1 /* $OpenBSD: tls_verify.c,v 1.23 2023/05/11 07:35:27 tb Exp $ */
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/socket.h>
22 #include <arpa/inet.h>
23 #include <netinet/in.h>
27 #include <openssl/x509v3.h>
30 #include "tls_internal.h"
33 tls_match_name(const char *cert_name, const char *name)
35 const char *cert_domain, *domain, *next_dot;
37 if (strcasecmp(cert_name, name) == 0)
41 if (cert_name[0] == '*') {
45 * - "*.sub.domain.tld"
48 * No attempt to prevent the use of eg. "*.co.uk".
50 cert_domain = &cert_name[1];
52 if (cert_domain[0] == '\0')
55 if (cert_domain[0] != '.')
58 if (cert_domain[1] == '.')
60 next_dot = strchr(&cert_domain[1], '.');
61 /* Disallow "*.bar" */
64 /* Disallow "*.bar.." */
65 if (next_dot[1] == '.')
68 domain = strchr(name, '.');
70 /* No wildcard match against a name with no host part. */
73 /* No wildcard match against a name with no domain part. */
74 if (domain == NULL || strlen(domain) == 1)
77 if (strcasecmp(cert_domain, domain) == 0)
85 * See RFC 5280 section 4.2.1.6 for SubjectAltName details.
86 * alt_match is set to 1 if a matching alternate name is found.
87 * alt_exists is set to 1 if any known alternate name exists in the certificate.
90 tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
91 int *alt_match, int *alt_exists)
93 STACK_OF(GENERAL_NAME) *altname_stack = NULL;
94 union tls_addr addrbuf;
102 altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
104 if (altname_stack == NULL)
107 if (inet_pton(AF_INET, name, &addrbuf) == 1) {
110 } else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
118 count = sk_GENERAL_NAME_num(altname_stack);
119 for (i = 0; i < count; i++) {
120 GENERAL_NAME *altname;
122 altname = sk_GENERAL_NAME_value(altname_stack, i);
124 if (altname->type == GEN_DNS || altname->type == GEN_IPADD)
127 if (altname->type != type)
130 if (type == GEN_DNS) {
131 const unsigned char *data;
134 format = ASN1_STRING_type(altname->d.dNSName);
135 if (format == V_ASN1_IA5STRING) {
136 data = ASN1_STRING_get0_data(altname->d.dNSName);
137 len = ASN1_STRING_length(altname->d.dNSName);
139 if (len < 0 || (size_t)len != strlen(data)) {
141 "error verifying name '%s': "
142 "NUL byte in subjectAltName, "
143 "probably a malicious certificate",
150 * Per RFC 5280 section 4.2.1.6:
151 * " " is a legal domain name, but that
152 * dNSName must be rejected.
154 if (strcmp(data, " ") == 0) {
156 "error verifying name '%s': "
157 "a dNSName of \" \" must not be "
163 if (tls_match_name(data, name) == 0) {
169 fprintf(stdout, "%s: unhandled subjectAltName "
170 "dNSName encoding (%d)\n", getprogname(),
175 } else if (type == GEN_IPADD) {
176 const unsigned char *data;
179 datalen = ASN1_STRING_length(altname->d.iPAddress);
180 data = ASN1_STRING_get0_data(altname->d.iPAddress);
184 "Unexpected negative length for an "
185 "IP address: %d", datalen);
191 * Per RFC 5280 section 4.2.1.6:
192 * IPv4 must use 4 octets and IPv6 must use 16 octets.
194 if (datalen == addrlen &&
195 memcmp(data, &addrbuf, addrlen) == 0) {
202 sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
207 tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
210 X509_NAME *subject_name;
211 char *common_name = NULL;
212 union tls_addr addrbuf;
218 subject_name = X509_get_subject_name(cert);
219 if (subject_name == NULL)
222 common_name_len = X509_NAME_get_text_by_NID(subject_name,
223 NID_commonName, NULL, 0);
224 if (common_name_len < 0)
227 common_name = calloc(common_name_len + 1, 1);
228 if (common_name == NULL) {
229 tls_set_error(ctx, "out of memory");
233 X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
234 common_name_len + 1);
236 /* NUL bytes in CN? */
237 if (common_name_len < 0 ||
238 (size_t)common_name_len != strlen(common_name)) {
239 tls_set_errorx(ctx, "error verifying name '%s': "
240 "NUL byte in Common Name field, "
241 "probably a malicious certificate", name);
246 * We don't want to attempt wildcard matching against IP addresses,
247 * so perform a simple comparison here.
249 if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
250 inet_pton(AF_INET6, name, &addrbuf) == 1) {
251 if (strcmp(common_name, name) == 0)
256 if (tls_match_name(common_name, name) == 0)
268 tls_check_name(struct tls *ctx, X509 *cert, const char *name, int *match)
274 if (tls_check_subject_altname(ctx, cert, name, match,
279 * As per RFC 6125 section 6.4.4, if any known alternate name existed
280 * in the certificate, we do not attempt to match on the CN.
282 if (*match || alt_exists)
285 return tls_check_common_name(ctx, cert, name, match);