ldns: Update vendor branch from 1.6.16 to 1.7.0
[dragonfly.git] / contrib / ldns / dane.c
1 /*
2  * Verify or create TLS authentication with DANE (RFC6698)
3  *
4  * (c) NLnetLabs 2012
5  *
6  * See the file LICENSE for the license.
7  *
8  */
9
10 #include <ldns/config.h>
11 #ifdef USE_DANE
12
13 #include <ldns/ldns.h>
14 #include <ldns/dane.h>
15
16 #include <unistd.h>
17 #include <stdlib.h>
18 #include <sys/types.h>
19 #ifdef HAVE_SYS_SOCKET_H
20 #include <sys/socket.h>
21 #endif
22 #ifdef HAVE_NETDB_H
23 #include <netdb.h>
24 #endif
25
26 #ifdef HAVE_SSL
27 #include <openssl/ssl.h>
28 #include <openssl/err.h>
29 #include <openssl/x509v3.h>
30 #endif
31
32 ldns_status
33 ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
34                 uint16_t port, ldns_dane_transport transport)
35 {
36         char buf[LDNS_MAX_DOMAINLEN];
37         size_t s;
38
39         assert(tlsa_owner != NULL);
40         assert(name != NULL);
41         assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
42
43         s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
44         buf[0] = (char)(s - 1);
45
46         switch(transport) {
47         case LDNS_DANE_TRANSPORT_TCP:
48                 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
49                 break;
50         
51         case LDNS_DANE_TRANSPORT_UDP:
52                 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
53                 break;
54
55         case LDNS_DANE_TRANSPORT_SCTP:
56                 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
57                 break;
58         
59         default:
60                 return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT;
61         }
62         if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) {
63                 return LDNS_STATUS_DOMAINNAME_OVERFLOW;
64         }
65         memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
66         *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
67                         s + ldns_rdf_size(name), buf);
68         if (*tlsa_owner == NULL) {
69                 return LDNS_STATUS_MEM_ERR;
70         }
71         return LDNS_STATUS_OK;
72 }
73
74
75 #ifdef HAVE_SSL
76 ldns_status
77 ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
78                 ldns_tlsa_selector      selector,
79                 ldns_tlsa_matching_type matching_type)
80 {
81         unsigned char* buf = NULL;
82         size_t len;
83
84         X509_PUBKEY* xpubkey;
85         EVP_PKEY* epubkey;
86
87         unsigned char* digest;
88
89         assert(rdf != NULL);
90         assert(cert != NULL);
91
92         switch(selector) {
93         case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
94
95                 len = (size_t)i2d_X509(cert, &buf);
96                 break;
97
98         case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
99
100 #ifndef S_SPLINT_S
101                 xpubkey = X509_get_X509_PUBKEY(cert);
102 #endif
103                 if (! xpubkey) {
104                         return LDNS_STATUS_SSL_ERR;
105                 }
106                 epubkey = X509_PUBKEY_get(xpubkey);
107                 if (! epubkey) {
108                         return LDNS_STATUS_SSL_ERR;
109                 }
110                 len = (size_t)i2d_PUBKEY(epubkey, &buf);
111                 break;
112         
113         default:
114                 return LDNS_STATUS_DANE_UNKNOWN_SELECTOR;
115         }
116
117         switch(matching_type) {
118         case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
119
120                 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
121                 
122                 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
123                 break;
124         
125         case LDNS_TLSA_MATCHING_TYPE_SHA256:
126
127                 digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH);
128                 if (digest == NULL) {
129                         LDNS_FREE(buf);
130                         return LDNS_STATUS_MEM_ERR;
131                 }
132                 (void) ldns_sha256(buf, (unsigned int)len, digest);
133                 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH,
134                                 digest);
135                 LDNS_FREE(buf);
136
137                 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
138                 break;
139
140         case LDNS_TLSA_MATCHING_TYPE_SHA512:
141
142                 digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH);
143                 if (digest == NULL) {
144                         LDNS_FREE(buf);
145                         return LDNS_STATUS_MEM_ERR;
146                 }
147                 (void) ldns_sha512(buf, (unsigned int)len, digest);
148                 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH,
149                                 digest);
150                 LDNS_FREE(buf);
151
152                 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
153                 break;
154         
155         default:
156                 LDNS_FREE(buf);
157                 return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE;
158         }
159 }
160
161
162 /* Ordinary PKIX validation of cert (with extra_certs to help)
163  * against the CA's in store
164  */
165 static ldns_status
166 ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
167                 X509_STORE* store)
168 {
169         X509_STORE_CTX* vrfy_ctx;
170         ldns_status s;
171
172         if (! store) {
173                 return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
174         }
175         vrfy_ctx = X509_STORE_CTX_new();
176         if (! vrfy_ctx) {
177
178                 return LDNS_STATUS_SSL_ERR;
179
180         } else if (X509_STORE_CTX_init(vrfy_ctx, store,
181                                 cert, extra_certs) != 1) {
182                 s = LDNS_STATUS_SSL_ERR;
183
184         } else if (X509_verify_cert(vrfy_ctx) == 1) {
185
186                 s = LDNS_STATUS_OK;
187
188         } else {
189                 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
190         }
191         X509_STORE_CTX_free(vrfy_ctx);
192         return s;
193 }
194
195
196 /* Orinary PKIX validation of cert (with extra_certs to help)
197  * against the CA's in store, but also return the validation chain.
198  */
199 static ldns_status
200 ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
201                 STACK_OF(X509)* extra_certs, X509_STORE* store)
202 {
203         ldns_status s;
204         X509_STORE* empty_store = NULL;
205         X509_STORE_CTX* vrfy_ctx;
206
207         assert(chain != NULL);
208
209         if (! store) {
210                 store = empty_store = X509_STORE_new();
211         }
212         s = LDNS_STATUS_SSL_ERR;
213         vrfy_ctx = X509_STORE_CTX_new();
214         if (! vrfy_ctx) {
215
216                 goto exit_free_empty_store;
217
218         } else if (X509_STORE_CTX_init(vrfy_ctx, store,
219                                         cert, extra_certs) != 1) {
220                 goto exit_free_vrfy_ctx;
221
222         } else if (X509_verify_cert(vrfy_ctx) == 1) {
223
224                 s = LDNS_STATUS_OK;
225
226         } else {
227                 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
228         }
229         *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
230         if (! *chain) {
231                 s = LDNS_STATUS_SSL_ERR;
232         }
233
234 exit_free_vrfy_ctx:
235         X509_STORE_CTX_free(vrfy_ctx);
236
237 exit_free_empty_store:
238         if (empty_store) {
239                 X509_STORE_free(empty_store);
240         }
241         return s;
242 }
243
244
245 /* Return the validation chain that can be build out of cert, with extra_certs.
246  */
247 static ldns_status
248 ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
249                 X509* cert, STACK_OF(X509)* extra_certs)
250 {
251         ldns_status s;
252         X509_STORE* empty_store = NULL;
253         X509_STORE_CTX* vrfy_ctx;
254
255         assert(chain != NULL);
256
257         empty_store = X509_STORE_new();
258         s = LDNS_STATUS_SSL_ERR;
259         vrfy_ctx = X509_STORE_CTX_new();
260         if (! vrfy_ctx) {
261
262                 goto exit_free_empty_store;
263
264         } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
265                                         cert, extra_certs) != 1) {
266                 goto exit_free_vrfy_ctx;
267         }
268         (void) X509_verify_cert(vrfy_ctx);
269         *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
270         if (! *chain) {
271                 s = LDNS_STATUS_SSL_ERR;
272         } else {
273                 s = LDNS_STATUS_OK;
274         }
275 exit_free_vrfy_ctx:
276         X509_STORE_CTX_free(vrfy_ctx);
277
278 exit_free_empty_store:
279         X509_STORE_free(empty_store);
280         return s;
281 }
282
283
284 /* Pop n+1 certs and return the last popped.
285  */
286 static ldns_status
287 ldns_dane_get_nth_cert_from_validation_chain(
288                 X509** cert, STACK_OF(X509)* chain, int n, bool ca)
289 {
290         if (n >= sk_X509_num(chain) || n < 0) {
291                 return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE;
292         }
293         *cert = sk_X509_pop(chain);
294         while (n-- > 0) {
295                 X509_free(*cert);
296                 *cert = sk_X509_pop(chain);
297         }
298         if (ca && ! X509_check_ca(*cert)) {
299                 return LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
300         }
301         return LDNS_STATUS_OK;
302 }
303
304
305 /* Create validation chain with cert and extra_certs and returns the last
306  * self-signed (if present).
307  */
308 static ldns_status
309 ldns_dane_pkix_get_last_self_signed(X509** out_cert,
310                 X509* cert, STACK_OF(X509)* extra_certs)
311 {
312         ldns_status s;
313         X509_STORE* empty_store = NULL;
314         X509_STORE_CTX* vrfy_ctx;
315
316         assert(out_cert != NULL);
317
318         empty_store = X509_STORE_new();
319         s = LDNS_STATUS_SSL_ERR;
320         vrfy_ctx = X509_STORE_CTX_new();
321         if (! vrfy_ctx) {
322                 goto exit_free_empty_store;
323
324         } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
325                                         cert, extra_certs) != 1) {
326                 goto exit_free_vrfy_ctx;
327
328         }
329         (void) X509_verify_cert(vrfy_ctx);
330         if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
331             X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
332
333                 *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
334                 s = LDNS_STATUS_OK;
335         } else {
336                 s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR;
337         }
338 exit_free_vrfy_ctx:
339         X509_STORE_CTX_free(vrfy_ctx);
340
341 exit_free_empty_store:
342         X509_STORE_free(empty_store);
343         return s;
344 }
345
346
347 ldns_status
348 ldns_dane_select_certificate(X509** selected_cert,
349                 X509* cert, STACK_OF(X509)* extra_certs,
350                 X509_STORE* pkix_validation_store,
351                 ldns_tlsa_certificate_usage cert_usage, int offset)
352 {
353         ldns_status s;
354         STACK_OF(X509)* pkix_validation_chain = NULL;
355
356         assert(selected_cert != NULL);
357         assert(cert != NULL);
358
359         /* With PKIX validation explicitly turned off (pkix_validation_store
360          *  == NULL), treat the "CA constraint" and "Service certificate
361          * constraint" the same as "Trust anchor assertion" and "Domain issued
362          * certificate" respectively.
363          */
364         if (pkix_validation_store == NULL) {
365                 switch (cert_usage) {
366
367                 case LDNS_TLSA_USAGE_CA_CONSTRAINT:
368
369                         cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION;
370                         break;
371
372                 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
373
374                         cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE;
375                         break;
376
377                 default:
378                         break;
379                 }
380         }
381
382         /* Now what to do with each Certificate usage...
383          */
384         switch (cert_usage) {
385
386         case LDNS_TLSA_USAGE_CA_CONSTRAINT:
387
388                 s = ldns_dane_pkix_validate_and_get_chain(
389                                 &pkix_validation_chain,
390                                 cert, extra_certs,
391                                 pkix_validation_store);
392                 if (! pkix_validation_chain) {
393                         return s;
394                 }
395                 if (s == LDNS_STATUS_OK) {
396                         if (offset == -1) {
397                                 offset = 0;
398                         }
399                         s = ldns_dane_get_nth_cert_from_validation_chain(
400                                         selected_cert, pkix_validation_chain,
401                                         offset, true);
402                 }
403                 sk_X509_pop_free(pkix_validation_chain, X509_free);
404                 return s;
405                 break;
406
407
408         case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
409
410                 *selected_cert = cert;
411                 return ldns_dane_pkix_validate(cert, extra_certs,
412                                 pkix_validation_store);
413                 break;
414
415
416         case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
417
418                 if (offset == -1) {
419                         s = ldns_dane_pkix_get_last_self_signed(
420                                         selected_cert, cert, extra_certs);
421                         return s;
422                 } else {
423                         s = ldns_dane_pkix_get_chain(
424                                         &pkix_validation_chain,
425                                         cert, extra_certs);
426                         if (s == LDNS_STATUS_OK) {
427                                 s =
428                                 ldns_dane_get_nth_cert_from_validation_chain(
429                                         selected_cert, pkix_validation_chain,
430                                         offset, false);
431                         } else if (! pkix_validation_chain) {
432                                 return s;
433                         }
434                         sk_X509_pop_free(pkix_validation_chain, X509_free);
435                         return s;
436                 }
437                 break;
438
439
440         case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
441
442                 *selected_cert = cert;
443                 return LDNS_STATUS_OK;
444                 break;
445         
446         default:
447                 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
448                 break;
449         }
450 }
451
452
453 ldns_status
454 ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
455                 ldns_tlsa_certificate_usage certificate_usage,
456                 ldns_tlsa_selector          selector,
457                 ldns_tlsa_matching_type     matching_type,
458                 X509* cert)
459 {
460         ldns_rdf* rdf;
461         ldns_status s;
462
463         assert(tlsa != NULL);
464         assert(cert != NULL);
465
466         /* create rr */
467         *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA);
468         if (*tlsa == NULL) {
469                 return LDNS_STATUS_MEM_ERR;
470         }
471
472         rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
473                         (uint8_t)certificate_usage);
474         if (rdf == NULL) {
475                 goto memerror;
476         }
477         (void) ldns_rr_set_rdf(*tlsa, rdf, 0);
478
479         rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector);
480         if (rdf == NULL) {
481                 goto memerror;
482         }
483         (void) ldns_rr_set_rdf(*tlsa, rdf, 1);
484
485         rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type);
486         if (rdf == NULL) {
487                 goto memerror;
488         }
489         (void) ldns_rr_set_rdf(*tlsa, rdf, 2);
490
491         s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
492         if (s == LDNS_STATUS_OK) {
493                 (void) ldns_rr_set_rdf(*tlsa, rdf, 3);
494                 return LDNS_STATUS_OK;
495         }
496         ldns_rr_free(*tlsa);
497         *tlsa = NULL;
498         return s;
499
500 memerror:
501         ldns_rr_free(*tlsa);
502         *tlsa = NULL;
503         return LDNS_STATUS_MEM_ERR;
504 }
505
506
507 #ifdef USE_DANE_VERIFY
508 /* Return tlsas that actually are TLSA resource records with known values
509  * for the Certificate usage, Selector and Matching type rdata fields.
510  */
511 static ldns_rr_list*
512 ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
513 {
514         size_t i;
515         ldns_rr_list* r = ldns_rr_list_new();
516         ldns_rr* tlsa_rr;
517
518         if (! r) {
519                 return NULL;
520         }
521         for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
522                 tlsa_rr = ldns_rr_list_rr(tlsas, i);
523                 if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA &&
524                     ldns_rr_rd_count(tlsa_rr) == 4 &&
525                     ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 &&
526                     ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 &&
527                     ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) {
528
529                         if (! ldns_rr_list_push_rr(r, tlsa_rr)) {
530                                 ldns_rr_list_free(r);
531                                 return NULL;
532                         }
533                 }
534         }
535         return r;
536 }
537
538
539 #if !defined(USE_DANE_TA_USAGE)
540 /* Return whether cert/selector/matching_type matches data.
541  */
542 static ldns_status
543 ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector,
544                 ldns_tlsa_matching_type matching_type, ldns_rdf* data)
545 {
546         ldns_status s;
547         ldns_rdf* match_data;
548
549         s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type);
550         if (s == LDNS_STATUS_OK) {
551                 if (ldns_rdf_compare(data, match_data) != 0) {
552                         s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
553                 }
554                 ldns_rdf_free(match_data);
555         }
556         return s;
557 }
558
559
560 /* Return whether any certificate from the chain with selector/matching_type
561  * matches data.
562  * ca should be true if the certificate has to be a CA certificate too.
563  */
564 static ldns_status
565 ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
566                 ldns_tlsa_selector      selector,
567                 ldns_tlsa_matching_type matching_type,
568                 ldns_rdf* data, bool ca)
569 {
570         ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
571         size_t n, i;
572         X509* cert;
573
574         n = (size_t)sk_X509_num(chain);
575         for (i = 0; i < n; i++) {
576                 cert = sk_X509_pop(chain);
577                 if (! cert) {
578                         s = LDNS_STATUS_SSL_ERR;
579                         break;
580                 }
581                 s = ldns_dane_match_cert_with_data(cert,
582                                 selector, matching_type, data);
583                 if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) {
584                         s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
585                 }
586                 X509_free(cert);
587                 if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) {
588                         break;
589                 }
590                 /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
591                  * try to match the next certificate
592                  */
593         }
594         return s;
595 }
596 #endif /* !defined(USE_DANE_TA_USAGE) */
597 #endif /* USE_DANE_VERIFY */
598
599 #ifdef USE_DANE_VERIFY
600 ldns_status
601 ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
602                 X509* cert, STACK_OF(X509)* extra_certs,
603                 X509_STORE* pkix_validation_store)
604 {
605 #if defined(USE_DANE_TA_USAGE)
606         SSL_CTX *ssl_ctx = NULL;
607         SSL *ssl = NULL;
608         X509_STORE_CTX *store_ctx = NULL;
609 #else
610         STACK_OF(X509)* pkix_validation_chain = NULL;
611 #endif
612         ldns_status s = LDNS_STATUS_OK;
613
614         ldns_tlsa_certificate_usage usage;
615         ldns_tlsa_selector          selector;
616         ldns_tlsa_matching_type     mtype;
617         ldns_rdf*                   data;
618
619         if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA ||
620                         ldns_rr_rd_count(tlsa_rr) != 4 ||
621                         ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 ||
622                         ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 ||
623                         ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) {
624                 /* No (usable) TLSA, so regular PKIX validation
625                  */
626                 return ldns_dane_pkix_validate(cert, extra_certs,
627                                 pkix_validation_store);
628         }
629         usage    = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
630         selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
631         mtype    = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
632         data     =                      ldns_rr_rdf(tlsa_rr, 3) ;
633
634 #if defined(USE_DANE_TA_USAGE)
635         /* Rely on OpenSSL dane functions.
636          *
637          * OpenSSL does not provide offline dane verification.  The dane unit
638          * tests within openssl use the undocumented SSL_get0_dane() and 
639          * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
640          * SSL_CTX to a X509_STORE_CTX that can be used to do offline
641          * verification.  We use these undocumented means with the ldns
642          * dane function prototypes which did only offline dane verification.
643          */
644         if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
645                 s = LDNS_STATUS_MEM_ERR;
646
647         else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
648                 s = LDNS_STATUS_SSL_ERR;
649
650         else if (SSL_CTX_dane_set_flags(
651                                 ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
652                         !(ssl = SSL_new(ssl_ctx)))
653                 s = LDNS_STATUS_MEM_ERR;
654
655         else if (SSL_set_connect_state(ssl),
656                         (SSL_dane_enable(ssl, NULL) <= 0))
657                 s = LDNS_STATUS_SSL_ERR;
658
659         else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
660                                 ldns_rdf_data(data), ldns_rdf_size(data)) <= 0)
661                 s = LDNS_STATUS_SSL_ERR;
662
663         else if (!(store_ctx =  X509_STORE_CTX_new()))
664                 s = LDNS_STATUS_MEM_ERR;
665
666         else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
667                 s = LDNS_STATUS_SSL_ERR;
668
669         else {
670                 int ret;
671
672                 X509_STORE_CTX_set_default(store_ctx,
673                                 SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
674                 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
675                                 SSL_get0_param(ssl));
676                 X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
677                 if (SSL_get_verify_callback(ssl))
678                         X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
679
680                 ret = X509_verify_cert(store_ctx);
681                 if (!ret) {
682                         if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
683                                 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
684                         else
685                                 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
686                 }
687                 X509_STORE_CTX_cleanup(store_ctx);
688         }
689         if (store_ctx)
690                 X509_STORE_CTX_free(store_ctx);
691         if (ssl)
692                 SSL_free(ssl);
693         if (ssl_ctx)
694                 SSL_CTX_free(ssl_ctx);
695         return s;
696 #else
697         switch (usage) {
698         case LDNS_TLSA_USAGE_CA_CONSTRAINT:
699                 s = ldns_dane_pkix_validate_and_get_chain(
700                                 &pkix_validation_chain, 
701                                 cert, extra_certs,
702                                 pkix_validation_store);
703                 if (! pkix_validation_chain) {
704                         return s;
705                 }
706                 if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
707                         /*
708                          * NO PKIX validation. We still try to match *any*
709                          * certificate from the chain, so we return
710                          * TLSA errors over PKIX errors.
711                          *
712                          * i.e. When the TLSA matches no certificate, we return
713                          * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
714                          */
715                         s = ldns_dane_match_any_cert_with_data(
716                                         pkix_validation_chain,
717                                         selector, mtype, data, true);
718
719                         if (s == LDNS_STATUS_OK) {
720                                 /* A TLSA record did match a cert from the
721                                  * chain, thus the error is failed PKIX
722                                  * validation.
723                                  */
724                                 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
725                         }
726
727                 } else if (s == LDNS_STATUS_OK) { 
728                         /* PKIX validated, does the TLSA match too? */
729
730                         s = ldns_dane_match_any_cert_with_data(
731                                         pkix_validation_chain,
732                                         selector, mtype, data, true);
733                 }
734                 sk_X509_pop_free(pkix_validation_chain, X509_free);
735                 return s;
736                 break;
737
738         case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
739
740                 s = ldns_dane_match_cert_with_data(cert,
741                                 selector, mtype, data);
742
743                 if (s == LDNS_STATUS_OK) {
744                         return ldns_dane_pkix_validate(cert, extra_certs,
745                                         pkix_validation_store);
746                 }
747                 return s;
748                 break;
749
750         case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
751 #if 0
752                 s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
753                                 cert, extra_certs);
754
755                 if (s == LDNS_STATUS_OK) {
756                         s = ldns_dane_match_any_cert_with_data(
757                                         pkix_validation_chain,
758                                         selector, mtype, data, false);
759
760                 } else if (! pkix_validation_chain) {
761                         return s;
762                 }
763                 sk_X509_pop_free(pkix_validation_chain, X509_free);
764                 return s;
765 #else
766                 return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA;
767 #endif
768                 break;
769
770         case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
771                 return ldns_dane_match_cert_with_data(cert,
772                                 selector, mtype, data);
773                 break;
774
775         default:
776                 break;
777         }
778 #endif
779         return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
780 }
781
782
783 ldns_status
784 ldns_dane_verify(const ldns_rr_list* tlsas,
785                 X509* cert, STACK_OF(X509)* extra_certs,
786                 X509_STORE* pkix_validation_store)
787 {
788 #if defined(USE_DANE_TA_USAGE)
789         SSL_CTX *ssl_ctx = NULL;
790         ldns_rdf *basename_rdf = NULL;
791         char *basename = NULL;
792         SSL *ssl = NULL;
793         X509_STORE_CTX *store_ctx = NULL;
794 #else
795         ldns_status ps;
796 #endif
797         size_t i;
798         ldns_rr* tlsa_rr;
799         ldns_rr_list *usable_tlsas;
800         ldns_status s = LDNS_STATUS_OK;
801
802         assert(cert != NULL);
803
804         if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0)
805                 /* No TLSA's, so regular PKIX validation
806                  */
807                 return ldns_dane_pkix_validate(cert, extra_certs,
808                                 pkix_validation_store);
809
810 /* To enable name checks (which we don't) */
811 #if defined(USE_DANE_TA_USAGE) && 0
812         else if (!(basename_rdf = ldns_dname_clone_from(
813                                         ldns_rr_list_owner(tlsas), 2)))
814                 /* Could nog get DANE base name */
815                 s = LDNS_STATUS_ERR;
816
817         else if (!(basename = ldns_rdf2str(basename_rdf)))
818                 s = LDNS_STATUS_MEM_ERR;
819
820         else if (strlen(basename) && (basename[strlen(basename)-1]  = 0))
821                 s = LDNS_STATUS_ERR; /* Intended to be unreachable */
822 #endif
823
824         else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas)))
825                 return LDNS_STATUS_MEM_ERR;
826
827         else if (ldns_rr_list_rr_count(usable_tlsas) == 0) {
828                 /* No TLSA's, so regular PKIX validation
829                  */
830                 ldns_rr_list_free(usable_tlsas);
831                 return ldns_dane_pkix_validate(cert, extra_certs,
832                                 pkix_validation_store);
833         }
834 #if defined(USE_DANE_TA_USAGE)
835         /* Rely on OpenSSL dane functions.
836          *
837          * OpenSSL does not provide offline dane verification.  The dane unit
838          * tests within openssl use the undocumented SSL_get0_dane() and 
839          * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
840          * SSL_CTX to a X509_STORE_CTX that can be used to do offline
841          * verification.  We use these undocumented means with the ldns
842          * dane function prototypes which did only offline dane verification.
843          */
844         if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
845                 s = LDNS_STATUS_MEM_ERR;
846
847         else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
848                 s = LDNS_STATUS_SSL_ERR;
849
850         else if (SSL_CTX_dane_set_flags(
851                                 ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
852                         !(ssl = SSL_new(ssl_ctx)))
853                 s = LDNS_STATUS_MEM_ERR;
854
855         else if (SSL_set_connect_state(ssl),
856                         (SSL_dane_enable(ssl, basename) <= 0))
857                 s = LDNS_STATUS_SSL_ERR;
858
859         else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
860                 ldns_tlsa_certificate_usage usage;
861                 ldns_tlsa_selector          selector;
862                 ldns_tlsa_matching_type     mtype;
863                 ldns_rdf*                   data;
864
865                 tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
866                 usage   = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0));
867                 selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1));
868                 mtype   = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2));
869                 data    =                      ldns_rr_rdf(tlsa_rr,3) ;
870
871                 if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
872                                         ldns_rdf_data(data),
873                                         ldns_rdf_size(data)) <= 0) {
874                         s = LDNS_STATUS_SSL_ERR;
875                         break;
876                 }
877         }
878         if (!s && !(store_ctx =  X509_STORE_CTX_new()))
879                 s = LDNS_STATUS_MEM_ERR;
880
881         else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
882                 s = LDNS_STATUS_SSL_ERR;
883
884         else {
885                 int ret;
886
887                 X509_STORE_CTX_set_default(store_ctx,
888                                 SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
889                 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
890                                 SSL_get0_param(ssl));
891                 X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
892                 if (SSL_get_verify_callback(ssl))
893                         X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
894
895                 ret = X509_verify_cert(store_ctx);
896                 if (!ret) {
897                         if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
898                                 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
899                         else
900                                 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
901                 }
902                 X509_STORE_CTX_cleanup(store_ctx);
903         }
904         if (store_ctx)
905                 X509_STORE_CTX_free(store_ctx);
906         if (ssl)
907                 SSL_free(ssl);
908         if (ssl_ctx)
909                 SSL_CTX_free(ssl_ctx);
910         if (basename)
911                 free(basename);
912         ldns_rdf_deep_free(basename_rdf);
913 #else
914         for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
915                 tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
916                 ps = s;
917                 s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
918                                 pkix_validation_store);
919
920                 if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
921                     s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE &&
922                     s != LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA) {
923
924                         /* which would be LDNS_STATUS_OK (match)
925                          * or some fatal error preventing use from
926                          * trying the next TLSA record.
927                          */
928                         break;
929                 }
930                 s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA
931                                         * over PKIX_DID_NOT_VALIDATE
932                                         * over TLSA_DID_NOT_MATCH
933                                         */
934         }
935 #endif
936         ldns_rr_list_free(usable_tlsas);
937         return s;
938 }
939 #endif /* USE_DANE_VERIFY */
940 #endif /* HAVE_SSL */
941 #endif /* USE_DANE */