp - name != len) /* Guard against internal NULs */
716 return 0;
717 return name;
718 }
719
720 static char *parse_dns_name(const GENERAL_NAME *gn)
721 {
722 if (gn->type != GEN_DNS)
723 return 0;
724 if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING)
725 return 0;
726 return check_name((char *) ASN1_STRING_data(gn->d.ia5),
727 ASN1_STRING_length(gn->d.ia5));
728 }
729
730 static char *parse_subject_name(X509 *cert)
731 {
732 X509_NAME *name = X509_get_subject_name(cert);
733 X509_NAME_ENTRY *entry;
734 ASN1_STRING *entry_str;
735 unsigned char *namebuf;
736 int nid = NID_commonName;
737 int len;
738 int i;
739
740 if (name == 0 || (i = X509_NAME_get_index_by_NID(name, nid, -1)) < 0)
741 return 0;
742 if ((entry = X509_NAME_get_entry(name, i)) == 0)
743 return 0;
744 if ((entry_str = X509_NAME_ENTRY_get_data(entry)) == 0)
745 return 0;
746
747 if ((len = ASN1_STRING_to_UTF8(&namebuf, entry_str)) < 0)
748 return 0;
749 if (len <= 0 || check_name((char *) namebuf, len) == 0) {
750 OPENSSL_free(namebuf);
751 return 0;
752 }
753 return (char *) namebuf;
754 }
755
756 static int name_check(SSL_DANE *dane, X509 *cert)
757 {
758 int matched = 0;
759 int got_altname = 0;
760 GENERAL_NAMES *gens;
761
762 gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0);
763 if (gens) {
764 int n = sk_GENERAL_NAME_num(gens);
765 int i;
766
767 for (i = 0; i < n; ++i) {
768 const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);
769 const char *certid;
770
771 if (gn->type != GEN_DNS)
772 continue;
773 got_altname = 1;
774 certid = parse_dns_name(gn);
775 if (certid && *certid) {
776 if ((matched = match_name(certid, dane)) == 0)
777 continue;
778 if ((dane->mhost = OPENSSL_strdup(certid)) == 0)
779 matched = -1;
780 break;
781 }
782 }
783 GENERAL_NAMES_free(gens);
784 }
785
786 /*
787 * XXX: Should the subjectName be skipped when *any* altnames are present,
788 * or only when DNS altnames are present?
789 */
790 if (got_altname == 0) {
791 char *certid = parse_subject_name(cert);
792 if (certid != 0 && *certid && (matched = match_name(certid, dane)) != 0)
793 dane->mhost = certid; /* Already a copy */
794 }
795 return matched;
796 }
797
798 static int verify_chain(X509_STORE_CTX *ctx)
799 {
800 DANE_SELECTOR_LIST issuer_rrs;
801 DANE_SELECTOR_LIST leaf_rrs;
802 int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb;
803 int ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
804 SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_idx);
805 SSL_DANE *dane = SSL_get_ex_data(ssl, dane_idx);
806 X509 *cert = ctx->cert; /* XXX: accessor? */
807 int matched = 0;
808 int chain_length = sk_X509_num(ctx->chain);
809
810 issuer_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_ISSUER];
811 leaf_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_LEAF];
812 ctx->verify = dane->verify;
813
814 if ((matched = name_check(dane, cert)) < 0) {
815 X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
816 return 0;
817 }
818
819 if (!matched) {
820 ctx->error_depth = 0;
821 ctx->current_cert = cert;
822 X509_STORE_CTX_set_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH);
823 if (!cb(0, ctx))
824 return 0;
825 }
826 matched = 0;
827
828 /*
829 * Satisfy at least one usage 0 or 1 constraint, unless we've already
830 * matched a usage 2 trust anchor.
831 *
832 * XXX: internal_verify() doesn't callback with top certs that are not
833 * self-issued. This should be fixed in a future OpenSSL.
834 */
835 if (dane->roots && sk_X509_num(dane->roots)) {
836 #ifndef NO_CALLBACK_WORKAROUND
837 X509 *top = sk_X509_value(ctx->chain, dane->depth);
838
839 if (X509_check_issued(top, top) != X509_V_OK) {
840 ctx->error_depth = dane->depth;
841 ctx->current_cert = top;
842 if (!cb(1, ctx))
843 return 0;
844 }
845 #endif
846 /* Pop synthetic trust-anchor ancestors off the chain! */
847 while (--chain_length > dane->depth)
848 X509_free(sk_X509_pop(ctx->chain));
849 } else if (issuer_rrs || leaf_rrs) {
850 int n = chain_length;
851
852 /*
853 * Check for an EE match, then a CA match at depths > 0, and
854 * finally, if the EE cert is self-issued, for a depth 0 CA match.
855 */
856 if (leaf_rrs)
857 matched = match(leaf_rrs, cert, 0);
858 while (!matched && issuer_rrs && --n >= 0) {
859 X509 *xn = sk_X509_value(ctx->chain, n);
860
861 if (n > 0 || X509_check_issued(xn, xn) == X509_V_OK)
862 matched = match(issuer_rrs, xn, n);
863 }
864
865 if (matched < 0) {
866 X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
867 return 0;
868 }
869
870 if (!matched) {
871 ctx->current_cert = cert;
872 ctx->error_depth = 0;
873 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_UNTRUSTED);
874 if (!cb(0, ctx))
875 return 0;
876 }
877 }
878
879 return ctx->verify(ctx);
880 }
881
882 static int verify_cert(X509_STORE_CTX *ctx, void *unused_ctx)
883 {
884 static int ssl_idx = -1;
885 SSL *ssl;
886 SSL_DANE *dane;
887 int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb;
888 int matched;
889 X509 *cert = ctx->cert; /* XXX: accessor? */
890
891 if (ssl_idx < 0)
892 ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
893 if (dane_idx < 0) {
894 DANEerr(DANE_F_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
895 return -1;
896 }
897
898 ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_idx);
899 if ((dane = SSL_get_ex_data(ssl, dane_idx)) == 0 || cert == 0)
900 return X509_verify_cert(ctx);
901
902 if (dane->selectors[SSL_DANE_USAGE_FIXED_LEAF]) {
903 if ((matched = check_end_entity(ctx, dane, cert)) > 0) {
904 ctx->error_depth = 0;
905 ctx->current_cert = cert;
906 return cb(1, ctx);
907 }
908 if (matched < 0) {
909 X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
910 return -1;
911 }
912 }
913
914 if (dane->selectors[SSL_DANE_USAGE_TRUSTED_CA]) {
915 if ((matched = set_trust_anchor(ctx, dane, cert)) < 0) {
916 X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM);
917 return -1;
918 }
919 if (matched) {
920 /*
921 * Check that setting the untrusted chain updates the expected
922 * structure member at the expected offset.
923 */
924 X509_STORE_CTX_trusted_stack(ctx, dane->roots);
925 X509_STORE_CTX_set_chain(ctx, dane->chain);
926 OPENSSL_assert(ctx->untrusted == dane->chain);
927 }
928 }
929
930 /*
931 * Name checks and usage 0/1 constraint enforcement are delayed until
932 * X509_verify_cert() builds the full chain and calls our verify_chain()
933 * wrapper.
934 */
935 dane->verify = ctx->verify;
936 ctx->verify = verify_chain;
937
938 return X509_verify_cert(ctx);
939 }
940
941 static dane_list list_alloc(size_t vsize)
942 {
943 void *value = (void *) OPENSSL_malloc(vsize);
944 dane_list l;
945
946 if (value == 0) {
947 DANEerr(DANE_F_LIST_ALLOC, ERR_R_MALLOC_FAILURE);
948 return 0;
949 }
950 if ((l = (dane_list) OPENSSL_malloc(sizeof(*l))) == 0) {
951 OPENSSL_free(value);
952 DANEerr(DANE_F_LIST_ALLOC, ERR_R_MALLOC_FAILURE);
953 return 0;
954 }
955 l->next = 0;
956 l->value = value;
957 return l;
958 }
959
960 static void list_free(void *list, void (*f)(void *))
961 {
962 dane_list head = (dane_list) list;
963 dane_list next;
964
965 for (/* NOP */; head; head = next) {
966 next = head->next;
967 if (f && head->value)
968 f(head->value);
969 OPENSSL_free(head);
970 }
971 }
972
973 static void dane_mtype_free(void *p)
974 {
975 list_free(((dane_mtype) p)->data, OPENSSL_freeFunc);
976 OPENSSL_free(p);
977 }
978
979 static void dane_selector_free(void *p)
980 {
981 list_free(((dane_selector) p)->mtype, dane_mtype_free);
982 OPENSSL_free(p);
983 }
984
985 void DANESSL_cleanup(SSL *ssl)
986 {
987 SSL_DANE *dane;
988 int u;
989
990 if (dane_idx < 0 || (dane = SSL_get_ex_data(ssl, dane_idx)) == 0)
991 return;
992 (void) SSL_set_ex_data(ssl, dane_idx, 0);
993
994 if (dane->hosts)
995 list_free(dane->hosts, OPENSSL_freeFunc);
996 if (dane->mhost)
997 OPENSSL_free(dane->mhost);
998 for (u = 0; u <= SSL_DANE_USAGE_LAST; ++u)
999 if (dane->selectors[u])
1000 list_free(dane->selectors[u], dane_selector_free);
1001 if (dane->pkeys)
1002 list_free(dane->pkeys, pkey_free);
1003 if (dane->certs)
1004 list_free(dane->certs, cert_free);
1005 if (dane->roots)
1006 sk_X509_pop_free(dane->roots, X509_free);
1007 if (dane->chain)
1008 sk_X509_pop_free(dane->chain, X509_free);
1009 OPENSSL_free(dane);
1010 }
1011
1012 static DANE_HOST_LIST host_list_init(const char **src)
1013 {
1014 DANE_HOST_LIST head = 0;
1015
1016 while (*src) {
1017 DANE_HOST_LIST elem = (DANE_HOST_LIST) OPENSSL_malloc(sizeof(*elem));
1018 if (elem == 0) {
1019 list_free(head, OPENSSL_freeFunc);
1020 return 0;
1021 }
1022 elem->value = OPENSSL_strdup(*src++);
1023 LINSERT(head, elem);
1024 }
1025 return head;
1026 }
1027
1028 int DANESSL_add_tlsa(
1029 SSL *ssl,
1030 uint8_t usage,
1031 uint8_t selector,
1032 const char *mdname,
1033 unsigned const char *data,
1034 size_t dlen
1035 )
1036 {
1037 SSL_DANE *dane;
1038 DANE_SELECTOR_LIST s = 0;
1039 DANE_MTYPE_LIST m = 0;
1040 DANE_DATA_LIST d = 0;
1041 DANE_CERT_LIST xlist = 0;
1042 DANE_PKEY_LIST klist = 0;
1043 const EVP_MD *md = 0;
1044
1045 if (dane_idx < 0 || (dane = SSL_get_ex_data(ssl, dane_idx)) == 0) {
1046 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_DANE_INIT);
1047 return -1;
1048 }
1049
1050 if (usage > SSL_DANE_USAGE_LAST) {
1051 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_USAGE);
1052 return 0;
1053 }
1054 if (selector > SSL_DANE_SELECTOR_LAST) {
1055 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_SELECTOR);
1056 return 0;
1057 }
1058 if (mdname && (md = EVP_get_digestbyname(mdname)) == 0) {
1059 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_DIGEST);
1060 return 0;
1061 }
1062 if (!data) {
1063 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_NULL_DATA);
1064 return 0;
1065 }
1066 if (mdname && dlen != EVP_MD_size(md)) {
1067 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_DATA_LENGTH);
1068 return 0;
1069 }
1070
1071 if (mdname == 0) {
1072 X509 *x = 0;
1073 EVP_PKEY *k = 0;
1074 const unsigned char *p = data;
1075
1076 #define xklistinit(lvar, ltype, var, freeFunc) do { \
1077 (lvar) = (ltype) OPENSSL_malloc(sizeof(*(lvar))); \
1078 if ((lvar) == 0) { \
1079 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, ERR_R_MALLOC_FAILURE); \
1080 freeFunc((var)); \
1081 return 0; \
1082 } \
1083 (lvar)->next = 0; \
1084 lvar->value = var; \
1085 } while (0)
1086 #define xkfreeret(ret) do { \
1087 if (xlist) list_free(xlist, cert_free); \
1088 if (klist) list_free(klist, pkey_free); \
1089 return (ret); \
1090 } while (0)
1091
1092 switch (selector) {
1093 case SSL_DANE_SELECTOR_CERT:
1094 if (!d2i_X509(&x, &p, dlen) || dlen != p - data) {
1095 if (x)
1096 X509_free(x);
1097 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_CERT);
1098 return 0;
1099 }
1100 k = X509_get_pubkey(x);
1101 EVP_PKEY_free(k);
1102 if (k == 0) {
1103 X509_free(x);
1104 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_CERT_PKEY);
1105 return 0;
1106 }
1107 if (usage == SSL_DANE_USAGE_TRUSTED_CA)
1108 xklistinit(xlist, DANE_CERT_LIST, x, X509_free);
1109 break;
1110
1111 case SSL_DANE_SELECTOR_SPKI:
1112 if (!d2i_PUBKEY(&k, &p, dlen) || dlen != p - data) {
1113 if (k)
1114 EVP_PKEY_free(k);
1115 DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_PKEY);
1116 return 0;
1117 }
1118 if (usage == SSL_DANE_USAGE_TRUSTED_CA)
1119 xklistinit(klist, DANE_PKEY_LIST, k, EVP_PKEY_free);
1120 break;
1121 }
1122 }
1123
1124 /* Find insertion point and don't add duplicate elements. */
1125 for (s = dane->selectors[usage]; s; s = s->next)
1126 if (s->value->selector == selector)
1127 for (m = s->value->mtype; m; m = m->next)
1128 if (m->value->md == md)
1129 for (d = m->value->data; d; d = d->next)
1130 if (d->value->datalen == dlen &&
1131 memcmp(d->value->data, data, dlen) == 0)
1132 xkfreeret(1);
1133
1134 if ((d = (DANE_DATA_LIST) list_alloc(sizeof(*d->value) + dlen)) == 0)
1135 xkfreeret(0);
1136 d->value->datalen = dlen;
1137 memcpy(d->value->data, data, dlen);
1138 if (!m) {
1139 if ((m = (DANE_MTYPE_LIST) list_alloc(sizeof(*m->value))) == 0) {
1140 list_free(d, OPENSSL_freeFunc);
1141 xkfreeret(0);
1142 }
1143 m->value->data = 0;
1144 if ((m->value->md = md) != 0)
1145 m->value->mdlen = dlen;
1146 if (!s) {
1147 if ((s = (DANE_SELECTOR_LIST) list_alloc(sizeof(*s->value))) == 0) {
1148 list_free(m, dane_mtype_free);
1149 xkfreeret(0);
1150 }
1151 s->value->mtype = 0;
1152 s->value->selector = selector;
1153 LINSERT(dane->selectors[usage], s);
1154 }
1155 LINSERT(s->value->mtype, m);
1156 }
1157 LINSERT(m->value->data, d);
1158
1159 if (xlist)
1160 LINSERT(dane->certs, xlist);
1161 else if (klist)
1162 LINSERT(dane->pkeys, klist);
1163 ++dane->count;
1164 return 1;
1165 }
1166
1167 int DANESSL_init(SSL *ssl, const char *sni_domain, const char **hostnames)
1168 {
1169 SSL_DANE *dane;
1170 int i;
1171 #ifdef OPENSSL_INTERNAL
1172 SSL_CTX *sctx = SSL_get_SSL_CTX(ssl);
1173
1174 if (sctx->app_verify_callback != verify_cert) {
1175 DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_SCTX_INIT);
1176 return -1;
1177 }
1178 #else
1179 if (dane_idx < 0) {
1180 DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_LIBRARY_INIT);
1181 return -1;
1182 }
1183 #endif
1184
1185 if (sni_domain && !SSL_set_tlsext_host_name(ssl, sni_domain))
1186 return 0;
1187
1188 if ((dane = (SSL_DANE *) OPENSSL_malloc(sizeof(SSL_DANE))) == 0) {
1189 DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE);
1190 return 0;
1191 }
1192 if (!SSL_set_ex_data(ssl, dane_idx, dane)) {
1193 DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE);
1194 OPENSSL_free(dane);
1195 return 0;
1196 }
1197
1198 dane->pkeys = 0;
1199 dane->certs = 0;
1200 dane->chain = 0;
1201 dane->roots = 0;
1202 dane->depth = -1;
1203 dane->mhost = 0; /* Future SSL control interface */
1204 dane->multi = 0; /* Future SSL control interface */
1205 dane->count = 0;
1206
1207 for (i = 0; i <= SSL_DANE_USAGE_LAST; ++i)
1208 dane->selectors[i] = 0;
1209
1210 if (hostnames && (dane->hosts = host_list_init(hostnames)) == 0) {
1211 DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE);
1212 DANESSL_cleanup(ssl);
1213 return 0;
1214 }
1215
1216 return 1;
1217 }
1218
1219 int DANESSL_CTX_init(SSL_CTX *ctx)
1220 {
1221 if (dane_idx >= 0) {
1222 SSL_CTX_set_cert_verify_callback(ctx, verify_cert, 0);
1223 return 1;
1224 }
1225 DANEerr(DANE_F_SSL_CTX_DANE_INIT, DANE_R_LIBRARY_INIT);
1226 return -1;
1227 }
1228
1229 static int init_once(
1230 volatile int *value,
1231 int (*init)(void),
1232 void (*postinit)(void)
1233 )
1234 {
1235 int wlock = 0;
1236
1237 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
1238 if (*value < 0) {
1239 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
1240 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
1241 wlock = 1;
1242 if (*value < 0) {
1243 *value = init();
1244 if (postinit)
1245 postinit();
1246 }
1247 }
1248 if (wlock)
1249 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1250 else
1251 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
1252 return *value;
1253 }
1254
1255 static void dane_init(void)
1256 {
1257 /*
1258 * Store library id in zeroth function slot, used to locate the library
1259 * name. This must be done before we load the error strings.
1260 */
1261 #ifndef OPENSSL_NO_ERR
1262 dane_str_functs[0].error |= ERR_PACK(err_lib_dane, 0, 0);
1263 ERR_load_strings(err_lib_dane, dane_str_functs);
1264 ERR_load_strings(err_lib_dane, dane_str_reasons);
1265 #endif
1266
1267 /*
1268 * Register SHA-2 digests, if implemented and not already registered.
1269 */
1270 #if defined(LN_sha256) && defined(NID_sha256) && !defined(OPENSSL_NO_SHA256)
1271 if (!EVP_get_digestbyname(LN_sha224))
1272 EVP_add_digest(EVP_sha224());
1273 if (!EVP_get_digestbyname(LN_sha256))
1274 EVP_add_digest(EVP_sha256());
1275 #endif
1276 #if defined(LN_sha512) && defined(NID_sha512) && !defined(OPENSSL_NO_SHA512)
1277 if (!EVP_get_digestbyname(LN_sha384))
1278 EVP_add_digest(EVP_sha384());
1279 if (!EVP_get_digestbyname(LN_sha512))
1280 EVP_add_digest(EVP_sha512());
1281 #endif
1282
1283 /*
1284 * Register an SSL index for the connection-specific SSL_DANE structure.
1285 * Using a separate index makes it possible to add DANE support to
1286 * existing OpenSSL releases that don't have a suitable pointer in the
1287 * SSL structure.
1288 */
1289 dane_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0);
1290 }
1291
1292 int DANESSL_library_init(void)
1293 {
1294 if (err_lib_dane < 0)
1295 init_once(&err_lib_dane, ERR_get_next_error_library, dane_init);
1296
1297 #if defined(LN_sha256)
1298 /* No DANE without SHA256 support */
1299 if (dane_idx >= 0 && EVP_get_digestbyname(LN_sha256) != 0)
1300 return 1;
1301 #endif
1302 DANEerr(DANE_F_SSL_DANE_LIBRARY_INIT, DANE_R_DANE_SUPPORT);
1303 return 0;
1304 }
1305
1306 #endif /* OPENSSL_VERSION_NUMBER */
Unnamed repository; edit this file 'description' to name the repository.