Update libressl README.DRAGONFLY for v2.4.4
[dragonfly.git] / crypto / libressl / tls / tls_verify.c
1 /* $OpenBSD: tls_verify.c,v 1.14 2015/09/29 10:17:04 deraadt Exp $ */
2 /*
3  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17
18 #include <sys/socket.h>
19
20 #include <arpa/inet.h>
21 #include <netinet/in.h>
22
23 #include <string.h>
24
25 #include <openssl/x509v3.h>
26
27 #include "tls_internal.h"
28
29 static int tls_match_name(const char *cert_name, const char *name);
30 static int tls_check_subject_altname(struct tls *ctx, X509 *cert,
31     const char *name);
32 static int tls_check_common_name(struct tls *ctx, X509 *cert, const char *name);
33
34 static int
35 tls_match_name(const char *cert_name, const char *name)
36 {
37         const char *cert_domain, *domain, *next_dot;
38
39         if (strcasecmp(cert_name, name) == 0)
40                 return 0;
41
42         /* Wildcard match? */
43         if (cert_name[0] == '*') {
44                 /*
45                  * Valid wildcards:
46                  * - "*.domain.tld"
47                  * - "*.sub.domain.tld"
48                  * - etc.
49                  * Reject "*.tld".
50                  * No attempt to prevent the use of eg. "*.co.uk".
51                  */
52                 cert_domain = &cert_name[1];
53                 /* Disallow "*"  */
54                 if (cert_domain[0] == '\0')
55                         return -1;
56                 /* Disallow "*foo" */
57                 if (cert_domain[0] != '.')
58                         return -1;
59                 /* Disallow "*.." */
60                 if (cert_domain[1] == '.')
61                         return -1;
62                 next_dot = strchr(&cert_domain[1], '.');
63                 /* Disallow "*.bar" */
64                 if (next_dot == NULL)
65                         return -1;
66                 /* Disallow "*.bar.." */
67                 if (next_dot[1] == '.')
68                         return -1;
69
70                 domain = strchr(name, '.');
71
72                 /* No wildcard match against a name with no host part. */
73                 if (name[0] == '.')
74                         return -1;
75                 /* No wildcard match against a name with no domain part. */
76                 if (domain == NULL || strlen(domain) == 1)
77                         return -1;
78
79                 if (strcasecmp(cert_domain, domain) == 0)
80                         return 0;
81         }
82
83         return -1;
84 }
85
86 /* See RFC 5280 section 4.2.1.6 for SubjectAltName details. */
87 static int
88 tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
89 {
90         STACK_OF(GENERAL_NAME) *altname_stack = NULL;
91         union tls_addr addrbuf;
92         int addrlen, type;
93         int count, i;
94         int rv = -1;
95
96         altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
97             NULL, NULL);
98         if (altname_stack == NULL)
99                 return -1;
100
101         if (inet_pton(AF_INET, name, &addrbuf) == 1) {
102                 type = GEN_IPADD;
103                 addrlen = 4;
104         } else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
105                 type = GEN_IPADD;
106                 addrlen = 16;
107         } else {
108                 type = GEN_DNS;
109                 addrlen = 0;
110         }
111
112         count = sk_GENERAL_NAME_num(altname_stack);
113         for (i = 0; i < count; i++) {
114                 GENERAL_NAME    *altname;
115
116                 altname = sk_GENERAL_NAME_value(altname_stack, i);
117
118                 if (altname->type != type)
119                         continue;
120
121                 if (type == GEN_DNS) {
122                         unsigned char   *data;
123                         int              format, len;
124
125                         format = ASN1_STRING_type(altname->d.dNSName);
126                         if (format == V_ASN1_IA5STRING) {
127                                 data = ASN1_STRING_data(altname->d.dNSName);
128                                 len = ASN1_STRING_length(altname->d.dNSName);
129
130                                 if (len < 0 || len != strlen(data)) {
131                                         tls_set_errorx(ctx,
132                                             "error verifying name '%s': "
133                                             "NUL byte in subjectAltName, "
134                                             "probably a malicious certificate",
135                                             name);
136                                         rv = -2;
137                                         break;
138                                 }
139
140                                 /*
141                                  * Per RFC 5280 section 4.2.1.6:
142                                  * " " is a legal domain name, but that
143                                  * dNSName must be rejected.
144                                  */
145                                 if (strcmp(data, " ") == 0) {
146                                         tls_set_error(ctx,
147                                             "error verifying name '%s': "
148                                             "a dNSName of \" \" must not be "
149                                             "used", name);
150                                         rv = -2;
151                                         break;
152                                 }
153
154                                 if (tls_match_name(data, name) == 0) {
155                                         rv = 0;
156                                         break;
157                                 }
158                         } else {
159 #ifdef DEBUG
160                                 fprintf(stdout, "%s: unhandled subjectAltName "
161                                     "dNSName encoding (%d)\n", getprogname(),
162                                     format);
163 #endif
164                         }
165
166                 } else if (type == GEN_IPADD) {
167                         unsigned char   *data;
168                         int              datalen;
169
170                         datalen = ASN1_STRING_length(altname->d.iPAddress);
171                         data = ASN1_STRING_data(altname->d.iPAddress);
172
173                         if (datalen < 0) {
174                                 tls_set_errorx(ctx,
175                                     "Unexpected negative length for an "
176                                     "IP address: %d", datalen);
177                                 rv = -2;
178                                 break;
179                         }
180
181                         /*
182                          * Per RFC 5280 section 4.2.1.6:
183                          * IPv4 must use 4 octets and IPv6 must use 16 octets.
184                          */
185                         if (datalen == addrlen &&
186                             memcmp(data, &addrbuf, addrlen) == 0) {
187                                 rv = 0;
188                                 break;
189                         }
190                 }
191         }
192
193         sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
194         return rv;
195 }
196
197 static int
198 tls_check_common_name(struct tls *ctx, X509 *cert, const char *name)
199 {
200         X509_NAME *subject_name;
201         char *common_name = NULL;
202         union tls_addr addrbuf;
203         int common_name_len;
204         int rv = -1;
205
206         subject_name = X509_get_subject_name(cert);
207         if (subject_name == NULL)
208                 goto out;
209
210         common_name_len = X509_NAME_get_text_by_NID(subject_name,
211             NID_commonName, NULL, 0);
212         if (common_name_len < 0)
213                 goto out;
214
215         common_name = calloc(common_name_len + 1, 1);
216         if (common_name == NULL)
217                 goto out;
218
219         X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
220             common_name_len + 1);
221
222         /* NUL bytes in CN? */
223         if (common_name_len != strlen(common_name)) {
224                 tls_set_errorx(ctx, "error verifying name '%s': "
225                     "NUL byte in Common Name field, "
226                     "probably a malicious certificate", name);
227                 rv = -2;
228                 goto out;
229         }
230
231         if (inet_pton(AF_INET,  name, &addrbuf) == 1 ||
232             inet_pton(AF_INET6, name, &addrbuf) == 1) {
233                 /*
234                  * We don't want to attempt wildcard matching against IP
235                  * addresses, so perform a simple comparison here.
236                  */
237                 if (strcmp(common_name, name) == 0)
238                         rv = 0;
239                 else
240                         rv = -1;
241                 goto out;
242         }
243
244         if (tls_match_name(common_name, name) == 0)
245                 rv = 0;
246  out:
247         free(common_name);
248         return rv;
249 }
250
251 int
252 tls_check_name(struct tls *ctx, X509 *cert, const char *name)
253 {
254         int     rv;
255
256         rv = tls_check_subject_altname(ctx, cert, name);
257         if (rv == 0 || rv == -2)
258                 return rv;
259
260         return tls_check_common_name(ctx, cert, name);
261 }