crypto/x509: don't match bare wildcard

When verifying the name "test", a SAN with a bare wildcard ("*") should
not constitute a match.

Updates #65085

Change-Id: I02151761e2f29f3e358708a3f723af32b0d79288
Reviewed-on: https://go-review.googlesource.com/c/go/+/585076
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/crypto/x509/verify.go

@@ -984,6 +984,11 @@ func validHostname(host string, isPattern bool) bool {
 	if len(host) == 0 {
 		return false
 	}
+	if host == "*" {
+		// Bare wildcards are not allowed, they are not valid DNS names,
+		// nor are they allowed per RFC 6125.
+		return false
+	}
 
 	for i, part := range strings.Split(host, ".") {
 		if part == "" {

src/crypto/x509/verify_test.go

@@ -2811,3 +2811,29 @@ func TestVerifyNilPubKey(t *testing.T) {
 		t.Fatalf("buildChains returned unexpected error, got: %v, want %v", err, UnknownAuthorityError{})
 	}
 }
+
+func TestVerifyBareWildcard(t *testing.T) {
+	k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatalf("failed to generate key: %s", err)
+	}
+	tmpl := &Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject:      pkix.Name{CommonName: "test"},
+		NotBefore:    time.Now().Add(-time.Hour),
+		NotAfter:     time.Now().Add(time.Hour),
+		DNSNames:     []string{"*"},
+	}
+	cDER, err := CreateCertificate(rand.Reader, tmpl, tmpl, k.Public(), k)
+	if err != nil {
+		t.Fatalf("failed to create certificate: %s", err)
+	}
+	c, err := ParseCertificate(cDER)
+	if err != nil {
+		t.Fatalf("failed to parse certificate: %s", err)
+	}
+
+	if err := c.VerifyHostname("label"); err == nil {
+		t.Fatalf("VerifyHostname unexpected success with bare wildcard SAN")
+	}
+}