1 /* $OpenBSD: ssl_verify.c,v 1.2 2019/11/02 03:16:45 gilles Exp $ */
2 /*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 /* Adapted from lib/libtls/tls_verify.c */
19
20 #include "includes.h"
21
22 #include <sys/socket.h>
23
24 #include <arpa/inet.h>
25 #include <netinet/in.h>
26
27 #include <limits.h>
28 #include <string.h>
29
30 #include <openssl/x509v3.h>
31
32 #if 0
33 #include <tls.h>
34 #include "tls_internal.h"
35 #endif
36
37 #include "ssl.h"
38 #include "log.h"
39
40 struct tls;
41 #define tls_set_errorx(ctx, ...) log_warnx(__VA_ARGS__)
42 union tls_addr {
43 struct in_addr in;
44 struct in6_addr in6;
45 };
46
47 static int
tls_match_name(const char * cert_name,const char * name)48 tls_match_name(const char *cert_name, const char *name)
49 {
50 const char *cert_domain, *domain, *next_dot;
51
52 if (strcasecmp(cert_name, name) == 0)
53 return 0;
54
55 /* Wildcard match? */
56 if (cert_name[0] == '*') {
57 /*
58 * Valid wildcards:
59 * - "*.domain.tld"
60 * - "*.sub.domain.tld"
61 * - etc.
62 * Reject "*.tld".
63 * No attempt to prevent the use of eg. "*.co.uk".
64 */
65 cert_domain = &cert_name[1];
66 /* Disallow "*" */
67 if (cert_domain[0] == '\0')
68 return -1;
69 /* Disallow "*foo" */
70 if (cert_domain[0] != '.')
71 return -1;
72 /* Disallow "*.." */
73 if (cert_domain[1] == '.')
74 return -1;
75 next_dot = strchr(&cert_domain[1], '.');
76 /* Disallow "*.bar" */
77 if (next_dot == NULL)
78 return -1;
79 /* Disallow "*.bar.." */
80 if (next_dot[1] == '.')
81 return -1;
82
83 domain = strchr(name, '.');
84
85 /* No wildcard match against a name with no host part. */
86 if (name[0] == '.')
87 return -1;
88 /* No wildcard match against a name with no domain part. */
89 if (domain == NULL || strlen(domain) == 1)
90 return -1;
91
92 if (strcasecmp(cert_domain, domain) == 0)
93 return 0;
94 }
95
96 return -1;
97 }
98
99 /*
100 * See RFC 5280 section 4.2.1.6 for SubjectAltName details.
101 * alt_match is set to 1 if a matching alternate name is found.
102 * alt_exists is set to 1 if any known alternate name exists in the certificate.
103 */
104 static int
tls_check_subject_altname(struct tls * ctx,X509 * cert,const char * name,int * alt_match,int * alt_exists)105 tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
106 int *alt_match, int *alt_exists)
107 {
108 STACK_OF(GENERAL_NAME) *altname_stack = NULL;
109 union tls_addr addrbuf;
110 int addrlen, type;
111 int count, i;
112 int rv = 0;
113
114 *alt_match = 0;
115 *alt_exists = 0;
116
117 altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
118 NULL, NULL);
119 if (altname_stack == NULL)
120 return 0;
121
122 if (inet_pton(AF_INET, name, &addrbuf) == 1) {
123 type = GEN_IPADD;
124 addrlen = 4;
125 } else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
126 type = GEN_IPADD;
127 addrlen = 16;
128 } else {
129 type = GEN_DNS;
130 addrlen = 0;
131 }
132
133 count = sk_GENERAL_NAME_num(altname_stack);
134 for (i = 0; i < count; i++) {
135 GENERAL_NAME *altname;
136
137 altname = sk_GENERAL_NAME_value(altname_stack, i);
138
139 if (altname->type == GEN_DNS || altname->type == GEN_IPADD)
140 *alt_exists = 1;
141
142 if (altname->type != type)
143 continue;
144
145 if (type == GEN_DNS) {
146 const unsigned char *data;
147 int format, len;
148
149 format = ASN1_STRING_type(altname->d.dNSName);
150 if (format == V_ASN1_IA5STRING) {
151 data = ASN1_STRING_get0_data(altname->d.dNSName);
152 len = ASN1_STRING_length(altname->d.dNSName);
153
154 if (len < 0 || (size_t)len != strlen(data)) {
155 tls_set_errorx(ctx,
156 "error verifying name '%s': "
157 "NUL byte in subjectAltName, "
158 "probably a malicious certificate",
159 name);
160 rv = -1;
161 break;
162 }
163
164 /*
165 * Per RFC 5280 section 4.2.1.6:
166 * " " is a legal domain name, but that
167 * dNSName must be rejected.
168 */
169 if (strcmp(data, " ") == 0) {
170 tls_set_errorx(ctx,
171 "error verifying name '%s': "
172 "a dNSName of \" \" must not be "
173 "used", name);
174 rv = -1;
175 break;
176 }
177
178 if (tls_match_name(data, name) == 0) {
179 *alt_match = 1;
180 break;
181 }
182 } else {
183 #ifdef DEBUG
184 fprintf(stdout, "%s: unhandled subjectAltName "
185 "dNSName encoding (%d)\n", getprogname(),
186 format);
187 #endif
188 }
189
190 } else if (type == GEN_IPADD) {
191 const unsigned char *data;
192 int datalen;
193
194 datalen = ASN1_STRING_length(altname->d.iPAddress);
195 data = ASN1_STRING_get0_data(altname->d.iPAddress);
196
197 if (datalen < 0) {
198 tls_set_errorx(ctx,
199 "Unexpected negative length for an "
200 "IP address: %d", datalen);
201 rv = -1;
202 break;
203 }
204
205 /*
206 * Per RFC 5280 section 4.2.1.6:
207 * IPv4 must use 4 octets and IPv6 must use 16 octets.
208 */
209 if (datalen == addrlen &&
210 memcmp(data, &addrbuf, addrlen) == 0) {
211 *alt_match = 1;
212 break;
213 }
214 }
215 }
216
217 sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
218 return rv;
219 }
220
221 static int
tls_check_common_name(struct tls * ctx,X509 * cert,const char * name,int * cn_match)222 tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
223 int *cn_match)
224 {
225 X509_NAME *subject_name;
226 char *common_name = NULL;
227 union tls_addr addrbuf;
228 int common_name_len;
229 int rv = 0;
230
231 *cn_match = 0;
232
233 subject_name = X509_get_subject_name(cert);
234 if (subject_name == NULL)
235 goto done;
236
237 common_name_len = X509_NAME_get_text_by_NID(subject_name,
238 NID_commonName, NULL, 0);
239 if (common_name_len < 0)
240 goto done;
241
242 common_name = calloc(common_name_len + 1, 1);
243 if (common_name == NULL)
244 goto done;
245
246 X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
247 common_name_len + 1);
248
249 /* NUL bytes in CN? */
250 if (common_name_len < 0 ||
251 (size_t)common_name_len != strlen(common_name)) {
252 tls_set_errorx(ctx, "error verifying name '%s': "
253 "NUL byte in Common Name field, "
254 "probably a malicious certificate", name);
255 rv = -1;
256 goto done;
257 }
258
259 /*
260 * We don't want to attempt wildcard matching against IP addresses,
261 * so perform a simple comparison here.
262 */
263 if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
264 inet_pton(AF_INET6, name, &addrbuf) == 1) {
265 if (strcmp(common_name, name) == 0)
266 *cn_match = 1;
267 goto done;
268 }
269
270 if (tls_match_name(common_name, name) == 0)
271 *cn_match = 1;
272
273 done:
274 free(common_name);
275 return rv;
276 }
277
278 int
ssl_check_name(X509 * cert,const char * name,int * match)279 ssl_check_name(X509 *cert, const char *name, int *match)
280 {
281 int alt_exists;
282
283 *match = 0;
284
285 if (tls_check_subject_altname(NULL, cert, name, match,
286 &alt_exists) == -1)
287 return -1;
288
289 /*
290 * As per RFC 6125 section 6.4.4, if any known alternate name existed
291 * in the certificate, we do not attempt to match on the CN.
292 */
293 if (*match || alt_exists)
294 return 0;
295
296 return tls_check_common_name(NULL, cert, name, match);
297 }
298