1 /* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */ 2 /* 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <sys/socket.h> 19 20 #include <arpa/inet.h> 21 #include <netinet/in.h> 22 23 #include <string.h> 24 25 #include <openssl/x509v3.h> 26 27 #include <tls.h> 28 #include "tls_internal.h" 29 30 static int 31 tls_match_name(const char *cert_name, const char *name) 32 { 33 const char *cert_domain, *domain, *next_dot; 34 35 if (strcasecmp(cert_name, name) == 0) 36 return 0; 37 38 /* Wildcard match? */ 39 if (cert_name[0] == '*') { 40 /* 41 * Valid wildcards: 42 * - "*.domain.tld" 43 * - "*.sub.domain.tld" 44 * - etc. 45 * Reject "*.tld". 46 * No attempt to prevent the use of eg. "*.co.uk". 47 */ 48 cert_domain = &cert_name[1]; 49 /* Disallow "*" */ 50 if (cert_domain[0] == '\0') 51 return -1; 52 /* Disallow "*foo" */ 53 if (cert_domain[0] != '.') 54 return -1; 55 /* Disallow "*.." */ 56 if (cert_domain[1] == '.') 57 return -1; 58 next_dot = strchr(&cert_domain[1], '.'); 59 /* Disallow "*.bar" */ 60 if (next_dot == NULL) 61 return -1; 62 /* Disallow "*.bar.." */ 63 if (next_dot[1] == '.') 64 return -1; 65 66 domain = strchr(name, '.'); 67 68 /* No wildcard match against a name with no host part. */ 69 if (name[0] == '.') 70 return -1; 71 /* No wildcard match against a name with no domain part. */ 72 if (domain == NULL || strlen(domain) == 1) 73 return -1; 74 75 if (strcasecmp(cert_domain, domain) == 0) 76 return 0; 77 } 78 79 return -1; 80 } 81 82 /* 83 * See RFC 5280 section 4.2.1.6 for SubjectAltName details. 84 * alt_match is set to 1 if a matching alternate name is found. 85 * alt_exists is set to 1 if any known alternate name exists in the certificate. 86 */ 87 static int 88 tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name, 89 int *alt_match, int *alt_exists) 90 { 91 STACK_OF(GENERAL_NAME) *altname_stack = NULL; 92 union tls_addr addrbuf; 93 int addrlen, type; 94 int count, i; 95 int rv = 0; 96 97 *alt_match = 0; 98 *alt_exists = 0; 99 100 altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name, 101 NULL, NULL); 102 if (altname_stack == NULL) 103 return 0; 104 105 if (inet_pton(AF_INET, name, &addrbuf) == 1) { 106 type = GEN_IPADD; 107 addrlen = 4; 108 } else if (inet_pton(AF_INET6, name, &addrbuf) == 1) { 109 type = GEN_IPADD; 110 addrlen = 16; 111 } else { 112 type = GEN_DNS; 113 addrlen = 0; 114 } 115 116 count = sk_GENERAL_NAME_num(altname_stack); 117 for (i = 0; i < count; i++) { 118 GENERAL_NAME *altname; 119 120 altname = sk_GENERAL_NAME_value(altname_stack, i); 121 122 if (altname->type == GEN_DNS || altname->type == GEN_IPADD) 123 *alt_exists = 1; 124 125 if (altname->type != type) 126 continue; 127 128 if (type == GEN_DNS) { 129 unsigned char *data; 130 int format, len; 131 132 format = ASN1_STRING_type(altname->d.dNSName); 133 if (format == V_ASN1_IA5STRING) { 134 data = ASN1_STRING_data(altname->d.dNSName); 135 len = ASN1_STRING_length(altname->d.dNSName); 136 137 if (len < 0 || (size_t)len != strlen(data)) { 138 tls_set_errorx(ctx, 139 "error verifying name '%s': " 140 "NUL byte in subjectAltName, " 141 "probably a malicious certificate", 142 name); 143 rv = -1; 144 break; 145 } 146 147 /* 148 * Per RFC 5280 section 4.2.1.6: 149 * " " is a legal domain name, but that 150 * dNSName must be rejected. 151 */ 152 if (strcmp(data, " ") == 0) { 153 tls_set_errorx(ctx, 154 "error verifying name '%s': " 155 "a dNSName of \" \" must not be " 156 "used", name); 157 rv = -1; 158 break; 159 } 160 161 if (tls_match_name(data, name) == 0) { 162 *alt_match = 1; 163 break; 164 } 165 } else { 166 #ifdef DEBUG 167 fprintf(stdout, "%s: unhandled subjectAltName " 168 "dNSName encoding (%d)\n", getprogname(), 169 format); 170 #endif 171 } 172 173 } else if (type == GEN_IPADD) { 174 unsigned char *data; 175 int datalen; 176 177 datalen = ASN1_STRING_length(altname->d.iPAddress); 178 data = ASN1_STRING_data(altname->d.iPAddress); 179 180 if (datalen < 0) { 181 tls_set_errorx(ctx, 182 "Unexpected negative length for an " 183 "IP address: %d", datalen); 184 rv = -1; 185 break; 186 } 187 188 /* 189 * Per RFC 5280 section 4.2.1.6: 190 * IPv4 must use 4 octets and IPv6 must use 16 octets. 191 */ 192 if (datalen == addrlen && 193 memcmp(data, &addrbuf, addrlen) == 0) { 194 *alt_match = 1; 195 break; 196 } 197 } 198 } 199 200 sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free); 201 return rv; 202 } 203 204 static int 205 tls_check_common_name(struct tls *ctx, X509 *cert, const char *name, 206 int *cn_match) 207 { 208 X509_NAME *subject_name; 209 char *common_name = NULL; 210 union tls_addr addrbuf; 211 int common_name_len; 212 int rv = 0; 213 214 *cn_match = 0; 215 216 subject_name = X509_get_subject_name(cert); 217 if (subject_name == NULL) 218 goto done; 219 220 common_name_len = X509_NAME_get_text_by_NID(subject_name, 221 NID_commonName, NULL, 0); 222 if (common_name_len < 0) 223 goto done; 224 225 common_name = calloc(common_name_len + 1, 1); 226 if (common_name == NULL) 227 goto done; 228 229 X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name, 230 common_name_len + 1); 231 232 /* NUL bytes in CN? */ 233 if (common_name_len < 0 || 234 (size_t)common_name_len != strlen(common_name)) { 235 tls_set_errorx(ctx, "error verifying name '%s': " 236 "NUL byte in Common Name field, " 237 "probably a malicious certificate", name); 238 rv = -1; 239 goto done; 240 } 241 242 /* 243 * We don't want to attempt wildcard matching against IP addresses, 244 * so perform a simple comparison here. 245 */ 246 if (inet_pton(AF_INET, name, &addrbuf) == 1 || 247 inet_pton(AF_INET6, name, &addrbuf) == 1) { 248 if (strcmp(common_name, name) == 0) 249 *cn_match = 1; 250 goto done; 251 } 252 253 if (tls_match_name(common_name, name) == 0) 254 *cn_match = 1; 255 256 done: 257 free(common_name); 258 return rv; 259 } 260 261 int 262 tls_check_name(struct tls *ctx, X509 *cert, const char *name, int *match) 263 { 264 int alt_exists; 265 266 *match = 0; 267 268 if (tls_check_subject_altname(ctx, cert, name, match, 269 &alt_exists) == -1) 270 return -1; 271 272 /* 273 * As per RFC 6125 section 6.4.4, if any known alternate name existed 274 * in the certificate, we do not attempt to match on the CN. 275 */ 276 if (*match || alt_exists) 277 return 0; 278 279 return tls_check_common_name(ctx, cert, name, match); 280 } 281