/*
* For each name in the cert. Iterate them. Call the callback. If one returns true, then consider it validated,
* if none of them return true, the cert is considered invalid.
*/
static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, struct s2n_connection *conn, X509 *public_cert) {
uint8_t verified = 0;
uint8_t san_found = 0;
/* Check SubjectAltNames before CommonName as per RFC 6125 6.4.4 */
STACK_OF(GENERAL_NAME) *names_list = X509_get_ext_d2i(public_cert, NID_subject_alt_name, NULL, NULL);
int n = sk_GENERAL_NAME_num(names_list);
for (int i = 0; i < n && !verified; i++) {
GENERAL_NAME *current_name = sk_GENERAL_NAME_value(names_list, i);
if (current_name->type == GEN_DNS) {
san_found = 1;
const char *name = (const char *) ASN1_STRING_data(current_name->d.ia5);
size_t name_len = (size_t) ASN1_STRING_length(current_name->d.ia5);
verified = conn->verify_host_fn(name, name_len, conn->data_for_verify_host);
}
}
GENERAL_NAMES_free(names_list);
/* if no SubjectAltNames of type DNS found, go to the common name. */
if (!san_found) {
X509_NAME *subject_name = X509_get_subject_name(public_cert);
if (subject_name) {
int next_idx = 0, curr_idx = -1;
while ((next_idx = X509_NAME_get_index_by_NID(subject_name, NID_commonName, curr_idx)) >= 0) {
curr_idx = next_idx;
}
if (curr_idx >= 0) {
ASN1_STRING *common_name =
X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name, curr_idx));
if (common_name) {
char peer_cn[255];
static size_t peer_cn_size = sizeof(peer_cn);
memset_check(&peer_cn, 0, peer_cn_size);
// X520CommonName allows the following ANSI string types per RFC 5280 Appendix A.1
if (ASN1_STRING_type(common_name) == V_ASN1_TELETEXSTRING ||
ASN1_STRING_type(common_name) == V_ASN1_PRINTABLESTRING ||
ASN1_STRING_type(common_name) == V_ASN1_UNIVERSALSTRING ||
ASN1_STRING_type(common_name) == V_ASN1_UTF8STRING ||
ASN1_STRING_type(common_name) == V_ASN1_BMPSTRING ) {
size_t len = (size_t) ASN1_STRING_length(common_name);
lte_check(len, sizeof(peer_cn) - 1);
memcpy_check(peer_cn, ASN1_STRING_data(common_name), len);
verified = conn->verify_host_fn(peer_cn, len, conn->data_for_verify_host);
}
}
}
}
}
return verified;
}
static const char *get_general_dns_name(const GENERAL_NAME *name)
{
if (ASN1_STRING_type(name->d.ia5) != V_ASN1_IA5STRING)
return "";
return asn1_string_to_c(name->d.ia5);
}
const char *tls_dns_name(const GENERAL_NAME * gn,
const TLS_SESS_STATE *TLScontext)
{
const char *myname = "tls_dns_name";
char *cp;
const char *dnsname;
int len;
/*
* Peername checks are security sensitive, carefully scrutinize the
* input!
*/
if (gn->type != GEN_DNS)
msg_panic("%s: Non DNS input argument", myname);
/*
* We expect the OpenSSL library to construct GEN_DNS extesion objects as
* ASN1_IA5STRING values. Check we got the right union member.
*/
if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING) {
msg_warn("%s: %s: invalid ASN1 value type in subjectAltName",
myname, TLScontext->namaddr);
return (0);
}
/*
* Safe to treat as an ASCII string possibly holding a DNS name
*/
dnsname = (char *) ASN1_STRING_data(gn->d.ia5);
len = ASN1_STRING_length(gn->d.ia5);
TRIM0(dnsname, len);
/*
* Per Dr. Steven Henson of the OpenSSL development team, ASN1_IA5STRING
* values can have internal ASCII NUL values in this context because
* their length is taken from the decoded ASN1 buffer, a trailing NUL is
* always appended to make sure that the string is terminated, but the
* ASN.1 length may differ from strlen().
*/
if (len != strlen(dnsname)) {
msg_warn("%s: %s: internal NUL in subjectAltName",
myname, TLScontext->namaddr);
return 0;
}
/*
* XXX: Should we be more strict and call valid_hostname()? So long as
* the name is safe to handle, if it is not a valid hostname, it will not
* compare equal to the expected peername, so being more strict than
* "printable" is likely excessive...
*/
if (*dnsname && !allprint(dnsname)) {
cp = mystrdup(dnsname);
msg_warn("%s: %s: non-printable characters in subjectAltName: %.100s",
myname, TLScontext->namaddr, printable(cp, '?'));
myfree(cp);
return 0;
}
return (dnsname);
}
/* Server certificate name check, logic adapted from libcurl */
static int
_SSL_check_server_cert(SSL *ssl, const char *hostname)
{
X509 *cert;
X509_NAME *subject;
const GENERAL_NAME *altname;
STACK_OF(GENERAL_NAME) *altnames;
ASN1_STRING *tmp;
int i, n, match = -1;
const char *p;
if (SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE ||
(cert = SSL_get_peer_certificate(ssl)) == NULL) {
return (1);
}
/* Check subjectAltName */
if ((altnames = X509_get_ext_d2i(cert, NID_subject_alt_name,
NULL, NULL)) != NULL) {
n = sk_GENERAL_NAME_num(altnames);
for (i = 0; i < n && match != 1; i++) {
altname = sk_GENERAL_NAME_value(altnames, i);
p = (char *)ASN1_STRING_data(altname->d.ia5);
if (altname->type == GEN_DNS) {
match = (ASN1_STRING_length(altname->d.ia5) ==
strlen(p) && match_pattern(hostname, p));
}
}
GENERAL_NAMES_free(altnames);
}
/* No subjectAltName, try CN */
if (match == -1 &&
(subject = X509_get_subject_name(cert)) != NULL) {
for (i = -1; (n = X509_NAME_get_index_by_NID(subject,
NID_commonName, i)) >= 0; ) {
i = n;
}
if (i >= 0) {
if ((tmp = X509_NAME_ENTRY_get_data(
X509_NAME_get_entry(subject, i))) != NULL &&
ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
p = (char *)ASN1_STRING_data(tmp);
match = (ASN1_STRING_length(tmp) ==
strlen(p) && match_pattern(hostname, p));
}
}
}
X509_free(cert);
return (match > 0);
}
/** Checks whether the host component of a URI matches an IP address
* in the server certificate.
*
* @param[in] uri_host
* The IP address (or host name) to which the user wanted to connect.
* Should be in UTF-8.
* @param[in] cert_host_asn1
* An IP address found as iPAddress in the subjectAltName extension
* of the server certificate. According to RFC 5280 section 4.2.1.6,
* that is an octet string in network byte order. According to
* RFC 2818 section 3.1, wildcards are not allowed.
*
* @return
* Nonzero if the host matches. Zero if it doesn't, or on error.
*
* If @a uri_host is a host name rather than an IP address literal,
* then this function returns 0, meaning that the address does not match.
* This function does not try to resolve the host name to an IP address
* and compare that to @a cert_host_asn1, because such an approach would
* be vulnerable to DNS spoofing.
*
* This function does not support the address-and-netmask format used
* in the name constraints extension of a CA certificate (RFC 5280
* section 4.2.1.10). */
static int
match_uri_host_ip(const unsigned char *uri_host,
ASN1_OCTET_STRING *cert_host_asn1)
{
const unsigned char *cert_host_addr = ASN1_STRING_data(cert_host_asn1);
struct in_addr uri_host_in;
#ifdef CONFIG_IPV6
struct in6_addr uri_host_in6;
#endif
/* RFC 5280 defines the iPAddress alternative of GeneralName
* as an OCTET STRING. Verify that the type is indeed that.
* This is an assertion because, if someone puts the wrong
* type of data there, then it will not even be recognized as
* an iPAddress, and this function will not be called.
*
* (Because GeneralName is defined in an implicitly tagged
* ASN.1 module, the OCTET STRING tag is not part of the DER
* encoding. BER also allows a constructed encoding where
* each substring begins with the OCTET STRING tag; but ITU-T
* Rec. X.690 (07/2002) subclause 8.21 says those would be
* OCTET STRING even if the outer string were of some other
* type. "A Layman's Guide to a Subset of ASN.1, BER, and
* DER" (Kaliski, 1993) claims otherwise, though.) */
assert(ASN1_STRING_type(cert_host_asn1) == V_ASN1_OCTET_STRING);
if_assert_failed return 0;
/* cert_host_addr, url_host_in, and url_host_in6 are all in
* network byte order. */
switch (ASN1_STRING_length(cert_host_asn1)) {
case 4:
return inet_aton((const char *)uri_host, &uri_host_in) != 0
&& memcmp(cert_host_addr, &uri_host_in.s_addr, 4) == 0;
#ifdef CONFIG_IPV6
case 16:
return inet_pton(AF_INET6, (const char *)uri_host, &uri_host_in6) == 1
&& memcmp(cert_host_addr, &uri_host_in6.s6_addr, 16) == 0;
#endif
default:
return 0;
}
}
/* tls_dns_name - Extract valid DNS name from subjectAltName value */
static const char *tls_dns_name(const GENERAL_NAME * gn)
{
const char *dnsname;
/* We expect the OpenSSL library to construct GEN_DNS extension objects as
ASN1_IA5STRING values. Check we got the right union member. */
if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING) {
g_warning("Invalid ASN1 value type in subjectAltName");
return NULL;
}
/* Safe to treat as an ASCII string possibly holding a DNS name */
dnsname = (char *) ASN1_STRING_data(gn->d.ia5);
if (has_internal_nul(dnsname, ASN1_STRING_length(gn->d.ia5))) {
g_warning("Internal NUL in subjectAltName");
return NULL;
}
return dnsname;
}
static int openssl_xext_data(lua_State* L)
{
int ret = 0;
X509_EXTENSION *x = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension");
if (lua_isnone(L, 2))
{
ASN1_STRING *s = X509_EXTENSION_get_data(x);
s = ASN1_STRING_dup(s);
PUSH_OBJECT(s, "openssl.asn1_string");
return 1;
}
else if (lua_isstring(L, 2))
{
size_t size;
const char* data = lua_tolstring(L, 2, &size);
ASN1_STRING* s = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
if (ASN1_STRING_set(s, data, size) == 1)
{
ret = X509_EXTENSION_set_data(x, s);
}
ASN1_STRING_free(s);
return openssl_pushresult(L, ret);
}
else
{
ASN1_STRING* s = CHECK_GROUP(2, ASN1_STRING, "openssl.asn1group");
if (ASN1_STRING_type(s) == V_ASN1_OCTET_STRING)
{
int ret;
ret = X509_EXTENSION_set_data(x, s);
return openssl_pushresult(L, ret);
}
else
{
luaL_argerror(L, 2, "asn1_string type must be octet");
}
}
return 0;
};
/* tls_text_name - extract certificate property value by name */
static char *tls_text_name(X509_NAME *name, int nid)
{
int pos;
X509_NAME_ENTRY *entry;
ASN1_STRING *entry_str;
int utf8_length;
unsigned char *utf8_value;
char *result;
if (name == 0 || (pos = X509_NAME_get_index_by_NID(name, nid, -1)) < 0) {
return NULL;
}
entry = X509_NAME_get_entry(name, pos);
g_return_val_if_fail(entry != NULL, NULL);
entry_str = X509_NAME_ENTRY_get_data(entry);
g_return_val_if_fail(entry_str != NULL, NULL);
/* Convert everything into UTF-8. It's up to OpenSSL to do something
reasonable when converting ASCII formats that contain non-ASCII
content. */
if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, entry_str)) < 0) {
g_warning("Error decoding ASN.1 type=%d", ASN1_STRING_type(entry_str));
return NULL;
}
if (has_internal_nul((char *)utf8_value, utf8_length)) {
g_warning("NUL character in hostname in certificate");
OPENSSL_free(utf8_value);
return NULL;
}
result = g_strdup((char *) utf8_value);
OPENSSL_free(utf8_value);
return result;
}
/* See RFC 5280 section 4.2.1.6 for SubjectAltName details. */
static int
tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
{
STACK_OF(GENERAL_NAME) *altname_stack = NULL;
union tls_addr addrbuf;
int addrlen, type;
int count, i;
int rv = -1;
altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
NULL, NULL);
if (altname_stack == NULL)
return -1;
if (inet_pton(AF_INET, name, &addrbuf) == 1) {
type = GEN_IPADD;
addrlen = 4;
} else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
type = GEN_IPADD;
addrlen = 16;
} else {
type = GEN_DNS;
addrlen = 0;
}
count = sk_GENERAL_NAME_num(altname_stack);
for (i = 0; i < count; i++) {
GENERAL_NAME *altname;
altname = sk_GENERAL_NAME_value(altname_stack, i);
if (altname->type != type)
continue;
if (type == GEN_DNS) {
const void *data;
int format, len;
format = ASN1_STRING_type(altname->d.dNSName);
if (format == V_ASN1_IA5STRING) {
data = ASN1_STRING_get0_data(altname->d.dNSName);
len = ASN1_STRING_length(altname->d.dNSName);
if (len < 0 || len != (int)strlen(data)) {
tls_set_errorx(ctx,
"error verifying name '%s': "
"NUL byte in subjectAltName, "
"probably a malicious certificate",
name);
rv = -2;
break;
}
/*
* Per RFC 5280 section 4.2.1.6:
* " " is a legal domain name, but that
* dNSName must be rejected.
*/
if (strcmp(data, " ") == 0) {
tls_set_error(ctx,
"error verifying name '%s': "
"a dNSName of \" \" must not be "
"used", name);
rv = -2;
break;
}
if (tls_match_name(data, name) == 0) {
rv = 0;
break;
}
} else {
#ifdef DEBUG
fprintf(stdout, "%s: unhandled subjectAltName "
"dNSName encoding (%d)\n", getprogname(),
format);
#endif
}
} else if (type == GEN_IPADD) {
const unsigned char *data;
int datalen;
datalen = ASN1_STRING_length(altname->d.iPAddress);
data = ASN1_STRING_get0_data(altname->d.iPAddress);
if (datalen < 0) {
tls_set_errorx(ctx,
"Unexpected negative length for an "
"IP address: %d", datalen);
rv = -2;
break;
}
/*
* Per RFC 5280 section 4.2.1.6:
* IPv4 must use 4 octets and IPv6 must use 16 octets.
*/
if (datalen == addrlen &&
memcmp(data, &addrbuf, addrlen) == 0) {
rv = 0;
break;
}
}
}
sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
return rv;
}
static int verify_server_cert(SSL *ssl, const char *host)
{
X509 *cert;
X509_NAME *peer_name;
ASN1_STRING *str;
unsigned char *peer_cn = NULL;
int matched = -1, type = GEN_DNS;
GENERAL_NAMES *alts;
struct in6_addr addr6;
struct in_addr addr4;
void *addr;
int i = -1,j;
if (SSL_get_verify_result(ssl) != X509_V_OK) {
giterr_set(GITERR_SSL, "The SSL certificate is invalid");
return GIT_ECERTIFICATE;
}
/* Try to parse the host as an IP address to see if it is */
if (p_inet_pton(AF_INET, host, &addr4)) {
type = GEN_IPADD;
addr = &addr4;
} else {
if(p_inet_pton(AF_INET6, host, &addr6)) {
type = GEN_IPADD;
addr = &addr6;
}
}
cert = SSL_get_peer_certificate(ssl);
if (!cert) {
giterr_set(GITERR_SSL, "the server did not provide a certificate");
return -1;
}
/* Check the alternative names */
alts = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (alts) {
int num;
num = sk_GENERAL_NAME_num(alts);
for (i = 0; i < num && matched != 1; i++) {
const GENERAL_NAME *gn = sk_GENERAL_NAME_value(alts, i);
const char *name = (char *) ASN1_STRING_data(gn->d.ia5);
size_t namelen = (size_t) ASN1_STRING_length(gn->d.ia5);
/* Skip any names of a type we're not looking for */
if (gn->type != type)
continue;
if (type == GEN_DNS) {
/* If it contains embedded NULs, don't even try */
if (memchr(name, '\0', namelen))
continue;
if (check_host_name(name, host) < 0)
matched = 0;
else
matched = 1;
} else if (type == GEN_IPADD) {
/* Here name isn't so much a name but a binary representation of the IP */
matched = !!memcmp(name, addr, namelen);
}
}
}
GENERAL_NAMES_free(alts);
if (matched == 0)
goto cert_fail_name;
if (matched == 1)
return 0;
/* If no alternative names are available, check the common name */
peer_name = X509_get_subject_name(cert);
if (peer_name == NULL)
goto on_error;
if (peer_name) {
/* Get the index of the last CN entry */
while ((j = X509_NAME_get_index_by_NID(peer_name, NID_commonName, i)) >= 0)
i = j;
}
if (i < 0)
goto on_error;
str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(peer_name, i));
if (str == NULL)
goto on_error;
/* Work around a bug in OpenSSL whereby ASN1_STRING_to_UTF8 fails if it's already in utf-8 */
if (ASN1_STRING_type(str) == V_ASN1_UTF8STRING) {
int size = ASN1_STRING_length(str);
if (size > 0) {
peer_cn = OPENSSL_malloc(size + 1);
GITERR_CHECK_ALLOC(peer_cn);
memcpy(peer_cn, ASN1_STRING_data(str), size);
peer_cn[size] = '\0';
} else {
goto cert_fail_name;
}
} else {
int size = ASN1_STRING_to_UTF8(&peer_cn, str);
GITERR_CHECK_ALLOC(peer_cn);
if (memchr(peer_cn, '\0', size))
goto cert_fail_name;
}
if (check_host_name((char *)peer_cn, host) < 0)
goto cert_fail_name;
OPENSSL_free(peer_cn);
return 0;
on_error:
OPENSSL_free(peer_cn);
return ssl_set_error(ssl, 0);
cert_fail_name:
OPENSSL_free(peer_cn);
giterr_set(GITERR_SSL, "hostname does not match certificate");
return GIT_ECERTIFICATE;
}
static int
tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, int minchars, int maxchars, const char *desc)
{
int format, len, ret = -1;
unsigned char *data;
ASN1_STRING *a1utf = NULL;
int ascii_only = 0;
char *cstr = NULL;
int mbres, mbconvert = -1;
*dst_p = NULL;
format = ASN1_STRING_type(a1str);
data = ASN1_STRING_data(a1str);
len = ASN1_STRING_length(a1str);
if (len < minchars) {
tls_set_errorx(ctx, "invalid %s: string too short", desc);
goto failed;
}
switch (format) {
case V_ASN1_NUMERICSTRING:
case V_ASN1_VISIBLESTRING:
case V_ASN1_PRINTABLESTRING:
case V_ASN1_IA5STRING:
/* Ascii */
if (len > maxchars) {
tls_set_errorx(ctx, "invalid %s: string too long", desc);
goto failed;
}
ascii_only = 1;
break;
case V_ASN1_T61STRING:
/* Latin1 */
mbconvert = MBSTRING_ASC;
break;
case V_ASN1_BMPSTRING:
/* UCS-2 big-endian */
mbconvert = MBSTRING_BMP;
break;
case V_ASN1_UNIVERSALSTRING:
/* UCS-4 big-endian */
mbconvert = MBSTRING_UNIV;
break;
case V_ASN1_UTF8STRING:
/*
* UTF-8 - could be used directly if OpenSSL has already
* validated the data. ATM be safe and validate here.
*/
mbconvert = MBSTRING_UTF8;
break;
default:
tls_set_errorx(ctx, "invalid %s: unexpected string type", desc);
goto failed;
}
/* Convert to UTF-8 */
if (mbconvert != -1) {
mbres = ASN1_mbstring_ncopy(&a1utf, data, len, mbconvert, B_ASN1_UTF8STRING, minchars, maxchars);
if (mbres < 0) {
tls_set_error_libssl(ctx, "invalid %s", desc);
goto failed;
}
if (mbres != V_ASN1_UTF8STRING) {
tls_set_errorx(ctx, "multibyte conversion failed: expected UTF8 result");
goto failed;
}
data = ASN1_STRING_data(a1utf);
len = ASN1_STRING_length(a1utf);
}
/* must not allow \0 */
if (memchr(data, 0, len) != NULL) {
tls_set_errorx(ctx, "invalid %s: contains NUL", desc);
goto failed;
}
/* no escape codes please */
if (check_invalid_bytes(ctx, data, len, ascii_only, desc) < 0)
goto failed;
/* copy to new string */
cstr = malloc(len + 1);
if (!cstr) {
tls_set_error(ctx, "malloc");
goto failed;
}
memcpy(cstr, data, len);
cstr[len] = 0;
*dst_p = cstr;
ret = len;
failed:
ASN1_STRING_free(a1utf);
return ret;
}
int
ssl_check_subject_altname(X509 *cert, char *host)
{
STACK_OF(GENERAL_NAME) *altname_stack = NULL;
union { struct in_addr ip4; struct in6_addr ip6; } addrbuf;
int addrlen, type;
int count, i;
int rv = -1;
altname_stack =
X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (altname_stack == NULL)
return -1;
if (inet_pton(AF_INET, host, &addrbuf) == 1) {
type = GEN_IPADD;
addrlen = 4;
} else if (inet_pton(AF_INET6, host, &addrbuf) == 1) {
type = GEN_IPADD;
addrlen = 16;
} else
type = GEN_DNS;
count = sk_GENERAL_NAME_num(altname_stack);
for (i = 0; i < count; i++) {
GENERAL_NAME *altname;
altname = sk_GENERAL_NAME_value(altname_stack, i);
if (altname->type != type)
continue;
if (type == GEN_DNS) {
unsigned char *data;
int format;
format = ASN1_STRING_type(altname->d.dNSName);
if (format == V_ASN1_IA5STRING) {
data = ASN1_STRING_data(altname->d.dNSName);
if (ASN1_STRING_length(altname->d.dNSName) !=
(int)strlen(data)) {
fprintf(ttyout, "%s: NUL byte in "
"subjectAltName, probably a "
"malicious certificate.\n",
getprogname());
rv = -2;
break;
}
if (ssl_match_hostname(data, host) == 0) {
rv = 0;
break;
}
} else
fprintf(ttyout, "%s: unhandled subjectAltName "
"dNSName encoding (%d)\n", getprogname(),
format);
} else if (type == GEN_IPADD) {
unsigned char *data;
int datalen;
datalen = ASN1_STRING_length(altname->d.iPAddress);
data = ASN1_STRING_data(altname->d.iPAddress);
if (datalen == addrlen &&
memcmp(data, &addrbuf, addrlen) == 0) {
rv = 0;
break;
}
}
}
sk_GENERAL_NAME_free(altname_stack);
return rv;
}
static char *tls_text_name(X509_NAME *name, int nid, const char *label,
const TLS_SESS_STATE *TLScontext, int gripe)
{
const char *myname = "tls_text_name";
int pos;
X509_NAME_ENTRY *entry;
ASN1_STRING *entry_str;
int asn1_type;
int utf8_length;
unsigned char *utf8_value;
int ch;
unsigned char *cp;
if (name == 0 || (pos = X509_NAME_get_index_by_NID(name, nid, -1)) < 0) {
if (gripe != DONT_GRIPE) {
msg_warn("%s: %s: peer certificate has no %s",
myname, TLScontext->namaddr, label);
tls_print_errors();
}
return (0);
}
#if 0
/*
* If the match is required unambiguous, insist that that no other values
* be present.
*/
if (X509_NAME_get_index_by_NID(name, nid, pos) >= 0) {
msg_warn("%s: %s: multiple %ss in peer certificate",
myname, TLScontext->namaddr, label);
return (0);
}
#endif
if ((entry = X509_NAME_get_entry(name, pos)) == 0) {
/* This should not happen */
msg_warn("%s: %s: error reading peer certificate %s entry",
myname, TLScontext->namaddr, label);
tls_print_errors();
return (0);
}
if ((entry_str = X509_NAME_ENTRY_get_data(entry)) == 0) {
/* This should not happen */
msg_warn("%s: %s: error reading peer certificate %s data",
myname, TLScontext->namaddr, label);
tls_print_errors();
return (0);
}
/*
* XXX Convert everything into UTF-8. This is a super-set of ASCII, so we
* don't have to bother with separate code paths for ASCII-like content.
* If the payload is ASCII then we won't waste lots of CPU cycles
* converting it into UTF-8. It's up to OpenSSL to do something
* reasonable when converting ASCII formats that contain non-ASCII
* content.
*
* XXX Don't bother optimizing the string length error check. It is not
* worth the complexity.
*/
asn1_type = ASN1_STRING_type(entry_str);
if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, entry_str)) < 0) {
msg_warn("%s: %s: error decoding peer %s of ASN.1 type=%d",
myname, TLScontext->namaddr, label, asn1_type);
tls_print_errors();
return (0);
}
/*
* No returns without cleaning up. A good optimizer will replace multiple
* blocks of identical code by jumps to just one such block.
*/
#define TLS_TEXT_NAME_RETURN(x) do { \
char *__tls_text_name_temp = (x); \
OPENSSL_free(utf8_value); \
return (__tls_text_name_temp); \
} while (0)
/*
* Remove trailing null characters. They would give false alarms with the
* length check and with the embedded null check.
*/
#define TRIM0(s, l) do { while ((l) > 0 && (s)[(l)-1] == 0) --(l); } while (0)
TRIM0(utf8_value, utf8_length);
/*
* Enforce the length limit, because the caller will copy the result into
* a fixed-length buffer.
*/
if (utf8_length >= CCERT_BUFSIZ) {
msg_warn("%s: %s: peer %s too long: %d",
myname, TLScontext->namaddr, label, utf8_length);
TLS_TEXT_NAME_RETURN(0);
}
/*
* Reject embedded nulls in ASCII or UTF-8 names. OpenSSL is responsible
* for producing properly-formatted UTF-8.
*/
if (utf8_length != strlen((char *) utf8_value)) {
msg_warn("%s: %s: NULL character in peer %s",
myname, TLScontext->namaddr, label);
TLS_TEXT_NAME_RETURN(0);
}
/*
* Reject non-printable ASCII characters in UTF-8 content.
*
* Note: the code below does not find control characters in illegal UTF-8
* sequences. It's OpenSSL's job to produce valid UTF-8, and reportedly,
* it does validation.
*/
for (cp = utf8_value; (ch = *cp) != 0; cp++) {
if (ISASCII(ch) && !ISPRINT(ch)) {
msg_warn("%s: %s: non-printable content in peer %s",
myname, TLScontext->namaddr, label);
TLS_TEXT_NAME_RETURN(0);
}
}
TLS_TEXT_NAME_RETURN(mystrdup((char *) utf8_value));
}
/* See RFC 5280 section 4.2.1.6 for SubjectAltName details. */
static gboolean
rspamd_tls_check_subject_altname (X509 *cert, const char *name)
{
STACK_OF(GENERAL_NAME) *altname_stack = NULL;
int addrlen, type;
int count, i;
union {
struct in_addr ip4;
struct in6_addr ip6;
} addrbuf;
gboolean ret = FALSE;
altname_stack = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
if (altname_stack == NULL) {
return FALSE;
}
if (inet_pton (AF_INET, name, &addrbuf) == 1) {
type = GEN_IPADD;
addrlen = 4;
}
else if (inet_pton (AF_INET6, name, &addrbuf) == 1) {
type = GEN_IPADD;
addrlen = 16;
}
else {
type = GEN_DNS;
addrlen = 0;
}
count = sk_GENERAL_NAME_num (altname_stack);
for (i = 0; i < count; i++) {
GENERAL_NAME *altname;
altname = sk_GENERAL_NAME_value (altname_stack, i);
if (altname->type != type) {
continue;
}
if (type == GEN_DNS) {
unsigned char *data;
int format, len;
format = ASN1_STRING_type (altname->d.dNSName);
if (format == V_ASN1_IA5STRING) {
data = ASN1_STRING_data (altname->d.dNSName);
len = ASN1_STRING_length (altname->d.dNSName);
if (len < 0 || len != (gint)strlen (data)) {
ret = FALSE;
break;
}
/*
* Per RFC 5280 section 4.2.1.6:
* " " is a legal domain name, but that
* dNSName must be rejected.
*/
if (strcmp (data, " ") == 0) {
ret = FALSE;
break;
}
if (rspamd_tls_match_name (data, name)) {
ret = TRUE;
break;
}
}
}
else if (type == GEN_IPADD) {
unsigned char *data;
int datalen;
datalen = ASN1_STRING_length (altname->d.iPAddress);
data = ASN1_STRING_data (altname->d.iPAddress);
if (datalen < 0) {
ret = FALSE;
break;
}
/*
* Per RFC 5280 section 4.2.1.6:
* IPv4 must use 4 octets and IPv6 must use 16 octets.
*/
if (datalen == addrlen && memcmp (data, &addrbuf, addrlen) == 0) {
ret = TRUE;
break;
}
}
}
sk_GENERAL_NAME_pop_free (altname_stack, GENERAL_NAME_free);
return ret;
}
static X509_ATTRIBUTE* openssl_new_xattribute(lua_State*L, X509_ATTRIBUTE** a, int idx, const char* eprefix)
{
int arttype;
size_t len;
int nid;
const char* data;
lua_getfield(L, idx, "object");
nid = openssl_get_nid(L, -1);
if (nid == NID_undef)
{
if (eprefix)
{
luaL_error(L, "%s field object is invalid value", eprefix);
}
else
luaL_argcheck(L, nid != NID_undef, idx, "field object is invalid value");
}
lua_pop(L, 1);
lua_getfield(L, idx, "type");
arttype = luaL_checkint(L, -1);
if (arttype == V_ASN1_UNDEF || arttype == 0)
{
if (eprefix)
{
luaL_error(L, "%s field type is not invalid value", eprefix);
}
else
luaL_argcheck(L, nid != NID_undef, idx, "field type is not invalid value");
}
lua_pop(L, 1);
lua_getfield(L, idx, "value");
if (lua_isstring(L, -1))
{
data = lua_tolstring(L, -1, &len);
}
else if (auxiliar_isgroup(L, "openssl.asn1group", -1))
{
ASN1_STRING* value = CHECK_GROUP(-1, ASN1_STRING, "openssl.asn1group");
if (ASN1_STRING_type(value) != arttype)
{
if (eprefix)
luaL_error(L, "%s field value not match type", eprefix);
else
luaL_argcheck(L, ASN1_STRING_type(value) == arttype, idx, "field value not match type");
}
data = (const char *)ASN1_STRING_data(value);
len = ASN1_STRING_length(value);
}
else
{
if (eprefix)
{
luaL_error(L, "%s filed value only accept string or asn1_string", eprefix);
}
else
luaL_argerror(L, idx, "filed value only accept string or asn1_string");
}
lua_pop(L, 1);
return X509_ATTRIBUTE_create_by_NID(a, nid, arttype, data, len);
}
/* Quote from RFC2818 section 3.1 "Server Identity"
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.
Matching is performed using the matching rules specified by
[RFC2459]. If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com.
In some cases, the URI is specified as an IP address rather than a
hostname. In this case, the iPAddress subjectAltName must be present
in the certificate and must exactly match the IP in the URI.
*/
static CURLcode verifyhost(struct connectdata *conn,
X509 *server_cert)
{
bool matched = FALSE; /* no alternative match yet */
int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
int addrlen = 0;
struct SessionHandle *data = conn->data;
STACK_OF(GENERAL_NAME) *altnames;
#ifdef ENABLE_IPV6
struct in6_addr addr;
#else
struct in_addr addr;
#endif
#ifdef ENABLE_IPV6
if(conn->bits.ipv6_ip &&
Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
target = GEN_IPADD;
addrlen = sizeof(struct in6_addr);
}
else
#endif
if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
target = GEN_IPADD;
addrlen = sizeof(struct in_addr);
}
/* get a "list" of alternative names */
altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
if(altnames) {
int numalts;
int i;
/* get amount of alternatives, RFC2459 claims there MUST be at least
one, but we don't depend on it... */
numalts = sk_GENERAL_NAME_num(altnames);
/* loop through all alternatives while none has matched */
for (i=0; (i<numalts) && !matched; i++) {
/* get a handle to alternative name number i */
const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
/* only check alternatives of the same type the target is */
if(check->type == target) {
/* get data and length */
const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
int altlen;
switch(target) {
case GEN_DNS: /* name/pattern comparison */
/* The OpenSSL man page explicitly says: "In general it cannot be
assumed that the data returned by ASN1_STRING_data() is null
terminated or does not contain embedded nulls." But also that
"The actual format of the data will depend on the actual string
type itself: for example for and IA5String the data will be ASCII"
Gisle researched the OpenSSL sources:
"I checked the 0.9.6 and 0.9.8 sources before my patch and
it always 0-terminates an IA5String."
*/
if (cert_hostcheck(altptr, conn->host.name))
matched = TRUE;
break;
case GEN_IPADD: /* IP address comparison */
/* compare alternative IP address if the data chunk is the same size
our server IP address is */
altlen = ASN1_STRING_length(check->d.ia5);
if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
matched = TRUE;
break;
}
}
}
GENERAL_NAMES_free(altnames);
}
if(matched)
/* an alternative name matched the server hostname */
infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
else {
/* we have to look to the last occurence of a commonName in the
distinguished one to get the most significant one. */
int j,i=-1 ;
/* The following is done because of a bug in 0.9.6b */
unsigned char *nulstr = (unsigned char *)"";
unsigned char *peer_CN = nulstr;
X509_NAME *name = X509_get_subject_name(server_cert) ;
if (name)
while ((j=X509_NAME_get_index_by_NID(name,NID_commonName,i))>=0)
i=j;
/* we have the name entry and we will now convert this to a string
that we can use for comparison. Doing this we support BMPstring,
UTF8 etc. */
if (i>=0) {
ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
/* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
is already UTF-8 encoded. We check for this case and copy the raw
string manually to avoid the problem. This code can be made
conditional in the future when OpenSSL has been fixed. Work-around
brought by Alexis S. L. Carvalho. */
if (tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
j = ASN1_STRING_length(tmp);
if (j >= 0) {
peer_CN = OPENSSL_malloc(j+1);
if (peer_CN) {
memcpy(peer_CN, ASN1_STRING_data(tmp), j);
peer_CN[j] = '\0';
}
}
}
else /* not a UTF8 name */
j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
}
if (peer_CN == nulstr)
peer_CN = NULL;
if (!peer_CN) {
if(data->set.ssl.verifyhost > 1) {
failf(data,
"SSL: unable to obtain common name from peer certificate");
return CURLE_SSL_PEER_CERTIFICATE;
}
else {
/* Consider verifyhost == 1 as an "OK" for a missing CN field, but we
output a note about the situation */
infof(data, "\t common name: WARNING couldn't obtain\n");
}
}
else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
if(data->set.ssl.verifyhost > 1) {
failf(data, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", peer_CN, conn->host.dispname);
OPENSSL_free(peer_CN);
return CURLE_SSL_PEER_CERTIFICATE ;
}
else
infof(data, "\t common name: %s (does not match '%s')\n",
peer_CN, conn->host.dispname);
}
else {
infof(data, "\t common name: %s (matched)\n", peer_CN);
OPENSSL_free(peer_CN);
}
}
return CURLE_OK;
}
inline int string::type()
{
return ASN1_STRING_type(ptr().get());
}
/*
* This function is based on verifyhost in libcurl - I hope that it is correct.
*/
static int verify_ssl_host_name(X509 *server_cert, unsigned char *host)
{
unsigned char ipv4_address[4];
#ifdef SUPPORT_IPV6
unsigned char ipv6_address[16];
#endif
unsigned char *address = NULL;
int address_len = 0;
int type = GEN_DNS;
STACK_OF(GENERAL_NAME) *altnames;
if (!numeric_ip_address(host, ipv4_address)) {
address = ipv4_address;
address_len = 4;
type = GEN_IPADD;
}
#ifdef SUPPORT_IPV6
if (!numeric_ipv6_address(host, ipv6_address, NULL)) {
address = ipv6_address;
address_len = 16;
type = GEN_IPADD;
}
#endif
#if 1
altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
if (altnames) {
int retval = 1;
int i;
int n_altnames = sk_GENERAL_NAME_num(altnames);
for (i = 0; i < n_altnames; i++) {
const GENERAL_NAME *altname = sk_GENERAL_NAME_value(altnames, i);
const unsigned char *altname_ptr;
int altname_len;
if (altname->type != type) {
if (altname->type == GEN_IPADD || altname->type == GEN_DNS || altname->type == GEN_URI)
retval = S_INVALID_CERTIFICATE;
continue;
}
altname_ptr = ASN1_STRING_data(altname->d.ia5);
altname_len = ASN1_STRING_length(altname->d.ia5);
if (type == GEN_IPADD) {
if (altname_len == address_len && !memcmp(altname_ptr, address, address_len)) {
retval = 0;
break;
}
} else {
if (altname_len == (int)strlen(cast_const_char altname_ptr) && !check_host_name(altname_ptr, host)) {
retval = 0;
break;
}
}
retval = S_INVALID_CERTIFICATE;
}
sk_GENERAL_NAME_free(altnames);
if (retval != 1)
return retval;
}
#endif
{
unsigned char *nulstr = cast_uchar "";
unsigned char *peer_CN = nulstr;
X509_NAME *name;
int j, i = -1;
retval = 1;
name = X509_get_subject_name(server_cert);
if (name)
while ((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
i = j;
if (i >= 0) {
ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
if (tmp) {
if (ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
j = ASN1_STRING_length(tmp);
if (j >= 0) {
peer_CN = OPENSSL_malloc(j + 1);
if (peer_CN) {
memcpy(peer_CN, ASN1_STRING_data(tmp), j);
peer_CN[j] = '\0';
}
}
} else {
j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
}
if (peer_CN && (int)strlen(cast_const_char peer_CN) != j) {
retval = S_INVALID_CERTIFICATE;
}
}
}
if (peer_CN && peer_CN != nulstr) {
if (retval == 1 && !check_host_name(peer_CN, host))
retval = 0;
OPENSSL_free(peer_CN);
}
if (retval != 1)
return retval;
}
return S_INVALID_CERTIFICATE;
}
CURLcode sxi_verifyhost(sxc_client_t *sx, const char *hostname, X509 *server_cert)
{
int matched = -1; /* -1 is no alternative match yet, 1 means match and 0
means mismatch */
STACK_OF(GENERAL_NAME) *altnames;
CURLcode res = CURLE_OK;
/* get a "list" of alternative names */
altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
if(altnames) {
int numalts;
int i;
/* get amount of alternatives, RFC2459 claims there MUST be at least
one, but we don't depend on it... */
numalts = sk_GENERAL_NAME_num(altnames);
/* loop through all alternatives while none has matched */
for(i=0; (i<numalts) && (matched != 1); i++) {
/* get a handle to alternative name number i */
const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
/* only check alternatives of the same type the target is */
if(check->type == GEN_DNS) {
/* get data and length */
const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
/* name/pattern comparison */
/* The OpenSSL man page explicitly says: "In general it cannot be
assumed that the data returned by ASN1_STRING_data() is null
terminated or does not contain embedded nulls." But also that
"The actual format of the data will depend on the actual string
type itself: for example for and IA5String the data will be ASCII"
Curl uses strlen(altptr) == altlen here to check for embedded \0s.
We use memchr() to be safer from a possible non-null terminated string.
*/
if(!memchr(altptr, 0, altlen) &&
/* if this isn't true, there was an embedded zero in the name
string and we cannot match it. */
Curl_cert_hostcheck(altptr, hostname))
matched = 1;
else
matched = 0;
}
}
GENERAL_NAMES_free(altnames);
}
if(matched == 1)
/* an alternative name matched the server hostname */
SXDEBUG("\t subjectAltName: %s matched\n", hostname);
else if(matched == 0) {
/* an alternative name field existed, but didn't match and then
we MUST fail */
sxi_seterr(sx, SXE_ECOMM, "subjectAltName does not match %s\n", hostname);
res = CURLE_PEER_FAILED_VERIFICATION;
}
else {
/* we have to look to the last occurrence of a commonName in the
distinguished one to get the most significant one. */
int j,i=-1 ;
/* The following is done because of a bug in 0.9.6b */
unsigned char *nulstr = (unsigned char *)"";
unsigned char *peer_CN = nulstr;
X509_NAME *name = X509_get_subject_name(server_cert) ;
if(name)
while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0)
i=j;
/* we have the name entry and we will now convert this to a string
that we can use for comparison. Doing this we support BMPstring,
UTF8 etc. */
if(i>=0) {
ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
/* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
is already UTF-8 encoded. We check for this case and copy the raw
string manually to avoid the problem. This code can be made
conditional in the future when OpenSSL has been fixed. Work-around
brought by Alexis S. L. Carvalho. */
if(tmp) {
if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
j = ASN1_STRING_length(tmp);
if(j >= 0) {
peer_CN = OPENSSL_malloc(j+1);
if(peer_CN) {
memcpy(peer_CN, ASN1_STRING_data(tmp), j);
peer_CN[j] = '\0';
}
}
}
else /* not a UTF8 name */
j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
if(peer_CN && memchr(peer_CN, 0, j)) {
/* there was a terminating zero before the end of string, this
cannot match and we return failure! */
sxi_seterr(sx, SXE_ECOMM, "SSL: illegal cert name field");
res = CURLE_PEER_FAILED_VERIFICATION;
}
}
}
if(peer_CN == nulstr)
peer_CN = NULL;
/* curl would convert from UTF8 to host encoding if built with HAVE_ICONV (not default) */
if(res)
/* error already detected, pass through */
;
else if(!peer_CN) {
SXDEBUG("SSL: unable to obtain common name from peer certificate");
res = CURLE_PEER_FAILED_VERIFICATION;
}
else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
sxi_seterr(sx, SXE_ECOMM, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", peer_CN, hostname);
res = CURLE_PEER_FAILED_VERIFICATION;
}
else {
SXDEBUG("\t common name: %s (matched)\n", peer_CN);
}
if(peer_CN)
OPENSSL_free(peer_CN);
}
return res;
}
static int
_SSL_check_subject_altname (X509 *cert, const char *host)
{
STACK_OF(GENERAL_NAME) *altname_stack = NULL;
GInetAddress *addr;
GSocketFamily family;
int type = GEN_DNS;
int count, i;
int rv = -1;
altname_stack = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
if (altname_stack == NULL)
return -1;
addr = g_inet_address_new_from_string (host);
if (addr != NULL)
{
family = g_inet_address_get_family (addr);
if (family == G_SOCKET_FAMILY_IPV4 || family == G_SOCKET_FAMILY_IPV6)
type = GEN_IPADD;
}
count = sk_GENERAL_NAME_num(altname_stack);
for (i = 0; i < count; i++)
{
GENERAL_NAME *altname;
altname = sk_GENERAL_NAME_value (altname_stack, i);
if (altname->type != type)
continue;
if (type == GEN_DNS)
{
unsigned char *data;
int format;
format = ASN1_STRING_type (altname->d.dNSName);
if (format == V_ASN1_IA5STRING)
{
data = ASN1_STRING_data (altname->d.dNSName);
if (ASN1_STRING_length (altname->d.dNSName) != (int)strlen(data))
{
g_warning("NUL byte in subjectAltName, probably a malicious certificate.\n");
rv = -2;
break;
}
if (_SSL_match_hostname (data, host) == 0)
{
rv = 0;
break;
}
}
else
g_warning ("unhandled subjectAltName dNSName encoding (%d)\n", format);
}
else if (type == GEN_IPADD)
{
unsigned char *data;
const guint8 *addr_bytes;
int datalen, addr_len;
datalen = ASN1_STRING_length (altname->d.iPAddress);
data = ASN1_STRING_data (altname->d.iPAddress);
addr_bytes = g_inet_address_to_bytes (addr);
addr_len = (int)g_inet_address_get_native_size (addr);
if (datalen == addr_len && memcmp (data, addr_bytes, addr_len) == 0)
{
rv = 0;
break;
}
}
}
if (addr != NULL)
g_object_unref (addr);
sk_GENERAL_NAME_free (altname_stack);
return rv;
}
