xref: /openbsd-src/lib/libtls/tls_verify.c (revision 9b9d2a55a62c8e82206c25f94fcc7f4e2765250e) 
1 /* $OpenBSD: tls_verify.c,v 1.10 2015/08/27 15:26:50 jsing Exp $ */
2 /*
3  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/socket.h>
19 
20 #include <arpa/inet.h>
21 #include <netinet/in.h>
22 
23 #include <string.h>
24 
25 #include <openssl/x509v3.h>
26 
27 #include "tls_internal.h"
28 
29 static int tls_match_name(const char *cert_name, const char *name);
30 static int tls_check_subject_altname(struct tls *ctx, X509 *cert,
31     const char *name);
32 static int tls_check_common_name(struct tls *ctx, X509 *cert, const char *name);
33 
34 static int
35 tls_match_name(const char *cert_name, const char *name)
36 {
37 	const char *cert_domain, *domain, *next_dot;
38 
39 	if (strcasecmp(cert_name, name) == 0)
40 		return 0;
41 
42 	/* Wildcard match? */
43 	if (cert_name[0] == '*') {
44 		/*
45 		 * Valid wildcards:
46 		 * - "*.domain.tld"
47 		 * - "*.sub.domain.tld"
48 		 * - etc.
49 		 * Reject "*.tld".
50 		 * No attempt to prevent the use of eg. "*.co.uk".
51 		 */
52 		cert_domain = &cert_name[1];
53 		/* Disallow "*"  */
54 		if (cert_domain[0] == '\0')
55 			return -1;
56 		/* Disallow "*foo" */
57 		if (cert_domain[0] != '.')
58 			return -1;
59 		/* Disallow "*.." */
60 		if (cert_domain[1] == '.')
61 			return -1;
62 		next_dot = strchr(&cert_domain[1], '.');
63 		/* Disallow "*.bar" */
64 		if (next_dot == NULL)
65 			return -1;
66 		/* Disallow "*.bar.." */
67 		if (next_dot[1] == '.')
68 			return -1;
69 
70 		domain = strchr(name, '.');
71 
72 		/* No wildcard match against a name with no domain part. */
73 		if (domain == NULL || strlen(domain) == 1)
74 			return -1;
75 
76 		if (strcasecmp(cert_domain, domain) == 0)
77 			return 0;
78 	}
79 
80 	return -1;
81 }
82 
83 /* See RFC 5280 section 4.2.1.6 for SubjectAltName details. */
84 static int
85 tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
86 {
87 	STACK_OF(GENERAL_NAME) *altname_stack = NULL;
88 	union { struct in_addr ip4; struct in6_addr ip6; } addrbuf;
89 	int addrlen, type;
90 	int count, i;
91 	int rv = -1;
92 
93 	altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
94 	    NULL, NULL);
95 	if (altname_stack == NULL)
96 		return -1;
97 
98 	if (inet_pton(AF_INET, name, &addrbuf) == 1) {
99 		type = GEN_IPADD;
100 		addrlen = 4;
101 	} else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
102 		type = GEN_IPADD;
103 		addrlen = 16;
104 	} else {
105 		type = GEN_DNS;
106 		addrlen = 0;
107 	}
108 
109 	count = sk_GENERAL_NAME_num(altname_stack);
110 	for (i = 0; i < count; i++) {
111 		GENERAL_NAME	*altname;
112 
113 		altname = sk_GENERAL_NAME_value(altname_stack, i);
114 
115 		if (altname->type != type)
116 			continue;
117 
118 		if (type == GEN_DNS) {
119 			unsigned char	*data;
120 			int		 format, len;
121 
122 			format = ASN1_STRING_type(altname->d.dNSName);
123 			if (format == V_ASN1_IA5STRING) {
124 				data = ASN1_STRING_data(altname->d.dNSName);
125 				len = ASN1_STRING_length(altname->d.dNSName);
126 
127 				if (len < 0 || len != strlen(data)) {
128 					tls_set_errorx(ctx,
129 					    "error verifying name '%s': "
130 					    "NUL byte in subjectAltName, "
131 					    "probably a malicious certificate",
132 					    name);
133 					rv = -2;
134 					break;
135 				}
136 
137 				/*
138 				 * Per RFC 5280 section 4.2.1.6:
139 				 * " " is a legal domain name, but that
140 				 * dNSName must be rejected.
141 				 */
142 				if (strcmp(data, " ") == 0) {
143 					tls_set_error(ctx,
144 					    "error verifying name '%s': "
145 					    "a dNSName of \" \" must not be "
146 					    "used", name);
147 					rv = -2;
148 					break;
149 				}
150 
151 				if (tls_match_name(data, name) == 0) {
152 					rv = 0;
153 					break;
154 				}
155 			} else {
156 #ifdef DEBUG
157 				fprintf(stdout, "%s: unhandled subjectAltName "
158 				    "dNSName encoding (%d)\n", getprogname(),
159 				    format);
160 #endif
161 			}
162 
163 		} else if (type == GEN_IPADD) {
164 			unsigned char	*data;
165 			int		 datalen;
166 
167 			datalen = ASN1_STRING_length(altname->d.iPAddress);
168 			data = ASN1_STRING_data(altname->d.iPAddress);
169 
170 			if (datalen < 0) {
171 				tls_set_errorx(ctx,
172 				    "Unexpected negative length for an "
173 				    "IP address: %d", datalen);
174 				rv = -2;
175 				break;
176 			}
177 
178 			/*
179 			 * Per RFC 5280 section 4.2.1.6:
180 			 * IPv4 must use 4 octets and IPv6 must use 16 octets.
181 			 */
182 			if (datalen == addrlen &&
183 			    memcmp(data, &addrbuf, addrlen) == 0) {
184 				rv = 0;
185 				break;
186 			}
187 		}
188 	}
189 
190 	sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
191 	return rv;
192 }
193 
194 static int
195 tls_check_common_name(struct tls *ctx, X509 *cert, const char *name)
196 {
197 	X509_NAME *subject_name;
198 	char *common_name = NULL;
199 	int common_name_len;
200 	int rv = -1;
201 	union { struct in_addr ip4; struct in6_addr ip6; } addrbuf;
202 
203 	subject_name = X509_get_subject_name(cert);
204 	if (subject_name == NULL)
205 		goto out;
206 
207 	common_name_len = X509_NAME_get_text_by_NID(subject_name,
208 	    NID_commonName, NULL, 0);
209 	if (common_name_len < 0)
210 		goto out;
211 
212 	common_name = calloc(common_name_len + 1, 1);
213 	if (common_name == NULL)
214 		goto out;
215 
216 	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
217 	    common_name_len + 1);
218 
219 	/* NUL bytes in CN? */
220 	if (common_name_len != strlen(common_name)) {
221 		tls_set_errorx(ctx, "error verifying name '%s': "
222 		    "NUL byte in Common Name field, "
223 		    "probably a malicious certificate", name);
224 		rv = -2;
225 		goto out;
226 	}
227 
228 	if (inet_pton(AF_INET,  name, &addrbuf) == 1 ||
229 	    inet_pton(AF_INET6, name, &addrbuf) == 1) {
230 		/*
231 		 * We don't want to attempt wildcard matching against IP
232 		 * addresses, so perform a simple comparison here.
233 		 */
234 		if (strcmp(common_name, name) == 0)
235 			rv = 0;
236 		else
237 			rv = -1;
238 		goto out;
239 	}
240 
241 	if (tls_match_name(common_name, name) == 0)
242 		rv = 0;
243 out:
244 	free(common_name);
245 	return rv;
246 }
247 
248 int
249 tls_check_servername(struct tls *ctx, X509 *cert, const char *servername)
250 {
251 	int	rv;
252 
253 	rv = tls_check_subject_altname(ctx, cert, servername);
254 	if (rv == 0 || rv == -2)
255 		return rv;
256 
257 	return tls_check_common_name(ctx, cert, servername);
258 }
259