From e815d72b1f489c2c38adf3eee87c02e1c5dd8f3c Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Wed, 15 May 2013 20:41:51 +0200
Subject: [PATCH] RFC6689 support: add missing commit (git noob alert).

---
 Configure       |   2 +
 apps/s_client.c |   3 ++
 ssl/Makefile    |   4 +-
 ssl/ssl.h       |  14 +++++
 ssl/ssl_cert.c  | 137 ++++++++++++++++++++++++++++++++++++++++++++++++
 ssl/ssl_lib.c   |  13 +++++
 6 files changed, 171 insertions(+), 2 deletions(-)

diff --git a/Configure b/Configure
index c5604033d3..5a3beee0c3 100755
--- a/Configure
+++ b/Configure
@@ -720,9 +720,11 @@ if (exists $ENV{FIPSDIR})
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+		 "dane"           => "experimental",
 		 "ec_nistp_64_gcc_128" => "default",
 		 "gmp"		  => "default",
 		 "jpake"          => "experimental",
+		 "libunbound"     => "experimental",
 		 "md2"            => "default",
 		 "rc5"            => "default",
 		 "rfc3779"	  => "default",
diff --git a/apps/s_client.c b/apps/s_client.c
index 8fe2c56f2a..ad88c3770b 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1317,6 +1317,9 @@ bad:
 		SSL_set_session(con, sess);
 		SSL_SESSION_free(sess);
 		}
+#ifndef OPENSSL_NO_DANE
+	SSL_pull_tlsa_record(con,host,port);
+#endif
 #ifndef OPENSSL_NO_TLSEXT
 	if (servername != NULL)
 		{
diff --git a/ssl/Makefile b/ssl/Makefile
index 81f2a5757b..3c3c00213c 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -30,7 +30,7 @@ LIBSRC=	\
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
-	bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c
+	bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c dnssec.c
 LIBOBJ= \
 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
@@ -41,7 +41,7 @@ LIBOBJ= \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
-	bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o
+	bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o dnssec.o
 
 SRC= $(LIBSRC)
 
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 6cb1546821..7260c8cba3 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1428,6 +1428,10 @@ struct ssl_st
 
 #ifndef OPENSSL_NO_SRP
 	SRP_CTX srp_ctx; /* ctx for SRP authentication */
+#endif
+#ifndef OPENSSL_NO_DANE
+	unsigned char *tlsa_record;
+	int tlsa_witness;
 #endif
 	};
 
@@ -1712,6 +1716,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_GET_SERVER_TMP_KEY		109
 #define SSL_CTRL_GET_RAW_CIPHERLIST		110
 #define SSL_CTRL_GET_EC_POINT_FORMATS		111
+#define SSL_CTRL_GET_TLSA_RECORD		112
+#define SSL_CTRL_SET_TLSA_RECORD		113
+#define SSL_CTRL_PULL_TLSA_RECORD		114
 
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1848,6 +1855,11 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_get0_ec_point_formats(s, plst) \
 	SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
 
+#define SSL_set_tlsa_record(s,tlsa) \
+	SSL_ctrl(s,SSL_CTRL_SET_TLSA_RECORD,0,(void *)tlsa)
+#define SSL_pull_tlsa_record(s,host,port) \
+	SSL_ctrl(s,SSL_CTRL_PULL_TLSA_RECORD,port,host)
+
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
@@ -2283,6 +2295,8 @@ void SSL_trace(int write_p, int version, int content_type,
 const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
 #endif
 
+void *SSL_get_tlsa_record_byname(const char *name,int port,int type);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a0da7d3741..6a59316da6 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -675,6 +675,138 @@ int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
 	return(1);
 	}
 
+#ifndef OPENSSL_NO_DANE
+/*
+ * return value:
+ * -1:	format or digest error
+ *  0:	match
+ *  1:	no match
+ */
+int tlsa_cmp(const X509 *cert, const unsigned char *tlsa_record, unsigned int reclen)
+{
+	const EVP_MD *md;
+	unsigned char digest[EVP_MAX_MD_SIZE];
+	unsigned int len, selector, matching_type;
+	int ret;
+
+	if (reclen<3) return -1;
+
+	selector      = tlsa_record[1];
+	matching_type = tlsa_record[2];
+	tlsa_record   += 3;
+	reclen        -= 3;
+
+	switch (matching_type) {
+	case 0:				/* exact match */
+		if (selector==0) {	/* full certificate */
+			ret = EVP_Digest(tlsa_record,reclen,digest,&len,EVP_sha1(),NULL);
+			return ret ? memcmp(cert->sha1_hash,digest,len)!=0 : -1;
+		}
+		else if (selector==1) {	/* SubjectPublicKeyInfo */
+			ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(cert);
+
+			if (key == NULL) return -1;
+			if (key->length != reclen) return 1;
+
+			return memcmp(key->data,tlsa_record,reclen)!=0;
+		}
+		return -1;
+
+	case 1:				/* SHA256 */
+	case 2:				/* SHA512 */
+		md = matching_type==1 ? EVP_sha256() : EVP_sha512();
+
+		if (reclen!=EVP_MD_size(md)) return -1;
+
+		if (selector==0) {	/* full certificate */
+			ret = X509_digest(cert,md,digest,&len);
+		}
+		else if (selector==1) {	/* SubjectPublicKeyInfo */
+			ret = X509_pubkey_digest(cert,md,digest,&len);
+		}
+		else
+			return -1;
+
+		return ret ? memcmp(tlsa_record,digest,len)!=0 : -1;
+	default:
+		return -1;
+	}
+}
+
+int dane_verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+	SSL *s = X509_STORE_CTX_get_ex_data(ctx,SSL_get_ex_data_X509_STORE_CTX_idx());
+	int depth=X509_STORE_CTX_get_error_depth(ctx);
+	X509 *cert = sk_X509_value(ctx->chain,depth);
+	unsigned int reclen, certificate_usage, witness_usage=0x100;
+	const unsigned char *tlsa_record = s->tlsa_record;
+	int tlsa_ret = -1;
+
+	if (s->verify_callback)	ok = s->verify_callback(ok,ctx);
+
+	if (tlsa_record == NULL) return ok;
+
+	if (tlsa_record == (void*)-1) {
+		ctx->error = X509_V_ERR_INVALID_CA;	/* temporary code? */
+		return 0;
+	}
+
+	while ((reclen = *(unsigned int *)tlsa_record)) {
+		tlsa_record += sizeof(unsigned int);
+
+		/*
+		 * tlsa_record[0]	Certificate Usage field
+		 * tlsa_record[1]	Selector field
+		 * tlsa_record[2]	Matching Type Field
+		 * tlsa_record+3	Certificate Association data
+		 */
+		certificate_usage = tlsa_record[0];
+
+		if (depth==0 || certificate_usage==0 || certificate_usage==2) {
+			tlsa_ret = tlsa_cmp(cert,tlsa_record,reclen);
+			if (tlsa_ret==0) {
+				s->tlsa_witness = depth<<8|certificate_usage;
+				break;
+			}
+			else if (tlsa_ret==-1)
+				s->tlsa_witness = -1;	/* something phishy? */
+		}
+
+		tlsa_record += reclen;
+	}
+
+	if (depth==0) {
+		switch (s->tlsa_witness&0xff) {		/* witnessed usage */
+		case 0:	/* CA constraint */
+			if (s->tlsa_witness<0 && ctx->error==X509_V_OK)
+				ctx->error = X509_V_ERR_INVALID_CA;
+			return 0;
+		case 1:	/* service certificate constraint */
+			if (tlsa_ret!=0 && ctx->error==X509_V_OK)
+				ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+			return 0;
+		case 2:	/* trust anchor assertion */
+			if ((s->tlsa_witness>>8)>0 && ctx->error==X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+				ctx->error = X509_V_OK;
+			break;
+		case 3:	/* domain-issued certificate */
+			if (tlsa_ret==0)
+				ctx->error = X509_V_OK; /* override all errors? */
+			break;
+		default:/* there were TLSA records, but something phishy happened */
+			ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+			return ok;
+		}
+	}
+
+	/*
+	 * returning 1 makes verify procedure traverse the whole chain,
+	 * not actually approve it...
+	 */
+	return 1;
+}
+#endif
+
 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	{
 	X509 *x;
@@ -716,8 +848,13 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	 */
 	X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
 
+#ifndef OPENSSL_NO_DANE
+	X509_STORE_CTX_set_verify_cb(&ctx, dane_verify_callback);
+	s->tlsa_witness = -1;
+#else
 	if (s->verify_callback)
 		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+#endif
 
 	if (s->ctx->app_verify_callback != NULL)
 #if 1 /* new with OpenSSL 0.9.7 */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b27743f95c..b30577c961 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -627,6 +627,11 @@ void SSL_free(SSL *s)
         if (s->srtp_profiles)
             sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
 
+#ifndef OPENSSL_NO_DANE
+	if (s->tlsa_record && s->tlsa_record!=(void *)-1)
+		OPENSSL_free(s->tlsa_record);
+#endif
+
 	OPENSSL_free(s);
 	}
 
@@ -1142,6 +1147,14 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
 			}
 		else
 			return ssl_put_cipher_by_char(s,NULL,NULL);
+#ifndef OPENSSL_NO_DANE
+	case SSL_CTRL_PULL_TLSA_RECORD:
+		parg = SSL_get_tlsa_record_byname (parg,larg,s->version<0xF000?1:0);
+		/* yes, fall through */
+	case SSL_CTRL_SET_TLSA_RECORD:
+		s->tlsa_record = parg;
+		return 1;
+#endif
 	default:
 		return(s->method->ssl_ctrl(s,cmd,larg,parg));
 		}
-- 
2.40.0