From aaba7d03433c179562e515bfb68ff2069ff626d8 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Wed, 16 Dec 2015 21:47:49 +0000 Subject: [PATCH] DANE: current src version --- src/src/dane-openssl.c | 939 +++++++++++++++++++++++------------------ src/src/danessl.h | 38 +- src/src/tls-openssl.c | 1 + test/log/5860 | 1 + 4 files changed, 564 insertions(+), 415 deletions(-) diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index 6345b39ca..ed2b2f5af 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -1,3 +1,7 @@ +/* + * Author: Viktor Dukhovni + * License: THIS CODE IS IN THE PUBLIC DOMAIN. + */ #include #include #include @@ -10,79 +14,82 @@ #include #include #include +#include #if OPENSSL_VERSION_NUMBER < 0x1000000fL # error "OpenSSL 1.0.0 or higher required" #else /* remainder of file */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509) +#endif + #include "danessl.h" -#define DANE_F_ADD_SKID 100 -#define DANE_F_CHECK_END_ENTITY 101 -#define DANE_F_GROW_CHAIN 102 -#define DANE_F_LIST_ALLOC 103 -#define DANE_F_MATCH 104 -#define DANE_F_PUSH_EXT 105 -#define DANE_F_SET_TRUST_ANCHOR 106 -#define DANE_F_SSL_CTX_DANE_INIT 107 -#define DANE_F_SSL_DANE_ADD_TLSA 108 -#define DANE_F_SSL_DANE_INIT 109 -#define DANE_F_SSL_DANE_LIBRARY_INIT 110 -#define DANE_F_VERIFY_CERT 111 -#define DANE_F_WRAP_CERT 112 - -#define DANE_R_BAD_CERT 100 -#define DANE_R_BAD_CERT_PKEY 101 -#define DANE_R_BAD_DATA_LENGTH 102 -#define DANE_R_BAD_DIGEST 103 -#define DANE_R_BAD_NULL_DATA 104 -#define DANE_R_BAD_PKEY 105 -#define DANE_R_BAD_SELECTOR 106 -#define DANE_R_BAD_USAGE 107 -#define DANE_R_DANE_INIT 108 -#define DANE_R_DANE_SUPPORT 109 -#define DANE_R_LIBRARY_INIT 110 -#define DANE_R_NOSIGN_KEY 111 -#define DANE_R_SCTX_INIT 112 +#define DANESSL_F_ADD_SKID 100 +#define DANESSL_F_ADD_TLSA 101 +#define DANESSL_F_CHECK_END_ENTITY 102 +#define DANESSL_F_CTX_INIT 103 +#define DANESSL_F_GROW_CHAIN 104 +#define DANESSL_F_INIT 105 +#define DANESSL_F_LIBRARY_INIT 106 +#define DANESSL_F_LIST_ALLOC 107 +#define DANESSL_F_MATCH 108 +#define DANESSL_F_PUSH_EXT 109 +#define DANESSL_F_SET_TRUST_ANCHOR 110 +#define DANESSL_F_VERIFY_CERT 111 +#define DANESSL_F_WRAP_CERT 112 + +#define DANESSL_R_BAD_CERT 100 +#define DANESSL_R_BAD_CERT_PKEY 101 +#define DANESSL_R_BAD_DATA_LENGTH 102 +#define DANESSL_R_BAD_DIGEST 103 +#define DANESSL_R_BAD_NULL_DATA 104 +#define DANESSL_R_BAD_PKEY 105 +#define DANESSL_R_BAD_SELECTOR 106 +#define DANESSL_R_BAD_USAGE 107 +#define DANESSL_R_INIT 108 +#define DANESSL_R_LIBRARY_INIT 109 +#define DANESSL_R_NOSIGN_KEY 110 +#define DANESSL_R_SCTX_INIT 111 +#define DANESSL_R_SUPPORT 112 #ifndef OPENSSL_NO_ERR -# define DANE_F_PLACEHOLDER 0 /* FIRST! Value TBD */ -static ERR_STRING_DATA dane_str_functs[] = -{ - {DANE_F_PLACEHOLDER, "DANE library"}, /* FIRST!!! */ - {DANE_F_ADD_SKID, "add_skid"}, - {DANE_F_CHECK_END_ENTITY, "check_end_entity"}, - {DANE_F_GROW_CHAIN, "grow_chain"}, - {DANE_F_LIST_ALLOC, "list_alloc"}, - {DANE_F_MATCH, "match"}, - {DANE_F_PUSH_EXT, "push_ext"}, - {DANE_F_SET_TRUST_ANCHOR, "set_trust_anchor"}, - {DANE_F_SSL_CTX_DANE_INIT, "SSL_CTX_dane_init"}, - {DANE_F_SSL_DANE_ADD_TLSA, "SSL_dane_add_tlsa"}, - {DANE_F_SSL_DANE_INIT, "SSL_dane_init"}, - {DANE_F_SSL_DANE_LIBRARY_INIT, "SSL_dane_library_init"}, - {DANE_F_VERIFY_CERT, "verify_cert"}, - {DANE_F_WRAP_CERT, "wrap_cert"}, - {0, NULL} +#define DANESSL_F_PLACEHOLDER 0 /* FIRST! Value TBD */ +static ERR_STRING_DATA dane_str_functs[] = { + {DANESSL_F_PLACEHOLDER, "DANE library"}, /* FIRST!!! */ + {DANESSL_F_ADD_SKID, "add_skid"}, + {DANESSL_F_ADD_TLSA, "DANESSL_add_tlsa"}, + {DANESSL_F_CHECK_END_ENTITY, "check_end_entity"}, + {DANESSL_F_CTX_INIT, "DANESSL_CTX_init"}, + {DANESSL_F_GROW_CHAIN, "grow_chain"}, + {DANESSL_F_INIT, "DANESSL_init"}, + {DANESSL_F_LIBRARY_INIT, "DANESSL_library_init"}, + {DANESSL_F_LIST_ALLOC, "list_alloc"}, + {DANESSL_F_MATCH, "match"}, + {DANESSL_F_PUSH_EXT, "push_ext"}, + {DANESSL_F_SET_TRUST_ANCHOR, "set_trust_anchor"}, + {DANESSL_F_VERIFY_CERT, "verify_cert"}, + {DANESSL_F_WRAP_CERT, "wrap_cert"}, + {0, NULL} }; -static ERR_STRING_DATA dane_str_reasons[] = -{ - {DANE_R_BAD_CERT, "Bad TLSA record certificate"}, - {DANE_R_BAD_CERT_PKEY, "Bad TLSA record certificate public key"}, - {DANE_R_BAD_DATA_LENGTH, "Bad TLSA record digest length"}, - {DANE_R_BAD_DIGEST, "Bad TLSA record digest"}, - {DANE_R_BAD_NULL_DATA, "Bad TLSA record null data"}, - {DANE_R_BAD_PKEY, "Bad TLSA record public key"}, - {DANE_R_BAD_SELECTOR, "Bad TLSA record selector"}, - {DANE_R_BAD_USAGE, "Bad TLSA record usage"}, - {DANE_R_DANE_INIT, "SSL_dane_init() required"}, - {DANE_R_DANE_SUPPORT, "DANE library features not supported"}, - {DANE_R_LIBRARY_INIT, "SSL_dane_library_init() required"}, - {DANE_R_SCTX_INIT, "SSL_CTX_dane_init() required"}, - {DANE_R_NOSIGN_KEY, "Certificate usage 2 requires EC support"}, - {0, NULL} +static ERR_STRING_DATA dane_str_reasons[] = { + {DANESSL_R_BAD_CERT, "Bad TLSA record certificate"}, + {DANESSL_R_BAD_CERT_PKEY, "Bad TLSA record certificate public key"}, + {DANESSL_R_BAD_DATA_LENGTH, "Bad TLSA record digest length"}, + {DANESSL_R_BAD_DIGEST, "Bad TLSA record digest"}, + {DANESSL_R_BAD_NULL_DATA, "Bad TLSA record null data"}, + {DANESSL_R_BAD_PKEY, "Bad TLSA record public key"}, + {DANESSL_R_BAD_SELECTOR, "Bad TLSA record selector"}, + {DANESSL_R_BAD_USAGE, "Bad TLSA record usage"}, + {DANESSL_R_INIT, "DANESSL_init() required"}, + {DANESSL_R_LIBRARY_INIT, "DANESSL_library_init() required"}, + {DANESSL_R_NOSIGN_KEY, "Certificate usage 2 requires EC support"}, + {DANESSL_R_SCTX_INIT, "DANESSL_CTX_init() required"}, + {DANESSL_R_SUPPORT, "DANE library features not supported"}, + {0, NULL} }; -#endif /*OPENSSL_NO_ERR*/ +#endif #define DANEerr(f, r) ERR_PUT_error(err_lib_dane, (f), (r), __FILE__, __LINE__) @@ -166,15 +173,17 @@ typedef struct ssl_dane int (*verify)(X509_STORE_CTX *); STACK_OF(X509) *roots; STACK_OF(X509) *chain; - const char *thost; /* TLSA base domain */ - char *mhost; /* Matched, peer name */ + X509 *match; /* Matched cert */ + const char *thost; /* TLSA base domain */ + char *mhost; /* Matched peer name */ dane_pkey_list pkeys; dane_cert_list certs; dane_host_list hosts; - dane_selector_list selectors[SSL_DANE_USAGE_LAST + 1]; + dane_selector_list selectors[DANESSL_USAGE_LAST + 1]; int depth; - int multi; /* Multi-label wildcards? */ - int count; /* Number of TLSA records */ + int mdpth; /* Depth of matched cert */ + int multi; /* Multi-label wildcards? */ + int count; /* Number of TLSA records */ } ssl_dane; #ifndef X509_V_ERR_HOSTNAME_MISMATCH @@ -191,14 +200,14 @@ int matched; * pkey digest or a certificate digest. We return MATCHED_PKEY or * MATCHED_CERT accordingly. */ -#define MATCHED_CERT (SSL_DANE_SELECTOR_CERT + 1) -#define MATCHED_PKEY (SSL_DANE_SELECTOR_SPKI + 1) +#define MATCHED_CERT (DANESSL_SELECTOR_CERT + 1) +#define MATCHED_PKEY (DANESSL_SELECTOR_SPKI + 1) /* * Loop over each selector, mtype, and associated data element looking * for a match. */ -for(matched = 0; !matched && slist; slist = slist->next) +for (matched = 0; !matched && slist; slist = slist->next) { dane_mtype_list m; unsigned char mdbuf[EVP_MAX_MD_SIZE]; @@ -211,21 +220,21 @@ for(matched = 0; !matched && slist; slist = slist->next) */ switch(slist->value->selector) { - case SSL_DANE_SELECTOR_CERT: + case DANESSL_SELECTOR_CERT: len = i2d_X509(cert, NULL); buf2 = buf = (unsigned char *) OPENSSL_malloc(len); if(buf) i2d_X509(cert, &buf2); break; - case SSL_DANE_SELECTOR_SPKI: + case DANESSL_SELECTOR_SPKI: len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL); buf2 = buf = (unsigned char *) OPENSSL_malloc(len); if(buf) i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf2); break; } - if(!buf) + if (!buf) { - DANEerr(DANE_F_MATCH, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_MATCH, ERR_R_MALLOC_FAILURE); return 0; } OPENSSL_assert(buf2 - buf == len); @@ -233,7 +242,7 @@ for(matched = 0; !matched && slist; slist = slist->next) /* * Loop over each mtype and data element */ - for(m = slist->value->mtype; !matched && m; m = m->next) + for (m = slist->value->mtype; !matched && m; m = m->next) { dane_data_list d; unsigned char *cmpbuf = buf; @@ -243,15 +252,15 @@ for(matched = 0; !matched && slist; slist = slist->next) * If it is a digest, compute the corresponding digest of the * DER data for comparison, otherwise, use the full object. */ - if(m->value->md) + if (m->value->md) { cmpbuf = mdbuf; - if(!EVP_Digest(buf, len, cmpbuf, &cmplen, m->value->md, 0)) + if (!EVP_Digest(buf, len, cmpbuf, &cmplen, m->value->md, 0)) matched = -1; } - for(d = m->value->data; !matched && d; d = d->next) - if( cmplen == d->value->datalen - && memcmp(cmpbuf, d->value->data, cmplen) == 0) + for (d = m->value->data; !matched && d; d = d->next) + if ( cmplen == d->value->datalen + && memcmp(cmpbuf, d->value->data, cmplen) == 0) matched = slist->value->selector + 1; } @@ -264,18 +273,13 @@ return matched; static int push_ext(X509 *cert, X509_EXTENSION *ext) { -X509_EXTENSIONS *exts; - -if(ext) - { - if(!(exts = cert->cert_info->extensions)) - exts = cert->cert_info->extensions = sk_X509_EXTENSION_new_null(); - if (exts && sk_X509_EXTENSION_push(exts, ext)) - return 1; - X509_EXTENSION_free(ext); - } -DANEerr(DANE_F_PUSH_EXT, ERR_R_MALLOC_FAILURE); -return 0; + if (ext) { + if (X509_add_ext(cert, ext, -1)) + return 1; + X509_EXTENSION_free(ext); + } + DANEerr(DANESSL_F_PUSH_EXT, ERR_R_MALLOC_FAILURE); + return 0; } static int @@ -293,19 +297,19 @@ set_serial(X509 *cert, AUTHORITY_KEYID *akid, X509 *subject) int ret = 0; BIGNUM *bn; -if(akid && akid->serial) +if (akid && akid->serial) return (X509_set_serialNumber(cert, akid->serial)); /* * Add one to subject's serial to avoid collisions between TA serial and * serial of signing root. */ -if( (bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(subject), 0)) != 0 - && BN_add_word(bn, 1) - && BN_to_ASN1_INTEGER(bn, X509_get_serialNumber(cert))) +if ( (bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(subject), 0)) != 0 + && BN_add_word(bn, 1) + && BN_to_ASN1_INTEGER(bn, X509_get_serialNumber(cert))) ret = 1; -if(bn) +if (bn) BN_free(bn); return ret; } @@ -325,16 +329,16 @@ int ret = 0; * exempt from any potential (off by default for now in OpenSSL) * self-signature checks! */ -id = (ASN1_STRING *) ((akid && akid->keyid) ? akid->keyid : 0); -if(id && M_ASN1_STRING_length(id) == 1 && *M_ASN1_STRING_data(id) == c) +id = (akid && akid->keyid) ? akid->keyid : 0; +if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_data(id) == c) c = 1; -if( (akid = AUTHORITY_KEYID_new()) != 0 - && (akid->keyid = ASN1_OCTET_STRING_new()) != 0 - && M_ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1) - && X509_add1_ext_i2d(cert, nid, akid, 0, X509V3_ADD_APPEND)) +if ( (akid = AUTHORITY_KEYID_new()) != 0 + && (akid->keyid = ASN1_OCTET_STRING_new()) != 0 + && M_ASN1_OCTET_STRING_set(akid->keyid, (void *) &c, 1) + && X509_add1_ext_i2d(cert, nid, akid, 0, X509V3_ADD_APPEND)) ret = 1; -if(akid) +if (akid) AUTHORITY_KEYID_free(akid); return ret; } @@ -344,7 +348,7 @@ add_skid(X509 *cert, AUTHORITY_KEYID *akid) { int nid = NID_subject_key_identifier; -if(!akid || !akid->keyid) +if (!akid || !akid->keyid) return add_ext(0, cert, nid, "hash"); return X509_add1_ext_i2d(cert, nid, akid->keyid, 0, X509V3_ADD_APPEND) > 0; } @@ -352,16 +356,16 @@ return X509_add1_ext_i2d(cert, nid, akid->keyid, 0, X509V3_ADD_APPEND) > 0; static X509_NAME * akid_issuer_name(AUTHORITY_KEYID *akid) { -if(akid && akid->issuer) +if (akid && akid->issuer) { int i; GENERAL_NAMES *gens = akid->issuer; - for(i = 0; i < sk_GENERAL_NAME_num(gens); ++i) + for (i = 0; i < sk_GENERAL_NAME_num(gens); ++i) { GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); - if(gn->type == GEN_DIRNAME) + if (gn->type == GEN_DIRNAME) return (gn->d.dirn); } } @@ -390,27 +394,27 @@ static ASN1_OBJECT *serverAuth = 0; #define UNTRUSTED 0 #define TRUSTED 1 -if( trusted && !serverAuth - && !(serverAuth = OBJ_nid2obj(NID_server_auth))) +if ( trusted && !serverAuth + && !(serverAuth = OBJ_nid2obj(NID_server_auth))) { - DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE); return 0; } -if(!*xs && !(*xs = sk_X509_new_null())) +if (!*xs && !(*xs = sk_X509_new_null())) { - DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE); return 0; } -if(cert) +if (cert) { - if(trusted && !X509_add1_trust_object(cert, serverAuth)) + if (trusted && !X509_add1_trust_object(cert, serverAuth)) return 0; CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); if (!sk_X509_push(*xs, cert)) { X509_free(cert); - DANEerr(DANE_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_GROW_CHAIN, ERR_R_MALLOC_FAILURE); return 0; } } @@ -429,13 +433,13 @@ EVP_PKEY *newkey = key ? key : X509_get_pubkey(subject); #define WRAP_MID 0 /* Ensure intermediate. */ #define WRAP_TOP 1 /* Ensure self-signed. */ -if(!name || !newkey || !(cert = X509_new())) +if (!name || !newkey || !(cert = X509_new())) return 0; /* * Record the depth of the trust-anchor certificate. */ -if(dane->depth < 0) +if (dane->depth < 0) dane->depth = depth + 1; /* @@ -454,27 +458,27 @@ akid = X509_get_ext_d2i(subject, NID_authority_key_identifier, 0, 0); * * CA cert valid for +/- 30 days */ -if( !X509_set_version(cert, 2) - || !set_serial(cert, akid, subject) - || !X509_set_subject_name(cert, name) - || !set_issuer_name(cert, akid) - || !X509_gmtime_adj(X509_get_notBefore(cert), -30 * 86400L) - || !X509_gmtime_adj(X509_get_notAfter(cert), 30 * 86400L) - || !X509_set_pubkey(cert, newkey) - || !add_ext(0, cert, NID_basic_constraints, "CA:TRUE") - || (!top && !add_akid(cert, akid)) - || !add_skid(cert, akid) - || ( !top && wrap_to_root - && !wrap_issuer(dane, newkey, cert, depth, WRAP_TOP))) +if ( !X509_set_version(cert, 2) + || !set_serial(cert, akid, subject) + || !X509_set_subject_name(cert, name) + || !set_issuer_name(cert, akid) + || !X509_gmtime_adj(X509_get_notBefore(cert), -30 * 86400L) + || !X509_gmtime_adj(X509_get_notAfter(cert), 30 * 86400L) + || !X509_set_pubkey(cert, newkey) + || !add_ext(0, cert, NID_basic_constraints, "CA:TRUE") + || (!top && !add_akid(cert, akid)) + || !add_skid(cert, akid) + || ( !top && wrap_to_root + && !wrap_issuer(dane, newkey, cert, depth, WRAP_TOP))) ret = 0; -if(akid) +if (akid) AUTHORITY_KEYID_free(akid); -if(!key) +if (!key) EVP_PKEY_free(newkey); -if(ret) +if (ret) ret = grow_chain(dane, !top && wrap_to_root ? UNTRUSTED : TRUSTED, cert); -if(cert) +if (cert) X509_free(cert); return ret; } @@ -482,18 +486,18 @@ return ret; static int wrap_cert(ssl_dane *dane, X509 *tacert, int depth) { -if(dane->depth < 0) +if (dane->depth < 0) dane->depth = depth + 1; /* * If the TA certificate is self-issued, or need not be, use it directly. * Otherwise, synthesize requisuite ancestors. */ -if( !wrap_to_root - || X509_check_issued(tacert, tacert) == X509_V_OK) +if ( !wrap_to_root + || X509_check_issued(tacert, tacert) == X509_V_OK) return grow_chain(dane, TRUSTED, tacert); -if(wrap_issuer(dane, 0, tacert, depth, WRAP_MID)) +if (wrap_issuer(dane, 0, tacert, depth, WRAP_MID)) return grow_chain(dane, UNTRUSTED, tacert); return 0; } @@ -515,9 +519,9 @@ int done = 0; */ for (x = dane->certs; !done && x; x = x->next) { - if(X509_check_issued(x->value, cert) == X509_V_OK) + if (X509_check_issued(x->value, cert) == X509_V_OK) { - if(!(pk = X509_get_pubkey(x->value))) + if (!(pk = X509_get_pubkey(x->value))) { /* * The cert originally contained a valid pkey, which does @@ -527,7 +531,7 @@ for (x = dane->certs; !done && x; x = x->next) break; } /* Check signature, since some other TA may work if not this. */ - if(X509_verify(cert, pk) > 0) + if (X509_verify(cert, pk) > 0) done = wrap_cert(dane, x->value, depth) ? 1 : -1; EVP_PKEY_free(pk); } @@ -553,8 +557,8 @@ for (x = dane->certs; !done && x; x = x->next) * This may push errors onto the stack when the certificate signature is * not of the right type or length, throw these away, */ -for(k = dane->pkeys; !done && k; k = k->next) - if(X509_verify(cert, k->value) > 0) +for (k = dane->pkeys; !done && k; k = k->next) + if (X509_verify(cert, k->value) > 0) done = wrap_issuer(dane, k->value, cert, depth, WRAP_MID) ? 1 : -1; else ERR_clear_error(); @@ -573,25 +577,25 @@ EVP_PKEY *takey; X509 *ca; STACK_OF(X509) *in = ctx->untrusted; /* XXX: Accessor? */ -if(!grow_chain(dane, UNTRUSTED, 0)) +if (!grow_chain(dane, UNTRUSTED, 0)) return -1; /* * Accept a degenerate case: depth 0 self-signed trust-anchor. */ -if(X509_check_issued(cert, cert) == X509_V_OK) +if (X509_check_issued(cert, cert) == X509_V_OK) { dane->depth = 0; - matched = match(dane->selectors[SSL_DANE_USAGE_TRUSTED_CA], cert, 0); - if(matched > 0 && !grow_chain(dane, TRUSTED, cert)) + matched = match(dane->selectors[DANESSL_USAGE_DANE_TA], cert, 0); + if (matched > 0 && !grow_chain(dane, TRUSTED, cert)) matched = -1; return matched; } /* Make a shallow copy of the input untrusted chain. */ -if(!(in = sk_X509_dup(in))) +if (!(in = sk_X509_dup(in))) { - DANEerr(DANE_F_SET_TRUST_ANCHOR, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_SET_TRUST_ANCHOR, ERR_R_MALLOC_FAILURE); return -1; } @@ -603,29 +607,29 @@ if(!(in = sk_X509_dup(in))) * * Caller ensures that the initial certificate is not self-signed. */ -for(n = sk_X509_num(in); n > 0; --n, ++depth) +for (n = sk_X509_num(in); n > 0; --n, ++depth) { - for(i = 0; i < n; ++i) - if(X509_check_issued(sk_X509_value(in, i), cert) == X509_V_OK) + for (i = 0; i < n; ++i) + if (X509_check_issued(sk_X509_value(in, i), cert) == X509_V_OK) break; /* * Final untrusted element with no issuer in the peer's chain, it may * however be signed by a pkey or cert obtained via a TLSA RR. */ - if(i == n) + if (i == n) break; /* Peer's chain contains an issuer ca. */ ca = sk_X509_delete(in, i); /* If not a trust anchor, record untrusted ca and continue. */ - if((matched = match(dane->selectors[SSL_DANE_USAGE_TRUSTED_CA], ca, depth+1)) - == 0) + if ((matched = match(dane->selectors[DANESSL_USAGE_DANE_TA], ca, + depth + 1)) == 0) { - if(grow_chain(dane, UNTRUSTED, ca)) + if (grow_chain(dane, UNTRUSTED, ca)) { - if(!X509_check_issued(ca, ca) == X509_V_OK) + if (!X509_check_issued(ca, ca) == X509_V_OK) { /* Restart with issuer as subject */ cert = ca; @@ -644,13 +648,13 @@ for(n = sk_X509_num(in); n > 0; --n, ++depth) } else if(matched == MATCHED_PKEY) { - if( !(takey = X509_get_pubkey(ca)) - || !wrap_issuer(dane, takey, cert, depth, WRAP_MID)) + if ( !(takey = X509_get_pubkey(ca)) + || !wrap_issuer(dane, takey, cert, depth, WRAP_MID)) { - if(takey) + if (takey) EVP_PKEY_free(takey); else - DANEerr(DANE_F_SET_TRUST_ANCHOR, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_SET_TRUST_ANCHOR, ERR_R_MALLOC_FAILURE); matched = -1; } } @@ -665,7 +669,7 @@ sk_X509_free(in); * no issuer in the chain, we check for a possible signature via a DNS * obtained TA cert or public key. */ -if(matched == 0 && cert) +if (matched == 0 && cert) matched = ta_signed(dane, cert, depth); return matched; @@ -676,19 +680,24 @@ check_end_entity(X509_STORE_CTX *ctx, ssl_dane *dane, X509 *cert) { int matched; -matched = match(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF], cert, 0); -if(matched > 0) +matched = match(dane->selectors[DANESSL_USAGE_DANE_EE], cert, 0); +if (matched > 0) + { + dane->mdpth = 0; + dane->match = cert; + X509_up_ref(cert); if(!ctx->chain) { - if( (ctx->chain = sk_X509_new_null()) - && sk_X509_push(ctx->chain, cert)) - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + if ( (ctx->chain = sk_X509_new_null()) != 0 + && sk_X509_push(ctx->chain, cert)) + X509_up_ref(cert); else { - DANEerr(DANE_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_CHECK_END_ENTITY, ERR_R_MALLOC_FAILURE); return -1; } } + } return matched; } @@ -698,7 +707,7 @@ match_name(const char *certid, ssl_dane *dane) int multi = dane->multi; dane_host_list hosts; -for(hosts = dane->hosts; hosts; hosts = hosts->next) +for (hosts = dane->hosts; hosts; hosts = hosts->next) { int match_subdomain = 0; const char *domain = hosts->value; @@ -706,7 +715,7 @@ for(hosts = dane->hosts; hosts; hosts = hosts->next) int idlen; int domlen; - if(*domain == '.' && domain[1] != '\0') + if (*domain == '.' && domain[1] != '\0') { ++domain; match_subdomain = 1; @@ -717,9 +726,9 @@ for(hosts = dane->hosts; hosts; hosts = hosts->next) */ if(match_subdomain) { - if( (idlen = strlen(certid)) > (domlen = strlen(domain)) + 1 - && certid[idlen - domlen - 1] == '.' - && !strcasecmp(certid + (idlen - domlen), domain)) + if ( (idlen = strlen(certid)) > (domlen = strlen(domain)) + 1 + && certid[idlen - domlen - 1] == '.' + && !strcasecmp(certid + (idlen - domlen), domain)) return 1; else continue; @@ -730,11 +739,11 @@ for(hosts = dane->hosts; hosts; hosts = hosts->next) * matches one (if multi is false) or more hostname components under * the condition that the certid contains multiple hostname components. */ - if( !strcasecmp(certid, domain) - || ( certid[0] == '*' && certid[1] == '.' && certid[2] != 0 - && (parent = strchr(domain, '.')) != 0 - && (idlen = strlen(certid + 1)) <= (domlen = strlen(parent)) - && strcasecmp(multi ? parent + domlen - idlen : parent, certid+1) == 0)) + if ( !strcasecmp(certid, domain) + || ( certid[0] == '*' && certid[1] == '.' && certid[2] != 0 + && (parent = strchr(domain, '.')) != 0 + && (idlen = strlen(certid + 1)) <= (domlen = strlen(parent)) + && strcasecmp(multi ? parent + domlen - idlen : parent, certid+1) == 0)) return 1; } return 0; @@ -745,11 +754,11 @@ check_name(char *name, int len) { char *cp = name + len; -while(len > 0 && !*--cp) +while (len > 0 && !*--cp) --len; /* Ignore trailing NULs */ -if(len <= 0) +if (len <= 0) return 0; -for(cp = name; *cp; cp++) +for (cp = name; *cp; cp++) { char c = *cp; if (!((c >= 'a' && c <= 'z') || @@ -759,7 +768,7 @@ for(cp = name; *cp; cp++) (c == '*'))) return 0; /* Only LDH, '.' and '*' */ } -if(cp - name != len) /* Guard against internal NULs */ +if (cp - name != len) /* Guard against internal NULs */ return 0; return name; } @@ -767,9 +776,9 @@ return name; static char * parse_dns_name(const GENERAL_NAME *gn) { -if(gn->type != GEN_DNS) +if (gn->type != GEN_DNS) return 0; -if(ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING) +if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING) return 0; return check_name((char *) ASN1_STRING_data(gn->d.ia5), ASN1_STRING_length(gn->d.ia5)); @@ -786,16 +795,16 @@ int nid = NID_commonName; int len; int i; -if(!name || (i = X509_NAME_get_index_by_NID(name, nid, -1)) < 0) +if (!name || (i = X509_NAME_get_index_by_NID(name, nid, -1)) < 0) return 0; -if(!(entry = X509_NAME_get_entry(name, i))) +if (!(entry = X509_NAME_get_entry(name, i))) return 0; -if(!(entry_str = X509_NAME_ENTRY_get_data(entry))) +if (!(entry_str = X509_NAME_ENTRY_get_data(entry))) return 0; -if((len = ASN1_STRING_to_UTF8(&namebuf, entry_str)) < 0) +if ((len = ASN1_STRING_to_UTF8(&namebuf, entry_str)) < 0) return 0; -if(len <= 0 || check_name((char *) namebuf, len) == 0) +if (len <= 0 || check_name((char *) namebuf, len) == 0) { OPENSSL_free(namebuf); return 0; @@ -811,25 +820,25 @@ BOOL got_altname = FALSE; GENERAL_NAMES *gens; gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0); -if(gens) +if (gens) { int n = sk_GENERAL_NAME_num(gens); int i; - for(i = 0; i < n; ++i) + for (i = 0; i < n; ++i) { const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i); const char *certid; - if(gn->type != GEN_DNS) + if (gn->type != GEN_DNS) continue; got_altname = TRUE; certid = parse_dns_name(gn); - if(certid && *certid) + if (certid && *certid) { - if((matched = match_name(certid, dane)) == 0) + if ((matched = match_name(certid, dane)) == 0) continue; - if(!(dane->mhost = OPENSSL_strdup(certid))) + if (!(dane->mhost = OPENSSL_strdup(certid))) matched = -1; break; } @@ -841,11 +850,14 @@ if(gens) * XXX: Should the subjectName be skipped when *any* altnames are present, * or only when DNS altnames are present? */ -if(got_altname) +if (got_altname == 0) { char *certid = parse_subject_name(cert); - if(certid != 0 && *certid && (matched = match_name(certid, dane)) != 0) - dane->mhost = certid; /* Already a copy */ + if (certid != 0 && *certid + && (matched = match_name(certid, dane)) != 0) + dane->mhost = OPENSSL_strdup(certid); + if (certid) + OPENSSL_free(certid); } return matched; } @@ -865,85 +877,119 @@ int chain_length = sk_X509_num(ctx->chain); DEBUG(D_tls) debug_printf("Dane verify-chain\n"); -issuer_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_ISSUER]; -leaf_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_LEAF]; +issuer_rrs = dane->selectors[DANESSL_USAGE_PKIX_TA]; +leaf_rrs = dane->selectors[DANESSL_USAGE_PKIX_EE]; ctx->verify = dane->verify; -if((matched = name_check(dane, cert)) < 0) +if ((matched = name_check(dane, cert)) < 0) { X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM); return 0; } -if(!matched) +if (!matched) { ctx->error_depth = 0; ctx->current_cert = cert; X509_STORE_CTX_set_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH); - if(!cb(0, ctx)) + if (!cb(0, ctx)) return 0; } matched = 0; -/* - * Satisfy at least one usage 0 or 1 constraint, unless we've already - * matched a usage 2 trust anchor. - * - * XXX: internal_verify() doesn't callback with top certs that are not - * self-issued. This should be fixed in a future OpenSSL. - */ -if(dane->roots && sk_X509_num(dane->roots)) - { -#ifndef NO_CALLBACK_WORKAROUND - X509 *top = sk_X509_value(ctx->chain, dane->depth); + /* + * Satisfy at least one usage 0 or 1 constraint, unless we've already + * matched a usage 2 trust anchor. + * + * XXX: internal_verify() doesn't callback with top certs that are not + * self-issued. This should be fixed in a future OpenSSL. + */ + if (dane->roots && sk_X509_num(dane->roots)) + { + X509 *top = sk_X509_value(ctx->chain, dane->depth); - if(X509_check_issued(top, top) != X509_V_OK) - { - ctx->error_depth = dane->depth; - ctx->current_cert = top; - if(!cb(1, ctx)) - return 0; - } + dane->mdpth = dane->depth; + dane->match = top; + X509_up_ref(top); + +#ifndef NO_CALLBACK_WORKAROUND + if (X509_check_issued(top, top) != X509_V_OK) + { + ctx->error_depth = dane->depth; + ctx->current_cert = top; + if (!cb(1, ctx)) + return 0; + } #endif /* Pop synthetic trust-anchor ancestors off the chain! */ while (--chain_length > dane->depth) X509_free(sk_X509_pop(ctx->chain)); } -else if(issuer_rrs || leaf_rrs) +else { - int n = chain_length; + int n = 0; + X509 *xn = cert; /* * Check for an EE match, then a CA match at depths > 0, and * finally, if the EE cert is self-issued, for a depth 0 CA match. */ - if(leaf_rrs) - matched = match(leaf_rrs, cert, 0); - while(!matched && issuer_rrs && --n >= 0) - { - X509 *xn = sk_X509_value(ctx->chain, n); + if (leaf_rrs) + matched = match(leaf_rrs, xn, 0); + if (issuer_rrs) + { + for (n = chain_length-1; !matched && n >= 0; --n) + { + xn = sk_X509_value(ctx->chain, n); + if (n > 0 || X509_check_issued(xn, xn) == X509_V_OK) + matched = match(issuer_rrs, xn, n); + } + } - if(n > 0 || X509_check_issued(xn, xn) == X509_V_OK) - matched = match(issuer_rrs, xn, n); + if (!matched) + { + ctx->current_cert = cert; + ctx->error_depth = 0; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_UNTRUSTED); + if (!cb(0, ctx)) + return 0; + } + else + { + dane->mdpth = n; + dane->match = xn; + X509_up_ref(xn); + } } - if(matched < 0) - { - X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM); - return 0; - } +return ctx->verify(ctx); +} - if(!matched) - { - ctx->current_cert = cert; - ctx->error_depth = 0; - X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_UNTRUSTED); - if(!cb(0, ctx)) - return 0; - } +static void +dane_reset(ssl_dane *dane) +{ +dane->depth = -1; +if (dane->mhost) + { + OPENSSL_free(dane->mhost); + dane->mhost = 0; } - -return ctx->verify(ctx); +if (dane->roots) + { + sk_X509_pop_free(dane->roots, X509_free); + dane->roots = 0; + } +if (dane->chain) + { + sk_X509_pop_free(dane->chain, X509_free); + dane->chain = 0; + } +if (dane->match) + { + X509_free(dane->match); + dane->match = 0; + } +dane->mdpth = -1; } static int @@ -958,61 +1004,82 @@ X509 *cert = ctx->cert; /* XXX: accessor? */ DEBUG(D_tls) debug_printf("Dane verify-cert\n"); -if(ssl_idx < 0) +if (ssl_idx < 0) ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); -if(dane_idx < 0) +if (dane_idx < 0) { - DANEerr(DANE_F_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_VERIFY_CERT, ERR_R_MALLOC_FAILURE); return -1; } ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_idx); -if(!(dane = SSL_get_ex_data(ssl, dane_idx)) || !cert) +if (!(dane = SSL_get_ex_data(ssl, dane_idx)) || !cert) return X509_verify_cert(ctx); -if(dane->selectors[SSL_DANE_USAGE_FIXED_LEAF]) + /* Reset for verification of a new chain, perhaps a renegotiation. */ +dane_reset(dane); + +if (dane->selectors[DANESSL_USAGE_DANE_EE]) { - if((matched = check_end_entity(ctx, dane, cert)) > 0) + if ((matched = check_end_entity(ctx, dane, cert)) > 0) { ctx->error_depth = 0; ctx->current_cert = cert; return cb(1, ctx); } - if(matched < 0) + if (matched < 0) { X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM); return -1; } } -if(dane->selectors[SSL_DANE_USAGE_TRUSTED_CA]) - { - if((matched = set_trust_anchor(ctx, dane, cert)) < 0) - { - X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM); - return -1; - } - if(matched) + if (dane->selectors[DANESSL_USAGE_DANE_TA]) { - /* - * Check that setting the untrusted chain updates the expected - * structure member at the expected offset. - */ - X509_STORE_CTX_trusted_stack(ctx, dane->roots); - X509_STORE_CTX_set_chain(ctx, dane->chain); - OPENSSL_assert(ctx->untrusted == dane->chain); + if ((matched = set_trust_anchor(ctx, dane, cert)) < 0) + { + X509_STORE_CTX_set_error(ctx, X509_V_ERR_OUT_OF_MEM); + return -1; + } + if (matched) + { + /* + * Check that setting the untrusted chain updates the expected + * structure member at the expected offset. + */ + X509_STORE_CTX_trusted_stack(ctx, dane->roots); + X509_STORE_CTX_set_chain(ctx, dane->chain); + OPENSSL_assert(ctx->untrusted == dane->chain); + } } - } -/* - * Name checks and usage 0/1 constraint enforcement are delayed until - * X509_verify_cert() builds the full chain and calls our verify_chain() - * wrapper. - */ -dane->verify = ctx->verify; -ctx->verify = verify_chain; + /* + * Name checks and usage 0/1 constraint enforcement are delayed until + * X509_verify_cert() builds the full chain and calls our verify_chain() + * wrapper. + */ + dane->verify = ctx->verify; + ctx->verify = verify_chain; + + if (X509_verify_cert(ctx)) + return 1; -return X509_verify_cert(ctx); + /* + * If the chain is invalid, clear any matching cert or hostname, to + * protect callers that might erroneously rely on these alone without + * checking the validation status. + */ + if (dane->match) + { + X509_free(dane->match); + dane->match = 0; + } + if (dane->mhost) + { + OPENSSL_free(dane->mhost); + dane->mhost = 0; + } + return 0; } static dane_list @@ -1021,15 +1088,15 @@ list_alloc(size_t vsize) void *value = (void *) OPENSSL_malloc(vsize); dane_list l; -if(!value) +if (!value) { - DANEerr(DANE_F_LIST_ALLOC, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_LIST_ALLOC, ERR_R_MALLOC_FAILURE); return 0; } -if(!(l = (dane_list) OPENSSL_malloc(sizeof(*l)))) +if (!(l = (dane_list) OPENSSL_malloc(sizeof(*l)))) { OPENSSL_free(value); - DANEerr(DANE_F_LIST_ALLOC, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_LIST_ALLOC, ERR_R_MALLOC_FAILURE); return 0; } l->next = 0; @@ -1043,7 +1110,7 @@ list_free(void *list, void (*f)(void *)) dane_list head; dane_list next; -for(head = (dane_list) list; head; head = next) +for (head = (dane_list) list; head; head = next) { next = head->next; if (f && head->value) @@ -1055,7 +1122,7 @@ for(head = (dane_list) list; head; head = next) static void dane_mtype_free(void *p) { -list_free(((dane_mtype) p)->data, OPENSSL_freeFunc); +list_free(((dane_mtype) p)->data, CRYPTO_free); OPENSSL_free(p); } @@ -1090,25 +1157,20 @@ int u; DEBUG(D_tls) debug_printf("Dane lib-cleanup\n"); -if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx))) +if (dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx))) return; (void) SSL_set_ex_data(ssl, dane_idx, 0); -if(dane->hosts) - list_free(dane->hosts, OPENSSL_freeFunc); -if(dane->mhost) - OPENSSL_free(dane->mhost); -for(u = 0; u <= SSL_DANE_USAGE_LAST; ++u) - if(dane->selectors[u]) +dane_reset(dane); +if (dane->hosts) + list_free(dane->hosts, CRYPTO_free); +for (u = 0; u <= DANESSL_USAGE_LAST; ++u) + if (dane->selectors[u]) list_free(dane->selectors[u], dane_selector_free); -if(dane->pkeys) +if (dane->pkeys) list_free(dane->pkeys, pkey_free); -if(dane->certs) +if (dane->certs) list_free(dane->certs, cert_free); -if(dane->roots) - sk_X509_pop_free(dane->roots, X509_free); -if(dane->chain) - sk_X509_pop_free(dane->chain, X509_free); OPENSSL_free(dane); } @@ -1117,12 +1179,12 @@ host_list_init(const char **src) { dane_host_list head = NULL; -while(*src) +while (*src) { dane_host_list elem = (dane_host_list) OPENSSL_malloc(sizeof(*elem)); - if(!elem) + if (elem == 0) { - list_free(head, OPENSSL_freeFunc); + list_free(head, CRYPTO_free); return 0; } elem->value = OPENSSL_strdup(*src++); @@ -1132,6 +1194,65 @@ return head; } +int +DANESSL_get_match_cert(SSL *ssl, X509 **match, const char **mhost, int *depth) +{ +ssl_dane *dane; + +if (dane_idx < 0 || (dane = SSL_get_ex_data(ssl, dane_idx)) == 0) + { + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_INIT); + return -1; + } + +if (dane->match) + { + if (match) + *match = dane->match; + if (mhost) + *mhost = dane->mhost; + if (depth) + *depth = dane->mdpth; + } + + return (dane->match != 0); +} + + +#ifdef never_called +int +DANESSL_verify_chain(SSL *ssl, STACK_OF(X509) *chain) +{ +int ret; +X509 *cert; +X509_STORE_CTX store_ctx; +SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl); +X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); +int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + +cert = sk_X509_value(chain, 0); +if (!X509_STORE_CTX_init(&store_ctx, store, cert, chain)) + return 0; +X509_STORE_CTX_set_ex_data(&store_ctx, store_ctx_idx, ssl); + +X509_STORE_CTX_set_default(&store_ctx, + SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); +X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&store_ctx), + SSL_get0_param(ssl)); + +if (SSL_get_verify_callback(ssl)) + X509_STORE_CTX_set_verify_cb(&store_ctx, SSL_get_verify_callback(ssl)); + +ret = verify_cert(&store_ctx, NULL); + +SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(&store_ctx)); +X509_STORE_CTX_cleanup(&store_ctx); + +return (ret); +} +#endif + + /* @@ -1170,121 +1291,139 @@ DEBUG(D_tls) debug_printf("Dane add-tlsa: usage %u sel %u mdname \"%s\"\n", if(dane_idx < 0 || !(dane = SSL_get_ex_data(ssl, dane_idx))) { - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_DANE_INIT); + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_INIT); return -1; } -if(usage > SSL_DANE_USAGE_LAST) +if (usage > DANESSL_USAGE_LAST) { - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_USAGE); + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_USAGE); return 0; } -if(selector > SSL_DANE_SELECTOR_LAST) +if (selector > DANESSL_SELECTOR_LAST) { - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_SELECTOR); - return 0; - } -if(mdname && !(md = EVP_get_digestbyname(mdname))) - { - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_DIGEST); - return 0; - } -if(!data) - { - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_NULL_DATA); - return 0; - } -if(mdname && dlen != EVP_MD_size(md)) - { - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_DATA_LENGTH); + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_SELECTOR); return 0; } -if(!mdname) - { - X509 *x = 0; - EVP_PKEY *k = 0; - const unsigned char *p = data; + /* Support built-in standard one-digit mtypes */ + if (mdname && *mdname && mdname[1] == '\0') + switch (*mdname - '0') + { + case DANESSL_MATCHING_FULL: mdname = 0; break; + case DANESSL_MATCHING_2256: mdname = "sha256"; break; + case DANESSL_MATCHING_2512: mdname = "sha512"; break; + } + if (mdname && *mdname && (md = EVP_get_digestbyname(mdname)) == 0) + { + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DIGEST); + return 0; + } + if (mdname && *mdname && dlen != EVP_MD_size(md)) + { + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DATA_LENGTH); + return 0; + } + if (!data) + { + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_NULL_DATA); + return 0; + } + + /* + * Full Certificate or Public Key when NULL or empty digest name + */ + if (!mdname || !*mdname) + { + X509 *x = 0; + EVP_PKEY *k = 0; + const unsigned char *p = data; #define xklistinit(lvar, ltype, var, freeFunc) do { \ - (lvar) = (ltype) OPENSSL_malloc(sizeof(*(lvar))); \ - if (!(lvar)) { \ - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, ERR_R_MALLOC_FAILURE); \ - freeFunc((var)); \ - return 0; \ - } \ - (lvar)->next = 0; \ - lvar->value = var; \ - } while (0) + (lvar) = (ltype) OPENSSL_malloc(sizeof(*(lvar))); \ + if ((lvar) == 0) { \ + DANEerr(DANESSL_F_ADD_TLSA, ERR_R_MALLOC_FAILURE); \ + freeFunc((var)); \ + return 0; \ + } \ + (lvar)->next = 0; \ + lvar->value = var; \ + } while (0) #define xkfreeret(ret) do { \ - if (xlist) list_free(xlist, cert_free); \ - if (klist) list_free(klist, pkey_free); \ - return (ret); \ - } while (0) + if (xlist) list_free(xlist, cert_free); \ + if (klist) list_free(klist, pkey_free); \ + return (ret); \ + } while (0) - switch(selector) + switch (selector) { - case SSL_DANE_SELECTOR_CERT: - if(!d2i_X509(&x, &p, dlen) || dlen != p - data) + case DANESSL_SELECTOR_CERT: + if (!d2i_X509(&x, &p, dlen) || dlen != p - data) { if (x) - X509_free(x); - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_CERT); + X509_free(x); + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_CERT); return 0; } k = X509_get_pubkey(x); EVP_PKEY_free(k); - if(!k) + if (k == 0) { X509_free(x); - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_CERT_PKEY); + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_CERT_PKEY); return 0; } - if(usage == SSL_DANE_USAGE_TRUSTED_CA) + if (usage == DANESSL_USAGE_DANE_TA) xklistinit(xlist, dane_cert_list, x, X509_free); break; - case SSL_DANE_SELECTOR_SPKI: - if(!d2i_PUBKEY(&k, &p, dlen) || dlen != p - data) + case DANESSL_SELECTOR_SPKI: + if (!d2i_PUBKEY(&k, &p, dlen) || dlen != p - data) { - if(k) + if (k) EVP_PKEY_free(k); - DANEerr(DANE_F_SSL_DANE_ADD_TLSA, DANE_R_BAD_PKEY); - return 0; + DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_PKEY); + return 0; } - if(usage == SSL_DANE_USAGE_TRUSTED_CA) + if (usage == DANESSL_USAGE_DANE_TA) xklistinit(klist, dane_pkey_list, k, EVP_PKEY_free); break; } } /* Find insertion point and don't add duplicate elements. */ -for(s = dane->selectors[usage]; s; s = s->next) - if(s->value->selector == selector) - for(m = s->value->mtype; m; m = m->next) - if(m->value->md == md) - for(d = m->value->data; d; d = d->next) - if( d->value->datalen == dlen - && memcmp(d->value->data, data, dlen) == 0) +for (s = dane->selectors[usage]; s; s = s->next) + if (s->value->selector == selector) + { + for (m = s->value->mtype; m; m = m->next) + if (m->value->md == md) + { + for (d = m->value->data; d; d = d->next) + if ( d->value->datalen == dlen + && memcmp(d->value->data, data, dlen) == 0) xkfreeret(1); + break; + } + break; + } -if(!(d = (dane_data_list) list_alloc(sizeof(*d->value) + dlen))) +if ((d = (dane_data_list) list_alloc(sizeof(*d->value) + dlen)) == 0) xkfreeret(0); d->value->datalen = dlen; memcpy(d->value->data, data, dlen); -if(!m) +if (!m) { - if(!(m = (dane_mtype_list) list_alloc(sizeof(*m->value)))) + if ((m = (dane_mtype_list) list_alloc(sizeof(*m->value))) == 0) { - list_free(d, OPENSSL_freeFunc); + list_free(d, CRYPTO_free); xkfreeret(0); } m->value->data = 0; - if((m->value->md = md) != 0) + if ((m->value->md = md) != 0) m->value->mdlen = dlen; - if(!s) + if (!s) { - if(!(s = (dane_selector_list) list_alloc(sizeof(*s->value)))) + if ((s = (dane_selector_list) list_alloc(sizeof(*s->value))) == 0) { list_free(m, dane_mtype_free); xkfreeret(0); @@ -1297,9 +1436,9 @@ if(!m) } LINSERT(m->value->data, d); -if(xlist) +if (xlist) LINSERT(dane->certs, xlist); -else if(klist) +else if (klist) LINSERT(dane->pkeys, klist); ++dane->count; return 1; @@ -1334,35 +1473,25 @@ DANESSL_init(SSL *ssl, const char *sni_domain, const char **hostnames) { ssl_dane *dane; int i; -#ifdef OPENSSL_INTERNAL -SSL_CTX *sctx = SSL_get_SSL_CTX(ssl); - -if(sctx->app_verify_callback != verify_cert) - { - DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_SCTX_INIT); - return -1; - } -#else -DEBUG(D_tls) debug_printf("Dane ssl-init\n"); -if(dane_idx < 0) +DEBUG(D_tls) debug_printf("Dane ssl_init\n"); +if (dane_idx < 0) { - DANEerr(DANE_F_SSL_DANE_INIT, DANE_R_LIBRARY_INIT); + DANEerr(DANESSL_F_INIT, DANESSL_R_LIBRARY_INIT); return -1; } -#endif -if(sni_domain && !SSL_set_tlsext_host_name(ssl, sni_domain)) - return 0; +if (sni_domain && !SSL_set_tlsext_host_name(ssl, sni_domain)) + return 0; -if(!(dane = (ssl_dane *) OPENSSL_malloc(sizeof(ssl_dane)))) +if ((dane = (ssl_dane *) OPENSSL_malloc(sizeof(ssl_dane))) == 0) { - DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_INIT, ERR_R_MALLOC_FAILURE); return 0; } -if(!SSL_set_ex_data(ssl, dane_idx, dane)) +if (!SSL_set_ex_data(ssl, dane_idx, dane)) { - DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_INIT, ERR_R_MALLOC_FAILURE); OPENSSL_free(dane); return 0; } @@ -1373,18 +1502,21 @@ dane->thost = 0; dane->pkeys = 0; dane->certs = 0; dane->chain = 0; +dane->match = 0; dane->roots = 0; dane->depth = -1; -dane->mhost = 0; /* Future SSL control interface */ -dane->multi = 0; /* Future SSL control interface */ +dane->mhost = 0; /* Future SSL control interface */ +dane->mdpth = 0; /* Future SSL control interface */ +dane->multi = 0; /* Future SSL control interface */ dane->count = 0; +dane->hosts = 0; -for(i = 0; i <= SSL_DANE_USAGE_LAST; ++i) - dane->selectors[i] = 0; +for (i = 0; i <= DANESSL_USAGE_LAST; ++i) + dane->selectors[i] = 0; -if(hostnames && !(dane->hosts = host_list_init(hostnames))) +if (hostnames && (dane->hosts = host_list_init(hostnames)) == 0) { - DANEerr(DANE_F_SSL_DANE_INIT, ERR_R_MALLOC_FAILURE); + DANEerr(DANESSL_F_INIT, ERR_R_MALLOC_FAILURE); DANESSL_cleanup(ssl); return 0; } @@ -1415,12 +1547,12 @@ int DANESSL_CTX_init(SSL_CTX *ctx) { DEBUG(D_tls) debug_printf("Dane ctx-init\n"); -if(dane_idx >= 0) +if (dane_idx >= 0) { SSL_CTX_set_cert_verify_callback(ctx, verify_cert, 0); return 1; } -DANEerr(DANE_F_SSL_CTX_DANE_INIT, DANE_R_LIBRARY_INIT); +DANEerr(DANESSL_F_CTX_INIT, DANESSL_R_LIBRARY_INIT); return -1; } @@ -1430,15 +1562,15 @@ init_once(volatile int *value, int (*init)(void), void (*postinit)(void)) int wlock = 0; CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); -if(*value < 0) +if (*value < 0) { CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); wlock = 1; - if(*value < 0) + if (*value < 0) { *value = init(); - if(postinit) + if (postinit) postinit(); } } @@ -1466,12 +1598,12 @@ ERR_load_strings(err_lib_dane, dane_str_reasons); * Register SHA-2 digests, if implemented and not already registered. */ #if defined(LN_sha256) && defined(NID_sha256) && !defined(OPENSSL_NO_SHA256) -if(!EVP_get_digestbyname(LN_sha224)) EVP_add_digest(EVP_sha224()); -if(!EVP_get_digestbyname(LN_sha256)) EVP_add_digest(EVP_sha256()); +if (!EVP_get_digestbyname(LN_sha224)) EVP_add_digest(EVP_sha224()); +if (!EVP_get_digestbyname(LN_sha256)) EVP_add_digest(EVP_sha256()); #endif #if defined(LN_sha512) && defined(NID_sha512) && !defined(OPENSSL_NO_SHA512) -if(!EVP_get_digestbyname(LN_sha384)) EVP_add_digest(EVP_sha384()); -if(!EVP_get_digestbyname(LN_sha512)) EVP_add_digest(EVP_sha512()); +if (!EVP_get_digestbyname(LN_sha384)) EVP_add_digest(EVP_sha384()); +if (!EVP_get_digestbyname(LN_sha512)) EVP_add_digest(EVP_sha512()); #endif /* @@ -1501,16 +1633,15 @@ int DANESSL_library_init(void) { DEBUG(D_tls) debug_printf("Dane lib-init\n"); -if(err_lib_dane < 0) +if (err_lib_dane < 0) init_once(&err_lib_dane, ERR_get_next_error_library, dane_init); #if defined(LN_sha256) /* No DANE without SHA256 support */ -if(dane_idx >= 0 && EVP_get_digestbyname(LN_sha256) != 0) +if (dane_idx >= 0 && EVP_get_digestbyname(LN_sha256) != 0) return 1; #endif - -DANEerr(DANE_F_SSL_DANE_LIBRARY_INIT, DANE_R_DANE_SUPPORT); +DANEerr(DANESSL_F_LIBRARY_INIT, DANESSL_R_SUPPORT); return 0; } diff --git a/src/src/danessl.h b/src/src/danessl.h index 5b1584da2..1d6439e2f 100644 --- a/src/src/danessl.h +++ b/src/src/danessl.h @@ -1,5 +1,9 @@ -#ifndef HEADER_SSL_DANE_H -#define HEADER_SSL_DANE_H +/* + * Author: Viktor Dukhovni + * License: THIS CODE IS IN THE PUBLIC DOMAIN. + */ +#ifndef HEADER_DANESSL_H +#define HEADER_DANESSL_H #include #include @@ -8,24 +12,36 @@ * Certificate usages: * https://tools.ietf.org/html/rfc6698#section-2.1.1 */ -#define SSL_DANE_USAGE_LIMIT_ISSUER 0 -#define SSL_DANE_USAGE_LIMIT_LEAF 1 -#define SSL_DANE_USAGE_TRUSTED_CA 2 -#define SSL_DANE_USAGE_FIXED_LEAF 3 -#define SSL_DANE_USAGE_LAST SSL_DANE_USAGE_FIXED_LEAF +#define DANESSL_USAGE_PKIX_TA 0 +#define DANESSL_USAGE_PKIX_EE 1 +#define DANESSL_USAGE_DANE_TA 2 +#define DANESSL_USAGE_DANE_EE 3 +#define DANESSL_USAGE_LAST DANESSL_USAGE_DANE_EE /*- * Selectors: * https://tools.ietf.org/html/rfc6698#section-2.1.2 */ -#define SSL_DANE_SELECTOR_CERT 0 -#define SSL_DANE_SELECTOR_SPKI 1 -#define SSL_DANE_SELECTOR_LAST SSL_DANE_SELECTOR_SPKI +#define DANESSL_SELECTOR_CERT 0 +#define DANESSL_SELECTOR_SPKI 1 +#define DANESSL_SELECTOR_LAST DANESSL_SELECTOR_SPKI + +/*- + * Matching types: + * https://tools.ietf.org/html/rfc6698#section-2.1.3 + */ +#define DANESSL_MATCHING_FULL 0 +#define DANESSL_MATCHING_2256 1 +#define DANESSL_MATCHING_2512 2 +#define DANESSL_MATCHING_LAST DANESSL_MATCHING_2512 extern int DANESSL_library_init(void); extern int DANESSL_CTX_init(SSL_CTX *); extern int DANESSL_init(SSL *, const char *, const char **); extern void DANESSL_cleanup(SSL *); extern int DANESSL_add_tlsa(SSL *, uint8_t, uint8_t, const char *, - unsigned const char *, size_t); + unsigned const char *, size_t); +extern int DANESSL_get_match_cert(SSL *, X509 **, const char **, int *); +extern int DANESSL_verify_chain(SSL *, STACK_OF(X509) *); + #endif diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 3430e4eac..49347a2ae 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -294,6 +294,7 @@ X509 * old_cert; ev = tlsp == &tls_out ? client_static_cbinfo->event_action : event_action; if (ev) { + DEBUG(D_tls) debug_printf("verify_event: %s %d\n", what, depth); old_cert = tlsp->peercert; tlsp->peercert = X509_dup(cert); /* NB we do not bother setting peerdn */ diff --git a/test/log/5860 b/test/log/5860 index 471a31df1..928613fc2 100644 --- a/test/log/5860 +++ b/test/log/5860 @@ -13,6 +13,7 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane256ta.test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 +1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 2 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 1 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 -- 2.25.1