From e815d72b1f489c2c38adf3eee87c02e1c5dd8f3c Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Wed, 15 May 2013 20:41:51 +0200
Subject: [PATCH] RFC6689 support: add missing commit (git noob alert).
---
Configure | 2 +
apps/s_client.c | 3 ++
ssl/Makefile | 4 +-
ssl/ssl.h | 14 +++++
ssl/ssl_cert.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++++
ssl/ssl_lib.c | 13 +++++
6 files changed, 171 insertions(+), 2 deletions(-)
diff --git a/Configure b/Configure
index c5604033d3..5a3beee0c3 100755
--- a/Configure
+++ b/Configure
@@ -720,9 +720,11 @@ if (exists $ENV{FIPSDIR})
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
+ "dane" => "experimental",
"ec_nistp_64_gcc_128" => "default",
"gmp" => "default",
"jpake" => "experimental",
+ "libunbound" => "experimental",
"md2" => "default",
"rc5" => "default",
"rfc3779" => "default",
diff --git a/apps/s_client.c b/apps/s_client.c
index 8fe2c56f2a..ad88c3770b 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1317,6 +1317,9 @@ bad:
SSL_set_session(con, sess);
SSL_SESSION_free(sess);
}
+#ifndef OPENSSL_NO_DANE
+ SSL_pull_tlsa_record(con,host,port);
+#endif
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL)
{
diff --git a/ssl/Makefile b/ssl/Makefile
index 81f2a5757b..3c3c00213c 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -30,7 +30,7 @@ LIBSRC= \
ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
ssl_ciph.c ssl_stat.c ssl_rsa.c \
ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
- bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c
+ bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c dnssec.c
LIBOBJ= \
s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
@@ -41,7 +41,7 @@ LIBOBJ= \
ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
ssl_ciph.o ssl_stat.o ssl_rsa.o \
ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
- bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o
+ bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o dnssec.o
SRC= $(LIBSRC)
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 6cb1546821..7260c8cba3 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1428,6 +1428,10 @@ struct ssl_st
#ifndef OPENSSL_NO_SRP
SRP_CTX srp_ctx; /* ctx for SRP authentication */
+#endif
+#ifndef OPENSSL_NO_DANE
+ unsigned char *tlsa_record;
+ int tlsa_witness;
#endif
};
@@ -1712,6 +1716,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_GET_SERVER_TMP_KEY 109
#define SSL_CTRL_GET_RAW_CIPHERLIST 110
#define SSL_CTRL_GET_EC_POINT_FORMATS 111
+#define SSL_CTRL_GET_TLSA_RECORD 112
+#define SSL_CTRL_SET_TLSA_RECORD 113
+#define SSL_CTRL_PULL_TLSA_RECORD 114
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1848,6 +1855,11 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_get0_ec_point_formats(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+#define SSL_set_tlsa_record(s,tlsa) \
+ SSL_ctrl(s,SSL_CTRL_SET_TLSA_RECORD,0,(void *)tlsa)
+#define SSL_pull_tlsa_record(s,host,port) \
+ SSL_ctrl(s,SSL_CTRL_PULL_TLSA_RECORD,port,host)
+
#ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
@@ -2283,6 +2295,8 @@ void SSL_trace(int write_p, int version, int content_type,
const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
#endif
+void *SSL_get_tlsa_record_byname(const char *name,int port,int type);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a0da7d3741..6a59316da6 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -675,6 +675,138 @@ int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
return(1);
}
+#ifndef OPENSSL_NO_DANE
+/*
+ * return value:
+ * -1: format or digest error
+ * 0: match
+ * 1: no match
+ */
+int tlsa_cmp(const X509 *cert, const unsigned char *tlsa_record, unsigned int reclen)
+{
+ const EVP_MD *md;
+ unsigned char digest[EVP_MAX_MD_SIZE];
+ unsigned int len, selector, matching_type;
+ int ret;
+
+ if (reclen<3) return -1;
+
+ selector = tlsa_record[1];
+ matching_type = tlsa_record[2];
+ tlsa_record += 3;
+ reclen -= 3;
+
+ switch (matching_type) {
+ case 0: /* exact match */
+ if (selector==0) { /* full certificate */
+ ret = EVP_Digest(tlsa_record,reclen,digest,&len,EVP_sha1(),NULL);
+ return ret ? memcmp(cert->sha1_hash,digest,len)!=0 : -1;
+ }
+ else if (selector==1) { /* SubjectPublicKeyInfo */
+ ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(cert);
+
+ if (key == NULL) return -1;
+ if (key->length != reclen) return 1;
+
+ return memcmp(key->data,tlsa_record,reclen)!=0;
+ }
+ return -1;
+
+ case 1: /* SHA256 */
+ case 2: /* SHA512 */
+ md = matching_type==1 ? EVP_sha256() : EVP_sha512();
+
+ if (reclen!=EVP_MD_size(md)) return -1;
+
+ if (selector==0) { /* full certificate */
+ ret = X509_digest(cert,md,digest,&len);
+ }
+ else if (selector==1) { /* SubjectPublicKeyInfo */
+ ret = X509_pubkey_digest(cert,md,digest,&len);
+ }
+ else
+ return -1;
+
+ return ret ? memcmp(tlsa_record,digest,len)!=0 : -1;
+ default:
+ return -1;
+ }
+}
+
+int dane_verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+ SSL *s = X509_STORE_CTX_get_ex_data(ctx,SSL_get_ex_data_X509_STORE_CTX_idx());
+ int depth=X509_STORE_CTX_get_error_depth(ctx);
+ X509 *cert = sk_X509_value(ctx->chain,depth);
+ unsigned int reclen, certificate_usage, witness_usage=0x100;
+ const unsigned char *tlsa_record = s->tlsa_record;
+ int tlsa_ret = -1;
+
+ if (s->verify_callback) ok = s->verify_callback(ok,ctx);
+
+ if (tlsa_record == NULL) return ok;
+
+ if (tlsa_record == (void*)-1) {
+ ctx->error = X509_V_ERR_INVALID_CA; /* temporary code? */
+ return 0;
+ }
+
+ while ((reclen = *(unsigned int *)tlsa_record)) {
+ tlsa_record += sizeof(unsigned int);
+
+ /*
+ * tlsa_record[0] Certificate Usage field
+ * tlsa_record[1] Selector field
+ * tlsa_record[2] Matching Type Field
+ * tlsa_record+3 Certificate Association data
+ */
+ certificate_usage = tlsa_record[0];
+
+ if (depth==0 || certificate_usage==0 || certificate_usage==2) {
+ tlsa_ret = tlsa_cmp(cert,tlsa_record,reclen);
+ if (tlsa_ret==0) {
+ s->tlsa_witness = depth<<8|certificate_usage;
+ break;
+ }
+ else if (tlsa_ret==-1)
+ s->tlsa_witness = -1; /* something phishy? */
+ }
+
+ tlsa_record += reclen;
+ }
+
+ if (depth==0) {
+ switch (s->tlsa_witness&0xff) { /* witnessed usage */
+ case 0: /* CA constraint */
+ if (s->tlsa_witness<0 && ctx->error==X509_V_OK)
+ ctx->error = X509_V_ERR_INVALID_CA;
+ return 0;
+ case 1: /* service certificate constraint */
+ if (tlsa_ret!=0 && ctx->error==X509_V_OK)
+ ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+ return 0;
+ case 2: /* trust anchor assertion */
+ if ((s->tlsa_witness>>8)>0 && ctx->error==X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+ ctx->error = X509_V_OK;
+ break;
+ case 3: /* domain-issued certificate */
+ if (tlsa_ret==0)
+ ctx->error = X509_V_OK; /* override all errors? */
+ break;
+ default:/* there were TLSA records, but something phishy happened */
+ ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+ return ok;
+ }
+ }
+
+ /*
+ * returning 1 makes verify procedure traverse the whole chain,
+ * not actually approve it...
+ */
+ return 1;
+}
+#endif
+
int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
{
X509 *x;
@@ -716,8 +848,13 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
*/
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
+#ifndef OPENSSL_NO_DANE
+ X509_STORE_CTX_set_verify_cb(&ctx, dane_verify_callback);
+ s->tlsa_witness = -1;
+#else
if (s->verify_callback)
X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+#endif
if (s->ctx->app_verify_callback != NULL)
#if 1 /* new with OpenSSL 0.9.7 */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b27743f95c..b30577c961 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -627,6 +627,11 @@ void SSL_free(SSL *s)
if (s->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#ifndef OPENSSL_NO_DANE
+ if (s->tlsa_record && s->tlsa_record!=(void *)-1)
+ OPENSSL_free(s->tlsa_record);
+#endif
+
OPENSSL_free(s);
}
@@ -1142,6 +1147,14 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
}
else
return ssl_put_cipher_by_char(s,NULL,NULL);
+#ifndef OPENSSL_NO_DANE
+ case SSL_CTRL_PULL_TLSA_RECORD:
+ parg = SSL_get_tlsa_record_byname (parg,larg,s->version<0xF000?1:0);
+ /* yes, fall through */
+ case SSL_CTRL_SET_TLSA_RECORD:
+ s->tlsa_record = parg;
+ return 1;
+#endif
default:
return(s->method->ssl_ctrl(s,cmd,larg,parg));
}