1 /* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 #include <sys/socket.h>
20 #include <arpa/inet.h>
21 #include <netinet/in.h>
25 #include <openssl/x509v3.h>
28 #include "tls_internal.h"
31 tls_match_name(const char *cert_name
, const char *name
)
33 const char *cert_domain
, *domain
, *next_dot
;
35 if (strcasecmp(cert_name
, name
) == 0)
39 if (cert_name
[0] == '*') {
43 * - "*.sub.domain.tld"
46 * No attempt to prevent the use of eg. "*.co.uk".
48 cert_domain
= &cert_name
[1];
50 if (cert_domain
[0] == '\0')
53 if (cert_domain
[0] != '.')
56 if (cert_domain
[1] == '.')
58 next_dot
= strchr(&cert_domain
[1], '.');
59 /* Disallow "*.bar" */
62 /* Disallow "*.bar.." */
63 if (next_dot
[1] == '.')
66 domain
= strchr(name
, '.');
68 /* No wildcard match against a name with no host part. */
71 /* No wildcard match against a name with no domain part. */
72 if (domain
== NULL
|| strlen(domain
) == 1)
75 if (strcasecmp(cert_domain
, domain
) == 0)
83 * See RFC 5280 section 4.2.1.6 for SubjectAltName details.
84 * alt_match is set to 1 if a matching alternate name is found.
85 * alt_exists is set to 1 if any known alternate name exists in the certificate.
88 tls_check_subject_altname(struct tls
*ctx
, X509
*cert
, const char *name
,
89 int *alt_match
, int *alt_exists
)
91 STACK_OF(GENERAL_NAME
) *altname_stack
= NULL
;
92 union tls_addr addrbuf
;
100 altname_stack
= X509_get_ext_d2i(cert
, NID_subject_alt_name
,
102 if (altname_stack
== NULL
)
105 if (inet_pton(AF_INET
, name
, &addrbuf
) == 1) {
108 } else if (inet_pton(AF_INET6
, name
, &addrbuf
) == 1) {
116 count
= sk_GENERAL_NAME_num(altname_stack
);
117 for (i
= 0; i
< count
; i
++) {
118 GENERAL_NAME
*altname
;
120 altname
= sk_GENERAL_NAME_value(altname_stack
, i
);
122 if (altname
->type
== GEN_DNS
|| altname
->type
== GEN_IPADD
)
125 if (altname
->type
!= type
)
128 if (type
== GEN_DNS
) {
132 format
= ASN1_STRING_type(altname
->d
.dNSName
);
133 if (format
== V_ASN1_IA5STRING
) {
134 data
= ASN1_STRING_data(altname
->d
.dNSName
);
135 len
= ASN1_STRING_length(altname
->d
.dNSName
);
137 if (len
< 0 || (size_t)len
!= strlen(data
)) {
139 "error verifying name '%s': "
140 "NUL byte in subjectAltName, "
141 "probably a malicious certificate",
148 * Per RFC 5280 section 4.2.1.6:
149 * " " is a legal domain name, but that
150 * dNSName must be rejected.
152 if (strcmp(data
, " ") == 0) {
154 "error verifying name '%s': "
155 "a dNSName of \" \" must not be "
161 if (tls_match_name(data
, name
) == 0) {
167 fprintf(stdout
, "%s: unhandled subjectAltName "
168 "dNSName encoding (%d)\n", getprogname(),
173 } else if (type
== GEN_IPADD
) {
177 datalen
= ASN1_STRING_length(altname
->d
.iPAddress
);
178 data
= ASN1_STRING_data(altname
->d
.iPAddress
);
182 "Unexpected negative length for an "
183 "IP address: %d", datalen
);
189 * Per RFC 5280 section 4.2.1.6:
190 * IPv4 must use 4 octets and IPv6 must use 16 octets.
192 if (datalen
== addrlen
&&
193 memcmp(data
, &addrbuf
, addrlen
) == 0) {
200 sk_GENERAL_NAME_pop_free(altname_stack
, GENERAL_NAME_free
);
205 tls_check_common_name(struct tls
*ctx
, X509
*cert
, const char *name
,
208 X509_NAME
*subject_name
;
209 char *common_name
= NULL
;
210 union tls_addr addrbuf
;
216 subject_name
= X509_get_subject_name(cert
);
217 if (subject_name
== NULL
)
220 common_name_len
= X509_NAME_get_text_by_NID(subject_name
,
221 NID_commonName
, NULL
, 0);
222 if (common_name_len
< 0)
225 common_name
= calloc(common_name_len
+ 1, 1);
226 if (common_name
== NULL
)
229 X509_NAME_get_text_by_NID(subject_name
, NID_commonName
, common_name
,
230 common_name_len
+ 1);
232 /* NUL bytes in CN? */
233 if (common_name_len
< 0 ||
234 (size_t)common_name_len
!= strlen(common_name
)) {
235 tls_set_errorx(ctx
, "error verifying name '%s': "
236 "NUL byte in Common Name field, "
237 "probably a malicious certificate", name
);
243 * We don't want to attempt wildcard matching against IP addresses,
244 * so perform a simple comparison here.
246 if (inet_pton(AF_INET
, name
, &addrbuf
) == 1 ||
247 inet_pton(AF_INET6
, name
, &addrbuf
) == 1) {
248 if (strcmp(common_name
, name
) == 0)
253 if (tls_match_name(common_name
, name
) == 0)
262 tls_check_name(struct tls
*ctx
, X509
*cert
, const char *name
, int *match
)
268 if (tls_check_subject_altname(ctx
, cert
, name
, match
,
273 * As per RFC 6125 section 6.4.4, if any known alternate name existed
274 * in the certificate, we do not attempt to match on the CN.
276 if (*match
|| alt_exists
)
279 return tls_check_common_name(ctx
, cert
, name
, match
);