1 /* $OpenBSD: tls_verify.c,v 1.14 2015/09/29 10:17:04 deraadt Exp $ */ 2 /* 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <sys/socket.h> 19 20 #include <arpa/inet.h> 21 #include <netinet/in.h> 22 23 #include <string.h> 24 25 #include <openssl/x509v3.h> 26 27 #include "tls_internal.h" 28 29 static int tls_match_name(const char *cert_name, const char *name); 30 static int tls_check_subject_altname(struct tls *ctx, X509 *cert, 31 const char *name); 32 static int tls_check_common_name(struct tls *ctx, X509 *cert, const char *name); 33 34 static int 35 tls_match_name(const char *cert_name, const char *name) 36 { 37 const char *cert_domain, *domain, *next_dot; 38 39 if (strcasecmp(cert_name, name) == 0) 40 return 0; 41 42 /* Wildcard match? */ 43 if (cert_name[0] == '*') { 44 /* 45 * Valid wildcards: 46 * - "*.domain.tld" 47 * - "*.sub.domain.tld" 48 * - etc. 49 * Reject "*.tld". 50 * No attempt to prevent the use of eg. "*.co.uk". 51 */ 52 cert_domain = &cert_name[1]; 53 /* Disallow "*" */ 54 if (cert_domain[0] == '\0') 55 return -1; 56 /* Disallow "*foo" */ 57 if (cert_domain[0] != '.') 58 return -1; 59 /* Disallow "*.." */ 60 if (cert_domain[1] == '.') 61 return -1; 62 next_dot = strchr(&cert_domain[1], '.'); 63 /* Disallow "*.bar" */ 64 if (next_dot == NULL) 65 return -1; 66 /* Disallow "*.bar.." */ 67 if (next_dot[1] == '.') 68 return -1; 69 70 domain = strchr(name, '.'); 71 72 /* No wildcard match against a name with no host part. */ 73 if (name[0] == '.') 74 return -1; 75 /* No wildcard match against a name with no domain part. */ 76 if (domain == NULL || strlen(domain) == 1) 77 return -1; 78 79 if (strcasecmp(cert_domain, domain) == 0) 80 return 0; 81 } 82 83 return -1; 84 } 85 86 /* See RFC 5280 section 4.2.1.6 for SubjectAltName details. */ 87 static int 88 tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name) 89 { 90 STACK_OF(GENERAL_NAME) *altname_stack = NULL; 91 union tls_addr addrbuf; 92 int addrlen, type; 93 int count, i; 94 int rv = -1; 95 96 altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name, 97 NULL, NULL); 98 if (altname_stack == NULL) 99 return -1; 100 101 if (inet_pton(AF_INET, name, &addrbuf) == 1) { 102 type = GEN_IPADD; 103 addrlen = 4; 104 } else if (inet_pton(AF_INET6, name, &addrbuf) == 1) { 105 type = GEN_IPADD; 106 addrlen = 16; 107 } else { 108 type = GEN_DNS; 109 addrlen = 0; 110 } 111 112 count = sk_GENERAL_NAME_num(altname_stack); 113 for (i = 0; i < count; i++) { 114 GENERAL_NAME *altname; 115 116 altname = sk_GENERAL_NAME_value(altname_stack, i); 117 118 if (altname->type != type) 119 continue; 120 121 if (type == GEN_DNS) { 122 unsigned char *data; 123 int format, len; 124 125 format = ASN1_STRING_type(altname->d.dNSName); 126 if (format == V_ASN1_IA5STRING) { 127 data = ASN1_STRING_data(altname->d.dNSName); 128 len = ASN1_STRING_length(altname->d.dNSName); 129 130 if (len < 0 || len != strlen(data)) { 131 tls_set_errorx(ctx, 132 "error verifying name '%s': " 133 "NUL byte in subjectAltName, " 134 "probably a malicious certificate", 135 name); 136 rv = -2; 137 break; 138 } 139 140 /* 141 * Per RFC 5280 section 4.2.1.6: 142 * " " is a legal domain name, but that 143 * dNSName must be rejected. 144 */ 145 if (strcmp(data, " ") == 0) { 146 tls_set_error(ctx, 147 "error verifying name '%s': " 148 "a dNSName of \" \" must not be " 149 "used", name); 150 rv = -2; 151 break; 152 } 153 154 if (tls_match_name(data, name) == 0) { 155 rv = 0; 156 break; 157 } 158 } else { 159 #ifdef DEBUG 160 fprintf(stdout, "%s: unhandled subjectAltName " 161 "dNSName encoding (%d)\n", getprogname(), 162 format); 163 #endif 164 } 165 166 } else if (type == GEN_IPADD) { 167 unsigned char *data; 168 int datalen; 169 170 datalen = ASN1_STRING_length(altname->d.iPAddress); 171 data = ASN1_STRING_data(altname->d.iPAddress); 172 173 if (datalen < 0) { 174 tls_set_errorx(ctx, 175 "Unexpected negative length for an " 176 "IP address: %d", datalen); 177 rv = -2; 178 break; 179 } 180 181 /* 182 * Per RFC 5280 section 4.2.1.6: 183 * IPv4 must use 4 octets and IPv6 must use 16 octets. 184 */ 185 if (datalen == addrlen && 186 memcmp(data, &addrbuf, addrlen) == 0) { 187 rv = 0; 188 break; 189 } 190 } 191 } 192 193 sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free); 194 return rv; 195 } 196 197 static int 198 tls_check_common_name(struct tls *ctx, X509 *cert, const char *name) 199 { 200 X509_NAME *subject_name; 201 char *common_name = NULL; 202 union tls_addr addrbuf; 203 int common_name_len; 204 int rv = -1; 205 206 subject_name = X509_get_subject_name(cert); 207 if (subject_name == NULL) 208 goto out; 209 210 common_name_len = X509_NAME_get_text_by_NID(subject_name, 211 NID_commonName, NULL, 0); 212 if (common_name_len < 0) 213 goto out; 214 215 common_name = calloc(common_name_len + 1, 1); 216 if (common_name == NULL) 217 goto out; 218 219 X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name, 220 common_name_len + 1); 221 222 /* NUL bytes in CN? */ 223 if (common_name_len != strlen(common_name)) { 224 tls_set_errorx(ctx, "error verifying name '%s': " 225 "NUL byte in Common Name field, " 226 "probably a malicious certificate", name); 227 rv = -2; 228 goto out; 229 } 230 231 if (inet_pton(AF_INET, name, &addrbuf) == 1 || 232 inet_pton(AF_INET6, name, &addrbuf) == 1) { 233 /* 234 * We don't want to attempt wildcard matching against IP 235 * addresses, so perform a simple comparison here. 236 */ 237 if (strcmp(common_name, name) == 0) 238 rv = 0; 239 else 240 rv = -1; 241 goto out; 242 } 243 244 if (tls_match_name(common_name, name) == 0) 245 rv = 0; 246 out: 247 free(common_name); 248 return rv; 249 } 250 251 int 252 tls_check_name(struct tls *ctx, X509 *cert, const char *name) 253 { 254 int rv; 255 256 rv = tls_check_subject_altname(ctx, cert, name); 257 if (rv == 0 || rv == -2) 258 return rv; 259 260 return tls_check_common_name(ctx, cert, name); 261 } 262