GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libtls/tls_verify.c Lines: 93 99 93.9 %
Date: 2017-11-13 Branches: 66 84 78.6 %

Line Branch Exec Source
1
/* $OpenBSD: tls_verify.c,v 1.19 2017/04/10 17:11:13 jsing Exp $ */
2
/*
3
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4
 *
5
 * Permission to use, copy, modify, and distribute this software for any
6
 * purpose with or without fee is hereby granted, provided that the above
7
 * copyright notice and this permission notice appear in all copies.
8
 *
9
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
 */
17
18
#include <sys/socket.h>
19
20
#include <arpa/inet.h>
21
#include <netinet/in.h>
22
23
#include <string.h>
24
25
#include <openssl/x509v3.h>
26
27
#include <tls.h>
28
#include "tls_internal.h"
29
30
static int
31
tls_match_name(const char *cert_name, const char *name)
32
{
33
	const char *cert_domain, *domain, *next_dot;
34
35
150
	if (strcasecmp(cert_name, name) == 0)
36
15
		return 0;
37
38
	/* Wildcard match? */
39
60
	if (cert_name[0] == '*') {
40
		/*
41
		 * Valid wildcards:
42
		 * - "*.domain.tld"
43
		 * - "*.sub.domain.tld"
44
		 * - etc.
45
		 * Reject "*.tld".
46
		 * No attempt to prevent the use of eg. "*.co.uk".
47
		 */
48
21
		cert_domain = &cert_name[1];
49
		/* Disallow "*"  */
50
21
		if (cert_domain[0] == '\0')
51
3
			return -1;
52
		/* Disallow "*foo" */
53
18
		if (cert_domain[0] != '.')
54
			return -1;
55
		/* Disallow "*.." */
56
18
		if (cert_domain[1] == '.')
57
			return -1;
58
18
		next_dot = strchr(&cert_domain[1], '.');
59
		/* Disallow "*.bar" */
60
18
		if (next_dot == NULL)
61
9
			return -1;
62
		/* Disallow "*.bar.." */
63
9
		if (next_dot[1] == '.')
64
			return -1;
65
66
9
		domain = strchr(name, '.');
67
68
		/* No wildcard match against a name with no host part. */
69
9
		if (name[0] == '.')
70
3
			return -1;
71
		/* No wildcard match against a name with no domain part. */
72

12
		if (domain == NULL || strlen(domain) == 1)
73
			return -1;
74
75
6
		if (strcasecmp(cert_domain, domain) == 0)
76
6
			return 0;
77
	}
78
79
39
	return -1;
80
75
}
81
82
/*
83
 * See RFC 5280 section 4.2.1.6 for SubjectAltName details.
84
 * alt_match is set to 1 if a matching alternate name is found.
85
 * alt_exists is set to 1 if any known alternate name exists in the certificate.
86
 */
87
static int
88
tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
89
    int *alt_match, int *alt_exists)
90
{
91
	STACK_OF(GENERAL_NAME) *altname_stack = NULL;
92
168
	union tls_addr addrbuf;
93
	int addrlen, type;
94
	int count, i;
95
	int rv = 0;
96
97
84
	*alt_match = 0;
98
84
	*alt_exists = 0;
99
100
84
	altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
101
	    NULL, NULL);
102
84
	if (altname_stack == NULL)
103
45
		return 0;
104
105
39
	if (inet_pton(AF_INET, name, &addrbuf) == 1) {
106
		type = GEN_IPADD;
107
		addrlen = 4;
108
39
	} else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
109
		type = GEN_IPADD;
110
		addrlen = 16;
111
3
	} else {
112
		type = GEN_DNS;
113
		addrlen = 0;
114
	}
115
116
39
	count = sk_GENERAL_NAME_num(altname_stack);
117
156
	for (i = 0; i < count; i++) {
118
		GENERAL_NAME	*altname;
119
120
66
		altname = sk_GENERAL_NAME_value(altname_stack, i);
121
122

72
		if (altname->type == GEN_DNS || altname->type == GEN_IPADD)
123
66
			*alt_exists = 1;
124
125
66
		if (altname->type != type)
126
12
			continue;
127
128
54
		if (type == GEN_DNS) {
129
			unsigned char	*data;
130
			int		 format, len;
131
132
48
			format = ASN1_STRING_type(altname->d.dNSName);
133
48
			if (format == V_ASN1_IA5STRING) {
134
48
				data = ASN1_STRING_data(altname->d.dNSName);
135
48
				len = ASN1_STRING_length(altname->d.dNSName);
136
137

96
				if (len < 0 || (size_t)len != strlen(data)) {
138
3
					tls_set_errorx(ctx,
139
					    "error verifying name '%s': "
140
					    "NUL byte in subjectAltName, "
141
					    "probably a malicious certificate",
142
					    name);
143
					rv = -1;
144
3
					break;
145
				}
146
147
				/*
148
				 * Per RFC 5280 section 4.2.1.6:
149
				 * " " is a legal domain name, but that
150
				 * dNSName must be rejected.
151
				 */
152
45
				if (strcmp(data, " ") == 0) {
153
3
					tls_set_errorx(ctx,
154
					    "error verifying name '%s': "
155
					    "a dNSName of \" \" must not be "
156
					    "used", name);
157
					rv = -1;
158
3
					break;
159
				}
160
161
42
				if (tls_match_name(data, name) == 0) {
162
15
					*alt_match = 1;
163
15
					break;
164
				}
165
			} else {
166
#ifdef DEBUG
167
				fprintf(stdout, "%s: unhandled subjectAltName "
168
				    "dNSName encoding (%d)\n", getprogname(),
169
				    format);
170
#endif
171
			}
172
173

33
		} else if (type == GEN_IPADD) {
174
			unsigned char	*data;
175
			int		 datalen;
176
177
6
			datalen = ASN1_STRING_length(altname->d.iPAddress);
178
6
			data = ASN1_STRING_data(altname->d.iPAddress);
179
180
6
			if (datalen < 0) {
181
				tls_set_errorx(ctx,
182
				    "Unexpected negative length for an "
183
				    "IP address: %d", datalen);
184
				rv = -1;
185
				break;
186
			}
187
188
			/*
189
			 * Per RFC 5280 section 4.2.1.6:
190
			 * IPv4 must use 4 octets and IPv6 must use 16 octets.
191
			 */
192

12
			if (datalen == addrlen &&
193
6
			    memcmp(data, &addrbuf, addrlen) == 0) {
194
6
				*alt_match = 1;
195
6
				break;
196
			}
197
		}
198
27
	}
199
200
39
	sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
201
39
	return rv;
202
84
}
203
204
static int
205
tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
206
    int *cn_match)
207
{
208
	X509_NAME *subject_name;
209
	char *common_name = NULL;
210
90
	union tls_addr addrbuf;
211
	int common_name_len;
212
	int rv = 0;
213
214
45
	*cn_match = 0;
215
216
45
	subject_name = X509_get_subject_name(cert);
217
45
	if (subject_name == NULL)
218
		goto out;
219
220
45
	common_name_len = X509_NAME_get_text_by_NID(subject_name,
221
	    NID_commonName, NULL, 0);
222
45
	if (common_name_len < 0)
223
		goto out;
224
225
45
	common_name = calloc(common_name_len + 1, 1);
226
45
	if (common_name == NULL)
227
		goto out;
228
229
45
	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
230
	    common_name_len + 1);
231
232
	/* NUL bytes in CN? */
233

90
	if (common_name_len < 0 ||
234
45
	    (size_t)common_name_len != strlen(common_name)) {
235
3
		tls_set_errorx(ctx, "error verifying name '%s': "
236
		    "NUL byte in Common Name field, "
237
		    "probably a malicious certificate", name);
238
		rv = -1;
239
3
		goto out;
240
	}
241
242
	/*
243
	 * We don't want to attempt wildcard matching against IP addresses,
244
	 * so perform a simple comparison here.
245
	 */
246

78
	if (inet_pton(AF_INET,  name, &addrbuf) == 1 ||
247
36
	    inet_pton(AF_INET6, name, &addrbuf) == 1) {
248
9
		if (strcmp(common_name, name) == 0)
249
6
			*cn_match = 1;
250
		goto out;
251
	}
252
253
33
	if (tls_match_name(common_name, name) == 0)
254
6
		*cn_match = 1;
255
256
 out:
257
45
	free(common_name);
258
45
	return rv;
259
45
}
260
261
int
262
tls_check_name(struct tls *ctx, X509 *cert, const char *name, int *match)
263
{
264
168
	int alt_exists;
265
266
84
	*match = 0;
267
268
168
	if (tls_check_subject_altname(ctx, cert, name, match,
269
84
	    &alt_exists) == -1)
270
6
		return -1;
271
272
	/*
273
	 * As per RFC 6125 section 6.4.4, if any known alternate name existed
274
	 * in the certificate, we do not attempt to match on the CN.
275
	 */
276
78
	if (*match || alt_exists)
277
33
		return 0;
278
279
45
	return tls_check_common_name(ctx, cert, name, match);
280
84
}