xref: /openbsd-src/lib/libtls/tls_verify.c (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1 /* $OpenBSD: tls_verify.c,v 1.17 2016/09/04 12:26:43 bcook Exp $ */
2 /*
3  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/socket.h>
19 
20 #include <arpa/inet.h>
21 #include <netinet/in.h>
22 
23 #include <string.h>
24 
25 #include <openssl/x509v3.h>
26 
27 #include <tls.h>
28 #include "tls_internal.h"
29 
30 static int tls_match_name(const char *cert_name, const char *name);
31 static int tls_check_subject_altname(struct tls *ctx, X509 *cert,
32     const char *name);
33 static int tls_check_common_name(struct tls *ctx, X509 *cert, const char *name);
34 
35 static int
36 tls_match_name(const char *cert_name, const char *name)
37 {
38 	const char *cert_domain, *domain, *next_dot;
39 
40 	if (strcasecmp(cert_name, name) == 0)
41 		return 0;
42 
43 	/* Wildcard match? */
44 	if (cert_name[0] == '*') {
45 		/*
46 		 * Valid wildcards:
47 		 * - "*.domain.tld"
48 		 * - "*.sub.domain.tld"
49 		 * - etc.
50 		 * Reject "*.tld".
51 		 * No attempt to prevent the use of eg. "*.co.uk".
52 		 */
53 		cert_domain = &cert_name[1];
54 		/* Disallow "*"  */
55 		if (cert_domain[0] == '\0')
56 			return -1;
57 		/* Disallow "*foo" */
58 		if (cert_domain[0] != '.')
59 			return -1;
60 		/* Disallow "*.." */
61 		if (cert_domain[1] == '.')
62 			return -1;
63 		next_dot = strchr(&cert_domain[1], '.');
64 		/* Disallow "*.bar" */
65 		if (next_dot == NULL)
66 			return -1;
67 		/* Disallow "*.bar.." */
68 		if (next_dot[1] == '.')
69 			return -1;
70 
71 		domain = strchr(name, '.');
72 
73 		/* No wildcard match against a name with no host part. */
74 		if (name[0] == '.')
75 			return -1;
76 		/* No wildcard match against a name with no domain part. */
77 		if (domain == NULL || strlen(domain) == 1)
78 			return -1;
79 
80 		if (strcasecmp(cert_domain, domain) == 0)
81 			return 0;
82 	}
83 
84 	return -1;
85 }
86 
87 /* See RFC 5280 section 4.2.1.6 for SubjectAltName details. */
88 static int
89 tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
90 {
91 	STACK_OF(GENERAL_NAME) *altname_stack = NULL;
92 	union tls_addr addrbuf;
93 	int addrlen, type;
94 	int count, i;
95 	int rv = -1;
96 
97 	altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
98 	    NULL, NULL);
99 	if (altname_stack == NULL)
100 		return -1;
101 
102 	if (inet_pton(AF_INET, name, &addrbuf) == 1) {
103 		type = GEN_IPADD;
104 		addrlen = 4;
105 	} else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
106 		type = GEN_IPADD;
107 		addrlen = 16;
108 	} else {
109 		type = GEN_DNS;
110 		addrlen = 0;
111 	}
112 
113 	count = sk_GENERAL_NAME_num(altname_stack);
114 	for (i = 0; i < count; i++) {
115 		GENERAL_NAME	*altname;
116 
117 		altname = sk_GENERAL_NAME_value(altname_stack, i);
118 		if (altname->type != type)
119 			continue;
120 
121 		if (type == GEN_DNS) {
122 			unsigned char	*data;
123 			int		 format, len;
124 
125 			format = ASN1_STRING_type(altname->d.dNSName);
126 			if (format == V_ASN1_IA5STRING) {
127 				data = ASN1_STRING_data(altname->d.dNSName);
128 				len = ASN1_STRING_length(altname->d.dNSName);
129 
130 				if (len < 0 || len != strlen(data)) {
131 					tls_set_errorx(ctx,
132 					    "error verifying name '%s': "
133 					    "NUL byte in subjectAltName, "
134 					    "probably a malicious certificate",
135 					    name);
136 					rv = -2;
137 					break;
138 				}
139 
140 				/*
141 				 * Per RFC 5280 section 4.2.1.6:
142 				 * " " is a legal domain name, but that
143 				 * dNSName must be rejected.
144 				 */
145 				if (strcmp(data, " ") == 0) {
146 					tls_set_error(ctx,
147 					    "error verifying name '%s': "
148 					    "a dNSName of \" \" must not be "
149 					    "used", name);
150 					rv = -2;
151 					break;
152 				}
153 
154 				if (tls_match_name(data, name) == 0) {
155 					rv = 0;
156 					break;
157 				}
158 			} else {
159 #ifdef DEBUG
160 				fprintf(stdout, "%s: unhandled subjectAltName "
161 				    "dNSName encoding (%d)\n", getprogname(),
162 				    format);
163 #endif
164 			}
165 
166 		} else if (type == GEN_IPADD) {
167 			unsigned char	*data;
168 			int		 datalen;
169 
170 			datalen = ASN1_STRING_length(altname->d.iPAddress);
171 			data = ASN1_STRING_data(altname->d.iPAddress);
172 
173 			if (datalen < 0) {
174 				tls_set_errorx(ctx,
175 				    "Unexpected negative length for an "
176 				    "IP address: %d", datalen);
177 				rv = -2;
178 				break;
179 			}
180 
181 			/*
182 			 * Per RFC 5280 section 4.2.1.6:
183 			 * IPv4 must use 4 octets and IPv6 must use 16 octets.
184 			 */
185 			if (datalen == addrlen &&
186 			    memcmp(data, &addrbuf, addrlen) == 0) {
187 				rv = 0;
188 				break;
189 			}
190 		}
191 	}
192 
193 	sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
194 	return rv;
195 }
196 
197 static int
198 tls_check_common_name(struct tls *ctx, X509 *cert, const char *name)
199 {
200 	X509_NAME *subject_name;
201 	char *common_name = NULL;
202 	union tls_addr addrbuf;
203 	int common_name_len;
204 	int rv = -1;
205 
206 	subject_name = X509_get_subject_name(cert);
207 	if (subject_name == NULL)
208 		goto out;
209 
210 	common_name_len = X509_NAME_get_text_by_NID(subject_name,
211 	    NID_commonName, NULL, 0);
212 	if (common_name_len < 0)
213 		goto out;
214 
215 	common_name = calloc(common_name_len + 1, 1);
216 	if (common_name == NULL)
217 		goto out;
218 
219 	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
220 	    common_name_len + 1);
221 
222 	/* NUL bytes in CN? */
223 	if (common_name_len != strlen(common_name)) {
224 		tls_set_errorx(ctx, "error verifying name '%s': "
225 		    "NUL byte in Common Name field, "
226 		    "probably a malicious certificate", name);
227 		rv = -2;
228 		goto out;
229 	}
230 
231 	if (inet_pton(AF_INET,  name, &addrbuf) == 1 ||
232 	    inet_pton(AF_INET6, name, &addrbuf) == 1) {
233 		/*
234 		 * We don't want to attempt wildcard matching against IP
235 		 * addresses, so perform a simple comparison here.
236 		 */
237 		if (strcmp(common_name, name) == 0)
238 			rv = 0;
239 		else
240 			rv = -1;
241 		goto out;
242 	}
243 
244 	if (tls_match_name(common_name, name) == 0)
245 		rv = 0;
246  out:
247 	free(common_name);
248 	return rv;
249 }
250 
251 int
252 tls_check_name(struct tls *ctx, X509 *cert, const char *name)
253 {
254 	int	rv;
255 
256 	rv = tls_check_subject_altname(ctx, cert, name);
257 	if (rv == 0 || rv == -2)
258 		return rv;
259 
260 	return tls_check_common_name(ctx, cert, name);
261 }
262