1 /*
2 * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12
13 #include <openssl/asn1t.h>
14 #include <openssl/conf.h>
15 #include <openssl/err.h>
16 #include <openssl/mem.h>
17 #include <openssl/obj.h>
18 #include <openssl/x509.h>
19
20 #include "../internal.h"
21 #include "ext_dat.h"
22 #include "internal.h"
23
24
25 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
26 const X509V3_CTX *ctx,
27 const STACK_OF(CONF_VALUE) *nval);
28 static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
29 BIO *bp, int ind);
30 static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
31 STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
32 int ind, const char *name);
33 static int print_nc_ipadd(BIO *bp, const ASN1_OCTET_STRING *ip);
34
35 static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
36 static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
37 static int nc_dn(X509_NAME *sub, X509_NAME *nm);
38 static int nc_dns(const ASN1_IA5STRING *sub, const ASN1_IA5STRING *dns);
39 static int nc_email(const ASN1_IA5STRING *sub, const ASN1_IA5STRING *eml);
40 static int nc_uri(const ASN1_IA5STRING *uri, const ASN1_IA5STRING *base);
41
42 const X509V3_EXT_METHOD v3_name_constraints = {
43 NID_name_constraints,
44 0,
45 ASN1_ITEM_ref(NAME_CONSTRAINTS),
46 0,
47 0,
48 0,
49 0,
50 0,
51 0,
52 0,
53 v2i_NAME_CONSTRAINTS,
54 i2r_NAME_CONSTRAINTS,
55 0,
56 NULL,
57 };
58
ASN1_SEQUENCE(GENERAL_SUBTREE)59 ASN1_SEQUENCE(GENERAL_SUBTREE) = {
60 ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
61 ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
62 ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1),
63 } ASN1_SEQUENCE_END(GENERAL_SUBTREE)
64
65 ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
66 ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
67 GENERAL_SUBTREE, 0),
68 ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
69 GENERAL_SUBTREE, 1),
70 } ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
71
72
73 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
74 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
75
76 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
77 const X509V3_CTX *ctx,
78 const STACK_OF(CONF_VALUE) *nval) {
79 STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
80 NAME_CONSTRAINTS *ncons = NULL;
81 GENERAL_SUBTREE *sub = NULL;
82 ncons = NAME_CONSTRAINTS_new();
83 if (!ncons) {
84 goto err;
85 }
86 for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) {
87 const CONF_VALUE *val = sk_CONF_VALUE_value(nval, i);
88 CONF_VALUE tval;
89 if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
90 ptree = &ncons->permittedSubtrees;
91 tval.name = val->name + 10;
92 } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
93 ptree = &ncons->excludedSubtrees;
94 tval.name = val->name + 9;
95 } else {
96 OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SYNTAX);
97 goto err;
98 }
99 tval.value = val->value;
100 sub = GENERAL_SUBTREE_new();
101 if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) {
102 goto err;
103 }
104 if (!*ptree) {
105 *ptree = sk_GENERAL_SUBTREE_new_null();
106 }
107 if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) {
108 goto err;
109 }
110 sub = NULL;
111 }
112
113 return ncons;
114
115 err:
116 NAME_CONSTRAINTS_free(ncons);
117 GENERAL_SUBTREE_free(sub);
118 return NULL;
119 }
120
i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD * method,void * a,BIO * bp,int ind)121 static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
122 BIO *bp, int ind) {
123 NAME_CONSTRAINTS *ncons = reinterpret_cast<NAME_CONSTRAINTS *>(a);
124 do_i2r_name_constraints(method, ncons->permittedSubtrees, bp, ind,
125 "Permitted");
126 do_i2r_name_constraints(method, ncons->excludedSubtrees, bp, ind, "Excluded");
127 return 1;
128 }
129
do_i2r_name_constraints(const X509V3_EXT_METHOD * method,STACK_OF (GENERAL_SUBTREE)* trees,BIO * bp,int ind,const char * name)130 static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
131 STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
132 int ind, const char *name) {
133 GENERAL_SUBTREE *tree;
134 size_t i;
135 if (sk_GENERAL_SUBTREE_num(trees) > 0) {
136 BIO_printf(bp, "%*s%s:\n", ind, "", name);
137 }
138 for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
139 tree = sk_GENERAL_SUBTREE_value(trees, i);
140 BIO_printf(bp, "%*s", ind + 2, "");
141 if (tree->base->type == GEN_IPADD) {
142 print_nc_ipadd(bp, tree->base->d.ip);
143 } else {
144 GENERAL_NAME_print(bp, tree->base);
145 }
146 BIO_puts(bp, "\n");
147 }
148 return 1;
149 }
150
print_nc_ipadd(BIO * bp,const ASN1_OCTET_STRING * ip)151 static int print_nc_ipadd(BIO *bp, const ASN1_OCTET_STRING *ip) {
152 int i, len;
153 unsigned char *p;
154 p = ip->data;
155 len = ip->length;
156 BIO_puts(bp, "IP:");
157 if (len == 8) {
158 BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", p[0], p[1], p[2], p[3], p[4],
159 p[5], p[6], p[7]);
160 } else if (len == 32) {
161 for (i = 0; i < 16; i++) {
162 uint16_t v = ((uint16_t)p[0] << 8) | p[1];
163 BIO_printf(bp, "%X", v);
164 p += 2;
165 if (i == 7) {
166 BIO_puts(bp, "/");
167 } else if (i != 15) {
168 BIO_puts(bp, ":");
169 }
170 }
171 } else {
172 BIO_printf(bp, "IP Address:<invalid>");
173 }
174 return 1;
175 }
176
177 //-
178 // Check a certificate conforms to a specified set of constraints.
179 // Return values:
180 // X509_V_OK: All constraints obeyed.
181 // X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation.
182 // X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation.
183 // X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type.
184 // X509_V_ERR_UNSPECIFIED: Unspecified error.
185 // X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type.
186 // X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: Bad or unsupported constraint
187 // syntax.
188 // X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: Bad or unsupported syntax of name.
189
NAME_CONSTRAINTS_check(X509 * x,NAME_CONSTRAINTS * nc)190 int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) {
191 int r, i;
192 size_t j;
193 X509_NAME *nm;
194
195 nm = X509_get_subject_name(x);
196
197 // Guard against certificates with an excessive number of names or
198 // constraints causing a computationally expensive name constraints
199 // check.
200 size_t name_count =
201 X509_NAME_entry_count(nm) + sk_GENERAL_NAME_num(x->altname);
202 size_t constraint_count = sk_GENERAL_SUBTREE_num(nc->permittedSubtrees) +
203 sk_GENERAL_SUBTREE_num(nc->excludedSubtrees);
204 size_t check_count = constraint_count * name_count;
205 if (name_count < (size_t)X509_NAME_entry_count(nm) ||
206 constraint_count < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees) ||
207 (constraint_count && check_count / constraint_count != name_count) ||
208 check_count > 1 << 20) {
209 return X509_V_ERR_UNSPECIFIED;
210 }
211
212 if (X509_NAME_entry_count(nm) > 0) {
213 GENERAL_NAME gntmp;
214 gntmp.type = GEN_DIRNAME;
215 gntmp.d.directoryName = nm;
216
217 r = nc_match(&gntmp, nc);
218
219 if (r != X509_V_OK) {
220 return r;
221 }
222
223 gntmp.type = GEN_EMAIL;
224
225 // Process any email address attributes in subject name
226
227 for (i = -1;;) {
228 i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i);
229 if (i == -1) {
230 break;
231 }
232 const X509_NAME_ENTRY *ne = X509_NAME_get_entry(nm, i);
233 gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
234 if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING) {
235 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
236 }
237
238 r = nc_match(&gntmp, nc);
239
240 if (r != X509_V_OK) {
241 return r;
242 }
243 }
244 }
245
246 for (j = 0; j < sk_GENERAL_NAME_num(x->altname); j++) {
247 GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, j);
248 r = nc_match(gen, nc);
249 if (r != X509_V_OK) {
250 return r;
251 }
252 }
253
254 return X509_V_OK;
255 }
256
nc_match(GENERAL_NAME * gen,NAME_CONSTRAINTS * nc)257 static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) {
258 GENERAL_SUBTREE *sub;
259 int r, match = 0;
260 size_t i;
261
262 // Permitted subtrees: if any subtrees exist of matching the type at
263 // least one subtree must match.
264
265 for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
266 sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
267 if (gen->type != sub->base->type) {
268 continue;
269 }
270 if (sub->minimum || sub->maximum) {
271 return X509_V_ERR_SUBTREE_MINMAX;
272 }
273 // If we already have a match don't bother trying any more
274 if (match == 2) {
275 continue;
276 }
277 if (match == 0) {
278 match = 1;
279 }
280 r = nc_match_single(gen, sub->base);
281 if (r == X509_V_OK) {
282 match = 2;
283 } else if (r != X509_V_ERR_PERMITTED_VIOLATION) {
284 return r;
285 }
286 }
287
288 if (match == 1) {
289 return X509_V_ERR_PERMITTED_VIOLATION;
290 }
291
292 // Excluded subtrees: must not match any of these
293
294 for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
295 sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
296 if (gen->type != sub->base->type) {
297 continue;
298 }
299 if (sub->minimum || sub->maximum) {
300 return X509_V_ERR_SUBTREE_MINMAX;
301 }
302
303 r = nc_match_single(gen, sub->base);
304 if (r == X509_V_OK) {
305 return X509_V_ERR_EXCLUDED_VIOLATION;
306 } else if (r != X509_V_ERR_PERMITTED_VIOLATION) {
307 return r;
308 }
309 }
310
311 return X509_V_OK;
312 }
313
nc_match_single(GENERAL_NAME * gen,GENERAL_NAME * base)314 static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) {
315 switch (base->type) {
316 case GEN_DIRNAME:
317 return nc_dn(gen->d.directoryName, base->d.directoryName);
318
319 case GEN_DNS:
320 return nc_dns(gen->d.dNSName, base->d.dNSName);
321
322 case GEN_EMAIL:
323 return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
324
325 case GEN_URI:
326 return nc_uri(gen->d.uniformResourceIdentifier,
327 base->d.uniformResourceIdentifier);
328
329 default:
330 return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
331 }
332 }
333
334 // directoryName name constraint matching. The canonical encoding of
335 // X509_NAME makes this comparison easy. It is matched if the subtree is a
336 // subset of the name.
337
nc_dn(X509_NAME * nm,X509_NAME * base)338 static int nc_dn(X509_NAME *nm, X509_NAME *base) {
339 // Ensure canonical encodings are up to date.
340 if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) {
341 return X509_V_ERR_OUT_OF_MEM;
342 }
343 if (base->modified && i2d_X509_NAME(base, NULL) < 0) {
344 return X509_V_ERR_OUT_OF_MEM;
345 }
346 if (base->canon_enclen > nm->canon_enclen) {
347 return X509_V_ERR_PERMITTED_VIOLATION;
348 }
349 if (OPENSSL_memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) {
350 return X509_V_ERR_PERMITTED_VIOLATION;
351 }
352 return X509_V_OK;
353 }
354
starts_with(const CBS * cbs,uint8_t c)355 static int starts_with(const CBS *cbs, uint8_t c) {
356 return CBS_len(cbs) > 0 && CBS_data(cbs)[0] == c;
357 }
358
equal_case(const CBS * a,const CBS * b)359 static int equal_case(const CBS *a, const CBS *b) {
360 if (CBS_len(a) != CBS_len(b)) {
361 return 0;
362 }
363 // Note we cannot use |OPENSSL_strncasecmp| because that would stop
364 // iterating at NUL.
365 const uint8_t *a_data = CBS_data(a), *b_data = CBS_data(b);
366 for (size_t i = 0; i < CBS_len(a); i++) {
367 if (OPENSSL_tolower(a_data[i]) != OPENSSL_tolower(b_data[i])) {
368 return 0;
369 }
370 }
371 return 1;
372 }
373
has_suffix_case(const CBS * a,const CBS * b)374 static int has_suffix_case(const CBS *a, const CBS *b) {
375 if (CBS_len(a) < CBS_len(b)) {
376 return 0;
377 }
378 CBS copy = *a;
379 CBS_skip(©, CBS_len(a) - CBS_len(b));
380 return equal_case(©, b);
381 }
382
nc_dns(const ASN1_IA5STRING * dns,const ASN1_IA5STRING * base)383 static int nc_dns(const ASN1_IA5STRING *dns, const ASN1_IA5STRING *base) {
384 CBS dns_cbs, base_cbs;
385 CBS_init(&dns_cbs, dns->data, dns->length);
386 CBS_init(&base_cbs, base->data, base->length);
387
388 // Empty matches everything
389 if (CBS_len(&base_cbs) == 0) {
390 return X509_V_OK;
391 }
392
393 // If |base_cbs| begins with a '.', do a simple suffix comparison. This is
394 // not part of RFC5280, but is part of OpenSSL's original behavior.
395 if (starts_with(&base_cbs, '.')) {
396 if (has_suffix_case(&dns_cbs, &base_cbs)) {
397 return X509_V_OK;
398 }
399 return X509_V_ERR_PERMITTED_VIOLATION;
400 }
401
402 // Otherwise can add zero or more components on the left so compare RHS
403 // and if dns is longer and expect '.' as preceding character.
404 if (CBS_len(&dns_cbs) > CBS_len(&base_cbs)) {
405 uint8_t dot;
406 if (!CBS_skip(&dns_cbs, CBS_len(&dns_cbs) - CBS_len(&base_cbs) - 1) ||
407 !CBS_get_u8(&dns_cbs, &dot) || dot != '.') {
408 return X509_V_ERR_PERMITTED_VIOLATION;
409 }
410 }
411
412 if (!equal_case(&dns_cbs, &base_cbs)) {
413 return X509_V_ERR_PERMITTED_VIOLATION;
414 }
415
416 return X509_V_OK;
417 }
418
nc_email(const ASN1_IA5STRING * eml,const ASN1_IA5STRING * base)419 static int nc_email(const ASN1_IA5STRING *eml, const ASN1_IA5STRING *base) {
420 CBS eml_cbs, base_cbs;
421 CBS_init(&eml_cbs, eml->data, eml->length);
422 CBS_init(&base_cbs, base->data, base->length);
423
424 // TODO(davidben): In OpenSSL 1.1.1, this switched from the first '@' to the
425 // last one. Match them here, or perhaps do an actual parse. Looks like
426 // multiple '@'s may be allowed in quoted strings.
427 CBS eml_local, base_local;
428 if (!CBS_get_until_first(&eml_cbs, &eml_local, '@')) {
429 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
430 }
431 int base_has_at = CBS_get_until_first(&base_cbs, &base_local, '@');
432
433 // Special case: initial '.' is RHS match
434 if (!base_has_at && starts_with(&base_cbs, '.')) {
435 if (has_suffix_case(&eml_cbs, &base_cbs)) {
436 return X509_V_OK;
437 }
438 return X509_V_ERR_PERMITTED_VIOLATION;
439 }
440
441 // If we have anything before '@' match local part
442 if (base_has_at) {
443 // TODO(davidben): This interprets a constraint of "@example.com" as
444 // "example.com", which is not part of RFC5280.
445 if (CBS_len(&base_local) > 0) {
446 // Case sensitive match of local part
447 if (!CBS_mem_equal(&base_local, CBS_data(&eml_local),
448 CBS_len(&eml_local))) {
449 return X509_V_ERR_PERMITTED_VIOLATION;
450 }
451 }
452 // Position base after '@'
453 assert(starts_with(&base_cbs, '@'));
454 CBS_skip(&base_cbs, 1);
455 }
456
457 // Just have hostname left to match: case insensitive
458 assert(starts_with(&eml_cbs, '@'));
459 CBS_skip(&eml_cbs, 1);
460 if (!equal_case(&base_cbs, &eml_cbs)) {
461 return X509_V_ERR_PERMITTED_VIOLATION;
462 }
463
464 return X509_V_OK;
465 }
466
nc_uri(const ASN1_IA5STRING * uri,const ASN1_IA5STRING * base)467 static int nc_uri(const ASN1_IA5STRING *uri, const ASN1_IA5STRING *base) {
468 CBS uri_cbs, base_cbs;
469 CBS_init(&uri_cbs, uri->data, uri->length);
470 CBS_init(&base_cbs, base->data, base->length);
471
472 // Check for foo:// and skip past it
473 CBS scheme;
474 uint8_t byte;
475 if (!CBS_get_until_first(&uri_cbs, &scheme, ':') ||
476 !CBS_skip(&uri_cbs, 1) || // Skip the colon
477 !CBS_get_u8(&uri_cbs, &byte) || byte != '/' ||
478 !CBS_get_u8(&uri_cbs, &byte) || byte != '/') {
479 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
480 }
481
482 // Look for a port indicator as end of hostname first. Otherwise look for
483 // trailing slash, or the end of the string.
484 // TODO(davidben): This is not a correct URI parser and mishandles IPv6
485 // literals.
486 CBS host;
487 if (!CBS_get_until_first(&uri_cbs, &host, ':') &&
488 !CBS_get_until_first(&uri_cbs, &host, '/')) {
489 host = uri_cbs;
490 }
491
492 if (CBS_len(&host) == 0) {
493 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
494 }
495
496 // Special case: initial '.' is RHS match
497 if (starts_with(&base_cbs, '.')) {
498 if (has_suffix_case(&host, &base_cbs)) {
499 return X509_V_OK;
500 }
501 return X509_V_ERR_PERMITTED_VIOLATION;
502 }
503
504 if (!equal_case(&base_cbs, &host)) {
505 return X509_V_ERR_PERMITTED_VIOLATION;
506 }
507
508 return X509_V_OK;
509 }
510