1 /* Copyright (c) 2016, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <limits.h>
16
17 #include <algorithm>
18 #include <functional>
19 #include <string>
20 #include <vector>
21
22 #include <gtest/gtest.h>
23
24 #include <openssl/asn1.h>
25 #include <openssl/bio.h>
26 #include <openssl/bytestring.h>
27 #include <openssl/conf.h>
28 #include <openssl/crypto.h>
29 #include <openssl/curve25519.h>
30 #include <openssl/digest.h>
31 #include <openssl/err.h>
32 #include <openssl/nid.h>
33 #include <openssl/pem.h>
34 #include <openssl/pool.h>
35 #include <openssl/x509.h>
36
37 #include "internal.h"
38 #include "../internal.h"
39 #include "../test/file_util.h"
40 #include "../test/test_data.h"
41 #include "../test/test_util.h"
42
43 #if defined(OPENSSL_THREADS)
44 #include <thread>
45 #endif
46
47
48 static const char kCrossSigningRootPEM[] = R"(
49 -----BEGIN CERTIFICATE-----
50 MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
51 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
52 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE
53 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
54 dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp
55 ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5
56 EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP
57 RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud
58 JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud
59 DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF
60 lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC
61 CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr
62 +3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3
63 YFXvkME=
64 -----END CERTIFICATE-----
65 )";
66
67 static const char kRootCAPEM[] = R"(
68 -----BEGIN CERTIFICATE-----
69 MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE
70 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx
71 MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU
72 RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
73 iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM
74 2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ
75 w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO
76 BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G
77 A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j
78 BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za
79 kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN
80 +9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2
81 kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ==
82 -----END CERTIFICATE-----
83 )";
84
85 static const char kRootCrossSignedPEM[] = R"(
86 -----BEGIN CERTIFICATE-----
87 MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
88 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
89 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE
90 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI
91 hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU
92 8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE
93 bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb
94 SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD
95 AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc
96 flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB
97 CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q
98 9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU
99 90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV
100 -----END CERTIFICATE-----
101 )";
102
103 static const char kIntermediatePEM[] = R"(
104 -----BEGIN CERTIFICATE-----
105 MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV
106 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw
107 MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg
108 VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB
109 AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl
110 blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu
111 CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID
112 AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
113 AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy
114 BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB
115 gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY
116 ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB
117 aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg==
118 -----END CERTIFICATE-----
119 )";
120
121 static const char kIntermediateSelfSignedPEM[] = R"(
122 -----BEGIN CERTIFICATE-----
123 MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
124 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
125 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv
126 cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ
127 KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX
128 jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS
129 JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N
130 WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF
131 BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2
132 211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
133 DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT
134 6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI
135 E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH
136 -----END CERTIFICATE-----
137 )";
138
139 static const char kLeafPEM[] = R"(
140 -----BEGIN CERTIFICATE-----
141 MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE
142 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg
143 Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y
144 aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3
145 DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c
146 oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j
147 5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh
148 TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
149 CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0
150 4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB
151 gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y
152 rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU
153 xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg==
154 -----END CERTIFICATE-----
155 )";
156
157 static const char kLeafNoKeyUsagePEM[] = R"(
158 -----BEGIN CERTIFICATE-----
159 MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
160 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
161 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv
162 cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G
163 CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp
164 ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk
165 j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ
166 YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1
167 27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN
168 AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe
169 6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D
170 uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk=
171 -----END CERTIFICATE-----
172 )";
173
174 static const char kForgeryPEM[] = R"(
175 -----BEGIN CERTIFICATE-----
176 MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE
177 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w
178 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv
179 cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf
180 MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy
181 xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm
182 0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3
183 OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
184 KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM
185 8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG
186 9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf
187 DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4
188 4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg==
189 -----END CERTIFICATE-----
190 )";
191
192 // kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters.
193 static const char kBadPSSCertPEM[] = R"(
194 -----BEGIN CERTIFICATE-----
195 MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
196 AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
197 VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
198 NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
199 ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
200 qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
201 IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
202 IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
203 dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
204 QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
205 5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
206 4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
207 Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
208 BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
209 xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
210 plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
211 DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
212 NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
213 lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
214 -----END CERTIFICATE-----
215 )";
216
217 static const char kRSAKey[] = R"(
218 -----BEGIN RSA PRIVATE KEY-----
219 MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92
220 kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF
221 KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB
222 AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe
223 i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+
224 WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ
225 m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj
226 QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk
227 aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj
228 LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk
229 104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/
230 tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd
231 moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==
232 -----END RSA PRIVATE KEY-----
233 )";
234
235 static const char kP256Key[] = R"(
236 -----BEGIN PRIVATE KEY-----
237 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ
238 TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N
239 Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB
240 -----END PRIVATE KEY-----
241 )";
242
243 // kCRLTestRoot is a test root certificate. It has private key:
244 //
245 // -----BEGIN RSA PRIVATE KEY-----
246 // MIIEpAIBAAKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3BS/dUBpbrzd1aeFzN
247 // lI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+5R/Du0iCb1tCZIPY
248 // 07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWpuRqO6rctN9qUoMlT
249 // IAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n8H922qmvPNA9idmX
250 // 9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbLP2o9orxGx7aCtnnB
251 // ZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABAoIBAQCJF9MTHfHGkk+/
252 // DwCXlA0Wg0e6hBuHl10iNobYkMWIl/xXjOknhYiqOqb181py76472SVC5ERprC+r
253 // Lf0PXzqKuA117mnkwT2bYLCL9Skf8WEhoFLQNbVlloF6wYjqXcYgKYKh8HgQbZl4
254 // aLg2YQl2NADTNABsUWj/4H2WEelsODVviqfFs725lFg9KHDI8zxAZXLzDt/M9uVL
255 // GxJiX12tr0AwaeAFZ1oPM/y+LznM3N3+Ht3jHHw3jZ/u8Z1RdAmdpu3bZ6tbwGBr
256 // 9edsH5rKkm9aBvMrY7eX5VHqaqyRNFyG152ZOJh4XiiFG7EmgTPCpaHo50Y018Re
257 // grVtk+FBAoGBANY3lY+V8ZOwMxSHes+kTnoimHO5Ob7nxrOC71i27x+4HHsYUeAr
258 // /zOOghiDIn+oNkuiX5CIOWZKx159Bp65CPpCbTb/fh+HYnSgXFgCw7XptycO7LXM
259 // 5GwR5jSfpfzBFdYxjxoUzDMFBwTEYRTm0HkUHkH+s+ajjw5wqqbcGLcfAoGBAMM8
260 // DKW6Tb66xsf708f0jonAjKYTLZ+WOcwsBEWSFHoY8dUjvW5gqx5acHTEsc5ZTeh4
261 // BCFLa+Mn9cuJWVJNs09k7Xb2PNl92HQ4GN2vbdkJhExbkT6oLDHg1hVD0w8KLfz1
262 // lTAW6pS+6CdOHMEJpvqx89EgU/1GgIQ1fXYczE75AoGAKeJoXdDFkUjsU+FBhAPu
263 // TDcjc80Nm2QaF9NMFR5/lsYa236f06MGnQAKM9zADBHJu/Qdl1brUjLg1HrBppsr
264 // RDNkw1IlSOjhuUf5hkPUHGd8Jijm440SRIcjabqla8wdBupdvo2+d2NOQgJbsQiI
265 // ToQ+fkzcxAXK3Nnuo/1436UCgYBjLH7UNOZHS8OsVM0I1r8NVKVdu4JCfeJQR8/H
266 // s2P5ffBir+wLRMnH+nMDreMQiibcPxMCArkERAlE4jlgaJ38Z62E76KLbLTmnJRt
267 // EC9Bv+bXjvAiHvWMRMUbOj/ddPNVez7Uld+FvdBaHwDWQlvzHzBWfBCOKSEhh7Z6
268 // qDhUqQKBgQDPMDx2i5rfmQp3imV9xUcCkIRsyYQVf8Eo7NV07IdUy/otmksgn4Zt
269 // Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM
270 // vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ==
271 // -----END RSA PRIVATE KEY-----
272 static const char kCRLTestRoot[] = R"(
273 -----BEGIN CERTIFICATE-----
274 MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV
275 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
276 aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0
277 MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
278 A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq
279 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B
280 S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+
281 5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp
282 uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n
283 8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL
284 P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw
285 TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3
286 N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
287 AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz
288 EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN
289 XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B
290 3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5
291 24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw
292 amd8GKMZQvP0ufGnUn7D7uartA==
293 -----END CERTIFICATE-----
294 )";
295
296 static const char kCRLTestLeaf[] = R"(
297 -----BEGIN CERTIFICATE-----
298 MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx
299 EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ
300 BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa
301 MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC
302 b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA
303 A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9
304 8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP
305 ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx
306 e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX
307 +saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu
308 OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC
309 MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
310 MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3
311 lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw
312 XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ
313 ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh
314 lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql
315 ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC
316 5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG
317 tjJMFw==
318 -----END CERTIFICATE-----
319 )";
320
321 static const char kBasicCRL[] = R"(
322 -----BEGIN X509 CRL-----
323 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
324 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
325 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
326 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
327 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
328 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
329 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
330 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
331 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
332 -----END X509 CRL-----
333 )";
334
335 static const char kRevokedCRL[] = R"(
336 -----BEGIN X509 CRL-----
337 MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
338 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
339 Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMD8wEwICEAAX
340 DTE2MDkyNjE1MTIyNlowEwICD/8XDTE2MDkyNjE1MTIyNlowEwICEAEXDTE2MDky
341 NjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQAuepA9
342 byX4PkpJcYKb+Ofn6f/mgB4Sh1BBRp0HMFm7Q3jryXB6yPZYp7UtwAufZUzbV42U
343 kOifOtDyQbu+fcpnpb4D9oWoFlr4DGQ+n23wujHizoTEYhhcZMj4U5yooDfmK4lI
344 GU6zzQZKG+1PaS6Dm4f6+kA+ekVUP+ZVjPqHP/K7Uv6akSKV7gAWs49N5QjrJKMQ
345 3Igrbg4Et2ipaYgThGj8t1MUZdVY4UPtQ8oltSHkFEvH4PxOW/xKpHT4QQMl/WTT
346 QsQqOlRJBG2ci7pu1fzOylY35YFEAApkND/MkQjQfylNNgCzDWWAPQx0pDvVKQ0v
347 WXdfcGJRL1D3xRXk
348 -----END X509 CRL-----
349 )";
350
351 static const char kBadIssuerCRL[] = R"(
352 -----BEGIN X509 CRL-----
353 MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE
354 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN
355 Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC
356 AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF
357 AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP
358 t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB
359 cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL
360 TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q
361 L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g
362 Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==
363 -----END X509 CRL-----
364 )";
365
366 // kKnownCriticalCRL is kBasicCRL but with a critical issuing distribution point
367 // extension.
368 static const char kKnownCriticalCRL[] = R"(
369 -----BEGIN X509 CRL-----
370 MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
371 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
372 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV
373 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq
374 3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs
375 kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs
376 fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN
377 xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h
378 6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP
379 9dMWxqhQlv23osLp
380 -----END X509 CRL-----
381 )";
382
383 // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
384 static const char kUnknownCriticalCRL[] = R"(
385 -----BEGIN X509 CRL-----
386 MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
387 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
388 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV
389 HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA
390 GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib
391 Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC
392 yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ
393 +wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC
394 nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB
395 kwzzU2rL3G65CrZ7H0SZsQ==
396 -----END X509 CRL-----
397 )";
398
399 // kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
400 // point extension followed by an unknown critical extension
401 static const char kUnknownCriticalCRL2[] = R"(
402 -----BEGIN X509 CRL-----
403 MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
404 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
405 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV
406 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G
407 CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO
408 myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq
409 5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4
410 tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN
411 KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne
412 YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi
413 -----END X509 CRL-----
414 )";
415
416 // kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing
417 // distribution point extension.
418 static const char kBadExtensionCRL[] = R"(
419 -----BEGIN X509 CRL-----
420 MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
421 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
422 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV
423 HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3
424 i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q
425 mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ
426 NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A
427 3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+
428 7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp
429 o/1TpfOMSGhMyMoyPrk=
430 -----END X509 CRL-----
431 )";
432
433 // kAlgorithmMismatchCRL is kBasicCRL but with mismatched AlgorithmIdentifiers
434 // in the outer structure and signed portion. The signature reflects the signed
435 // portion.
436 static const char kAlgorithmMismatchCRL[] = R"(
437 -----BEGIN X509 CRL-----
438 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
439 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
440 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
441 HRQEAwIBATANBgkqhkiG9w0BAQwFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
442 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
443 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
444 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
445 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
446 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
447 -----END X509 CRL-----
448 )";
449
450 // kAlgorithmMismatchCRL2 is kBasicCRL but with mismatched AlgorithmIdentifiers
451 // in the outer structure and signed portion. The signature reflects the outer
452 // structure.
453 static const char kAlgorithmMismatchCRL2[] = R"(
454 -----BEGIN X509 CRL-----
455 MIIBpzCBkAIBATANBgkqhkiG9w0BAQwFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
456 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
457 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
458 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAjCWtU7AK8nQ5TCFfzvbU04MWNuLp
459 iZfqapRSRyMta4pyRomK773rEmJmYOc/ZNeIphVOlupMgGC2wyv5Z/SD1mxccJbv
460 SlUWciwjskjgvyyU9KnJ5xPgf3e3Fl3G0u9yJEFd4mg6fRavs5pEDX56b0f+SkG+
461 Vl1FZU94Uylm2kCqk9fRpTxualPGP6dksj3Aitt4x2Vdni4sUfg9vIEEOx2jnisq
462 iLqpT94IdETCWAciE0dgbogdOOsNzMqSASfHM/XPigYLXpYgfaR8fca6OKDwFsVH
463 SrkFz8Se3F6mCHnbDzYElbmA46iKU2J12LTrso3Ewq/qHq0mebfp2z0y6g==
464 -----END X509 CRL-----
465 )";
466
467 // kEd25519Cert is a self-signed Ed25519 certificate.
468 static const char kEd25519Cert[] = R"(
469 -----BEGIN CERTIFICATE-----
470 MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET
471 MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
472 dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE
473 BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
474 ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj
475 Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD
476 VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr
477 ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL
478 r+VHVKUhsrvcdCelnXRrrSD7xWAL
479 -----END CERTIFICATE-----
480 )";
481
482 // kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in
483 // the signature algorithm.
484 static const char kEd25519CertNull[] = R"(
485 -----BEGIN CERTIFICATE-----
486 MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV
487 MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
488 IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD
489 VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg
490 V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa
491 piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf
492 BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG
493 AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr
494 recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw==
495 -----END CERTIFICATE-----
496 )";
497
498 // kX25519 is the example X25519 certificate from
499 // https://tools.ietf.org/html/rfc8410#section-10.2
500 static const char kX25519Cert[] = R"(
501 -----BEGIN CERTIFICATE-----
502 MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
503 N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
504 DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
505 ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
506 BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
507 /BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
508 w1AH9efZBw==
509 -----END CERTIFICATE-----
510 )";
511
512 // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
513 // contains SANS for example.com, [email protected], 127.0.0.1, and
514 // https://example.com/. (The latter is useless for now since crypto/x509
515 // doesn't deal with URI SANs directly.)
516 static const char kSANTypesLeaf[] = R"(
517 -----BEGIN CERTIFICATE-----
518 MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV
519 BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw
520 MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx
521 FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
522 gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9
523 KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc
524 O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G
525 A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
526 VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS
527 gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0
528 QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG
529 9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf
530 dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk
531 jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw==
532 -----END CERTIFICATE-----
533 )";
534
535 // -----BEGIN RSA PRIVATE KEY-----
536 // MIICWwIBAAKBgQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+
537 // l3mYQPtPbRT9KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB
538 // 1NkrKyQjd1scO711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQAB
539 // AoGACwf7z0i1DxOI2zSwFimLghfyCSp8mgT3fbZ3Wj0SebYu6ZUffjceneM/AVrq
540 // gGYHYLOVHcWJqfkl7X3hPo9SDhzLx0mM545/q21ZWCwjhswH7WiCEqV2/zeDO9WU
541 // NIO1VU0VoLm0AQ7ZvwnyB+fpgF9kkkDtbBJW7XWrfNVtlnECQQD97YENpEJ3X1kj
542 // 3rrkrHWDkKAyoWWY1i8Fm7LnganC9Bv6AVwgn5ZlE/479aWHF8vbOFEA3pFPiNZJ
543 // t9FTCfpJAkEA3RCXjGI0Y6GALFLwEs+nL/XZAfJaIpJEZVLCVosYQOSaMS4SchfC
544 // GGYVquT7ZgKk9uvz89Fg87OtBMWS9lrkHwJADGkGLKeBhBoJ3kHtem2fVK3F1pOi
545 // xoR5SdnhNYVVyaxqjZ5xZTrHe+stOrr3uxGDqhQniVZXXb6/Ul0Egv1y2QJAVg/h
546 // kAujba4wIhFf2VLyOZ+yjil1ocPj0LZ5Zgvcs1bMGJ1hHP3W2HzVrqRaowoggui1
547 // HpTC891dXGA2qKYV7QJAFDmT2A7OVvh3y4AEgzVwHrDmCMwMHKjCIntS7fjxrJnF
548 // YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w==
549 // -----END RSA PRIVATE KEY-----
550
551 static const char kSANTypesRoot[] = R"(
552 -----BEGIN CERTIFICATE-----
553 MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE
554 ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw
555 MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ
556 MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/
557 EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy
558 SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J
559 1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/
560 BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E
561 BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3
562 1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f
563 c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH
564 bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms
565 d5YVX0c90VMnUhF/dlrqS9U=
566 -----END CERTIFICATE-----
567 )";
568
569 // -----BEGIN RSA PRIVATE KEY-----
570 // MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V
571 // Imi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2
572 // m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQAB
573 // AoGALEF5daZqc+aEsp8X1yky3nsoheyPL0kqSBWii33IFemZgKcSaRnAoqjPWWLS
574 // 8dHj0I/4rej2MW8iuezVSpDak9tK5boHORC3w4p/wifkizQkLt1DANxTVbzcKvrt
575 // aZ7LjVaKkhjRJbLddniowFHkkWVbUccjvzcUd7Y2VuLbAhECQQDq4FE88aHio8zg
576 // bxSd0PwjEFwLYQTR19u812SoR8PmR6ofIL+pDwOV+fVs+OGcAAOgkhIukOrksQ4A
577 // 1cKtnyhXAkEA/gRI+u3tZ7UE1twIkBfZ6IvCdRodkPqHAYIxMRLzL+MhyZt4MEGc
578 // Ngb/F6U9/WOBFnoR/PI7IwE3ejutzKcL+QJBAKh+6eilk7QKPETZi1m3/dmNt+p1
579 // 3EZJ65pqjwxmB3Rg/vs7vCMk4TarTdSyKu+F1xRPFfoP/mK3Xctdjj6NyhsCQAYF
580 // 7/0TOzfkUPMPUJyqFB6xgbDpJ55ScnUUsznoqx+NkTWInDb4t02IqO/UmT2y6FKy
581 // Hk8TJ1fTJY+ebqaVp3ECQApx9gQ+n0zIhx97FMUuiRse73xkcW4+pZ8nF+8DmeQL
582 // /JKuuFGmzkG+rUbXFmo/Zg2ozVplw71NnQJ4znPsf7A=
583 // -----END RSA PRIVATE KEY-----
584
585 // The following four certificates were generated with this Go program, varying
586 // |includeNetscapeExtension| and defining rootKeyPEM and rootCertPEM to be
587 // strings containing the kSANTypesRoot, above.
588
589 // package main
590
591 // import (
592 // "crypto/ecdsa"
593 // "crypto/elliptic"
594 // "crypto/rand"
595 // "crypto/x509"
596 // "crypto/x509/pkix"
597 // "encoding/asn1"
598 // "encoding/pem"
599 // "math/big"
600 // "os"
601 // "time"
602 // )
603
604 // const includeNetscapeExtension = true
605
606 // func main() {
607 // block, _ := pem.Decode([]byte(rootKeyPEM))
608 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
609 // block, _ = pem.Decode([]byte(rootCertPEM))
610 // root, _ := x509.ParseCertificate(block.Bytes)
611
612 // interTemplate := &x509.Certificate{
613 // SerialNumber: big.NewInt(2),
614 // Subject: pkix.Name{
615 // CommonName: "No Basic Constraints (Netscape)",
616 // },
617 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
618 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
619 // }
620
621 // if includeNetscapeExtension {
622 // interTemplate.ExtraExtensions = []pkix.Extension{
623 // pkix.Extension{
624 // Id: asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113730, 1, 1}),
625 // Value: []byte{0x03, 0x02, 2, 0x04},
626 // },
627 // }
628 // } else {
629 // interTemplate.KeyUsage = x509.KeyUsageCertSign
630 // }
631
632 // interKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
633
634 // interDER, err := x509.CreateCertificate(rand.Reader, interTemplate, root, &interKey.PublicKey, rootPriv)
635 // if err != nil {
636 // panic(err)
637 // }
638
639 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: interDER})
640
641 // inter, _ := x509.ParseCertificate(interDER)
642
643 // leafTemplate := &x509.Certificate{
644 // SerialNumber: big.NewInt(3),
645 // Subject: pkix.Name{
646 // CommonName: "Leaf from CA with no Basic Constraints",
647 // },
648 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
649 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
650 // BasicConstraintsValid: true,
651 // }
652 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
653
654 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, inter, &leafKey.PublicKey, interKey)
655 // if err != nil {
656 // panic(err)
657 // }
658
659 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
660 // }
661
662 // kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains
663 // certSign in the keyUsage.
664 static const char kNoBasicConstraintsCertSignIntermediate[] = R"(
665 -----BEGIN CERTIFICATE-----
666 MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
667 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
668 MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw
669 WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1
670 OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO
671 BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq
672 hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9
673 ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW
674 xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ==
675 -----END CERTIFICATE-----
676 )";
677
678 static const char kNoBasicConstraintsCertSignLeaf[] = R"(
679 -----BEGIN CERTIFICATE-----
680 MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj
681 IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx
682 MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50
683 czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB
684 w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO
685 MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o
686 eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24
687 Djy3Zw==
688 -----END CERTIFICATE-----
689 )";
690
691 // kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains
692 // a Netscape certificate-type extension that asserts a type of "SSL CA".
693 static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"(
694 -----BEGIN CERTIFICATE-----
695 MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
696 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
697 MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg
698 KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi
699 PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH
700 1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4
701 QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju
702 tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF
703 G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M
704 P9p6HuyLrmn0c/F0
705 -----END CERTIFICATE-----
706 )";
707
708 static const char kNoBasicConstraintsNetscapeCALeaf[] = R"(
709 -----BEGIN CERTIFICATE-----
710 MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp
711 YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw
712 MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp
713 YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2
714 tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q
715 DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh
716 aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj
717 XyPwWPbymSTpzKhB4xB7qQ==
718 -----END CERTIFICATE-----
719 )";
720
721 static const char kSelfSignedMismatchAlgorithms[] = R"(
722 -----BEGIN CERTIFICATE-----
723 MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV
724 BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3
725 MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH
726 DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
727 ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS
728 g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR
729 mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1
730 4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV
731 nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn
732 kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE//
733 i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q
734 H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb
735 8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv
736 gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD
737 THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw
738 UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h
739 upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
740 AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be
741 PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj
742 mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd
743 VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+
744 JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r
745 yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV
746 cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy
747 R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3
748 pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn
749 BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m
750 KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94=
751 -----END CERTIFICATE-----
752 )";
753
754 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
755 // *.host1.test as the common name and a SAN list of *.host2.test and
756 // foo.host3.test.
757 static const char kCommonNameWithSANs[] = R"(
758 -----BEGIN CERTIFICATE-----
759 MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
760 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
761 MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z
762 MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
763 AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07
764 zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
765 jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ
766 KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL
767 4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM
768 enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg=
769 -----END CERTIFICATE-----
770 )";
771
772 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
773 // *.host1.test as the common name and no SAN list.
774 static const char kCommonNameWithoutSANs[] = R"(
775 -----BEGIN CERTIFICATE-----
776 MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
777 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
778 MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT
779 QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB
780 BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE
781 0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+
782 VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5
783 4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2
784 +YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO
785 pFFXI2B5usgI
786 -----END CERTIFICATE-----
787 )";
788
789 // kCommonNameWithEmailSAN is a leaf certificate signed by kSANTypesRoot, with
790 // *.host1.test as the common name and the email address [email protected] in the
791 // SAN list.
792 static const char kCommonNameWithEmailSAN[] = R"(
793 -----BEGIN CERTIFICATE-----
794 MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
795 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
796 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
797 zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs
798 8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/
799 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl
800 c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2
801 HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv
802 NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ
803 aet/mER21Z/9ZsTUoJQPJw==
804 -----END CERTIFICATE-----
805 )";
806
807 // kCommonNameWithIPSAN is a leaf certificate signed by kSANTypesRoot, with
808 // *.host1.test as the common name and the IP address 127.0.0.1 in the
809 // SAN list.
810 static const char kCommonNameWithIPSAN[] = R"(
811 -----BEGIN CERTIFICATE-----
812 MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
813 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
814 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
815 zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX
816 KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/
817 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A
818 AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO
819 DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju
820 mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU
821 D0+O6KI=
822 -----END CERTIFICATE-----
823 )";
824
825 // kConstrainedIntermediate is an intermediate signed by kSANTypesRoot, with
826 // permitted DNS names of permitted1.test and foo.permitted2.test and an
827 // excluded DNS name of excluded.permitted1.test. Its private key is:
828 //
829 // -----BEGIN PRIVATE KEY-----
830 // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTXUM4tJWM7OzATty
831 // JhNOfIv/d8heWFBeKOfMR+RfaROhRANCAASbbbWYiN6mn+BCpg4XNpibOH0D/DN4
832 // kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzKLY1y
833 // -----END PRIVATE KEY-----
834 static const char kConstrainedIntermediate[] = R"(
835 -----BEGIN CERTIFICATE-----
836 MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
837 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
838 MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl
839 cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X
840 NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK
841 LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc
842 flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv
843 by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw
844 DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI
845 9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6
846 cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz
847 UyM=
848 -----END CERTIFICATE-----
849 )";
850
851 // kCommonNamePermittedLeaf is a leaf certificate signed by
852 // kConstrainedIntermediate. Its common name is permitted by the name
853 // constraints.
854 static const char kCommonNamePermittedLeaf[] = R"(
855 -----BEGIN CERTIFICATE-----
856 MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
857 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
858 MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD
859 VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
860 QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc
861 emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD
862 AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY
863 yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ==
864 -----END CERTIFICATE-----
865 )";
866 static const char kCommonNamePermitted[] = "foo.permitted1.test";
867
868 // kCommonNameNotPermittedLeaf is a leaf certificate signed by
869 // kConstrainedIntermediate. Its common name is not permitted by the name
870 // constraints.
871 static const char kCommonNameNotPermittedLeaf[] = R"(
872 -----BEGIN CERTIFICATE-----
873 MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
874 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
875 MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb
876 MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
877 AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM
878 HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO
879 PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN
880 5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw==
881 -----END CERTIFICATE-----
882 )";
883 static const char kCommonNameNotPermitted[] = "not-permitted.test";
884
885 // kCommonNameNotPermittedWithSANsLeaf is a leaf certificate signed by
886 // kConstrainedIntermediate. Its common name is not permitted by the name
887 // constraints but it has a SAN list.
888 static const char kCommonNameNotPermittedWithSANsLeaf[] = R"(
889 -----BEGIN CERTIFICATE-----
890 MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
891 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
892 MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3
893 aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49
894 AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR
895 93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC
896 MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl
897 ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl
898 4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+
899 -----END CERTIFICATE-----
900 )";
901 static const char kCommonNameNotPermittedWithSANs[] = "not-permitted.test";
902
903 // kCommonNameNotDNSLeaf is a leaf certificate signed by
904 // kConstrainedIntermediate. Its common name is not a DNS name.
905 static const char kCommonNameNotDNSLeaf[] = R"(
906 -----BEGIN CERTIFICATE-----
907 MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
908 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
909 MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE
910 AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc
911 Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ
912 Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC
913 IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH
914 RHNlAkTK2TnUaVn3fGSylaLiFS1r
915 -----END CERTIFICATE-----
916 )";
917 static const char kCommonNameNotDNS[] = "Not a DNS name";
918
919 // The following six certificates are issued by |kSANTypesRoot| and have
920 // different extended key usage values. They were created with the following
921 // Go program:
922 //
923 // func main() {
924 // block, _ := pem.Decode([]byte(rootKeyPEM))
925 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
926 // block, _ = pem.Decode([]byte(rootCertPEM))
927 // root, _ := x509.ParseCertificate(block.Bytes)
928 //
929 // leafTemplate := &x509.Certificate{
930 // SerialNumber: big.NewInt(3),
931 // Subject: pkix.Name{
932 // CommonName: "EKU msSGC",
933 // },
934 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
935 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
936 // BasicConstraintsValid: true,
937 // ExtKeyUsage: []x509.ExtKeyUsage{FILL IN HERE},
938 // }
939 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
940 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, root, &leafKey.PublicKey, rootPriv)
941 // if err != nil {
942 // panic(err)
943 // }
944 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
945 // }
946
947 static const char kMicrosoftSGCCert[] = R"(
948 -----BEGIN CERTIFICATE-----
949 MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
950 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
951 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
952 AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2
953 mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK
954 KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U
955 BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I
956 rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe
957 aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0
958 cC4l0r/6jik=
959 -----END CERTIFICATE-----
960 )";
961
962 static const char kNetscapeSGCCert[] = R"(
963 -----BEGIN CERTIFICATE-----
964 MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
965 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
966 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
967 AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x
968 kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ
969 YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE
970 J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc
971 8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W
972 dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M
973 RQHX6HQJJg==
974 -----END CERTIFICATE-----
975 )";
976
977 static const char kServerEKUCert[] = R"(
978 -----BEGIN CERTIFICATE-----
979 MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
980 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
981 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
982 AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ
983 SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI
984 KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
985 jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL
986 iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I
987 6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP
988 2hoEMdz2
989 -----END CERTIFICATE-----
990 )";
991
992 static const char kServerEKUPlusMicrosoftSGCCert[] = R"(
993 -----BEGIN CERTIFICATE-----
994 MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
995 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
996 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
997 AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z
998 ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI
999 KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA
1000 N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS
1001 SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa
1002 KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H
1003 5V9oXd1bodEqVsOZ/mur24Ku
1004 -----END CERTIFICATE-----
1005 )";
1006
1007 static const char kAnyEKU[] = R"(
1008 -----BEGIN CERTIFICATE-----
1009 MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1010 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1011 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1012 AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu
1013 1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE
1014 VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw
1015 DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq
1016 uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3
1017 /OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz
1018 L6A=
1019 -----END CERTIFICATE-----
1020 )";
1021
1022 static const char kNoEKU[] = R"(
1023 -----BEGIN CERTIFICATE-----
1024 MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1025 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1026 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1027 AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz
1028 KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw
1029 ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB
1030 AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF
1031 T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3
1032 TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2
1033 -----END CERTIFICATE-----
1034 )";
1035
1036 // CertFromPEM parses the given, NUL-terminated PEM block and returns an
1037 // |X509*|.
CertFromPEM(const char * pem)1038 static bssl::UniquePtr<X509> CertFromPEM(const char *pem) {
1039 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1040 return bssl::UniquePtr<X509>(
1041 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1042 }
1043
1044 // CRLFromPEM parses the given, NUL-terminated PEM block and returns an
1045 // |X509_CRL*|.
CRLFromPEM(const char * pem)1046 static bssl::UniquePtr<X509_CRL> CRLFromPEM(const char *pem) {
1047 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1048 return bssl::UniquePtr<X509_CRL>(
1049 PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
1050 }
1051
1052 // CSRFromPEM parses the given, NUL-terminated PEM block and returns an
1053 // |X509_REQ*|.
CSRFromPEM(const char * pem)1054 static bssl::UniquePtr<X509_REQ> CSRFromPEM(const char *pem) {
1055 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1056 return bssl::UniquePtr<X509_REQ>(
1057 PEM_read_bio_X509_REQ(bio.get(), nullptr, nullptr, nullptr));
1058 }
1059
1060 // PrivateKeyFromPEM parses the given, NUL-terminated PEM block and returns an
1061 // |EVP_PKEY*|.
PrivateKeyFromPEM(const char * pem)1062 static bssl::UniquePtr<EVP_PKEY> PrivateKeyFromPEM(const char *pem) {
1063 bssl::UniquePtr<BIO> bio(
1064 BIO_new_mem_buf(const_cast<char *>(pem), strlen(pem)));
1065 return bssl::UniquePtr<EVP_PKEY>(
1066 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1067 }
1068
1069 // CertsToStack converts a vector of |X509*| to an OpenSSL STACK_OF(X509),
1070 // bumping the reference counts for each certificate in question.
CertsToStack(const std::vector<X509 * > & certs)1071 static bssl::UniquePtr<STACK_OF(X509)> CertsToStack(
1072 const std::vector<X509 *> &certs) {
1073 bssl::UniquePtr<STACK_OF(X509)> stack(sk_X509_new_null());
1074 if (!stack) {
1075 return nullptr;
1076 }
1077 for (auto cert : certs) {
1078 if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) {
1079 return nullptr;
1080 }
1081 }
1082
1083 return stack;
1084 }
1085
1086 // CRLsToStack converts a vector of |X509_CRL*| to an OpenSSL
1087 // STACK_OF(X509_CRL), bumping the reference counts for each CRL in question.
CRLsToStack(const std::vector<X509_CRL * > & crls)1088 static bssl::UniquePtr<STACK_OF(X509_CRL)> CRLsToStack(
1089 const std::vector<X509_CRL *> &crls) {
1090 bssl::UniquePtr<STACK_OF(X509_CRL)> stack(sk_X509_CRL_new_null());
1091 if (!stack) {
1092 return nullptr;
1093 }
1094 for (auto crl : crls) {
1095 if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) {
1096 return nullptr;
1097 }
1098 }
1099
1100 return stack;
1101 }
1102
1103 static const int64_t kReferenceTime = 1474934400 /* Sep 27th, 2016 */;
1104
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags=0,std::function<void (X509_STORE_CTX *)> configure_callback=nullptr)1105 static int Verify(
1106 X509 *leaf, const std::vector<X509 *> &roots,
1107 const std::vector<X509 *> &intermediates,
1108 const std::vector<X509_CRL *> &crls, unsigned long flags = 0,
1109 std::function<void(X509_STORE_CTX *)> configure_callback = nullptr) {
1110 bssl::UniquePtr<STACK_OF(X509)> roots_stack(CertsToStack(roots));
1111 bssl::UniquePtr<STACK_OF(X509)> intermediates_stack(
1112 CertsToStack(intermediates));
1113 bssl::UniquePtr<STACK_OF(X509_CRL)> crls_stack(CRLsToStack(crls));
1114
1115 if (!roots_stack ||
1116 !intermediates_stack ||
1117 !crls_stack) {
1118 return X509_V_ERR_UNSPECIFIED;
1119 }
1120
1121 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
1122 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
1123 if (!ctx ||
1124 !store) {
1125 return X509_V_ERR_UNSPECIFIED;
1126 }
1127
1128 if (!X509_STORE_CTX_init(ctx.get(), store.get(), leaf,
1129 intermediates_stack.get())) {
1130 return X509_V_ERR_UNSPECIFIED;
1131 }
1132
1133 X509_STORE_CTX_set0_trusted_stack(ctx.get(), roots_stack.get());
1134 X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());
1135
1136 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx.get());
1137 X509_VERIFY_PARAM_set_time_posix(param, kReferenceTime);
1138 if (configure_callback) {
1139 configure_callback(ctx.get());
1140 }
1141 if (flags) {
1142 X509_VERIFY_PARAM_set_flags(param, flags);
1143 }
1144
1145 ERR_clear_error();
1146 if (X509_verify_cert(ctx.get()) != 1) {
1147 return X509_STORE_CTX_get_error(ctx.get());
1148 }
1149
1150 return X509_V_OK;
1151 }
1152
TEST(X509Test,TestVerify)1153 TEST(X509Test, TestVerify) {
1154 // cross_signing_root
1155 // |
1156 // root_cross_signed root
1157 // \ /
1158 // intermediate
1159 // | |
1160 // leaf leaf_no_key_usage
1161 // |
1162 // forgery
1163 bssl::UniquePtr<X509> cross_signing_root(CertFromPEM(kCrossSigningRootPEM));
1164 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1165 bssl::UniquePtr<X509> root_cross_signed(CertFromPEM(kRootCrossSignedPEM));
1166 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1167 bssl::UniquePtr<X509> intermediate_self_signed(
1168 CertFromPEM(kIntermediateSelfSignedPEM));
1169 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1170 bssl::UniquePtr<X509> leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM));
1171 bssl::UniquePtr<X509> forgery(CertFromPEM(kForgeryPEM));
1172
1173 ASSERT_TRUE(cross_signing_root);
1174 ASSERT_TRUE(root);
1175 ASSERT_TRUE(root_cross_signed);
1176 ASSERT_TRUE(intermediate);
1177 ASSERT_TRUE(intermediate_self_signed);
1178 ASSERT_TRUE(leaf);
1179 ASSERT_TRUE(forgery);
1180 ASSERT_TRUE(leaf_no_key_usage);
1181
1182 // Most of these tests work with or without |X509_V_FLAG_TRUSTED_FIRST|,
1183 // though in different ways.
1184 for (bool trusted_first : {true, false}) {
1185 SCOPED_TRACE(trusted_first);
1186 bool override_depth = false;
1187 int depth = -1;
1188 auto configure_callback = [&](X509_STORE_CTX *ctx) {
1189 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
1190 // Note we need the callback to clear the flag. Setting |flags| to zero
1191 // only skips setting new flags.
1192 if (!trusted_first) {
1193 X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST);
1194 }
1195 if (override_depth) {
1196 X509_VERIFY_PARAM_set_depth(param, depth);
1197 }
1198 };
1199
1200 // No trust anchors configured.
1201 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1202 Verify(leaf.get(), /*roots=*/{}, /*intermediates=*/{},
1203 /*crls=*/{}, /*flags=*/0, configure_callback));
1204 EXPECT_EQ(
1205 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1206 Verify(leaf.get(), /*roots=*/{}, {intermediate.get()}, /*crls=*/{},
1207 /*flags=*/0, configure_callback));
1208
1209 // Each chain works individually.
1210 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
1211 /*crls=*/{}, /*flags=*/0, configure_callback));
1212 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {cross_signing_root.get()},
1213 {intermediate.get(), root_cross_signed.get()},
1214 /*crls=*/{}, /*flags=*/0, configure_callback));
1215
1216 // When both roots are available, we pick one or the other.
1217 EXPECT_EQ(X509_V_OK,
1218 Verify(leaf.get(), {cross_signing_root.get(), root.get()},
1219 {intermediate.get(), root_cross_signed.get()}, /*crls=*/{},
1220 /*flags=*/0, configure_callback));
1221
1222 // This is the “altchains” test – we remove the cross-signing CA but include
1223 // the cross-sign in the intermediates. With |trusted_first|, we
1224 // preferentially stop path-building at |intermediate|. Without
1225 // |trusted_first|, the "altchains" logic repairs it.
1226 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()},
1227 {intermediate.get(), root_cross_signed.get()},
1228 /*crls=*/{}, /*flags=*/0, configure_callback));
1229
1230 // If |X509_V_FLAG_NO_ALT_CHAINS| is set and |trusted_first| is disabled, we
1231 // get stuck on |root_cross_signed|. If either feature is enabled, we can
1232 // build the path.
1233 //
1234 // This test exists to confirm our current behavior, but these modes are
1235 // just workarounds for not having an actual path-building verifier. If we
1236 // fix it, this test can be removed.
1237 EXPECT_EQ(trusted_first ? X509_V_OK
1238 : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1239 Verify(leaf.get(), {root.get()},
1240 {intermediate.get(), root_cross_signed.get()}, /*crls=*/{},
1241 /*flags=*/X509_V_FLAG_NO_ALT_CHAINS, configure_callback));
1242
1243 // |forgery| is signed by |leaf_no_key_usage|, but is rejected because the
1244 // leaf is not a CA.
1245 EXPECT_EQ(X509_V_ERR_INVALID_CA,
1246 Verify(forgery.get(), {intermediate_self_signed.get()},
1247 {leaf_no_key_usage.get()}, /*crls=*/{}, /*flags=*/0,
1248 configure_callback));
1249
1250 // Test that one cannot skip Basic Constraints checking with a contorted set
1251 // of roots and intermediates. This is a regression test for CVE-2015-1793.
1252 EXPECT_EQ(X509_V_ERR_INVALID_CA,
1253 Verify(forgery.get(),
1254 {intermediate_self_signed.get(), root_cross_signed.get()},
1255 {leaf_no_key_usage.get(), intermediate.get()}, /*crls=*/{},
1256 /*flags=*/0, configure_callback));
1257
1258 // Test depth limits. |configure_callback| looks at |override_depth| and
1259 // |depth|. Negative numbers have historically worked, so test those too.
1260 for (int d : {-4, -3, -2, -1, 0, 1, 2, 3, 4, INT_MAX - 3, INT_MAX - 2,
1261 INT_MAX - 1, INT_MAX}) {
1262 SCOPED_TRACE(d);
1263 override_depth = true;
1264 depth = d;
1265 // A chain with a leaf, two intermediates, and a root is depth two.
1266 EXPECT_EQ(
1267 depth >= 2 ? X509_V_OK : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1268 Verify(leaf.get(), {cross_signing_root.get()},
1269 {intermediate.get(), root_cross_signed.get()},
1270 /*crls=*/{}, /*flags=*/0, configure_callback));
1271
1272 // A chain with a leaf, a root, and no intermediates is depth zero.
1273 EXPECT_EQ(
1274 depth >= 0 ? X509_V_OK : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1275 Verify(root_cross_signed.get(), {cross_signing_root.get()}, {},
1276 /*crls=*/{}, /*flags=*/0, configure_callback));
1277
1278 // An explicitly trusted self-signed certificate is unaffected by depth
1279 // checks.
1280 EXPECT_EQ(X509_V_OK,
1281 Verify(cross_signing_root.get(), {cross_signing_root.get()}, {},
1282 /*crls=*/{}, /*flags=*/0, configure_callback));
1283 }
1284 }
1285 }
1286
1287 #if defined(OPENSSL_THREADS)
1288 // Verifying the same |X509| objects on two threads should be safe.
TEST(X509Test,VerifyThreads)1289 TEST(X509Test, VerifyThreads) {
1290 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1291 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1292 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1293 ASSERT_TRUE(root);
1294 ASSERT_TRUE(intermediate);
1295 ASSERT_TRUE(leaf);
1296
1297 const size_t kNumThreads = 10;
1298 std::vector<std::thread> threads;
1299 for (size_t i = 0; i < kNumThreads; i++) {
1300 threads.emplace_back([&] {
1301 EXPECT_EQ(X509_V_OK,
1302 Verify(leaf.get(), {root.get()}, {intermediate.get()},
1303 /*crls=*/{}));
1304 });
1305 }
1306 for (auto &thread : threads) {
1307 thread.join();
1308 }
1309 }
1310
1311 // Using the same CRL on two threads should be safe.
TEST(X509Test,CRLThreads)1312 TEST(X509Test, CRLThreads) {
1313 bssl::UniquePtr<X509> root(CertFromPEM(kCRLTestRoot));
1314 bssl::UniquePtr<X509> leaf(CertFromPEM(kCRLTestLeaf));
1315 bssl::UniquePtr<X509_CRL> basic_crl(CRLFromPEM(kBasicCRL));
1316 bssl::UniquePtr<X509_CRL> revoked_crl(CRLFromPEM(kRevokedCRL));
1317 ASSERT_TRUE(root);
1318 ASSERT_TRUE(leaf);
1319 ASSERT_TRUE(basic_crl);
1320 ASSERT_TRUE(revoked_crl);
1321
1322 const size_t kNumThreads = 10;
1323 std::vector<std::thread> threads;
1324 for (size_t i = 0; i < kNumThreads; i++) {
1325 threads.emplace_back([&] {
1326 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {root.get()},
1327 {basic_crl.get()}, X509_V_FLAG_CRL_CHECK));
1328 });
1329 threads.emplace_back([&] {
1330 EXPECT_EQ(X509_V_ERR_CERT_REVOKED,
1331 Verify(leaf.get(), {root.get()}, {root.get()},
1332 {revoked_crl.get()}, X509_V_FLAG_CRL_CHECK));
1333 });
1334 }
1335
1336 for (auto &thread : threads) {
1337 thread.join();
1338 }
1339
1340 // TODO(crbug.com/boringssl/600): Add a thread that iterates
1341 // |X509_CRL_get_REVOKED| and a thread that calls |X509_CRL_print|. Those
1342 // currently do not work correctly.
1343 }
1344
TEST(X509Test,StoreThreads)1345 TEST(X509Test, StoreThreads) {
1346 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1347 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1348 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1349 ASSERT_TRUE(root);
1350 ASSERT_TRUE(intermediate);
1351 ASSERT_TRUE(leaf);
1352
1353 bssl::UniquePtr<STACK_OF(X509)> intermediates =
1354 CertsToStack({intermediate.get()});
1355 ASSERT_TRUE(intermediates);
1356
1357 // Some unrelated certificates.
1358 bssl::UniquePtr<X509> other1(CertFromPEM(kCRLTestRoot));
1359 bssl::UniquePtr<X509> other2(CertFromPEM(kCRLTestLeaf));
1360 ASSERT_TRUE(other1);
1361 ASSERT_TRUE(other2);
1362
1363 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
1364 ASSERT_TRUE(store);
1365 ASSERT_TRUE(X509_STORE_add_cert(store.get(), root.get()));
1366
1367 const size_t kNumThreads = 10;
1368 std::vector<std::thread> threads;
1369 for (size_t i = 0; i < kNumThreads; i++) {
1370 threads.emplace_back([&] {
1371 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
1372 ASSERT_TRUE(ctx);
1373 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), leaf.get(),
1374 intermediates.get()));
1375 X509_STORE_CTX_set_time_posix(ctx.get(), /*flags=*/0, kReferenceTime);
1376 ASSERT_TRUE(X509_verify_cert(ctx.get()));
1377 ASSERT_EQ(X509_STORE_CTX_get_error(ctx.get()), X509_V_OK);
1378 });
1379 threads.emplace_back([&] {
1380 ASSERT_TRUE(X509_STORE_add_cert(store.get(), other1.get()));
1381 });
1382 threads.emplace_back([&] {
1383 ASSERT_TRUE(X509_STORE_add_cert(store.get(), other2.get()));
1384 });
1385 threads.emplace_back([&] {
1386 bssl::UniquePtr<STACK_OF(X509_OBJECT)> objs(
1387 X509_STORE_get1_objects(store.get()));
1388 ASSERT_TRUE(objs);
1389 });
1390 }
1391 for (auto &thread : threads) {
1392 thread.join();
1393 }
1394 }
1395 #endif // OPENSSL_THREADS
1396
1397 static const char kHostname[] = "example.com";
1398 static const char kWrongHostname[] = "example2.com";
1399 static const char kEmail[] = "[email protected]";
1400 static const char kWrongEmail[] = "[email protected]";
1401 static const uint8_t kIP[4] = {127, 0, 0, 1};
1402 static const uint8_t kWrongIP[4] = {127, 0, 0, 2};
1403 static const char kIPString[] = "127.0.0.1";
1404 static const char kWrongIPString[] = "127.0.0.2";
1405
TEST(X509Test,ZeroLengthsWithX509PARAM)1406 TEST(X509Test, ZeroLengthsWithX509PARAM) {
1407 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1408 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
1409 ASSERT_TRUE(leaf);
1410 ASSERT_TRUE(root);
1411
1412 std::vector<X509_CRL *> empty_crls;
1413
1414 struct X509Test {
1415 const char *correct_value;
1416 size_t correct_value_len;
1417 const char *incorrect_value;
1418 size_t incorrect_value_len;
1419 int (*func)(X509_VERIFY_PARAM *, const char *, size_t);
1420 int mismatch_error;
1421 };
1422 const std::vector<X509Test> kTests = {
1423 {kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
1424 X509_VERIFY_PARAM_set1_host, X509_V_ERR_HOSTNAME_MISMATCH},
1425 {kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
1426 X509_VERIFY_PARAM_set1_email, X509_V_ERR_EMAIL_MISMATCH},
1427 };
1428
1429 for (size_t i = 0; i < kTests.size(); i++) {
1430 SCOPED_TRACE(i);
1431 const X509Test &test = kTests[i];
1432
1433 // The correct value should work.
1434 ASSERT_EQ(X509_V_OK,
1435 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1436 [&test](X509_STORE_CTX *ctx) {
1437 X509_VERIFY_PARAM *param =
1438 X509_STORE_CTX_get0_param(ctx);
1439 ASSERT_TRUE(test.func(param, test.correct_value,
1440 test.correct_value_len));
1441 }));
1442
1443 // The wrong value should trigger a verification error.
1444 ASSERT_EQ(test.mismatch_error,
1445 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1446 [&test](X509_STORE_CTX *ctx) {
1447 X509_VERIFY_PARAM *param =
1448 X509_STORE_CTX_get0_param(ctx);
1449 ASSERT_TRUE(test.func(param, test.incorrect_value,
1450 test.incorrect_value_len));
1451 }));
1452
1453 // Passing zero as the length, unlike OpenSSL, should trigger an error and
1454 // should cause verification to fail.
1455 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1456 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1457 [&test](X509_STORE_CTX *ctx) {
1458 X509_VERIFY_PARAM *param =
1459 X509_STORE_CTX_get0_param(ctx);
1460 ASSERT_FALSE(test.func(param, test.correct_value, 0));
1461 }));
1462
1463 // Passing an empty value should be an error when setting and should cause
1464 // verification to fail.
1465 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1466 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1467 [&test](X509_STORE_CTX *ctx) {
1468 X509_VERIFY_PARAM *param =
1469 X509_STORE_CTX_get0_param(ctx);
1470 ASSERT_FALSE(test.func(param, nullptr, 0));
1471 }));
1472
1473 // Passing a value with embedded NULs should also be an error and should
1474 // also cause verification to fail.
1475 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1476 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1477 [&test](X509_STORE_CTX *ctx) {
1478 X509_VERIFY_PARAM *param =
1479 X509_STORE_CTX_get0_param(ctx);
1480 ASSERT_FALSE(test.func(param, "a", 2));
1481 }));
1482 }
1483
1484 // IP addresses work slightly differently:
1485
1486 // The correct value should still work.
1487 ASSERT_EQ(
1488 X509_V_OK,
1489 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1490 [](X509_STORE_CTX *ctx) {
1491 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
1492 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(param, kIP, sizeof(kIP)));
1493 }));
1494
1495 // Incorrect values should still fail.
1496 ASSERT_EQ(X509_V_ERR_IP_ADDRESS_MISMATCH,
1497 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1498 [](X509_STORE_CTX *ctx) {
1499 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
1500 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(param, kWrongIP,
1501 sizeof(kWrongIP)));
1502 }));
1503
1504 // Zero length values should trigger an error when setting and cause
1505 // verification to always fail.
1506 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1507 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1508 [](X509_STORE_CTX *ctx) {
1509 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
1510 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, kIP, 0));
1511 }));
1512
1513 // ... and so should NULL values.
1514 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1515 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1516 [](X509_STORE_CTX *ctx) {
1517 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
1518 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, nullptr, 0));
1519 }));
1520
1521 // Zero bytes in an IP address are, of course, fine. This is tested above
1522 // because |kIP| contains zeros.
1523 }
1524
TEST(X509Test,ZeroLengthsWithCheckFunctions)1525 TEST(X509Test, ZeroLengthsWithCheckFunctions) {
1526 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1527 ASSERT_TRUE(leaf);
1528
1529 EXPECT_EQ(
1530 1, X509_check_host(leaf.get(), kHostname, strlen(kHostname), 0, nullptr));
1531 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname,
1532 strlen(kWrongHostname), 0, nullptr));
1533
1534 EXPECT_EQ(1, X509_check_email(leaf.get(), kEmail, strlen(kEmail), 0));
1535 EXPECT_NE(1,
1536 X509_check_email(leaf.get(), kWrongEmail, strlen(kWrongEmail), 0));
1537
1538 EXPECT_EQ(1, X509_check_ip(leaf.get(), kIP, sizeof(kIP), 0));
1539 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, sizeof(kWrongIP), 0));
1540
1541 EXPECT_EQ(1, X509_check_ip_asc(leaf.get(), kIPString, 0));
1542 EXPECT_NE(1, X509_check_ip_asc(leaf.get(), kWrongIPString, 0));
1543
1544 // OpenSSL supports passing zero as the length for host and email. We do not
1545 // and it should always fail.
1546 EXPECT_NE(1, X509_check_host(leaf.get(), kHostname, 0, 0, nullptr));
1547 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname, 0, 0, nullptr));
1548
1549 EXPECT_NE(1, X509_check_email(leaf.get(), kEmail, 0, 0));
1550 EXPECT_NE(1, X509_check_email(leaf.get(), kWrongEmail, 0, 0));
1551
1552 EXPECT_NE(1, X509_check_ip(leaf.get(), kIP, 0, 0));
1553 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, 0, 0));
1554
1555 // Unlike all the other functions, |X509_check_ip_asc| doesn't take a length,
1556 // so it cannot be zero.
1557 }
1558
TEST(X509Test,TestCRL)1559 TEST(X509Test, TestCRL) {
1560 bssl::UniquePtr<X509> root(CertFromPEM(kCRLTestRoot));
1561 bssl::UniquePtr<X509> leaf(CertFromPEM(kCRLTestLeaf));
1562 bssl::UniquePtr<X509_CRL> basic_crl(CRLFromPEM(kBasicCRL));
1563 bssl::UniquePtr<X509_CRL> revoked_crl(CRLFromPEM(kRevokedCRL));
1564 bssl::UniquePtr<X509_CRL> bad_issuer_crl(CRLFromPEM(kBadIssuerCRL));
1565 bssl::UniquePtr<X509_CRL> known_critical_crl(CRLFromPEM(kKnownCriticalCRL));
1566 bssl::UniquePtr<X509_CRL> unknown_critical_crl(
1567 CRLFromPEM(kUnknownCriticalCRL));
1568 bssl::UniquePtr<X509_CRL> unknown_critical_crl2(
1569 CRLFromPEM(kUnknownCriticalCRL2));
1570 bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl(
1571 CRLFromPEM(kAlgorithmMismatchCRL));
1572 bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl2(
1573 CRLFromPEM(kAlgorithmMismatchCRL2));
1574
1575 ASSERT_TRUE(root);
1576 ASSERT_TRUE(leaf);
1577 ASSERT_TRUE(basic_crl);
1578 ASSERT_TRUE(revoked_crl);
1579 ASSERT_TRUE(bad_issuer_crl);
1580 ASSERT_TRUE(known_critical_crl);
1581 ASSERT_TRUE(unknown_critical_crl);
1582 ASSERT_TRUE(unknown_critical_crl2);
1583 ASSERT_TRUE(algorithm_mismatch_crl);
1584 ASSERT_TRUE(algorithm_mismatch_crl2);
1585
1586 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {root.get()},
1587 {basic_crl.get()}, X509_V_FLAG_CRL_CHECK));
1588 EXPECT_EQ(
1589 X509_V_ERR_CERT_REVOKED,
1590 Verify(leaf.get(), {root.get()}, {root.get()},
1591 {basic_crl.get(), revoked_crl.get()}, X509_V_FLAG_CRL_CHECK));
1592
1593 std::vector<X509_CRL *> empty_crls;
1594 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1595 Verify(leaf.get(), {root.get()}, {root.get()}, empty_crls,
1596 X509_V_FLAG_CRL_CHECK));
1597 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1598 Verify(leaf.get(), {root.get()}, {root.get()},
1599 {bad_issuer_crl.get()}, X509_V_FLAG_CRL_CHECK));
1600 EXPECT_EQ(X509_V_OK,
1601 Verify(leaf.get(), {root.get()}, {root.get()},
1602 {known_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1603 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1604 Verify(leaf.get(), {root.get()}, {root.get()},
1605 {unknown_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1606 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1607 Verify(leaf.get(), {root.get()}, {root.get()},
1608 {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1609 EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
1610 Verify(leaf.get(), {root.get()}, {root.get()},
1611 {algorithm_mismatch_crl.get()}, X509_V_FLAG_CRL_CHECK));
1612 EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
1613 Verify(leaf.get(), {root.get()}, {root.get()},
1614 {algorithm_mismatch_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1615
1616 // The CRL is valid for a month.
1617 EXPECT_EQ(X509_V_ERR_CRL_HAS_EXPIRED,
1618 Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
1619 X509_V_FLAG_CRL_CHECK, [](X509_STORE_CTX *ctx) {
1620 X509_STORE_CTX_set_time_posix(
1621 ctx, /*flags=*/0, kReferenceTime + 2 * 30 * 24 * 3600);
1622 }));
1623
1624 // X509_V_FLAG_NO_CHECK_TIME suppresses the validity check.
1625 EXPECT_EQ(X509_V_OK,
1626 Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
1627 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_NO_CHECK_TIME,
1628 [](X509_STORE_CTX *ctx) {
1629 X509_STORE_CTX_set_time_posix(
1630 ctx, /*flags=*/0, kReferenceTime + 2 * 30 * 24 * 3600);
1631 }));
1632
1633 // We no longer support indirect or delta CRLs.
1634 EXPECT_EQ(X509_V_ERR_INVALID_CALL,
1635 Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
1636 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_EXTENDED_CRL_SUPPORT));
1637 EXPECT_EQ(X509_V_ERR_INVALID_CALL,
1638 Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
1639 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_USE_DELTAS));
1640
1641 // Parsing kBadExtensionCRL should fail.
1642 EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
1643 }
1644
TEST(X509Test,ManyNamesAndConstraints)1645 TEST(X509Test, ManyNamesAndConstraints) {
1646 bssl::UniquePtr<X509> many_constraints(CertFromPEM(
1647 GetTestData("crypto/x509/test/many_constraints.pem").c_str()));
1648 ASSERT_TRUE(many_constraints);
1649 bssl::UniquePtr<X509> many_names1(
1650 CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str()));
1651 ASSERT_TRUE(many_names1);
1652 bssl::UniquePtr<X509> many_names2(
1653 CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str()));
1654 ASSERT_TRUE(many_names2);
1655 bssl::UniquePtr<X509> many_names3(
1656 CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str()));
1657 ASSERT_TRUE(many_names3);
1658 bssl::UniquePtr<X509> some_names1(
1659 CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str()));
1660 ASSERT_TRUE(some_names1);
1661 bssl::UniquePtr<X509> some_names2(
1662 CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str()));
1663 ASSERT_TRUE(some_names2);
1664 bssl::UniquePtr<X509> some_names3(
1665 CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str()));
1666 ASSERT_TRUE(some_names3);
1667
1668 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1669 Verify(many_names1.get(), {many_constraints.get()},
1670 {many_constraints.get()}, {}));
1671 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1672 Verify(many_names2.get(), {many_constraints.get()},
1673 {many_constraints.get()}, {}));
1674 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1675 Verify(many_names3.get(), {many_constraints.get()},
1676 {many_constraints.get()}, {}));
1677
1678 EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
1679 {many_constraints.get()}, {}));
1680 EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
1681 {many_constraints.get()}, {}));
1682 EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
1683 {many_constraints.get()}, {}));
1684 }
1685
MakeGeneralName(int type,const std::string & value)1686 static bssl::UniquePtr<GENERAL_NAME> MakeGeneralName(int type,
1687 const std::string &value) {
1688 if (type != GEN_EMAIL && type != GEN_DNS && type != GEN_URI) {
1689 // This function only supports the IA5String types.
1690 return nullptr;
1691 }
1692 bssl::UniquePtr<ASN1_IA5STRING> str(ASN1_IA5STRING_new());
1693 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
1694 if (!str || !name ||
1695 !ASN1_STRING_set(str.get(), value.data(), value.size())) {
1696 return nullptr;
1697 }
1698
1699 name->type = type;
1700 name->d.ia5 = str.release();
1701 return name;
1702 }
1703
MakeTestName(const char * common_name)1704 static bssl::UniquePtr<X509_NAME> MakeTestName(const char *common_name) {
1705 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1706 if (name == nullptr ||
1707 !X509_NAME_add_entry_by_txt(
1708 name.get(), "CN", MBSTRING_UTF8,
1709 reinterpret_cast<const uint8_t *>(common_name), -1, -1, 0)) {
1710 return nullptr;
1711 }
1712 return name;
1713 }
1714
MakeTestCert(const char * issuer,const char * subject,EVP_PKEY * key,bool is_ca)1715 static bssl::UniquePtr<X509> MakeTestCert(const char *issuer,
1716 const char *subject, EVP_PKEY *key,
1717 bool is_ca) {
1718 bssl::UniquePtr<X509_NAME> issuer_name = MakeTestName(issuer);
1719 bssl::UniquePtr<X509_NAME> subject_name = MakeTestName(subject);
1720 bssl::UniquePtr<X509> cert(X509_new());
1721 if (issuer_name == nullptr || subject_name == nullptr || cert == nullptr ||
1722 !X509_set_version(cert.get(), X509_VERSION_3) ||
1723 !X509_set_issuer_name(cert.get(), issuer_name.get()) ||
1724 !X509_set_subject_name(cert.get(), subject_name.get()) ||
1725 !X509_set_pubkey(cert.get(), key) ||
1726 !ASN1_TIME_adj(X509_getm_notBefore(cert.get()), kReferenceTime, -1, 0) ||
1727 !ASN1_TIME_adj(X509_getm_notAfter(cert.get()), kReferenceTime, 1, 0)) {
1728 return nullptr;
1729 }
1730 bssl::UniquePtr<BASIC_CONSTRAINTS> bc(BASIC_CONSTRAINTS_new());
1731 if (!bc) {
1732 return nullptr;
1733 }
1734 bc->ca = is_ca ? ASN1_BOOLEAN_TRUE : ASN1_BOOLEAN_FALSE;
1735 if (!X509_add1_ext_i2d(cert.get(), NID_basic_constraints, bc.get(),
1736 /*crit=*/1, /*flags=*/0)) {
1737 return nullptr;
1738 }
1739 return cert;
1740 }
1741
AddExtendedKeyUsage(X509 * x509,const std::vector<int> & eku_nids)1742 static bool AddExtendedKeyUsage(X509 *x509, const std::vector<int> &eku_nids) {
1743 bssl::UniquePtr<STACK_OF(ASN1_OBJECT)> objs(sk_ASN1_OBJECT_new_null());
1744 if (objs == nullptr) {
1745 return false;
1746 }
1747 for (int nid : eku_nids) {
1748 if (!sk_ASN1_OBJECT_push(objs.get(), OBJ_nid2obj(nid))) {
1749 return false;
1750 }
1751 }
1752 return X509_add1_ext_i2d(x509, NID_ext_key_usage, objs.get(), /*crit=*/1,
1753 /*flags=*/0);
1754 }
1755
1756 enum class KeyUsage : int {
1757 kDigitalSignature = 0,
1758 kNonRepudiation = 1,
1759 kKeyEncipherment = 2,
1760 kDataEncipherment = 3,
1761 kKeyAgreement = 4,
1762 kKeyCertSign = 5,
1763 kCRLSign = 6,
1764 kEncipherOnly = 7,
1765 kDecipherOnly = 8,
1766 };
1767
AddKeyUsage(X509 * x509,const std::vector<KeyUsage> usages)1768 static bool AddKeyUsage(X509 *x509, const std::vector<KeyUsage> usages) {
1769 bssl::UniquePtr<ASN1_BIT_STRING> str(ASN1_BIT_STRING_new());
1770 if (str == nullptr) {
1771 return false;
1772 }
1773 for (KeyUsage usage : usages) {
1774 if (!ASN1_BIT_STRING_set_bit(str.get(), static_cast<int>(usage), 1)) {
1775 return false;
1776 }
1777 }
1778 return X509_add1_ext_i2d(x509, NID_key_usage, str.get(), /*crit=*/1,
1779 /*flags=*/0);
1780 }
1781
AddSubjectKeyIdentifier(X509 * x509,bssl::Span<const uint8_t> key_id)1782 static bool AddSubjectKeyIdentifier(X509 *x509,
1783 bssl::Span<const uint8_t> key_id) {
1784 bssl::UniquePtr<ASN1_OCTET_STRING> oct(ASN1_OCTET_STRING_new());
1785 return oct != nullptr &&
1786 ASN1_STRING_set(oct.get(), key_id.data(), key_id.size()) &&
1787 X509_add1_ext_i2d(x509, NID_subject_key_identifier, oct.get(),
1788 /*crit=*/0, /*flags=*/0);
1789 }
1790
AddAuthorityKeyIdentifier(X509 * x509,bssl::Span<const uint8_t> key_id)1791 static bool AddAuthorityKeyIdentifier(X509 *x509,
1792 bssl::Span<const uint8_t> key_id) {
1793 bssl::UniquePtr<AUTHORITY_KEYID> akid(AUTHORITY_KEYID_new());
1794 if (akid == nullptr) {
1795 return false;
1796 }
1797 akid->keyid = ASN1_OCTET_STRING_new();
1798 if (akid->keyid == nullptr ||
1799 !ASN1_STRING_set(akid->keyid, key_id.data(), key_id.size()) ||
1800 !X509_add1_ext_i2d(x509, NID_authority_key_identifier, akid.get(),
1801 /*crit=*/0, /*flags=*/0)) {
1802 return false;
1803 }
1804 return true;
1805 }
1806
MakeTestCRL(const char * issuer,int this_update_offset_day,int next_update_offset_day)1807 static bssl::UniquePtr<X509_CRL> MakeTestCRL(const char *issuer,
1808 int this_update_offset_day,
1809 int next_update_offset_day) {
1810 bssl::UniquePtr<X509_NAME> issuer_name = MakeTestName(issuer);
1811 bssl::UniquePtr<X509_CRL> crl(X509_CRL_new());
1812 bssl::UniquePtr<ASN1_TIME> this_update(ASN1_TIME_adj(
1813 nullptr, kReferenceTime, this_update_offset_day, /*offset_sec=*/0));
1814 bssl::UniquePtr<ASN1_TIME> next_update(ASN1_TIME_adj(
1815 nullptr, kReferenceTime, next_update_offset_day, /*offset_sec=*/0));
1816 if (crl == nullptr || issuer_name == nullptr || this_update == nullptr ||
1817 next_update == nullptr ||
1818 !X509_CRL_set_version(crl.get(), X509_CRL_VERSION_2) ||
1819 !X509_CRL_set_issuer_name(crl.get(), issuer_name.get()) ||
1820 // OpenSSL's API is named incorrectly. The field is called thisUpdate.
1821 !X509_CRL_set1_lastUpdate(crl.get(), this_update.get()) ||
1822 !X509_CRL_set1_nextUpdate(crl.get(), next_update.get())) {
1823 return nullptr;
1824 }
1825
1826 return crl;
1827 }
1828
AddRevokedSerialU64(X509_CRL * crl,uint64_t serial,int offset_day)1829 static bool AddRevokedSerialU64(X509_CRL *crl, uint64_t serial,
1830 int offset_day) {
1831 bssl::UniquePtr<X509_REVOKED> rev(X509_REVOKED_new());
1832 bssl::UniquePtr<ASN1_INTEGER> serial_asn1(ASN1_INTEGER_new());
1833 bssl::UniquePtr<ASN1_TIME> rev_date(
1834 ASN1_TIME_adj(nullptr, kReferenceTime, offset_day, /*offset_sec=*/0));
1835 if (rev == nullptr || serial_asn1 == nullptr || rev_date == nullptr ||
1836 !ASN1_INTEGER_set_uint64(serial_asn1.get(), serial) ||
1837 !X509_REVOKED_set_serialNumber(rev.get(), serial_asn1.get()) ||
1838 !X509_REVOKED_set_revocationDate(rev.get(), rev_date.get()) ||
1839 !X509_CRL_add0_revoked(crl, rev.get())) {
1840 return false;
1841 }
1842 rev.release(); // X509_CRL_add0_revoked takes ownership on success.
1843 return true;
1844 }
1845
AddAuthorityKeyIdentifier(X509_CRL * crl,bssl::Span<const uint8_t> key_id)1846 static bool AddAuthorityKeyIdentifier(X509_CRL *crl,
1847 bssl::Span<const uint8_t> key_id) {
1848 bssl::UniquePtr<AUTHORITY_KEYID> akid(AUTHORITY_KEYID_new());
1849 if (akid == nullptr) {
1850 return false;
1851 }
1852 akid->keyid = ASN1_OCTET_STRING_new();
1853 if (akid->keyid == nullptr ||
1854 !ASN1_STRING_set(akid->keyid, key_id.data(), key_id.size()) ||
1855 !X509_CRL_add1_ext_i2d(crl, NID_authority_key_identifier, akid.get(),
1856 /*crit=*/0, /*flags=*/0)) {
1857 return false;
1858 }
1859 return true;
1860 }
1861
TEST(X509Test,NameConstraints)1862 TEST(X509Test, NameConstraints) {
1863 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
1864 ASSERT_TRUE(key);
1865
1866 const struct {
1867 int type;
1868 std::string name;
1869 std::string constraint;
1870 int result;
1871 } kTests[] = {
1872 // Empty string matches everything.
1873 {GEN_DNS, "foo.example.com", "", X509_V_OK},
1874 // Name constraints match the entire subtree.
1875 {GEN_DNS, "foo.example.com", "example.com", X509_V_OK},
1876 {GEN_DNS, "foo.example.com", "EXAMPLE.COM", X509_V_OK},
1877 {GEN_DNS, "foo.example.com", "xample.com",
1878 X509_V_ERR_PERMITTED_VIOLATION},
1879 {GEN_DNS, "foo.example.com", "unrelated.much.longer.name.example",
1880 X509_V_ERR_PERMITTED_VIOLATION},
1881 // A leading dot means at least one component must be added.
1882 {GEN_DNS, "foo.example.com", ".example.com", X509_V_OK},
1883 {GEN_DNS, "foo.example.com", "foo.example.com", X509_V_OK},
1884 {GEN_DNS, "foo.example.com", ".foo.example.com",
1885 X509_V_ERR_PERMITTED_VIOLATION},
1886 {GEN_DNS, "foo.example.com", ".xample.com",
1887 X509_V_ERR_PERMITTED_VIOLATION},
1888 {GEN_DNS, "foo.example.com", ".unrelated.much.longer.name.example",
1889 X509_V_ERR_PERMITTED_VIOLATION},
1890 // NUL bytes, if not rejected, should not confuse the matching logic.
1891 {GEN_DNS, std::string({'a', '\0', 'a'}), std::string({'a', '\0', 'b'}),
1892 X509_V_ERR_PERMITTED_VIOLATION},
1893
1894 // Names must be emails.
1895 {GEN_EMAIL, "not-an-email.example", "not-an-email.example",
1896 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1897 // A leading dot matches all local names and all subdomains
1898 {GEN_EMAIL, "[email protected]", ".example.com", X509_V_OK},
1899 {GEN_EMAIL, "[email protected]", ".EXAMPLE.COM", X509_V_OK},
1900 {GEN_EMAIL, "[email protected]", ".bar.example.com",
1901 X509_V_ERR_PERMITTED_VIOLATION},
1902 // Without a leading dot, the host must match exactly.
1903 {GEN_EMAIL, "[email protected]", "example.com", X509_V_OK},
1904 {GEN_EMAIL, "[email protected]", "EXAMPLE.COM", X509_V_OK},
1905 {GEN_EMAIL, "[email protected]", "example.com",
1906 X509_V_ERR_PERMITTED_VIOLATION},
1907 // If the constraint specifies a mailbox, it specifies the whole thing.
1908 // The halves are compared insensitively.
1909 {GEN_EMAIL, "[email protected]", "[email protected]", X509_V_OK},
1910 {GEN_EMAIL, "[email protected]", "[email protected]", X509_V_OK},
1911 {GEN_EMAIL, "[email protected]", "[email protected]",
1912 X509_V_ERR_PERMITTED_VIOLATION},
1913 {GEN_EMAIL, "[email protected]", "[email protected]",
1914 X509_V_ERR_PERMITTED_VIOLATION},
1915 // OpenSSL ignores a stray leading @.
1916 {GEN_EMAIL, "[email protected]", "@example.com", X509_V_OK},
1917 {GEN_EMAIL, "[email protected]", "@EXAMPLE.COM", X509_V_OK},
1918 {GEN_EMAIL, "[email protected]", "@example.com",
1919 X509_V_ERR_PERMITTED_VIOLATION},
1920
1921 // Basic syntax check.
1922 {GEN_URI, "not-a-url", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1923 {GEN_URI, "foo:not-a-url", "not-a-url",
1924 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1925 {GEN_URI, "foo:/not-a-url", "not-a-url",
1926 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1927 {GEN_URI, "foo:///not-a-url", "not-a-url",
1928 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1929 {GEN_URI, "foo://:not-a-url", "not-a-url",
1930 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1931 {GEN_URI, "foo://", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1932 // Hosts are an exact match.
1933 {GEN_URI, "foo://example.com", "example.com", X509_V_OK},
1934 {GEN_URI, "foo://example.com:443", "example.com", X509_V_OK},
1935 {GEN_URI, "foo://example.com/whatever", "example.com", X509_V_OK},
1936 {GEN_URI, "foo://bar.example.com", "example.com",
1937 X509_V_ERR_PERMITTED_VIOLATION},
1938 {GEN_URI, "foo://bar.example.com:443", "example.com",
1939 X509_V_ERR_PERMITTED_VIOLATION},
1940 {GEN_URI, "foo://bar.example.com/whatever", "example.com",
1941 X509_V_ERR_PERMITTED_VIOLATION},
1942 {GEN_URI, "foo://bar.example.com", "xample.com",
1943 X509_V_ERR_PERMITTED_VIOLATION},
1944 {GEN_URI, "foo://bar.example.com:443", "xample.com",
1945 X509_V_ERR_PERMITTED_VIOLATION},
1946 {GEN_URI, "foo://bar.example.com/whatever", "xample.com",
1947 X509_V_ERR_PERMITTED_VIOLATION},
1948 {GEN_URI, "foo://example.com", "some-other-name.example",
1949 X509_V_ERR_PERMITTED_VIOLATION},
1950 {GEN_URI, "foo://example.com:443", "some-other-name.example",
1951 X509_V_ERR_PERMITTED_VIOLATION},
1952 {GEN_URI, "foo://example.com/whatever", "some-other-name.example",
1953 X509_V_ERR_PERMITTED_VIOLATION},
1954 // A leading dot allows components to be added.
1955 {GEN_URI, "foo://example.com", ".example.com",
1956 X509_V_ERR_PERMITTED_VIOLATION},
1957 {GEN_URI, "foo://example.com:443", ".example.com",
1958 X509_V_ERR_PERMITTED_VIOLATION},
1959 {GEN_URI, "foo://example.com/whatever", ".example.com",
1960 X509_V_ERR_PERMITTED_VIOLATION},
1961 {GEN_URI, "foo://bar.example.com", ".example.com", X509_V_OK},
1962 {GEN_URI, "foo://bar.example.com:443", ".example.com", X509_V_OK},
1963 {GEN_URI, "foo://bar.example.com/whatever", ".example.com", X509_V_OK},
1964 {GEN_URI, "foo://example.com", ".some-other-name.example",
1965 X509_V_ERR_PERMITTED_VIOLATION},
1966 {GEN_URI, "foo://example.com:443", ".some-other-name.example",
1967 X509_V_ERR_PERMITTED_VIOLATION},
1968 {GEN_URI, "foo://example.com/whatever", ".some-other-name.example",
1969 X509_V_ERR_PERMITTED_VIOLATION},
1970 {GEN_URI, "foo://example.com", ".xample.com",
1971 X509_V_ERR_PERMITTED_VIOLATION},
1972 {GEN_URI, "foo://example.com:443", ".xample.com",
1973 X509_V_ERR_PERMITTED_VIOLATION},
1974 {GEN_URI, "foo://example.com/whatever", ".xample.com",
1975 X509_V_ERR_PERMITTED_VIOLATION},
1976 };
1977 for (const auto &t : kTests) {
1978 SCOPED_TRACE(t.type);
1979 SCOPED_TRACE(t.name);
1980 SCOPED_TRACE(t.constraint);
1981
1982 bssl::UniquePtr<GENERAL_NAME> name = MakeGeneralName(t.type, t.name);
1983 ASSERT_TRUE(name);
1984 bssl::UniquePtr<GENERAL_NAMES> names(GENERAL_NAMES_new());
1985 ASSERT_TRUE(names);
1986 ASSERT_TRUE(bssl::PushToStack(names.get(), std::move(name)));
1987
1988 bssl::UniquePtr<NAME_CONSTRAINTS> nc(NAME_CONSTRAINTS_new());
1989 ASSERT_TRUE(nc);
1990 nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null();
1991 ASSERT_TRUE(nc->permittedSubtrees);
1992 bssl::UniquePtr<GENERAL_SUBTREE> subtree(GENERAL_SUBTREE_new());
1993 ASSERT_TRUE(subtree);
1994 GENERAL_NAME_free(subtree->base);
1995 subtree->base = MakeGeneralName(t.type, t.constraint).release();
1996 ASSERT_TRUE(subtree->base);
1997 ASSERT_TRUE(bssl::PushToStack(nc->permittedSubtrees, std::move(subtree)));
1998
1999 bssl::UniquePtr<X509> root =
2000 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
2001 ASSERT_TRUE(root);
2002 ASSERT_TRUE(X509_add1_ext_i2d(root.get(), NID_name_constraints, nc.get(),
2003 /*crit=*/1, /*flags=*/0));
2004 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
2005
2006 bssl::UniquePtr<X509> leaf =
2007 MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false);
2008 ASSERT_TRUE(leaf);
2009 ASSERT_TRUE(X509_add1_ext_i2d(leaf.get(), NID_subject_alt_name, names.get(),
2010 /*crit=*/0, /*flags=*/0));
2011 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
2012
2013 int ret = Verify(leaf.get(), {root.get()}, {}, {}, 0);
2014 EXPECT_EQ(t.result, ret) << X509_verify_cert_error_string(ret);
2015 }
2016 }
2017
TEST(X509Test,PrintGeneralName)2018 TEST(X509Test, PrintGeneralName) {
2019 // TODO(https://crbug.com/boringssl/430): Add more tests. Also fix the
2020 // external projects that use this to extract the SAN list and unexport.
2021 bssl::UniquePtr<GENERAL_NAME> gen = MakeGeneralName(GEN_DNS, "example.com");
2022 ASSERT_TRUE(gen);
2023 bssl::UniquePtr<STACK_OF(CONF_VALUE)> values(
2024 i2v_GENERAL_NAME(nullptr, gen.get(), nullptr));
2025 ASSERT_TRUE(values);
2026 ASSERT_EQ(1u, sk_CONF_VALUE_num(values.get()));
2027 const CONF_VALUE *value = sk_CONF_VALUE_value(values.get(), 0);
2028 EXPECT_STREQ(value->name, "DNS");
2029 EXPECT_STREQ(value->value, "example.com");
2030 }
2031
TEST(X509Test,TestPSS)2032 TEST(X509Test, TestPSS) {
2033 static const char *kGoodCerts[] = {
2034 "crypto/x509/test/pss_sha256.pem",
2035 "crypto/x509/test/pss_sha384.pem",
2036 "crypto/x509/test/pss_sha512.pem",
2037 // We accept inputs with and without explicit NULLs. See RFC 4055,
2038 // section 2.1.
2039 "crypto/x509/test/pss_sha256_omit_nulls.pem",
2040 // Although invalid, we tolerate an explicit trailerField value. See the
2041 // certificates in cl/362617931.
2042 "crypto/x509/test/pss_sha256_explicit_trailer.pem",
2043 };
2044 for (const char *path : kGoodCerts) {
2045 SCOPED_TRACE(path);
2046 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path).c_str());
2047 ASSERT_TRUE(cert);
2048 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2049 ASSERT_TRUE(pkey);
2050 EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
2051 }
2052
2053 static const char *kBadCerts[] = {
2054 "crypto/x509/test/pss_sha1_explicit.pem",
2055 "crypto/x509/test/pss_sha1_mgf1_syntax_error.pem",
2056 "crypto/x509/test/pss_sha1.pem",
2057 "crypto/x509/test/pss_sha224.pem",
2058 "crypto/x509/test/pss_sha256_mgf1_sha384.pem",
2059 "crypto/x509/test/pss_sha256_mgf1_syntax_error.pem",
2060 "crypto/x509/test/pss_sha256_salt_overflow.pem",
2061 "crypto/x509/test/pss_sha256_salt31.pem",
2062 "crypto/x509/test/pss_sha256_unknown_mgf.pem",
2063 "crypto/x509/test/pss_sha256_wrong_trailer.pem",
2064 };
2065 for (const char *path : kBadCerts) {
2066 SCOPED_TRACE(path);
2067 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path).c_str());
2068 ASSERT_TRUE(cert);
2069 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2070 ASSERT_TRUE(pkey);
2071 EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
2072 }
2073 }
2074
TEST(X509Test,TestPSSBadParameters)2075 TEST(X509Test, TestPSSBadParameters) {
2076 bssl::UniquePtr<X509> cert(CertFromPEM(kBadPSSCertPEM));
2077 ASSERT_TRUE(cert);
2078
2079 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2080 ASSERT_TRUE(pkey);
2081
2082 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
2083 ERR_clear_error();
2084 }
2085
TEST(X509Test,TestEd25519)2086 TEST(X509Test, TestEd25519) {
2087 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519Cert));
2088 ASSERT_TRUE(cert);
2089
2090 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2091 ASSERT_TRUE(pkey);
2092
2093 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
2094 }
2095
TEST(X509Test,TestEd25519BadParameters)2096 TEST(X509Test, TestEd25519BadParameters) {
2097 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519CertNull));
2098 ASSERT_TRUE(cert);
2099
2100 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2101 ASSERT_TRUE(pkey);
2102
2103 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
2104
2105 EXPECT_TRUE(
2106 ErrorEquals(ERR_get_error(), ERR_LIB_X509, X509_R_INVALID_PARAMETER));
2107 ERR_clear_error();
2108 }
2109
TEST(X509Test,TestX25519)2110 TEST(X509Test, TestX25519) {
2111 bssl::UniquePtr<X509> cert(CertFromPEM(kX25519Cert));
2112 ASSERT_TRUE(cert);
2113
2114 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2115 ASSERT_TRUE(pkey);
2116
2117 EXPECT_EQ(EVP_PKEY_id(pkey.get()), EVP_PKEY_X25519);
2118
2119 constexpr uint8_t kExpectedPublicValue[] = {
2120 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
2121 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
2122 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a,
2123 };
2124 uint8_t public_value[sizeof(kExpectedPublicValue)];
2125 size_t public_value_size = sizeof(public_value);
2126 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pkey.get(), public_value,
2127 &public_value_size));
2128 EXPECT_EQ(Bytes(kExpectedPublicValue),
2129 Bytes(public_value, public_value_size));
2130 }
2131
ReencodeCertificate(X509 * cert)2132 static bssl::UniquePtr<X509> ReencodeCertificate(X509 *cert) {
2133 uint8_t *der = nullptr;
2134 int len = i2d_X509(cert, &der);
2135 bssl::UniquePtr<uint8_t> free_der(der);
2136 if (len <= 0) {
2137 return nullptr;
2138 }
2139
2140 const uint8_t *inp = der;
2141 return bssl::UniquePtr<X509>(d2i_X509(nullptr, &inp, len));
2142 }
2143
ReencodeCRL(X509_CRL * crl)2144 static bssl::UniquePtr<X509_CRL> ReencodeCRL(X509_CRL *crl) {
2145 uint8_t *der = nullptr;
2146 int len = i2d_X509_CRL(crl, &der);
2147 bssl::UniquePtr<uint8_t> free_der(der);
2148 if (len <= 0) {
2149 return nullptr;
2150 }
2151
2152 const uint8_t *inp = der;
2153 return bssl::UniquePtr<X509_CRL>(d2i_X509_CRL(nullptr, &inp, len));
2154 }
2155
ReencodeCSR(X509_REQ * req)2156 static bssl::UniquePtr<X509_REQ> ReencodeCSR(X509_REQ *req) {
2157 uint8_t *der = nullptr;
2158 int len = i2d_X509_REQ(req, &der);
2159 bssl::UniquePtr<uint8_t> free_der(der);
2160 if (len <= 0) {
2161 return nullptr;
2162 }
2163
2164 const uint8_t *inp = der;
2165 return bssl::UniquePtr<X509_REQ>(d2i_X509_REQ(nullptr, &inp, len));
2166 }
2167
SignatureRoundTrips(EVP_MD_CTX * md_ctx,EVP_PKEY * pkey)2168 static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) {
2169 // Make a certificate like signed with |md_ctx|'s settings.'
2170 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
2171 if (!cert || !X509_sign_ctx(cert.get(), md_ctx)) {
2172 return false;
2173 }
2174
2175 // Ensure that |pkey| may still be used to verify the resulting signature. All
2176 // settings in |md_ctx| must have been serialized appropriately.
2177 if (!X509_verify(cert.get(), pkey)) {
2178 return false;
2179 }
2180
2181 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
2182 // encoding and |X509_sign_ctx| should have dropped that cache.
2183 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
2184 return copy && X509_verify(copy.get(), pkey);
2185 }
2186
TEST(X509Test,RSASign)2187 TEST(X509Test, RSASign) {
2188 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
2189 ASSERT_TRUE(pkey);
2190 // Test PKCS#1 v1.5.
2191 bssl::ScopedEVP_MD_CTX md_ctx;
2192 ASSERT_TRUE(
2193 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
2194 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
2195
2196 // RSA-PSS with salt length matching hash length should work when passing in
2197 // -1 or the value explicitly.
2198 md_ctx.Reset();
2199 EVP_PKEY_CTX *pkey_ctx;
2200 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
2201 pkey.get()));
2202 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
2203 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
2204 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
2205
2206 md_ctx.Reset();
2207 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
2208 pkey.get()));
2209 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
2210 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 32));
2211 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
2212
2213 // RSA-PSS with SHA-1 is not supported.
2214 md_ctx.Reset();
2215 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha1(), NULL,
2216 pkey.get()));
2217 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
2218 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
2219 bssl::UniquePtr<X509> cert = CertFromPEM(kLeafPEM);
2220 ASSERT_TRUE(cert);
2221 EXPECT_FALSE(X509_sign_ctx(cert.get(), md_ctx.get()));
2222
2223 // RSA-PSS with mismatched hashes is not supported.
2224 md_ctx.Reset();
2225 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
2226 pkey.get()));
2227 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
2228 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
2229 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()));
2230 cert = CertFromPEM(kLeafPEM);
2231 ASSERT_TRUE(cert);
2232 EXPECT_FALSE(X509_sign_ctx(cert.get(), md_ctx.get()));
2233
2234 // RSA-PSS with the wrong salt length is not supported.
2235 md_ctx.Reset();
2236 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
2237 pkey.get()));
2238 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
2239 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 33));
2240 cert = CertFromPEM(kLeafPEM);
2241 ASSERT_TRUE(cert);
2242 EXPECT_FALSE(X509_sign_ctx(cert.get(), md_ctx.get()));
2243 }
2244
2245 // Test the APIs for signing a certificate, particularly whether they correctly
2246 // handle the TBSCertificate cache.
TEST(X509Test,SignCertificate)2247 TEST(X509Test, SignCertificate) {
2248 const int kSignatureNID = NID_sha384WithRSAEncryption;
2249 const EVP_MD *kSignatureHash = EVP_sha384();
2250
2251 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
2252 ASSERT_TRUE(pkey);
2253 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
2254 ASSERT_TRUE(algor);
2255 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
2256 V_ASN1_NULL, nullptr));
2257
2258 // Test both signing with |X509_sign| and constructing a signature manually.
2259 for (bool sign_manual : {true, false}) {
2260 SCOPED_TRACE(sign_manual);
2261
2262 // Test certificates made both from other certificates and |X509_new|, in
2263 // case there are bugs in filling in fields from different states. (Parsed
2264 // certificates contain a TBSCertificate cache, and |X509_new| initializes
2265 // fields based on complex ASN.1 template logic.)
2266 for (bool new_cert : {true, false}) {
2267 SCOPED_TRACE(new_cert);
2268
2269 bssl::UniquePtr<X509> cert;
2270 if (new_cert) {
2271 cert.reset(X509_new());
2272 ASSERT_TRUE(cert);
2273 // Fill in some fields for the certificate arbitrarily.
2274 EXPECT_TRUE(X509_set_version(cert.get(), X509_VERSION_3));
2275 EXPECT_TRUE(
2276 ASN1_INTEGER_set_int64(X509_get_serialNumber(cert.get()), 1));
2277 EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0));
2278 EXPECT_TRUE(
2279 X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24));
2280 X509_NAME *subject = X509_get_subject_name(cert.get());
2281 X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
2282 reinterpret_cast<const uint8_t *>("Test"),
2283 -1, -1, 0);
2284 EXPECT_TRUE(X509_set_issuer_name(cert.get(), subject));
2285 EXPECT_TRUE(X509_set_pubkey(cert.get(), pkey.get()));
2286 } else {
2287 // Extract fields from a parsed certificate.
2288 cert = CertFromPEM(kLeafPEM);
2289 ASSERT_TRUE(cert);
2290
2291 // We should test with a different algorithm from what is already in the
2292 // certificate.
2293 EXPECT_NE(kSignatureNID, X509_get_signature_nid(cert.get()));
2294 }
2295
2296 if (sign_manual) {
2297 // Fill in the signature algorithm.
2298 ASSERT_TRUE(X509_set1_signature_algo(cert.get(), algor.get()));
2299
2300 // Extract the TBSCertificiate.
2301 uint8_t *tbs_cert = nullptr;
2302 int tbs_cert_len = i2d_re_X509_tbs(cert.get(), &tbs_cert);
2303 bssl::UniquePtr<uint8_t> free_tbs_cert(tbs_cert);
2304 ASSERT_GT(tbs_cert_len, 0);
2305
2306 // Generate a signature externally and fill it in.
2307 bssl::ScopedEVP_MD_CTX md_ctx;
2308 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
2309 nullptr, pkey.get()));
2310 size_t sig_len;
2311 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs_cert,
2312 tbs_cert_len));
2313 std::vector<uint8_t> sig(sig_len);
2314 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs_cert,
2315 tbs_cert_len));
2316 sig.resize(sig_len);
2317 ASSERT_TRUE(
2318 X509_set1_signature_value(cert.get(), sig.data(), sig.size()));
2319 } else {
2320 int ret = X509_sign(cert.get(), pkey.get(), EVP_sha384());
2321 ASSERT_GT(ret, 0);
2322 // |X509_sign| returns the length of the signature on success.
2323 const ASN1_BIT_STRING *sig;
2324 X509_get0_signature(&sig, /*out_alg=*/nullptr, cert.get());
2325 EXPECT_EQ(ret, ASN1_STRING_length(sig));
2326 }
2327
2328 // Check the signature.
2329 EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
2330
2331 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
2332 // encoding and re-signing should have dropped that cache.
2333 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
2334 ASSERT_TRUE(copy);
2335 EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
2336 }
2337 }
2338 }
2339
2340 // Test the APIs for signing a CRL, particularly whether they correctly handle
2341 // the TBSCertList cache.
TEST(X509Test,SignCRL)2342 TEST(X509Test, SignCRL) {
2343 const int kSignatureNID = NID_sha384WithRSAEncryption;
2344 const EVP_MD *kSignatureHash = EVP_sha384();
2345
2346 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
2347 ASSERT_TRUE(pkey);
2348 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
2349 ASSERT_TRUE(algor);
2350 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
2351 V_ASN1_NULL, nullptr));
2352
2353 // Test both signing with |X509_CRL_sign| and constructing a signature
2354 // manually.
2355 for (bool sign_manual : {true, false}) {
2356 SCOPED_TRACE(sign_manual);
2357
2358 // Test CRLs made both from other CRLs and |X509_CRL_new|, in case there are
2359 // bugs in filling in fields from different states. (Parsed CRLs contain a
2360 // TBSCertList cache, and |X509_CRL_new| initializes fields based on complex
2361 // ASN.1 template logic.)
2362 for (bool new_crl : {true, false}) {
2363 SCOPED_TRACE(new_crl);
2364
2365 bssl::UniquePtr<X509_CRL> crl;
2366 if (new_crl) {
2367 crl.reset(X509_CRL_new());
2368 ASSERT_TRUE(crl);
2369 // Fill in some fields for the certificate arbitrarily.
2370 ASSERT_TRUE(X509_CRL_set_version(crl.get(), X509_CRL_VERSION_2));
2371 bssl::UniquePtr<ASN1_TIME> last_update(ASN1_TIME_new());
2372 ASSERT_TRUE(last_update);
2373 ASSERT_TRUE(ASN1_TIME_set_posix(last_update.get(), kReferenceTime));
2374 ASSERT_TRUE(X509_CRL_set1_lastUpdate(crl.get(), last_update.get()));
2375 bssl::UniquePtr<X509_NAME> issuer(X509_NAME_new());
2376 ASSERT_TRUE(issuer);
2377 ASSERT_TRUE(X509_NAME_add_entry_by_txt(
2378 issuer.get(), "CN", MBSTRING_ASC,
2379 reinterpret_cast<const uint8_t *>("Test"), -1, -1, 0));
2380 EXPECT_TRUE(X509_CRL_set_issuer_name(crl.get(), issuer.get()));
2381 } else {
2382 // Extract fields from a parsed CRL.
2383 crl = CRLFromPEM(kBasicCRL);
2384 ASSERT_TRUE(crl);
2385
2386 // We should test with a different algorithm from what is already in the
2387 // CRL.
2388 EXPECT_NE(kSignatureNID, X509_CRL_get_signature_nid(crl.get()));
2389 }
2390
2391 if (sign_manual) {
2392 // Fill in the signature algorithm.
2393 ASSERT_TRUE(X509_CRL_set1_signature_algo(crl.get(), algor.get()));
2394
2395 // Extract the TBSCertList.
2396 uint8_t *tbs = nullptr;
2397 int tbs_len = i2d_re_X509_CRL_tbs(crl.get(), &tbs);
2398 bssl::UniquePtr<uint8_t> free_tbs(tbs);
2399 ASSERT_GT(tbs_len, 0);
2400
2401 // Generate a signature externally and fill it in.
2402 bssl::ScopedEVP_MD_CTX md_ctx;
2403 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
2404 nullptr, pkey.get()));
2405 size_t sig_len;
2406 ASSERT_TRUE(
2407 EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
2408 std::vector<uint8_t> sig(sig_len);
2409 ASSERT_TRUE(
2410 EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
2411 sig.resize(sig_len);
2412 ASSERT_TRUE(
2413 X509_CRL_set1_signature_value(crl.get(), sig.data(), sig.size()));
2414 } else {
2415 ASSERT_TRUE(X509_CRL_sign(crl.get(), pkey.get(), EVP_sha384()));
2416 }
2417
2418 // Check the signature.
2419 EXPECT_TRUE(X509_CRL_verify(crl.get(), pkey.get()));
2420
2421 // Re-encode the CRL. X509_CRL objects contain a cached TBSCertList
2422 // encoding and re-signing should have dropped that cache.
2423 bssl::UniquePtr<X509_CRL> copy = ReencodeCRL(crl.get());
2424 ASSERT_TRUE(copy);
2425 EXPECT_TRUE(X509_CRL_verify(copy.get(), pkey.get()));
2426 }
2427 }
2428 }
2429
2430 static const char kTestCSR[] = R"(
2431 -----BEGIN CERTIFICATE REQUEST-----
2432 MIICVDCCATwCAQAwDzENMAsGA1UEAwwEVGVzdDCCASIwDQYJKoZIhvcNAQEBBQAD
2433 ggEPADCCAQoCggEBAK+UkwcNJfRhg5MzIQzxDdrqF9a76jNoK/BwCflKYFX7QEqf
2434 rsLkI0J+m60fUD0v50LnKwbGoMFKZ1R/3cBNXLcdXb7ZP/ZJ7A7QwUrL+W9n3sov
2435 U8/HSU3rHbg+V5L6egSZYuhDHoXKi33HDOL4DVUzMoU1ykmP4QwF1wUXHLqvqjbU
2436 teQBoJWO53/XOGQu8bX04muCFnHZWT2Ubqol70JwPU2PqDU1EBlgUFO79NEmflev
2437 b++H8tu42UCDUZXD9k5weftjneO4cud3IsUX6mDsyf7k1e2mxsS4TSZsJcG0iLBX
2438 HSr1udXazQsjlAKjJkoI3cWshF6LGRWssAtbGiUCAwEAAaAAMA0GCSqGSIb3DQEB
2439 CwUAA4IBAQAniYZL+amXu+wED+AwBZz+zPuxY16bveF27/gxcs/jq6hVpEQvMxfO
2440 jfAGeDRtAU7DMxdJPjvWwwNe2JlTMSRoVDMYaiKqB5yxIYa2cjQvp7swSxuFJwbG
2441 T8h7/d7yqem6NYYzgYsNOE5QJyNu/PsIEdvzrysfDAnREiT2ituOcVpiqUZq3DTj
2442 NaTd1GNG3j4E87ZUmayUJD5nH91UNzKvJbpfo+bLyfy73x4QeU0SRitsZmbSBTAi
2443 s9+zmCErxzMlAdJHGzxPkXmtvBnUzGRIsAD5h/DjYNUmQJkB60yplt84ZgThhx54
2444 rZGEJG3+X9OuhczVKGJyg+3gU7oDbecc
2445 -----END CERTIFICATE REQUEST-----
2446 )";
2447
2448 // Test the APIs for signing a CSR, particularly whether they correctly handle
2449 // the CertificationRequestInfo cache.
TEST(X509Test,SignCSR)2450 TEST(X509Test, SignCSR) {
2451 const int kSignatureNID = NID_sha384WithRSAEncryption;
2452 const EVP_MD *kSignatureHash = EVP_sha384();
2453
2454 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
2455 ASSERT_TRUE(pkey);
2456 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
2457 ASSERT_TRUE(algor);
2458 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
2459 V_ASN1_NULL, nullptr));
2460
2461 // Test both signing with |X509_REQ_sign| and constructing a signature
2462 // manually.
2463 for (bool sign_manual : {true, false}) {
2464 SCOPED_TRACE(sign_manual);
2465
2466 // Test CSRs made both from other CSRs and |X509_REQ_new|, in case there are
2467 // bugs in filling in fields from different states. (Parsed CSRs contain a
2468 // CertificationRequestInfo cache, and |X509_REQ_new| initializes fields
2469 // based on complex ASN.1 template logic.)
2470 for (bool new_csr : {true, false}) {
2471 SCOPED_TRACE(new_csr);
2472
2473 bssl::UniquePtr<X509_REQ> csr;
2474 if (new_csr) {
2475 csr.reset(X509_REQ_new());
2476 ASSERT_TRUE(csr);
2477 bssl::UniquePtr<X509_NAME> subject(X509_NAME_new());
2478 ASSERT_TRUE(subject);
2479 ASSERT_TRUE(X509_NAME_add_entry_by_txt(
2480 subject.get(), "CN", MBSTRING_ASC,
2481 reinterpret_cast<const uint8_t *>("New CSR"), -1, -1, 0));
2482 EXPECT_TRUE(X509_REQ_set_subject_name(csr.get(), subject.get()));
2483 } else {
2484 // Extract fields from a parsed CSR.
2485 csr = CSRFromPEM(kTestCSR);
2486 ASSERT_TRUE(csr);
2487 }
2488
2489 // Override the public key from the CSR unconditionally. Unlike
2490 // certificates and CRLs, CSRs do not contain a signed copy of the
2491 // signature algorithm, so we use a different field to confirm
2492 // |i2d_re_X509_REQ_tbs| clears the cache as expected.
2493 EXPECT_TRUE(X509_REQ_set_pubkey(csr.get(), pkey.get()));
2494
2495 if (sign_manual) {
2496 // Fill in the signature algorithm.
2497 ASSERT_TRUE(X509_REQ_set1_signature_algo(csr.get(), algor.get()));
2498
2499 // Extract the CertificationRequestInfo.
2500 uint8_t *tbs = nullptr;
2501 int tbs_len = i2d_re_X509_REQ_tbs(csr.get(), &tbs);
2502 bssl::UniquePtr<uint8_t> free_tbs(tbs);
2503 ASSERT_GT(tbs_len, 0);
2504
2505 // Generate a signature externally and fill it in.
2506 bssl::ScopedEVP_MD_CTX md_ctx;
2507 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
2508 nullptr, pkey.get()));
2509 size_t sig_len;
2510 ASSERT_TRUE(
2511 EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
2512 std::vector<uint8_t> sig(sig_len);
2513 ASSERT_TRUE(
2514 EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
2515 sig.resize(sig_len);
2516 ASSERT_TRUE(
2517 X509_REQ_set1_signature_value(csr.get(), sig.data(), sig.size()));
2518 } else {
2519 ASSERT_TRUE(X509_REQ_sign(csr.get(), pkey.get(), EVP_sha384()));
2520 }
2521
2522 // Check the signature.
2523 EXPECT_TRUE(X509_REQ_verify(csr.get(), pkey.get()));
2524
2525 // Re-encode the CSR. X509_REQ objects contain a cached
2526 // CertificationRequestInfo encoding and re-signing should have dropped
2527 // that cache.
2528 bssl::UniquePtr<X509_REQ> copy = ReencodeCSR(csr.get());
2529 ASSERT_TRUE(copy);
2530 EXPECT_TRUE(X509_REQ_verify(copy.get(), pkey.get()));
2531
2532 // Check the signature was over the new public key.
2533 bssl::UniquePtr<EVP_PKEY> copy_pubkey(X509_REQ_get_pubkey(copy.get()));
2534 ASSERT_TRUE(copy_pubkey);
2535 EXPECT_EQ(1, EVP_PKEY_cmp(pkey.get(), copy_pubkey.get()));
2536 }
2537 }
2538 }
2539
TEST(X509Test,Ed25519Sign)2540 TEST(X509Test, Ed25519Sign) {
2541 uint8_t pub_bytes[32], priv_bytes[64];
2542 ED25519_keypair(pub_bytes, priv_bytes);
2543
2544 bssl::UniquePtr<EVP_PKEY> pub(
2545 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, pub_bytes, 32));
2546 ASSERT_TRUE(pub);
2547 bssl::UniquePtr<EVP_PKEY> priv(
2548 EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, priv_bytes, 32));
2549 ASSERT_TRUE(priv);
2550
2551 bssl::ScopedEVP_MD_CTX md_ctx;
2552 ASSERT_TRUE(
2553 EVP_DigestSignInit(md_ctx.get(), nullptr, nullptr, nullptr, priv.get()));
2554 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
2555 }
2556
PEMToDER(bssl::UniquePtr<uint8_t> * out,size_t * out_len,const char * pem)2557 static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
2558 const char *pem) {
2559 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
2560 if (!bio) {
2561 return false;
2562 }
2563
2564 char *name, *header;
2565 uint8_t *data;
2566 long data_len;
2567 if (!PEM_read_bio(bio.get(), &name, &header, &data, &data_len)) {
2568 fprintf(stderr, "failed to read PEM data.\n");
2569 return false;
2570 }
2571 OPENSSL_free(name);
2572 OPENSSL_free(header);
2573
2574 out->reset(data);
2575 *out_len = data_len;
2576
2577 return true;
2578 }
2579
TEST(X509Test,TestFromBuffer)2580 TEST(X509Test, TestFromBuffer) {
2581 size_t data_len;
2582 bssl::UniquePtr<uint8_t> data;
2583 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2584
2585 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2586 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2587 ASSERT_TRUE(buf);
2588 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2589 ASSERT_TRUE(root);
2590
2591 const uint8_t *enc_pointer = root->cert_info->enc.enc;
2592 const uint8_t *buf_pointer = CRYPTO_BUFFER_data(buf.get());
2593 ASSERT_GE(enc_pointer, buf_pointer);
2594 ASSERT_LT(enc_pointer, buf_pointer + CRYPTO_BUFFER_len(buf.get()));
2595 buf.reset();
2596
2597 /* This ensures the X509 took a reference to |buf|, otherwise this will be a
2598 * reference to free memory and ASAN should notice. */
2599 ASSERT_EQ(0x30, enc_pointer[0]);
2600 }
2601
TEST(X509Test,TestFromBufferWithTrailingData)2602 TEST(X509Test, TestFromBufferWithTrailingData) {
2603 size_t data_len;
2604 bssl::UniquePtr<uint8_t> data;
2605 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2606
2607 auto trailing_data = std::make_unique<uint8_t[]>(data_len + 1);
2608 OPENSSL_memcpy(trailing_data.get(), data.get(), data_len);
2609
2610 bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data(
2611 CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr));
2612 ASSERT_TRUE(buf_trailing_data);
2613
2614 bssl::UniquePtr<X509> root_trailing_data(
2615 X509_parse_from_buffer(buf_trailing_data.get()));
2616 ASSERT_FALSE(root_trailing_data);
2617 }
2618
TEST(X509Test,TestFromBufferModified)2619 TEST(X509Test, TestFromBufferModified) {
2620 size_t data_len;
2621 bssl::UniquePtr<uint8_t> data;
2622 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2623
2624 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2625 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2626 ASSERT_TRUE(buf);
2627
2628 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2629 ASSERT_TRUE(root);
2630
2631 bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
2632 ASN1_INTEGER_set_int64(fourty_two.get(), 42);
2633 X509_set_serialNumber(root.get(), fourty_two.get());
2634
2635 ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
2636
2637 // Re-encode the TBSCertificate.
2638 i2d_re_X509_tbs(root.get(), nullptr);
2639
2640 ASSERT_NE(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
2641 }
2642
TEST(X509Test,TestFromBufferReused)2643 TEST(X509Test, TestFromBufferReused) {
2644 size_t data_len;
2645 bssl::UniquePtr<uint8_t> data;
2646 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2647
2648 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2649 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2650 ASSERT_TRUE(buf);
2651
2652 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2653 ASSERT_TRUE(root);
2654
2655 size_t data2_len;
2656 bssl::UniquePtr<uint8_t> data2;
2657 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
2658 EXPECT_TRUE(buffers_alias(root->cert_info->enc.enc, root->cert_info->enc.len,
2659 CRYPTO_BUFFER_data(buf.get()),
2660 CRYPTO_BUFFER_len(buf.get())));
2661
2662 // Historically, this function tested the interaction betweeen
2663 // |X509_parse_from_buffer| and object reuse. We no longer support object
2664 // reuse, so |d2i_X509| will replace |raw| with a new object. However, we
2665 // retain this test to verify that releasing objects from |d2i_X509| works
2666 // correctly.
2667 X509 *raw = root.release();
2668 const uint8_t *inp = data2.get();
2669 X509 *ret = d2i_X509(&raw, &inp, data2_len);
2670 root.reset(raw);
2671
2672 ASSERT_EQ(root.get(), ret);
2673 ASSERT_EQ(nullptr, root->cert_info->enc.buf);
2674 EXPECT_FALSE(buffers_alias(root->cert_info->enc.enc, root->cert_info->enc.len,
2675 CRYPTO_BUFFER_data(buf.get()),
2676 CRYPTO_BUFFER_len(buf.get())));
2677
2678 // Free |data2| and ensure that |root| took its own copy. Otherwise the
2679 // following will trigger a use-after-free.
2680 data2.reset();
2681
2682 uint8_t *i2d = nullptr;
2683 int i2d_len = i2d_X509(root.get(), &i2d);
2684 ASSERT_GE(i2d_len, 0);
2685 bssl::UniquePtr<uint8_t> i2d_storage(i2d);
2686
2687 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
2688
2689 ASSERT_EQ(static_cast<long>(data2_len), i2d_len);
2690 ASSERT_EQ(0, OPENSSL_memcmp(data2.get(), i2d, i2d_len));
2691 ASSERT_EQ(nullptr, root->cert_info->enc.buf);
2692 }
2693
TEST(X509Test,TestFailedParseFromBuffer)2694 TEST(X509Test, TestFailedParseFromBuffer) {
2695 static const uint8_t kNonsense[] = {1, 2, 3, 4, 5};
2696
2697 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2698 CRYPTO_BUFFER_new(kNonsense, sizeof(kNonsense), nullptr));
2699 ASSERT_TRUE(buf);
2700
2701 bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buf.get()));
2702 ASSERT_FALSE(cert);
2703 ERR_clear_error();
2704
2705 // Test a buffer with trailing data.
2706 size_t data_len;
2707 bssl::UniquePtr<uint8_t> data;
2708 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2709
2710 auto data_with_trailing_byte = std::make_unique<uint8_t[]>(data_len + 1);
2711 OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len);
2712 data_with_trailing_byte[data_len] = 0;
2713
2714 bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
2715 CRYPTO_BUFFER_new(data_with_trailing_byte.get(), data_len + 1, nullptr));
2716 ASSERT_TRUE(buf_with_trailing_byte);
2717
2718 bssl::UniquePtr<X509> root(
2719 X509_parse_from_buffer(buf_with_trailing_byte.get()));
2720 ASSERT_FALSE(root);
2721 ERR_clear_error();
2722 }
2723
TEST(X509Test,TestPrintUTCTIME)2724 TEST(X509Test, TestPrintUTCTIME) {
2725 static const struct {
2726 const char *val, *want;
2727 } asn1_utctime_tests[] = {
2728 {"", "Bad time value"},
2729
2730 // Correct RFC 5280 form. Test years < 2000 and > 2000.
2731 {"090303125425Z", "Mar 3 12:54:25 2009 GMT"},
2732 {"900303125425Z", "Mar 3 12:54:25 1990 GMT"},
2733 {"000303125425Z", "Mar 3 12:54:25 2000 GMT"},
2734
2735 // Correct form, bad values.
2736 {"000000000000Z", "Bad time value"},
2737 {"999999999999Z", "Bad time value"},
2738
2739 // Missing components.
2740 {"090303125425", "Bad time value"},
2741 {"9003031254", "Bad time value"},
2742 {"9003031254Z", "Bad time value"},
2743
2744 // GENERALIZEDTIME confused for UTCTIME.
2745 {"20090303125425Z", "Bad time value"},
2746
2747 // Legal ASN.1, but not legal RFC 5280.
2748 {"9003031254+0800", "Bad time value"},
2749 {"9003031254-0800", "Bad time value"},
2750
2751 // Trailing garbage.
2752 {"9003031254Z ", "Bad time value"},
2753 };
2754
2755 for (auto t : asn1_utctime_tests) {
2756 SCOPED_TRACE(t.val);
2757 bssl::UniquePtr<ASN1_UTCTIME> tm(ASN1_UTCTIME_new());
2758 ASSERT_TRUE(tm);
2759 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
2760 ASSERT_TRUE(bio);
2761
2762 // Use this instead of ASN1_UTCTIME_set() because some callers get
2763 // type-confused and pass ASN1_GENERALIZEDTIME to ASN1_UTCTIME_print().
2764 // ASN1_UTCTIME_set_string() is stricter, and would reject the inputs in
2765 // question.
2766 ASSERT_TRUE(ASN1_STRING_set(tm.get(), t.val, strlen(t.val)));
2767 const int ok = ASN1_UTCTIME_print(bio.get(), tm.get());
2768
2769 const uint8_t *contents;
2770 size_t len;
2771 ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len));
2772 EXPECT_EQ(ok, (strcmp(t.want, "Bad time value") != 0) ? 1 : 0);
2773 EXPECT_EQ(t.want,
2774 std::string(reinterpret_cast<const char *>(contents), len));
2775 }
2776 }
2777
TEST(X509Test,PrettyPrintIntegers)2778 TEST(X509Test, PrettyPrintIntegers) {
2779 static const char *kTests[] = {
2780 // Small numbers are pretty-printed in decimal.
2781 "0",
2782 "-1",
2783 "1",
2784 "42",
2785 "-42",
2786 "256",
2787 "-256",
2788 // Large numbers are pretty-printed in hex to avoid taking quadratic time.
2789 "0x0123456789",
2790 "-0x0123456789",
2791 };
2792 for (const char *in : kTests) {
2793 SCOPED_TRACE(in);
2794 BIGNUM *bn = nullptr;
2795 ASSERT_TRUE(BN_asc2bn(&bn, in));
2796 bssl::UniquePtr<BIGNUM> free_bn(bn);
2797
2798 {
2799 bssl::UniquePtr<ASN1_INTEGER> asn1(BN_to_ASN1_INTEGER(bn, nullptr));
2800 ASSERT_TRUE(asn1);
2801 bssl::UniquePtr<char> out(i2s_ASN1_INTEGER(nullptr, asn1.get()));
2802 ASSERT_TRUE(out.get());
2803 EXPECT_STREQ(in, out.get());
2804 }
2805
2806 {
2807 bssl::UniquePtr<ASN1_ENUMERATED> asn1(BN_to_ASN1_ENUMERATED(bn, nullptr));
2808 ASSERT_TRUE(asn1);
2809 bssl::UniquePtr<char> out(i2s_ASN1_ENUMERATED(nullptr, asn1.get()));
2810 ASSERT_TRUE(out.get());
2811 EXPECT_STREQ(in, out.get());
2812 }
2813 }
2814 }
2815
TEST(X509Test,X509AlgorSetMd)2816 TEST(X509Test, X509AlgorSetMd) {
2817 bssl::UniquePtr<X509_ALGOR> alg(X509_ALGOR_new());
2818 ASSERT_TRUE(alg);
2819 EXPECT_TRUE(X509_ALGOR_set_md(alg.get(), EVP_sha256()));
2820 const ASN1_OBJECT *obj;
2821 const void *pval;
2822 int ptype = 0;
2823 X509_ALGOR_get0(&obj, &ptype, &pval, alg.get());
2824 EXPECT_TRUE(obj);
2825 EXPECT_EQ(OBJ_obj2nid(obj), NID_sha256);
2826 EXPECT_EQ(ptype, V_ASN1_NULL); // OpenSSL has V_ASN1_UNDEF
2827 EXPECT_EQ(pval, nullptr);
2828 EXPECT_TRUE(X509_ALGOR_set_md(alg.get(), EVP_md5()));
2829 X509_ALGOR_get0(&obj, &ptype, &pval, alg.get());
2830 EXPECT_EQ(OBJ_obj2nid(obj), NID_md5);
2831 EXPECT_EQ(ptype, V_ASN1_NULL);
2832 EXPECT_EQ(pval, nullptr);
2833 }
2834
TEST(X509Test,X509NameSet)2835 TEST(X509Test, X509NameSet) {
2836 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
2837 ASSERT_TRUE(name);
2838 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2839 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("US"),
2840 -1, -1, 0));
2841 EXPECT_EQ(X509_NAME_entry_count(name.get()), 1);
2842 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2843 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("CA"),
2844 -1, -1, 0));
2845 EXPECT_EQ(X509_NAME_entry_count(name.get()), 2);
2846 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2847 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("UK"),
2848 -1, -1, 0));
2849 EXPECT_EQ(X509_NAME_entry_count(name.get()), 3);
2850 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2851 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("JP"),
2852 -1, 1, 0));
2853 EXPECT_EQ(X509_NAME_entry_count(name.get()), 4);
2854
2855 // Check that the correct entries get incremented when inserting new entry.
2856 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1);
2857 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2);
2858 }
2859
2860 // Tests that |X509_NAME_hash| and |X509_NAME_hash_old|'s values never change.
2861 // These functions figure into |X509_LOOKUP_hash_dir|'s on-disk format, so they
2862 // must remain stable. In particular, if we ever remove name canonicalization,
2863 // we'll need to preserve it for |X509_NAME_hash|.
TEST(X509Test,NameHash)2864 TEST(X509Test, NameHash) {
2865 struct {
2866 std::vector<uint8_t> name_der;
2867 uint32_t hash;
2868 uint32_t hash_old;
2869 } kTests[] = {
2870 // SEQUENCE {
2871 // SET {
2872 // SEQUENCE {
2873 // # commonName
2874 // OBJECT_IDENTIFIER { 2.5.4.3 }
2875 // UTF8String { "Test Name" }
2876 // }
2877 // }
2878 // }
2879 {{0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03,
2880 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x4e, 0x61, 0x6d, 0x65},
2881 0xc90fba01,
2882 0x8c0d4fea},
2883
2884 // This name canonicalizes to the same value, with OpenSSL's algorithm, as
2885 // the above input, so |hash| matches. |hash_old| doesn't use
2886 // canonicalization and does not match.
2887 //
2888 // SEQUENCE {
2889 // SET {
2890 // SEQUENCE {
2891 // # commonName
2892 // OBJECT_IDENTIFIER { 2.5.4.3 }
2893 // BMPString {
2894 // u"\x09\n\x0b\x0c\x0d tEST\x09\n\x0b\x0c\x0d "
2895 // u"\x09\n\x0b\x0c\x0d nAME\x09\n\x0b\x0c\x0d "
2896 // }
2897 // }
2898 // }
2899 // }
2900 {{0x30, 0x4b, 0x31, 0x49, 0x30, 0x47, 0x06, 0x03, 0x55, 0x04, 0x03,
2901 0x1e, 0x40, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00,
2902 0x0d, 0x00, 0x20, 0x00, 0x74, 0x00, 0x45, 0x00, 0x53, 0x00, 0x54,
2903 0x00, 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x0d, 0x00,
2904 0x20, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x0d,
2905 0x00, 0x20, 0x00, 0x6e, 0x00, 0x41, 0x00, 0x4d, 0x00, 0x45, 0x00,
2906 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x0d, 0x00, 0x20},
2907 0xc90fba01,
2908 0xbe2dd8c8},
2909 };
2910 for (const auto &t : kTests) {
2911 SCOPED_TRACE(Bytes(t.name_der));
2912 const uint8_t *der = t.name_der.data();
2913 bssl::UniquePtr<X509_NAME> name(
2914 d2i_X509_NAME(nullptr, &der, t.name_der.size()));
2915 ASSERT_TRUE(name);
2916 EXPECT_EQ(t.hash, X509_NAME_hash(name.get()));
2917 EXPECT_EQ(t.hash_old, X509_NAME_hash_old(name.get()));
2918 }
2919 }
2920
TEST(X509Test,NoBasicConstraintsCertSign)2921 TEST(X509Test, NoBasicConstraintsCertSign) {
2922 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2923 bssl::UniquePtr<X509> intermediate(
2924 CertFromPEM(kNoBasicConstraintsCertSignIntermediate));
2925 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf));
2926
2927 ASSERT_TRUE(root);
2928 ASSERT_TRUE(intermediate);
2929 ASSERT_TRUE(leaf);
2930
2931 // The intermediate has keyUsage certSign, but is not marked as a CA in the
2932 // basicConstraints.
2933 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2934 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2935
2936 // |X509_check_purpose| with |X509_PURPOSE_ANY| and purpose -1 do not check
2937 // basicConstraints, but other purpose types do. (This is redundant with the
2938 // actual basicConstraints check, but |X509_check_purpose| is public API.)
2939 EXPECT_TRUE(X509_check_purpose(intermediate.get(), -1, /*ca=*/1));
2940 EXPECT_TRUE(
2941 X509_check_purpose(intermediate.get(), X509_PURPOSE_ANY, /*ca=*/1));
2942 EXPECT_FALSE(X509_check_purpose(intermediate.get(), X509_PURPOSE_SSL_SERVER,
2943 /*ca=*/1));
2944 }
2945
TEST(X509Test,NoBasicConstraintsNetscapeCA)2946 TEST(X509Test, NoBasicConstraintsNetscapeCA) {
2947 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2948 bssl::UniquePtr<X509> intermediate(
2949 CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate));
2950 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf));
2951
2952 ASSERT_TRUE(root);
2953 ASSERT_TRUE(intermediate);
2954 ASSERT_TRUE(leaf);
2955
2956 // The intermediate has a Netscape certificate type of "SSL CA", but is not
2957 // marked as a CA in the basicConstraints.
2958 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2959 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2960 }
2961
TEST(X509Test,MismatchAlgorithms)2962 TEST(X509Test, MismatchAlgorithms) {
2963 bssl::UniquePtr<X509> cert(CertFromPEM(kSelfSignedMismatchAlgorithms));
2964 ASSERT_TRUE(cert);
2965
2966 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2967 ASSERT_TRUE(pkey);
2968
2969 EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
2970 EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_X509,
2971 X509_R_SIGNATURE_ALGORITHM_MISMATCH));
2972 }
2973
TEST(X509Test,PEMX509Info)2974 TEST(X509Test, PEMX509Info) {
2975 std::string cert = kRootCAPEM;
2976 auto cert_obj = CertFromPEM(kRootCAPEM);
2977 ASSERT_TRUE(cert_obj);
2978
2979 std::string rsa = kRSAKey;
2980 auto rsa_obj = PrivateKeyFromPEM(kRSAKey);
2981 ASSERT_TRUE(rsa_obj);
2982
2983 std::string crl = kBasicCRL;
2984 auto crl_obj = CRLFromPEM(kBasicCRL);
2985 ASSERT_TRUE(crl_obj);
2986
2987 std::string unknown =
2988 "-----BEGIN UNKNOWN-----\n"
2989 "AAAA\n"
2990 "-----END UNKNOWN-----\n";
2991
2992 std::string invalid =
2993 "-----BEGIN CERTIFICATE-----\n"
2994 "AAAA\n"
2995 "-----END CERTIFICATE-----\n";
2996
2997 // Each X509_INFO contains at most one certificate, CRL, etc. The format
2998 // creates a new X509_INFO when a repeated type is seen.
2999 std::string pem =
3000 // The first few entries have one of everything in different orders.
3001 cert + rsa + crl +
3002 rsa + crl + cert +
3003 // Unknown types are ignored.
3004 crl + unknown + cert + rsa +
3005 // Seeing a new certificate starts a new entry, so now we have a bunch of
3006 // certificate-only entries.
3007 cert + cert + cert +
3008 // The key folds into the certificate's entry.
3009 cert + rsa +
3010 // Doubled keys also start new entries.
3011 rsa + rsa + rsa + rsa + crl +
3012 // As do CRLs.
3013 crl + crl;
3014
3015 const struct ExpectedInfo {
3016 const X509 *cert;
3017 const EVP_PKEY *key;
3018 const X509_CRL *crl;
3019 } kExpected[] = {
3020 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
3021 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
3022 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
3023 {cert_obj.get(), nullptr, nullptr},
3024 {cert_obj.get(), nullptr, nullptr},
3025 {cert_obj.get(), nullptr, nullptr},
3026 {cert_obj.get(), rsa_obj.get(), nullptr},
3027 {nullptr, rsa_obj.get(), nullptr},
3028 {nullptr, rsa_obj.get(), nullptr},
3029 {nullptr, rsa_obj.get(), nullptr},
3030 {nullptr, rsa_obj.get(), crl_obj.get()},
3031 {nullptr, nullptr, crl_obj.get()},
3032 {nullptr, nullptr, crl_obj.get()},
3033 };
3034
3035 auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) {
3036 if (expected->cert != nullptr) {
3037 EXPECT_EQ(0, X509_cmp(expected->cert, info->x509));
3038 } else {
3039 EXPECT_EQ(nullptr, info->x509);
3040 }
3041 if (expected->crl != nullptr) {
3042 EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl));
3043 } else {
3044 EXPECT_EQ(nullptr, info->crl);
3045 }
3046 if (expected->key != nullptr) {
3047 ASSERT_NE(nullptr, info->x_pkey);
3048 // EVP_PKEY_cmp returns one if the keys are equal.
3049 EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey));
3050 } else {
3051 EXPECT_EQ(nullptr, info->x_pkey);
3052 }
3053 };
3054
3055 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size()));
3056 ASSERT_TRUE(bio);
3057 bssl::UniquePtr<STACK_OF(X509_INFO)> infos(
3058 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
3059 ASSERT_TRUE(infos);
3060 ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
3061 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
3062 SCOPED_TRACE(i);
3063 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
3064 }
3065
3066 // Passing an existing stack appends to it.
3067 bio.reset(BIO_new_mem_buf(pem.data(), pem.size()));
3068 ASSERT_TRUE(bio);
3069 ASSERT_EQ(infos.get(),
3070 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
3071 ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
3072 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
3073 SCOPED_TRACE(i);
3074 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
3075 check_info(
3076 &kExpected[i],
3077 sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected)));
3078 }
3079
3080 // Gracefully handle errors in both the append and fresh cases.
3081 std::string bad_pem = cert + cert + invalid;
3082
3083 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
3084 ASSERT_TRUE(bio);
3085 bssl::UniquePtr<STACK_OF(X509_INFO)> infos2(
3086 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
3087 EXPECT_FALSE(infos2);
3088
3089 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
3090 ASSERT_TRUE(bio);
3091 EXPECT_FALSE(
3092 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
3093 EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
3094 }
3095
TEST(X509Test,ReadBIOEmpty)3096 TEST(X509Test, ReadBIOEmpty) {
3097 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(nullptr, 0));
3098 ASSERT_TRUE(bio);
3099
3100 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
3101 // certificates.
3102 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
3103 EXPECT_FALSE(x509);
3104 EXPECT_TRUE(
3105 ErrorEquals(ERR_get_error(), ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG));
3106 }
3107
TEST(X509Test,ReadBIOOneByte)3108 TEST(X509Test, ReadBIOOneByte) {
3109 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf("\x30", 1));
3110 ASSERT_TRUE(bio);
3111
3112 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
3113 // certificates. This EOF appeared after some data, however, so we do not wish
3114 // to signal EOF.
3115 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
3116 EXPECT_FALSE(x509);
3117 EXPECT_TRUE(
3118 ErrorEquals(ERR_get_error(), ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA));
3119 }
3120
TEST(X509Test,PartialBIOReturn)3121 TEST(X509Test, PartialBIOReturn) {
3122 // Create a filter BIO that only reads and writes one byte at a time.
3123 bssl::UniquePtr<BIO_METHOD> method(BIO_meth_new(0, nullptr));
3124 ASSERT_TRUE(method);
3125 ASSERT_TRUE(BIO_meth_set_create(method.get(), [](BIO *b) -> int {
3126 BIO_set_init(b, 1);
3127 return 1;
3128 }));
3129 ASSERT_TRUE(
3130 BIO_meth_set_read(method.get(), [](BIO *b, char *out, int len) -> int {
3131 return BIO_read(BIO_next(b), out, std::min(len, 1));
3132 }));
3133 ASSERT_TRUE(BIO_meth_set_write(
3134 method.get(), [](BIO *b, const char *in, int len) -> int {
3135 return BIO_write(BIO_next(b), in, std::min(len, 1));
3136 }));
3137
3138 bssl::UniquePtr<BIO> bio(BIO_new(method.get()));
3139 ASSERT_TRUE(bio);
3140 BIO *mem_bio = BIO_new(BIO_s_mem());
3141 ASSERT_TRUE(mem_bio);
3142 BIO_push(bio.get(), mem_bio); // BIO_push takes ownership.
3143
3144 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
3145 ASSERT_TRUE(cert);
3146 uint8_t *der = nullptr;
3147 int der_len = i2d_X509(cert.get(), &der);
3148 ASSERT_GT(der_len, 0);
3149 bssl::UniquePtr<uint8_t> free_der(der);
3150
3151 // Write the certificate into the BIO. Though we only write one byte at a
3152 // time, the write should succeed.
3153 ASSERT_EQ(1, i2d_X509_bio(bio.get(), cert.get()));
3154 const uint8_t *der2;
3155 size_t der2_len;
3156 ASSERT_TRUE(BIO_mem_contents(mem_bio, &der2, &der2_len));
3157 EXPECT_EQ(Bytes(der, static_cast<size_t>(der_len)), Bytes(der2, der2_len));
3158
3159 // Read the certificate back out of the BIO. Though we only read one byte at a
3160 // time, the read should succeed.
3161 bssl::UniquePtr<X509> cert2(d2i_X509_bio(bio.get(), nullptr));
3162 ASSERT_TRUE(cert2);
3163 EXPECT_EQ(0, X509_cmp(cert.get(), cert2.get()));
3164 }
3165
TEST(X509Test,CommonNameFallback)3166 TEST(X509Test, CommonNameFallback) {
3167 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
3168 ASSERT_TRUE(root);
3169 bssl::UniquePtr<X509> with_sans = CertFromPEM(kCommonNameWithSANs);
3170 ASSERT_TRUE(with_sans);
3171 bssl::UniquePtr<X509> without_sans = CertFromPEM(kCommonNameWithoutSANs);
3172 ASSERT_TRUE(without_sans);
3173 bssl::UniquePtr<X509> with_email = CertFromPEM(kCommonNameWithEmailSAN);
3174 ASSERT_TRUE(with_email);
3175 bssl::UniquePtr<X509> with_ip = CertFromPEM(kCommonNameWithIPSAN);
3176 ASSERT_TRUE(with_ip);
3177
3178 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
3179 return Verify(leaf, {root.get()}, {}, {}, 0, [&](X509_STORE_CTX *ctx) {
3180 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
3181 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
3182 X509_VERIFY_PARAM_set_hostflags(param, flags);
3183 });
3184 };
3185
3186 // By default, the common name is ignored if the SAN list is present but
3187 // otherwise is checked.
3188 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3189 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host1.test"));
3190 EXPECT_EQ(X509_V_OK,
3191 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host2.test"));
3192 EXPECT_EQ(X509_V_OK,
3193 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host3.test"));
3194 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(), 0 /* no flags */,
3195 "foo.host1.test"));
3196 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3197 verify_cert(with_email.get(), 0 /* no flags */, "foo.host1.test"));
3198 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3199 verify_cert(with_ip.get(), 0 /* no flags */, "foo.host1.test"));
3200
3201 // X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT is ignored.
3202 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3203 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
3204 "foo.host1.test"));
3205 EXPECT_EQ(X509_V_OK,
3206 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
3207 "foo.host2.test"));
3208 EXPECT_EQ(X509_V_OK,
3209 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
3210 "foo.host3.test"));
3211 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(),
3212 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
3213 "foo.host1.test"));
3214 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3215 verify_cert(with_email.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
3216 "foo.host1.test"));
3217 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3218 verify_cert(with_ip.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
3219 "foo.host1.test"));
3220
3221 // X509_CHECK_FLAG_NEVER_CHECK_SUBJECT implements the correct behavior: the
3222 // common name is never checked.
3223 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3224 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
3225 "foo.host1.test"));
3226 EXPECT_EQ(X509_V_OK,
3227 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
3228 "foo.host2.test"));
3229 EXPECT_EQ(X509_V_OK,
3230 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
3231 "foo.host3.test"));
3232 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3233 verify_cert(without_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
3234 "foo.host1.test"));
3235 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3236 verify_cert(with_email.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
3237 "foo.host1.test"));
3238 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3239 verify_cert(with_ip.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
3240 "foo.host1.test"));
3241 }
3242
TEST(X509Test,LooksLikeDNSName)3243 TEST(X509Test, LooksLikeDNSName) {
3244 static const char *kValid[] = {
3245 "example.com",
3246 "eXample123-.com",
3247 "*.example.com",
3248 "exa_mple.com",
3249 "example.com.",
3250 "project-dev:us-central1:main",
3251 };
3252 static const char *kInvalid[] = {
3253 "-eXample123-.com",
3254 "",
3255 ".",
3256 "*",
3257 "*.",
3258 "example..com",
3259 ".example.com",
3260 "example.com..",
3261 "*foo.example.com",
3262 "foo.*.example.com",
3263 "foo,bar",
3264 };
3265
3266 for (const char *str : kValid) {
3267 SCOPED_TRACE(str);
3268 EXPECT_TRUE(x509v3_looks_like_dns_name(
3269 reinterpret_cast<const uint8_t *>(str), strlen(str)));
3270 }
3271 for (const char *str : kInvalid) {
3272 SCOPED_TRACE(str);
3273 EXPECT_FALSE(x509v3_looks_like_dns_name(
3274 reinterpret_cast<const uint8_t *>(str), strlen(str)));
3275 }
3276 }
3277
TEST(X509Test,CommonNameAndNameConstraints)3278 TEST(X509Test, CommonNameAndNameConstraints) {
3279 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
3280 ASSERT_TRUE(root);
3281 bssl::UniquePtr<X509> intermediate = CertFromPEM(kConstrainedIntermediate);
3282 ASSERT_TRUE(intermediate);
3283 bssl::UniquePtr<X509> permitted = CertFromPEM(kCommonNamePermittedLeaf);
3284 ASSERT_TRUE(permitted);
3285 bssl::UniquePtr<X509> not_permitted =
3286 CertFromPEM(kCommonNameNotPermittedLeaf);
3287 ASSERT_TRUE(not_permitted);
3288 bssl::UniquePtr<X509> not_permitted_with_sans =
3289 CertFromPEM(kCommonNameNotPermittedWithSANsLeaf);
3290 ASSERT_TRUE(not_permitted_with_sans);
3291 bssl::UniquePtr<X509> not_dns = CertFromPEM(kCommonNameNotDNSLeaf);
3292 ASSERT_TRUE(not_dns);
3293
3294 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
3295 return Verify(
3296 leaf, {root.get()}, {intermediate.get()}, {}, 0,
3297 [&](X509_STORE_CTX *ctx) {
3298 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
3299 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
3300 X509_VERIFY_PARAM_set_hostflags(param, flags);
3301 });
3302 };
3303
3304 // Certificates which would otherwise trigger the common name fallback are
3305 // rejected whenever there are name constraints. We do this whether or not
3306 // the common name matches the constraints.
3307 EXPECT_EQ(
3308 X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
3309 verify_cert(permitted.get(), 0 /* no flags */, kCommonNamePermitted));
3310 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
3311 verify_cert(not_permitted.get(), 0 /* no flags */,
3312 kCommonNameNotPermitted));
3313
3314 // This occurs even if the built-in name checks aren't used. The caller may
3315 // separately call |X509_check_host|.
3316 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
3317 Verify(not_permitted.get(), {root.get()}, {intermediate.get()}, {},
3318 0 /* no flags */, nullptr));
3319
3320 // If the leaf certificate has SANs, the common name fallback is always
3321 // disabled, so the name constraints do not apply.
3322 EXPECT_EQ(X509_V_OK, Verify(not_permitted_with_sans.get(), {root.get()},
3323 {intermediate.get()}, {}, 0, nullptr));
3324 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3325 verify_cert(not_permitted_with_sans.get(), 0 /* no flags */,
3326 kCommonNameNotPermittedWithSANs));
3327
3328 // If the common name does not look like a DNS name, we apply neither name
3329 // constraints nor common name fallback.
3330 EXPECT_EQ(X509_V_OK, Verify(not_dns.get(), {root.get()}, {intermediate.get()},
3331 {}, 0, nullptr));
3332 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3333 verify_cert(not_dns.get(), 0 /* no flags */, kCommonNameNotDNS));
3334 }
3335
TEST(X509Test,ServerGatedCryptoEKUs)3336 TEST(X509Test, ServerGatedCryptoEKUs) {
3337 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
3338 ASSERT_TRUE(root);
3339 bssl::UniquePtr<X509> ms_sgc = CertFromPEM(kMicrosoftSGCCert);
3340 ASSERT_TRUE(ms_sgc);
3341 bssl::UniquePtr<X509> ns_sgc = CertFromPEM(kNetscapeSGCCert);
3342 ASSERT_TRUE(ns_sgc);
3343 bssl::UniquePtr<X509> server_eku = CertFromPEM(kServerEKUCert);
3344 ASSERT_TRUE(server_eku);
3345 bssl::UniquePtr<X509> server_eku_plus_ms_sgc =
3346 CertFromPEM(kServerEKUPlusMicrosoftSGCCert);
3347 ASSERT_TRUE(server_eku_plus_ms_sgc);
3348 bssl::UniquePtr<X509> any_eku = CertFromPEM(kAnyEKU);
3349 ASSERT_TRUE(any_eku);
3350 bssl::UniquePtr<X509> no_eku = CertFromPEM(kNoEKU);
3351 ASSERT_TRUE(no_eku);
3352
3353 auto verify_cert = [&root](X509 *leaf) {
3354 return Verify(leaf, {root.get()}, /*intermediates=*/{}, /*crls=*/{},
3355 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
3356 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
3357 ASSERT_TRUE(X509_VERIFY_PARAM_set_purpose(
3358 param, X509_PURPOSE_SSL_SERVER));
3359 });
3360 };
3361
3362 // Neither the Microsoft nor Netscape SGC EKU should be sufficient for
3363 // |X509_PURPOSE_SSL_SERVER|. The "any" EKU probably, technically, should be.
3364 // However, we've never accepted it and it's not acceptable in leaf
3365 // certificates by the Baseline, so perhaps we don't need this complexity.
3366 for (X509 *leaf : {ms_sgc.get(), ns_sgc.get(), any_eku.get()}) {
3367 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE, verify_cert(leaf));
3368 }
3369
3370 // The server-auth EKU is sufficient, and it doesn't matter if an SGC EKU is
3371 // also included. Lastly, not specifying an EKU is also valid.
3372 for (X509 *leaf : {server_eku.get(), server_eku_plus_ms_sgc.get(),
3373 no_eku.get()}) {
3374 EXPECT_EQ(X509_V_OK, verify_cert(leaf));
3375 }
3376 }
3377
3378 // Test that invalid extensions are rejected by, if not the parser, at least the
3379 // verifier.
TEST(X509Test,InvalidExtensions)3380 TEST(X509Test, InvalidExtensions) {
3381 bssl::UniquePtr<X509> root = CertFromPEM(
3382 GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str());
3383 ASSERT_TRUE(root);
3384 bssl::UniquePtr<X509> intermediate = CertFromPEM(
3385 GetTestData("crypto/x509/test/invalid_extension_intermediate.pem")
3386 .c_str());
3387 ASSERT_TRUE(intermediate);
3388 bssl::UniquePtr<X509> leaf = CertFromPEM(
3389 GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str());
3390 ASSERT_TRUE(leaf);
3391
3392 // Sanity-check that the baseline chain is accepted.
3393 EXPECT_EQ(X509_V_OK,
3394 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}));
3395
3396 static const char *kExtensions[] = {
3397 "authority_key_identifier",
3398 "basic_constraints",
3399 "ext_key_usage",
3400 "key_usage",
3401 "name_constraints",
3402 "subject_alt_name",
3403 "subject_key_identifier",
3404 };
3405 for (const char *ext : kExtensions) {
3406 SCOPED_TRACE(ext);
3407 bssl::UniquePtr<X509> invalid_root = CertFromPEM(
3408 GetTestData((std::string("crypto/x509/test/invalid_extension_root_") +
3409 ext + ".pem")
3410 .c_str())
3411 .c_str());
3412 ASSERT_TRUE(invalid_root);
3413
3414 bssl::UniquePtr<X509> invalid_intermediate = CertFromPEM(
3415 GetTestData(
3416 (std::string("crypto/x509/test/invalid_extension_intermediate_") +
3417 ext + ".pem")
3418 .c_str())
3419 .c_str());
3420 ASSERT_TRUE(invalid_intermediate);
3421
3422 bssl::UniquePtr<X509> invalid_leaf = CertFromPEM(
3423 GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") +
3424 ext + ".pem")
3425 .c_str())
3426 .c_str());
3427 ASSERT_TRUE(invalid_leaf);
3428
3429 bssl::UniquePtr<X509> trailing_leaf = CertFromPEM(
3430 GetTestData((std::string("crypto/x509/test/trailing_data_leaf_") +
3431 ext + ".pem")
3432 .c_str())
3433 .c_str());
3434 ASSERT_TRUE(trailing_leaf);
3435
3436 EXPECT_EQ(
3437 X509_V_ERR_INVALID_EXTENSION,
3438 Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {}));
3439
3440 EXPECT_EQ(
3441 X509_V_ERR_INVALID_EXTENSION,
3442 Verify(trailing_leaf.get(), {root.get()}, {intermediate.get()}, {}));
3443
3444 // If the invalid extension is on an intermediate or root,
3445 // |X509_verify_cert| notices by way of being unable to build a path to
3446 // a valid issuer.
3447 EXPECT_EQ(
3448 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
3449 Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {}));
3450 EXPECT_EQ(
3451 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
3452 Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {}));
3453 }
3454 }
3455
3456 // kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number
3457 // encoded explicitly, rather than omitted as required by DER.
3458 static const char kExplicitDefaultVersionPEM[] = R"(
3459 -----BEGIN CERTIFICATE-----
3460 MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3461 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3462 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3463 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3464 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3465 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3466 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
3467 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
3468 FA==
3469 -----END CERTIFICATE-----
3470 )";
3471
3472 // kNegativeVersionPEM is an X.509 certificate with a negative version number.
3473 static const char kNegativeVersionPEM[] = R"(
3474 -----BEGIN CERTIFICATE-----
3475 MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3476 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3477 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3478 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3479 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3480 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3481 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
3482 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
3483 FA==
3484 -----END CERTIFICATE-----
3485 )";
3486
3487 // kFutureVersionPEM is an X.509 certificate with a version number value of
3488 // three, which is not defined. (v3 has value two).
3489 static const char kFutureVersionPEM[] = R"(
3490 -----BEGIN CERTIFICATE-----
3491 MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3492 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3493 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3494 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3495 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3496 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3497 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
3498 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
3499 FA==
3500 -----END CERTIFICATE-----
3501 )";
3502
3503 // kOverflowVersionPEM is an X.509 certificate with a version field which
3504 // overflows |uint64_t|.
3505 static const char kOverflowVersionPEM[] = R"(
3506 -----BEGIN CERTIFICATE-----
3507 MIIBoDCCAUegJgIkAP//////////////////////////////////////////////
3508 AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
3509 U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X
3510 DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR
3511 BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
3512 IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX
3513 a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw
3514 CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd
3515 xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
3516 -----END CERTIFICATE-----
3517 )";
3518
3519 // kV1WithExtensionsPEM is an X.509v1 certificate with extensions.
3520 static const char kV1WithExtensionsPEM[] = R"(
3521 -----BEGIN CERTIFICATE-----
3522 MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
3523 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
3524 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
3525 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
3526 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
3527 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
3528 lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud
3529 IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI
3530 zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe
3531 eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
3532 -----END CERTIFICATE-----
3533 )";
3534
3535 // kV2WithExtensionsPEM is an X.509v2 certificate with extensions.
3536 static const char kV2WithExtensionsPEM[] = R"(
3537 -----BEGIN CERTIFICATE-----
3538 MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3539 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3540 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3541 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3542 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3543 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3544 HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
3545 HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
3546 BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
3547 BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=
3548 -----END CERTIFICATE-----
3549 )";
3550
3551 // kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
3552 static const char kV1WithIssuerUniqueIDPEM[] = R"(
3553 -----BEGIN CERTIFICATE-----
3554 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
3555 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
3556 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
3557 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
3558 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
3559 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
3560 lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
3561 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
3562 MlJhXnXJFA==
3563 -----END CERTIFICATE-----
3564 )";
3565
3566 // kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
3567 static const char kV1WithSubjectUniqueIDPEM[] = R"(
3568 -----BEGIN CERTIFICATE-----
3569 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
3570 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
3571 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
3572 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
3573 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
3574 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
3575 lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
3576 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
3577 MlJhXnXJFA==
3578 -----END CERTIFICATE-----
3579 )";
3580
3581 // kV1CRLWithExtensionsPEM is a v1 CRL with extensions.
3582 static const char kV1CRLWithExtensionsPEM[] = R"(
3583 -----BEGIN X509 CRL-----
3584 MIIBpDCBjTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwK
3585 Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9y
3586 aW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNVHRQE
3587 AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LNZEAc
3588 +a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWoeOkq
3589 0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4osdsAR
3590 eBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vvdiyu
3591 0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho/vBb
3592 hl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
3593 -----END X509 CRL-----
3594 )";
3595
3596 // kExplicitDefaultVersionCRLPEM is a v1 CRL with an explicitly-encoded version
3597 // field.
3598 static const char kExplicitDefaultVersionCRLPEM[] = R"(
3599 -----BEGIN X509 CRL-----
3600 MIIBlzCBgAIBADANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
3601 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
3602 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaMA0GCSqGSIb3
3603 DQEBCwUAA4IBAQCesEoqC933H3PAr2u1S9V4V4nv4s1kQBz5rmjGk80SwnHqFegC
3604 lgRvNczG5YFCgKzmIQHJxIa51y3bUv4xV/bszfwqtah46SrRrayKpWJBk7YVv9JQ
3605 VHST3NvzGXzpl/rmWA+mUAu6fRtX8dPswlyXThNziix2wBF4GzmepMY0R3kCULWI
3606 oe9BmQz/8wPnUOykqcOmwOJRWLniH0LVKl9mZfwfZW92LK7R9n9s8AzdUAZrBq1/
3607 9LJZ8EzIqmg9cQbf2gDOaOM6Px6fzamyfubjvggZqGj+8FuGXWazmpCItg+ObhgQ
3608 u2ddCgXILva0GNt0V39kT2TgI0oNvEVRcVuT
3609 -----END X509 CRL-----
3610 )";
3611
3612 // kV3CRLPEM is a v3 CRL. CRL versions only go up to v2.
3613 static const char kV3CRLPEM[] = R"(
3614 -----BEGIN X509 CRL-----
3615 MIIBpzCBkAIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
3616 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
3617 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
3618 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
3619 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
3620 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
3621 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
3622 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
3623 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
3624 -----END X509 CRL-----
3625 )";
3626
3627 // kV2CSRPEM is a v2 CSR. CSR versions only go up to v1.
3628 static const char kV2CSRPEM[] = R"(
3629 -----BEGIN CERTIFICATE REQUEST-----
3630 MIHJMHECAQEwDzENMAsGA1UEAwwEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH
3631 A0IABJjsayyAQod1J7UJYNT8AH4WWxLdKV0ozhrIz6hCzBAze7AqXWOSH8G+1EWC
3632 pSfL3oMQNtBdJS0kpXXaUqEAgTSgADAKBggqhkjOPQQDAgNIADBFAiAUXVaEYATg
3633 4Cc917T73KBImxh6xyhsA5pKuYpq1S4m9wIhAK+G93HR4ur7Ghel6+zUTvIAsj9e
3634 rsn4lSYsqI4OI4ei
3635 -----END CERTIFICATE REQUEST-----
3636 )";
3637
3638 // kV3CSRPEM is a v3 CSR. CSR versions only go up to v1.
3639 static const char kV3CSRPEM[] = R"(
3640 -----BEGIN CERTIFICATE REQUEST-----
3641 MIHJMHECAQIwDzENMAsGA1UEAwwEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH
3642 A0IABJjsayyAQod1J7UJYNT8AH4WWxLdKV0ozhrIz6hCzBAze7AqXWOSH8G+1EWC
3643 pSfL3oMQNtBdJS0kpXXaUqEAgTSgADAKBggqhkjOPQQDAgNIADBFAiAUXVaEYATg
3644 4Cc917T73KBImxh6xyhsA5pKuYpq1S4m9wIhAK+G93HR4ur7Ghel6+zUTvIAsj9e
3645 rsn4lSYsqI4OI4ei
3646 -----END CERTIFICATE REQUEST-----
3647 )";
3648
3649 // Test that the library enforces versions are valid and match the fields
3650 // present.
TEST(X509Test,InvalidVersion)3651 TEST(X509Test, InvalidVersion) {
3652 // kExplicitDefaultVersionPEM is invalid but, for now, we accept it. See
3653 // https://crbug.com/boringssl/364.
3654 EXPECT_TRUE(CertFromPEM(kExplicitDefaultVersionPEM));
3655 EXPECT_TRUE(CRLFromPEM(kExplicitDefaultVersionCRLPEM));
3656
3657 EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM));
3658 EXPECT_FALSE(CertFromPEM(kFutureVersionPEM));
3659 EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM));
3660 EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
3661 EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
3662 EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM));
3663 EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM));
3664 EXPECT_FALSE(CRLFromPEM(kV1CRLWithExtensionsPEM));
3665 EXPECT_FALSE(CRLFromPEM(kV3CRLPEM));
3666 EXPECT_FALSE(CSRFromPEM(kV2CSRPEM));
3667
3668 // kV3CSRPEM is invalid but, for now, we accept it. See
3669 // https://github.com/certbot/certbot/pull/9334
3670 EXPECT_TRUE(CSRFromPEM(kV3CSRPEM));
3671
3672 bssl::UniquePtr<X509> x509(X509_new());
3673 ASSERT_TRUE(x509);
3674 EXPECT_FALSE(X509_set_version(x509.get(), -1));
3675 EXPECT_FALSE(X509_set_version(x509.get(), X509_VERSION_3 + 1));
3676 EXPECT_FALSE(X509_set_version(x509.get(), 9999));
3677
3678 bssl::UniquePtr<X509_CRL> crl(X509_CRL_new());
3679 ASSERT_TRUE(crl);
3680 EXPECT_FALSE(X509_CRL_set_version(crl.get(), -1));
3681 EXPECT_FALSE(X509_CRL_set_version(crl.get(), X509_CRL_VERSION_2 + 1));
3682 EXPECT_FALSE(X509_CRL_set_version(crl.get(), 9999));
3683
3684 bssl::UniquePtr<X509_REQ> req(X509_REQ_new());
3685 ASSERT_TRUE(req);
3686 EXPECT_FALSE(X509_REQ_set_version(req.get(), -1));
3687 EXPECT_FALSE(X509_REQ_set_version(req.get(), X509_REQ_VERSION_1 + 1));
3688 EXPECT_FALSE(X509_REQ_set_version(req.get(), 9999));
3689 }
3690
3691 // Unlike upstream OpenSSL, we require a non-null store in
3692 // |X509_STORE_CTX_init|.
TEST(X509Test,NullStore)3693 TEST(X509Test, NullStore) {
3694 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
3695 ASSERT_TRUE(leaf);
3696 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
3697 ASSERT_TRUE(ctx);
3698 EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr));
3699 }
3700
TEST(X509Test,StoreCtxReuse)3701 TEST(X509Test, StoreCtxReuse) {
3702 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
3703 ASSERT_TRUE(leaf);
3704 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
3705 ASSERT_TRUE(store);
3706 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
3707 ASSERT_TRUE(ctx);
3708 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), leaf.get(), nullptr));
3709 // Re-initializing |ctx| should not leak memory.
3710 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), leaf.get(), nullptr));
3711 }
3712
TEST(X509Test,BasicConstraints)3713 TEST(X509Test, BasicConstraints) {
3714 const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID;
3715
3716 static const struct {
3717 const char *file;
3718 uint32_t flags;
3719 int path_len;
3720 } kTests[] = {
3721 {"basic_constraints_none.pem", 0, -1},
3722 {"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1},
3723 {"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0},
3724 {"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1},
3725 {"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10},
3726 {"basic_constraints_leaf.pem", EXFLAG_BCONS, -1},
3727 {"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1},
3728 };
3729
3730 for (const auto &test : kTests) {
3731 SCOPED_TRACE(test.file);
3732
3733 std::string path = "crypto/x509/test/";
3734 path += test.file;
3735
3736 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path.c_str()).c_str());
3737 ASSERT_TRUE(cert);
3738 EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask);
3739 EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get()));
3740 }
3741 }
3742
3743 // The following strings are test certificates signed by kP256Key and kRSAKey,
3744 // with missing, NULL, or invalid algorithm parameters.
3745 static const char kP256NoParam[] = R"(
3746 -----BEGIN CERTIFICATE-----
3747 MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
3748 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
3749 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
3750 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
3751 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy
3752 aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy
3753 gGzFYg==
3754 -----END CERTIFICATE-----
3755 )";
3756 static const char kP256NullParam[] = R"(
3757 -----BEGIN CERTIFICATE-----
3758 MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw
3759 IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl
3760 c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3
3761 qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw
3762 DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX
3763 UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r
3764 t6uPxHrmpUY=
3765 -----END CERTIFICATE-----
3766 )";
3767 static const char kP256InvalidParam[] = R"(
3768 -----BEGIN CERTIFICATE-----
3769 MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD
3770 EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD
3771 VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N
3772 lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L
3773 z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF
3774 AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y
3775 fLULTZnynuQUULQkRcF7S7T2WpIL
3776 -----END CERTIFICATE-----
3777 )";
3778 static const char kRSANoParam[] = R"(
3779 -----BEGIN CERTIFICATE-----
3780 MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg
3781 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
3782 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
3783 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
3784 MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh
3785 brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N
3786 l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY
3787 TWUH2ieFP3l+ecj1SeQR
3788 -----END CERTIFICATE-----
3789 )";
3790 static const char kRSANullParam[] = R"(
3791 -----BEGIN CERTIFICATE-----
3792 MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0
3793 MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU
3794 ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr
3795 t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ
3796 MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL
3797 fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy
3798 seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua
3799 SwmQUz4bRpckRBj+sIyp1We+pg==
3800 -----END CERTIFICATE-----
3801 )";
3802 static const char kRSAInvalidParam[] = R"(
3803 -----BEGIN CERTIFICATE-----
3804 MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE
3805 AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG
3806 A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e
3807 DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt
3808 S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB
3809 AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0
3810 4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8
3811 5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9
3812 -----END CERTIFICATE-----
3813 )";
3814
TEST(X509Test,AlgorithmParameters)3815 TEST(X509Test, AlgorithmParameters) {
3816 // P-256 parameters should be omitted, but we accept NULL ones.
3817 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
3818 ASSERT_TRUE(key);
3819
3820 bssl::UniquePtr<X509> cert = CertFromPEM(kP256NoParam);
3821 ASSERT_TRUE(cert);
3822 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3823
3824 cert = CertFromPEM(kP256NullParam);
3825 ASSERT_TRUE(cert);
3826 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3827
3828 cert = CertFromPEM(kP256InvalidParam);
3829 ASSERT_TRUE(cert);
3830 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
3831 EXPECT_TRUE(
3832 ErrorEquals(ERR_get_error(), ERR_LIB_X509, X509_R_INVALID_PARAMETER));
3833
3834 // RSA parameters should be NULL, but we accept omitted ones.
3835 key = PrivateKeyFromPEM(kRSAKey);
3836 ASSERT_TRUE(key);
3837
3838 cert = CertFromPEM(kRSANoParam);
3839 ASSERT_TRUE(cert);
3840 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3841
3842 cert = CertFromPEM(kRSANullParam);
3843 ASSERT_TRUE(cert);
3844 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3845
3846 cert = CertFromPEM(kRSAInvalidParam);
3847 ASSERT_TRUE(cert);
3848 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
3849 EXPECT_TRUE(
3850 ErrorEquals(ERR_get_error(), ERR_LIB_X509, X509_R_INVALID_PARAMETER));
3851 }
3852
TEST(X509Test,GeneralName)3853 TEST(X509Test, GeneralName) {
3854 const std::vector<uint8_t> kNames[] = {
3855 // [0] {
3856 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3857 // [0] {
3858 // SEQUENCE {}
3859 // }
3860 // }
3861 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3862 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00},
3863 // [0] {
3864 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3865 // [0] {
3866 // [APPLICATION 0] {}
3867 // }
3868 // }
3869 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3870 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00},
3871 // [0] {
3872 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3873 // [0] {
3874 // UTF8String { "a" }
3875 // }
3876 // }
3877 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3878 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61},
3879 // [0] {
3880 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
3881 // [0] {
3882 // UTF8String { "a" }
3883 // }
3884 // }
3885 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3886 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61},
3887 // [0] {
3888 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3889 // [0] {
3890 // UTF8String { "b" }
3891 // }
3892 // }
3893 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3894 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62},
3895 // [0] {
3896 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3897 // [0] {
3898 // BOOLEAN { TRUE }
3899 // }
3900 // }
3901 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3902 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff},
3903 // [0] {
3904 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3905 // [0] {
3906 // BOOLEAN { FALSE }
3907 // }
3908 // }
3909 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3910 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00},
3911 // [1 PRIMITIVE] { "a" }
3912 {0x81, 0x01, 0x61},
3913 // [1 PRIMITIVE] { "b" }
3914 {0x81, 0x01, 0x62},
3915 // [2 PRIMITIVE] { "a" }
3916 {0x82, 0x01, 0x61},
3917 // [2 PRIMITIVE] { "b" }
3918 {0x82, 0x01, 0x62},
3919 // [3] {}
3920 {0xa3, 0x00},
3921 // [4] {
3922 // SEQUENCE {
3923 // SET {
3924 // SEQUENCE {
3925 // # commonName
3926 // OBJECT_IDENTIFIER { 2.5.4.3 }
3927 // UTF8String { "a" }
3928 // }
3929 // }
3930 // }
3931 // }
3932 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
3933 0x03, 0x0c, 0x01, 0x61},
3934 // [4] {
3935 // SEQUENCE {
3936 // SET {
3937 // SEQUENCE {
3938 // # commonName
3939 // OBJECT_IDENTIFIER { 2.5.4.3 }
3940 // UTF8String { "b" }
3941 // }
3942 // }
3943 // }
3944 // }
3945 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
3946 0x03, 0x0c, 0x01, 0x62},
3947 // [5] {
3948 // [1] {
3949 // UTF8String { "a" }
3950 // }
3951 // }
3952 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3953 // [5] {
3954 // [1] {
3955 // UTF8String { "b" }
3956 // }
3957 // }
3958 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62},
3959 // [5] {
3960 // [0] {
3961 // UTF8String {}
3962 // }
3963 // [1] {
3964 // UTF8String { "a" }
3965 // }
3966 // }
3967 {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3968 // [5] {
3969 // [0] {
3970 // UTF8String { "a" }
3971 // }
3972 // [1] {
3973 // UTF8String { "a" }
3974 // }
3975 // }
3976 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3977 // [5] {
3978 // [0] {
3979 // UTF8String { "b" }
3980 // }
3981 // [1] {
3982 // UTF8String { "a" }
3983 // }
3984 // }
3985 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3986 // [6 PRIMITIVE] { "a" }
3987 {0x86, 0x01, 0x61},
3988 // [6 PRIMITIVE] { "b" }
3989 {0x86, 0x01, 0x62},
3990 // [7 PRIMITIVE] { `11111111` }
3991 {0x87, 0x04, 0x11, 0x11, 0x11, 0x11},
3992 // [7 PRIMITIVE] { `22222222`}
3993 {0x87, 0x04, 0x22, 0x22, 0x22, 0x22},
3994 // [7 PRIMITIVE] { `11111111111111111111111111111111` }
3995 {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
3996 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
3997 // [7 PRIMITIVE] { `22222222222222222222222222222222` }
3998 {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
3999 0x22, 0x22, 0x22, 0x22, 0x22, 0x22},
4000 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 }
4001 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
4002 0x09, 0x02, 0x01},
4003 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 }
4004 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
4005 0x09, 0x02, 0x02},
4006 };
4007
4008 // Every name should be equal to itself and not equal to any others.
4009 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) {
4010 SCOPED_TRACE(Bytes(kNames[i]));
4011
4012 const uint8_t *ptr = kNames[i].data();
4013 bssl::UniquePtr<GENERAL_NAME> a(
4014 d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size()));
4015 ASSERT_TRUE(a);
4016 ASSERT_EQ(ptr, kNames[i].data() + kNames[i].size());
4017
4018 uint8_t *enc = nullptr;
4019 int enc_len = i2d_GENERAL_NAME(a.get(), &enc);
4020 ASSERT_GE(enc_len, 0);
4021 bssl::UniquePtr<uint8_t> free_enc(enc);
4022 EXPECT_EQ(Bytes(enc, enc_len), Bytes(kNames[i]));
4023
4024 for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) {
4025 SCOPED_TRACE(Bytes(kNames[j]));
4026
4027 ptr = kNames[j].data();
4028 bssl::UniquePtr<GENERAL_NAME> b(
4029 d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size()));
4030 ASSERT_TRUE(b);
4031 ASSERT_EQ(ptr, kNames[j].data() + kNames[j].size());
4032
4033 if (i == j) {
4034 EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0);
4035 } else {
4036 EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0);
4037 }
4038 }
4039 }
4040 }
4041
4042 // Test that extracting fields of an |X509_ALGOR| works correctly.
TEST(X509Test,X509AlgorExtract)4043 TEST(X509Test, X509AlgorExtract) {
4044 static const char kTestOID[] = "1.2.840.113554.4.1.72585.2";
4045 const struct {
4046 int param_type;
4047 std::vector<uint8_t> param_der;
4048 } kTests[] = {
4049 // No parameter.
4050 {V_ASN1_UNDEF, {}},
4051 // BOOLEAN { TRUE }
4052 {V_ASN1_BOOLEAN, {0x01, 0x01, 0xff}},
4053 // BOOLEAN { FALSE }
4054 {V_ASN1_BOOLEAN, {0x01, 0x01, 0x00}},
4055 // OCTET_STRING { "a" }
4056 {V_ASN1_OCTET_STRING, {0x04, 0x01, 0x61}},
4057 // BIT_STRING { `01` `00` }
4058 {V_ASN1_BIT_STRING, {0x03, 0x02, 0x01, 0x00}},
4059 // INTEGER { -1 }
4060 {V_ASN1_INTEGER, {0x02, 0x01, 0xff}},
4061 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
4062 {V_ASN1_OBJECT,
4063 {0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
4064 0x09, 0x02}},
4065 // NULL {}
4066 {V_ASN1_NULL, {0x05, 0x00}},
4067 // SEQUENCE {}
4068 {V_ASN1_SEQUENCE, {0x30, 0x00}},
4069 // SET {}
4070 {V_ASN1_SET, {0x31, 0x00}},
4071 // [0] { UTF8String { "a" } }
4072 {V_ASN1_OTHER, {0xa0, 0x03, 0x0c, 0x01, 0x61}},
4073 };
4074 for (const auto &t : kTests) {
4075 SCOPED_TRACE(Bytes(t.param_der));
4076
4077 // Assemble an AlgorithmIdentifier with the parameter.
4078 bssl::ScopedCBB cbb;
4079 CBB seq, oid;
4080 ASSERT_TRUE(CBB_init(cbb.get(), 64));
4081 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE));
4082 ASSERT_TRUE(CBB_add_asn1(&seq, &oid, CBS_ASN1_OBJECT));
4083 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&oid, kTestOID, strlen(kTestOID)));
4084 ASSERT_TRUE(CBB_add_bytes(&seq, t.param_der.data(), t.param_der.size()));
4085 ASSERT_TRUE(CBB_flush(cbb.get()));
4086
4087 const uint8_t *ptr = CBB_data(cbb.get());
4088 bssl::UniquePtr<X509_ALGOR> alg(
4089 d2i_X509_ALGOR(nullptr, &ptr, CBB_len(cbb.get())));
4090 ASSERT_TRUE(alg);
4091
4092 const ASN1_OBJECT *obj;
4093 int param_type;
4094 const void *param_value;
4095 X509_ALGOR_get0(&obj, ¶m_type, ¶m_value, alg.get());
4096
4097 EXPECT_EQ(param_type, t.param_type);
4098 char oid_buf[sizeof(kTestOID)];
4099 ASSERT_EQ(int(sizeof(oid_buf) - 1),
4100 OBJ_obj2txt(oid_buf, sizeof(oid_buf), obj,
4101 /*always_return_oid=*/1));
4102 EXPECT_STREQ(oid_buf, kTestOID);
4103
4104 // |param_type| and |param_value| must be consistent with |ASN1_TYPE|.
4105 if (param_type == V_ASN1_UNDEF) {
4106 EXPECT_EQ(nullptr, param_value);
4107 } else {
4108 bssl::UniquePtr<ASN1_TYPE> param(ASN1_TYPE_new());
4109 ASSERT_TRUE(param);
4110 ASSERT_TRUE(ASN1_TYPE_set1(param.get(), param_type, param_value));
4111
4112 uint8_t *param_der = nullptr;
4113 int param_len = i2d_ASN1_TYPE(param.get(), ¶m_der);
4114 ASSERT_GE(param_len, 0);
4115 bssl::UniquePtr<uint8_t> free_param_der(param_der);
4116
4117 EXPECT_EQ(Bytes(param_der, param_len), Bytes(t.param_der));
4118 }
4119 }
4120 }
4121
4122 // Test the various |X509_ATTRIBUTE| creation functions.
TEST(X509Test,Attribute)4123 TEST(X509Test, Attribute) {
4124 // The expected attribute values are:
4125 // 1. BMPString U+2603
4126 // 2. BMPString "test"
4127 // 3. INTEGER -1 (not valid for friendlyName)
4128 static const uint8_t kTest1[] = {0x26, 0x03}; // U+2603 SNOWMAN
4129 static const uint8_t kTest1UTF8[] = {0xe2, 0x98, 0x83};
4130 static const uint8_t kTest2[] = {0, 't', 0, 'e', 0, 's', 0, 't'};
4131
4132 constexpr uint32_t kTest1Mask = 1 << 0;
4133 constexpr uint32_t kTest2Mask = 1 << 1;
4134 constexpr uint32_t kTest3Mask = 1 << 2;
4135 auto check_attribute = [&](X509_ATTRIBUTE *attr, uint32_t mask) {
4136 EXPECT_EQ(NID_friendlyName, OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)));
4137
4138 int idx = 0;
4139 if (mask & kTest1Mask) {
4140 // The first attribute should contain |kTest1|.
4141 const ASN1_TYPE *value = X509_ATTRIBUTE_get0_type(attr, idx);
4142 ASSERT_TRUE(value);
4143 EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
4144 EXPECT_EQ(Bytes(kTest1),
4145 Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
4146 ASN1_STRING_length(value->value.bmpstring)));
4147
4148 // |X509_ATTRIBUTE_get0_data| requires the type match.
4149 EXPECT_FALSE(
4150 X509_ATTRIBUTE_get0_data(attr, idx, V_ASN1_OCTET_STRING, nullptr));
4151 const ASN1_BMPSTRING *bmpstring = static_cast<const ASN1_BMPSTRING *>(
4152 X509_ATTRIBUTE_get0_data(attr, idx, V_ASN1_BMPSTRING, nullptr));
4153 ASSERT_TRUE(bmpstring);
4154 EXPECT_EQ(Bytes(kTest1), Bytes(ASN1_STRING_get0_data(bmpstring),
4155 ASN1_STRING_length(bmpstring)));
4156 idx++;
4157 }
4158
4159 if (mask & kTest2Mask) {
4160 const ASN1_TYPE *value = X509_ATTRIBUTE_get0_type(attr, idx);
4161 ASSERT_TRUE(value);
4162 EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
4163 EXPECT_EQ(Bytes(kTest2),
4164 Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
4165 ASN1_STRING_length(value->value.bmpstring)));
4166 idx++;
4167 }
4168
4169 if (mask & kTest3Mask) {
4170 const ASN1_TYPE *value = X509_ATTRIBUTE_get0_type(attr, idx);
4171 ASSERT_TRUE(value);
4172 EXPECT_EQ(V_ASN1_INTEGER, value->type);
4173 int64_t v;
4174 ASSERT_TRUE(ASN1_INTEGER_get_int64(&v, value->value.integer));
4175 EXPECT_EQ(v, -1);
4176 idx++;
4177 }
4178
4179 EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, idx));
4180 };
4181
4182 bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
4183 ASSERT_TRUE(str);
4184 ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
4185
4186 // Test |X509_ATTRIBUTE_create|.
4187 bssl::UniquePtr<X509_ATTRIBUTE> attr(
4188 X509_ATTRIBUTE_create(NID_friendlyName, V_ASN1_BMPSTRING, str.get()));
4189 ASSERT_TRUE(attr);
4190 str.release(); // |X509_ATTRIBUTE_create| takes ownership on success.
4191 check_attribute(attr.get(), kTest1Mask);
4192
4193 // Test the |MBSTRING_*| form of |X509_ATTRIBUTE_set1_data|.
4194 attr.reset(X509_ATTRIBUTE_new());
4195 ASSERT_TRUE(attr);
4196 ASSERT_TRUE(
4197 X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
4198 ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), MBSTRING_UTF8, kTest1UTF8,
4199 sizeof(kTest1UTF8)));
4200 check_attribute(attr.get(), kTest1Mask);
4201
4202 // Test the |ASN1_STRING| form of |X509_ATTRIBUTE_set1_data|.
4203 ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, kTest2,
4204 sizeof(kTest2)));
4205 check_attribute(attr.get(), kTest1Mask | kTest2Mask);
4206
4207 // The |ASN1_STRING| form of |X509_ATTRIBUTE_set1_data| should correctly
4208 // handle negative integers.
4209 const uint8_t kOne = 1;
4210 ASSERT_TRUE(
4211 X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_NEG_INTEGER, &kOne, 1));
4212 check_attribute(attr.get(), kTest1Mask | kTest2Mask | kTest3Mask);
4213
4214 // Test the |ASN1_TYPE| form of |X509_ATTRIBUTE_set1_data|.
4215 attr.reset(X509_ATTRIBUTE_new());
4216 ASSERT_TRUE(attr);
4217 ASSERT_TRUE(
4218 X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
4219 str.reset(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
4220 ASSERT_TRUE(str);
4221 ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
4222 ASSERT_TRUE(
4223 X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, str.get(), -1));
4224 check_attribute(attr.get(), kTest1Mask);
4225
4226 // An |attrtype| of zero leaves the attribute empty.
4227 attr.reset(X509_ATTRIBUTE_create_by_NID(
4228 nullptr, NID_friendlyName, /*attrtype=*/0, /*data=*/nullptr, /*len=*/0));
4229 ASSERT_TRUE(attr);
4230 check_attribute(attr.get(), 0);
4231 }
4232
4233 // Test that, by default, |X509_V_FLAG_TRUSTED_FIRST| is set, which means we'll
4234 // skip over server-sent expired intermediates when there is a local trust
4235 // anchor that works better.
TEST(X509Test,TrustedFirst)4236 TEST(X509Test, TrustedFirst) {
4237 // Generate the following certificates:
4238 //
4239 // Root 2 (in store, expired)
4240 // |
4241 // Root 1 (in store) Root 1 (cross-sign)
4242 // \ /
4243 // Intermediate
4244 // |
4245 // Leaf
4246 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
4247 ASSERT_TRUE(key);
4248
4249 bssl::UniquePtr<X509> root2 =
4250 MakeTestCert("Root 2", "Root 2", key.get(), /*is_ca=*/true);
4251 ASSERT_TRUE(root2);
4252 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root2.get()), kReferenceTime,
4253 /*offset_day=*/0,
4254 /*offset_sec=*/-1));
4255 ASSERT_TRUE(X509_sign(root2.get(), key.get(), EVP_sha256()));
4256
4257 bssl::UniquePtr<X509> root1 =
4258 MakeTestCert("Root 1", "Root 1", key.get(), /*is_ca=*/true);
4259 ASSERT_TRUE(root1);
4260 ASSERT_TRUE(X509_sign(root1.get(), key.get(), EVP_sha256()));
4261
4262 bssl::UniquePtr<X509> root1_cross =
4263 MakeTestCert("Root 2", "Root 1", key.get(), /*is_ca=*/true);
4264 ASSERT_TRUE(root1_cross);
4265 ASSERT_TRUE(X509_sign(root1_cross.get(), key.get(), EVP_sha256()));
4266
4267 bssl::UniquePtr<X509> intermediate =
4268 MakeTestCert("Root 1", "Intermediate", key.get(), /*is_ca=*/true);
4269 ASSERT_TRUE(intermediate);
4270 ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
4271
4272 bssl::UniquePtr<X509> leaf =
4273 MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
4274 ASSERT_TRUE(leaf);
4275 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
4276
4277 // As a control, confirm that |leaf| -> |intermediate| -> |root1| is valid,
4278 // but the path through |root1_cross| is expired.
4279 EXPECT_EQ(X509_V_OK,
4280 Verify(leaf.get(), {root1.get()}, {intermediate.get()}, {}));
4281 EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
4282 Verify(leaf.get(), {root2.get()},
4283 {intermediate.get(), root1_cross.get()}, {}));
4284
4285 // By default, we should find the |leaf| -> |intermediate| -> |root2| chain,
4286 // skipping |root1_cross|.
4287 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root1.get(), root2.get()},
4288 {intermediate.get(), root1_cross.get()}, {}));
4289
4290 // When |X509_V_FLAG_TRUSTED_FIRST| is disabled, we get stuck on the expired
4291 // intermediate. Note we need the callback to clear the flag. Setting |flags|
4292 // to zero only skips setting new flags.
4293 //
4294 // This test exists to confirm our current behavior, but these modes are just
4295 // workarounds for not having an actual path-building verifier. If we fix it,
4296 // this test can be removed.
4297 EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
4298 Verify(leaf.get(), {root1.get(), root2.get()},
4299 {intermediate.get(), root1_cross.get()}, {}, /*flags=*/0,
4300 [&](X509_STORE_CTX *ctx) {
4301 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
4302 X509_VERIFY_PARAM_clear_flags(param,
4303 X509_V_FLAG_TRUSTED_FIRST);
4304 }));
4305
4306 // Even when |X509_V_FLAG_TRUSTED_FIRST| is disabled, if |root2| is not
4307 // trusted, the alt chains logic recovers the path.
4308 EXPECT_EQ(
4309 X509_V_OK,
4310 Verify(leaf.get(), {root1.get()}, {intermediate.get(), root1_cross.get()},
4311 {}, /*flags=*/0, [&](X509_STORE_CTX *ctx) {
4312 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
4313 X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST);
4314 }));
4315 }
4316
4317 // Test that notBefore and notAfter checks work correctly.
TEST(X509Test,Expiry)4318 TEST(X509Test, Expiry) {
4319 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
4320 ASSERT_TRUE(key);
4321
4322 auto make_cert = [&](const char *issuer, const char *subject, bool is_ca,
4323 int not_before_offset,
4324 int not_after_offset) -> bssl::UniquePtr<X509> {
4325 bssl::UniquePtr<X509> cert =
4326 MakeTestCert(issuer, subject, key.get(), is_ca);
4327 if (cert == nullptr ||
4328 !ASN1_TIME_adj(X509_getm_notBefore(cert.get()), kReferenceTime,
4329 /*offset_day=*/not_before_offset,
4330 /*offset_sec=*/0) ||
4331 !ASN1_TIME_adj(X509_getm_notAfter(cert.get()), kReferenceTime,
4332 /*offset_day=*/not_after_offset,
4333 /*offset_sec=*/0) ||
4334 !X509_sign(cert.get(), key.get(), EVP_sha256())) {
4335 return nullptr;
4336 }
4337 return cert;
4338 };
4339
4340 struct Certs {
4341 bssl::UniquePtr<X509> not_yet_valid, valid, expired;
4342 };
4343 auto make_certs = [&](const char *issuer, const char *subject,
4344 bool is_ca) -> Certs {
4345 Certs certs;
4346 certs.not_yet_valid =
4347 make_cert(issuer, subject, is_ca, /*not_before_offset=*/1,
4348 /*not_after_offset=*/2);
4349 certs.valid = make_cert(issuer, subject, is_ca, /*not_before_offset=*/-1,
4350 /*not_after_offset=*/1);
4351 certs.expired = make_cert(issuer, subject, is_ca, /*not_before_offset=*/-2,
4352 /*not_after_offset=*/-1);
4353 if (certs.not_yet_valid == nullptr || certs.valid == nullptr ||
4354 certs.expired == nullptr) {
4355 return Certs{};
4356 }
4357 return certs;
4358 };
4359
4360 Certs root = make_certs("Root", "Root", /*is_ca=*/true);
4361 ASSERT_TRUE(root.valid);
4362 Certs root_cross = make_certs("Root 2", "Root", /*is_ca=*/true);
4363 ASSERT_TRUE(root_cross.valid);
4364 Certs intermediate = make_certs("Root", "Intermediate", /*is_ca=*/true);
4365 ASSERT_TRUE(intermediate.valid);
4366 Certs leaf = make_certs("Intermediate", "Leaf", /*is_ca=*/false);
4367 ASSERT_TRUE(leaf.valid);
4368
4369 for (bool check_time : {true, false}) {
4370 SCOPED_TRACE(check_time);
4371 for (bool partial_chain : {true, false}) {
4372 SCOPED_TRACE(partial_chain);
4373 unsigned long flags = 0;
4374 if (!check_time) {
4375 flags |= X509_V_FLAG_NO_CHECK_TIME;
4376 }
4377 if (partial_chain) {
4378 flags |= X509_V_FLAG_PARTIAL_CHAIN;
4379 }
4380
4381 int not_yet_valid =
4382 check_time ? X509_V_ERR_CERT_NOT_YET_VALID : X509_V_OK;
4383 int has_expired = check_time ? X509_V_ERR_CERT_HAS_EXPIRED : X509_V_OK;
4384
4385 EXPECT_EQ(not_yet_valid,
4386 Verify(leaf.not_yet_valid.get(), {root.valid.get()},
4387 {intermediate.valid.get()}, {}, flags));
4388 EXPECT_EQ(not_yet_valid,
4389 Verify(leaf.valid.get(), {root.valid.get()},
4390 {intermediate.not_yet_valid.get()}, {}, flags));
4391 EXPECT_EQ(not_yet_valid,
4392 Verify(leaf.valid.get(), {root.not_yet_valid.get()},
4393 {intermediate.valid.get()}, {}, flags));
4394
4395 EXPECT_EQ(X509_V_OK, Verify(leaf.valid.get(), {root.valid.get()},
4396 {intermediate.valid.get()}, {}, flags));
4397
4398 EXPECT_EQ(has_expired, Verify(leaf.expired.get(), {root.valid.get()},
4399 {intermediate.valid.get()}, {}, flags));
4400 EXPECT_EQ(has_expired, Verify(leaf.valid.get(), {root.valid.get()},
4401 {intermediate.expired.get()}, {}, flags));
4402 EXPECT_EQ(has_expired, Verify(leaf.valid.get(), {root.expired.get()},
4403 {intermediate.valid.get()}, {}, flags));
4404
4405 if (!partial_chain) {
4406 // By default, non-self-signed certificates are not valid trust anchors.
4407 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
4408 Verify(leaf.valid.get(), {root_cross.valid.get()},
4409 {intermediate.valid.get()}, {}, flags));
4410 } else {
4411 // |X509_V_FLAG_PARTIAL_CHAIN| allows non-self-signed trust anchors.
4412 EXPECT_EQ(X509_V_OK, Verify(leaf.valid.get(), {root_cross.valid.get()},
4413 {intermediate.valid.get()}, {}, flags));
4414 // Expiry of the trust anchor must still be checked.
4415 EXPECT_EQ(not_yet_valid,
4416 Verify(leaf.valid.get(), {root_cross.not_yet_valid.get()},
4417 {intermediate.valid.get()}, {}, flags));
4418 EXPECT_EQ(has_expired,
4419 Verify(leaf.valid.get(), {root_cross.expired.get()},
4420 {intermediate.valid.get()}, {}, flags));
4421 }
4422
4423 // When the trust anchor is the target certificate, expiry should also be
4424 // checked.
4425 EXPECT_EQ(X509_V_OK,
4426 Verify(root.valid.get(), {root.valid.get()}, {}, {}, flags));
4427 EXPECT_EQ(not_yet_valid,
4428 Verify(root.not_yet_valid.get(), {root.not_yet_valid.get()}, {},
4429 {}, flags));
4430 EXPECT_EQ(has_expired, Verify(root.expired.get(), {root.expired.get()},
4431 {}, {}, flags));
4432 }
4433 }
4434
4435 // X509_V_FLAG_USE_CHECK_TIME is an internal flag, but one caller relies on
4436 // being able to clear it to restore the system time. Using the system time,
4437 // all certificates in this test should read as expired.
4438 EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
4439 Verify(leaf.valid.get(), {root.valid.get()},
4440 {intermediate.valid.get()}, {}, 0, [](X509_STORE_CTX *ctx) {
4441 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
4442 X509_VERIFY_PARAM_clear_flags(param,
4443 X509_V_FLAG_USE_CHECK_TIME);
4444 }));
4445 }
4446
TEST(X509Test,SignatureVerification)4447 TEST(X509Test, SignatureVerification) {
4448 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
4449 ASSERT_TRUE(key);
4450
4451 struct Certs {
4452 bssl::UniquePtr<X509> valid;
4453 bssl::UniquePtr<X509> bad_key_type, bad_key;
4454 bssl::UniquePtr<X509> bad_sig_type, bad_sig;
4455 };
4456 auto make_certs = [&](const char *issuer, const char *subject,
4457 bool is_ca) -> Certs {
4458 Certs certs;
4459 certs.valid = MakeTestCert(issuer, subject, key.get(), is_ca);
4460 if (certs.valid == nullptr ||
4461 !X509_sign(certs.valid.get(), key.get(), EVP_sha256())) {
4462 return Certs{};
4463 }
4464
4465 static const uint8_t kInvalid[] = {'i', 'n', 'v', 'a', 'l', 'i', 'd'};
4466
4467 // Extracting the algorithm identifier from |certs.valid|'s SPKI, with
4468 // OpenSSL's API, is very tedious. Instead, we'll just rely on knowing it is
4469 // ecPublicKey with P-256 as parameters.
4470 const ASN1_BIT_STRING *pubkey = X509_get0_pubkey_bitstr(certs.valid.get());
4471 int pubkey_len = ASN1_STRING_length(pubkey);
4472
4473 // Sign a copy of the certificate where the key type is an unsupported OID.
4474 bssl::UniquePtr<uint8_t> pubkey_data(static_cast<uint8_t *>(
4475 OPENSSL_memdup(ASN1_STRING_get0_data(pubkey), pubkey_len)));
4476 certs.bad_key_type = MakeTestCert(issuer, subject, key.get(), is_ca);
4477 if (pubkey_data == nullptr || certs.bad_key_type == nullptr ||
4478 !X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(certs.bad_key_type.get()),
4479 OBJ_nid2obj(NID_subject_alt_name), V_ASN1_UNDEF,
4480 /*param_value=*/nullptr, pubkey_data.release(),
4481 pubkey_len) ||
4482 !X509_sign(certs.bad_key_type.get(), key.get(), EVP_sha256())) {
4483 return Certs{};
4484 }
4485
4486 // Sign a copy of the certificate where the key data is unparsable.
4487 pubkey_data.reset(
4488 static_cast<uint8_t *>(OPENSSL_memdup(kInvalid, sizeof(kInvalid))));
4489 certs.bad_key = MakeTestCert(issuer, subject, key.get(), is_ca);
4490 if (pubkey_data == nullptr || certs.bad_key == nullptr ||
4491 !X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(certs.bad_key.get()),
4492 OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
4493 V_ASN1_OBJECT,
4494 OBJ_nid2obj(NID_X9_62_prime256v1),
4495 pubkey_data.release(), sizeof(kInvalid)) ||
4496 !X509_sign(certs.bad_key.get(), key.get(), EVP_sha256())) {
4497 return Certs{};
4498 }
4499
4500 bssl::UniquePtr<X509_ALGOR> wrong_algo(X509_ALGOR_new());
4501 if (wrong_algo == nullptr ||
4502 !X509_ALGOR_set0(wrong_algo.get(), OBJ_nid2obj(NID_subject_alt_name),
4503 V_ASN1_NULL, nullptr)) {
4504 return Certs{};
4505 }
4506
4507 certs.bad_sig_type.reset(X509_dup(certs.valid.get()));
4508 if (certs.bad_sig_type == nullptr ||
4509 !X509_set1_signature_algo(certs.bad_sig_type.get(), wrong_algo.get())) {
4510 return Certs{};
4511 }
4512
4513 certs.bad_sig.reset(X509_dup(certs.valid.get()));
4514 if (certs.bad_sig == nullptr ||
4515 !X509_set1_signature_value(certs.bad_sig.get(), kInvalid,
4516 sizeof(kInvalid))) {
4517 return Certs{};
4518 }
4519
4520 return certs;
4521 };
4522
4523 Certs root(make_certs("Root", "Root", /*is_ca=*/true));
4524 ASSERT_TRUE(root.valid);
4525 Certs intermediate(make_certs("Root", "Intermediate", /*is_ca=*/true));
4526 ASSERT_TRUE(intermediate.valid);
4527 Certs leaf(make_certs("Intermediate", "Leaf", /*is_ca=*/false));
4528 ASSERT_TRUE(leaf.valid);
4529
4530 // Check the base chain.
4531 EXPECT_EQ(X509_V_OK, Verify(leaf.valid.get(), {root.valid.get()},
4532 {intermediate.valid.get()}, {}));
4533
4534 // An invalid or unsupported signature in the leaf or intermediate is noticed.
4535 EXPECT_EQ(X509_V_ERR_CERT_SIGNATURE_FAILURE,
4536 Verify(leaf.bad_sig.get(), {root.valid.get()},
4537 {intermediate.valid.get()}, {}));
4538 EXPECT_EQ(X509_V_ERR_CERT_SIGNATURE_FAILURE,
4539 Verify(leaf.bad_sig_type.get(), {root.valid.get()},
4540 {intermediate.valid.get()}, {}));
4541 EXPECT_EQ(X509_V_ERR_CERT_SIGNATURE_FAILURE,
4542 Verify(leaf.valid.get(), {root.valid.get()},
4543 {intermediate.bad_sig.get()}, {}));
4544 EXPECT_EQ(X509_V_ERR_CERT_SIGNATURE_FAILURE,
4545 Verify(leaf.valid.get(), {root.valid.get()},
4546 {intermediate.bad_sig_type.get()}, {}));
4547
4548 // By default, the redundant root signature is not checked.
4549 EXPECT_EQ(X509_V_OK, Verify(leaf.valid.get(), {root.bad_sig.get()},
4550 {intermediate.valid.get()}, {}));
4551 EXPECT_EQ(X509_V_OK, Verify(leaf.valid.get(), {root.bad_sig_type.get()},
4552 {intermediate.valid.get()}, {}));
4553
4554 // The caller can request checking it, although it's pointless.
4555 EXPECT_EQ(
4556 X509_V_ERR_CERT_SIGNATURE_FAILURE,
4557 Verify(leaf.valid.get(), {root.bad_sig.get()}, {intermediate.valid.get()},
4558 {}, X509_V_FLAG_CHECK_SS_SIGNATURE));
4559 EXPECT_EQ(
4560 X509_V_ERR_CERT_SIGNATURE_FAILURE,
4561 Verify(leaf.valid.get(), {root.bad_sig_type.get()},
4562 {intermediate.valid.get()}, {}, X509_V_FLAG_CHECK_SS_SIGNATURE));
4563
4564 // The above also applies when accepting a trusted, self-signed root as the
4565 // target certificate.
4566 EXPECT_EQ(X509_V_OK,
4567 Verify(root.bad_sig.get(), {root.bad_sig.get()}, {}, {}));
4568 EXPECT_EQ(X509_V_OK,
4569 Verify(root.bad_sig_type.get(), {root.bad_sig_type.get()}, {}, {}));
4570 EXPECT_EQ(X509_V_ERR_CERT_SIGNATURE_FAILURE,
4571 Verify(root.bad_sig.get(), {root.bad_sig.get()}, {}, {},
4572 X509_V_FLAG_CHECK_SS_SIGNATURE));
4573 EXPECT_EQ(X509_V_ERR_CERT_SIGNATURE_FAILURE,
4574 Verify(root.bad_sig_type.get(), {root.bad_sig_type.get()}, {}, {},
4575 X509_V_FLAG_CHECK_SS_SIGNATURE));
4576
4577 // If an intermediate is a trust anchor, the redundant signature is always
4578 // ignored, even with |X509_V_FLAG_CHECK_SS_SIGNATURE|. (We cannot check the
4579 // signature without the key.)
4580 EXPECT_EQ(X509_V_OK,
4581 Verify(leaf.valid.get(), {intermediate.bad_sig.get()}, {}, {},
4582 X509_V_FLAG_CHECK_SS_SIGNATURE | X509_V_FLAG_PARTIAL_CHAIN));
4583 EXPECT_EQ(X509_V_OK,
4584 Verify(leaf.valid.get(), {intermediate.bad_sig_type.get()}, {}, {},
4585 X509_V_FLAG_CHECK_SS_SIGNATURE | X509_V_FLAG_PARTIAL_CHAIN));
4586 EXPECT_EQ(X509_V_OK, Verify(leaf.valid.get(), {intermediate.bad_sig.get()},
4587 {}, {}, X509_V_FLAG_PARTIAL_CHAIN));
4588 EXPECT_EQ(X509_V_OK,
4589 Verify(leaf.valid.get(), {intermediate.bad_sig_type.get()}, {}, {},
4590 X509_V_FLAG_PARTIAL_CHAIN));
4591
4592 // Bad keys in the root and intermediate are rejected.
4593 EXPECT_EQ(X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
4594 Verify(leaf.valid.get(), {root.bad_key.get()},
4595 {intermediate.valid.get()}, {}));
4596 EXPECT_EQ(X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
4597 Verify(leaf.valid.get(), {root.bad_key_type.get()},
4598 {intermediate.valid.get()}, {}));
4599 EXPECT_EQ(X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
4600 Verify(leaf.valid.get(), {root.valid.get()},
4601 {intermediate.bad_key.get()}, {}));
4602 EXPECT_EQ(X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
4603 Verify(leaf.valid.get(), {root.valid.get()},
4604 {intermediate.bad_key_type.get()}, {}));
4605
4606 // Bad keys in the leaf are ignored. The leaf's key is used by the caller.
4607 EXPECT_EQ(X509_V_OK, Verify(leaf.bad_key.get(), {root.valid.get()},
4608 {intermediate.valid.get()}, {}));
4609 EXPECT_EQ(X509_V_OK, Verify(leaf.bad_key_type.get(), {root.valid.get()},
4610 {intermediate.valid.get()}, {}));
4611
4612 // At the time we go to verify signatures, it is possible that we have a
4613 // single-element certificate chain with a certificate that isn't self-signed.
4614 // This does not seem to be reachable except if missing trust anchors are
4615 // suppressed with the verify callback, but exercise this codepath anyway.
4616 EXPECT_EQ(X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
4617 Verify(leaf.valid.get(), {}, {}, {}, 0, [](X509_STORE_CTX *ctx) {
4618 X509_STORE_CTX_set_verify_cb(
4619 ctx, [](int ok, X509_STORE_CTX *ctx_inner) -> int {
4620 if (ok) {
4621 return ok;
4622 }
4623 // Suppress the missing issuer certificate.
4624 int err = X509_STORE_CTX_get_error(ctx_inner);
4625 return err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
4626 });
4627 }));
4628 }
4629
4630 // kConstructedBitString is an X.509 certificate where the signature is encoded
4631 // as a BER constructed BIT STRING. Note that, while OpenSSL's parser accepts
4632 // this input, it interprets the value incorrectly.
4633 static const char kConstructedBitString[] = R"(
4634 -----BEGIN CERTIFICATE-----
4635 MIIBJTCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
4636 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
4637 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
4638 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
4639 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAiNOAyQAMEYCIQCp0iIX5s30KXjihR4g
4640 KnJpd3seqGlVRqCVgrD0KGYDJgA1QAIhAKkx0vR82QU0NtHDD11KX/LuQF2T+2nX
4641 oeKp5LKAbMVi
4642 -----END CERTIFICATE-----
4643 )";
4644
4645 // kConstructedOctetString is an X.509 certificate where an extension is encoded
4646 // as a BER constructed OCTET STRING.
4647 static const char kConstructedOctetString[] = R"(
4648 -----BEGIN CERTIFICATE-----
4649 MIIBJDCByqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
4650 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
4651 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
4652 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMUMBIw
4653 EAYDVR0TJAkEAzADAQQCAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKF
4654 HiAqcml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh
4655 4qnksoBsxWI=
4656 -----END CERTIFICATE-----
4657 )";
4658
4659 // kIndefiniteLength is an X.509 certificate where the outermost SEQUENCE uses
4660 // BER indefinite-length encoding.
4661 static const char kIndefiniteLength[] = R"(
4662 -----BEGIN CERTIFICATE-----
4663 MIAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAgFw0w
4664 MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVzdDBZ
4665 MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7epHg1G
4666 +92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAOMAwG
4667 A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAqcml3
4668 ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnksoBs
4669 xWIAAA==
4670 -----END CERTIFICATE-----
4671 )";
4672
4673 // kNonZeroPadding is an X.09 certificate where the BIT STRING signature field
4674 // has non-zero padding values.
4675 static const char kNonZeroPadding[] = R"(
4676 -----BEGIN CERTIFICATE-----
4677 MIIB0DCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
4678 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
4679 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
4680 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
4681 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
4682 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
4683 HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
4684 HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
4685 BgcqhkjOPQQBA0kBMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
4686 BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQB
4687 -----END CERTIFICATE-----
4688 )";
4689
4690 // kHighTagNumber is an X.509 certificate where the outermost SEQUENCE tag uses
4691 // high tag number form.
4692 static const char kHighTagNumber[] = R"(
4693 -----BEGIN CERTIFICATE-----
4694 PxCCASAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg
4695 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
4696 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
4697 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
4698 MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq
4699 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
4700 soBsxWI=
4701 -----END CERTIFICATE-----
4702 )";
4703
4704 // kNonMinimalLengthOuter is an X.509 certificate where the outermost SEQUENCE
4705 // has a non-minimal length.
4706 static const char kNonMinimalLengthOuter[] = R"(
4707 -----BEGIN CERTIFICATE-----
4708 MIMAASAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg
4709 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
4710 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
4711 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
4712 MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq
4713 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
4714 soBsxWI=
4715 -----END CERTIFICATE-----
4716 )";
4717
4718 // kNonMinimalLengthSignature is an X.509 certificate where the signature has a
4719 // non-minimal length.
4720 static const char kNonMinimalLengthSignature[] = R"(
4721 -----BEGIN CERTIFICATE-----
4722 MIIBITCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
4723 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
4724 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
4725 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
4726 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgOBSQAwRgIhAKnSIhfmzfQpeOKFHiAq
4727 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
4728 soBsxWI=
4729 -----END CERTIFICATE-----
4730 )";
4731
4732 // kNonMinimalLengthSerial is an X.509 certificate where the serial number has a
4733 // non-minimal length.
4734 static const char kNonMinimalLengthSerial[] = R"(
4735 -----BEGIN CERTIFICATE-----
4736 MIIBITCBx6ADAgECAoECBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg
4737 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
4738 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
4739 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
4740 MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq
4741 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
4742 soBsxWI=
4743 -----END CERTIFICATE-----
4744 )";
4745
TEST(X509Test,BER)4746 TEST(X509Test, BER) {
4747 // Constructed strings are forbidden in DER.
4748 EXPECT_FALSE(CertFromPEM(kConstructedBitString));
4749 EXPECT_FALSE(CertFromPEM(kConstructedOctetString));
4750 // Indefinite lengths are forbidden in DER.
4751 EXPECT_FALSE(CertFromPEM(kIndefiniteLength));
4752 // Padding bits in BIT STRINGs must be zero in BER.
4753 EXPECT_FALSE(CertFromPEM(kNonZeroPadding));
4754 // Tags must be minimal in both BER and DER, though many BER decoders
4755 // incorrectly support non-minimal tags.
4756 EXPECT_FALSE(CertFromPEM(kHighTagNumber));
4757 // Lengths must be minimal in DER.
4758 EXPECT_FALSE(CertFromPEM(kNonMinimalLengthOuter));
4759 EXPECT_FALSE(CertFromPEM(kNonMinimalLengthSerial));
4760 // We, for now, accept a non-minimal length in the signature field. See
4761 // b/18228011.
4762 EXPECT_TRUE(CertFromPEM(kNonMinimalLengthSignature));
4763 }
4764
TEST(X509Test,Names)4765 TEST(X509Test, Names) {
4766 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
4767 ASSERT_TRUE(key);
4768 bssl::UniquePtr<X509> root =
4769 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
4770 ASSERT_TRUE(root);
4771 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
4772
4773 struct {
4774 std::vector<std::pair<int, std::string>> cert_subject;
4775 std::vector<std::string> cert_dns_names;
4776 std::vector<std::string> cert_emails;
4777 std::vector<std::string> valid_dns_names;
4778 std::vector<std::string> invalid_dns_names;
4779 std::vector<std::string> valid_emails;
4780 std::vector<std::string> invalid_emails;
4781 unsigned flags;
4782 } kTests[] = {
4783 // DNS names only match DNS names and do so case-insensitively.
4784 {
4785 /*cert_subject=*/{},
4786 /*cert_dns_names=*/{"example.com", "WWW.EXAMPLE.COM"},
4787 /*cert_emails=*/{},
4788 /*valid_dns_names=*/
4789 {"example.com", "EXAMPLE.COM", "www.example.com", "WWW.EXAMPLE.COM"},
4790 /*invalid_dns_names=*/{"test.example.com", "example.org"},
4791 /*valid_emails=*/{},
4792 /*invalid_emails=*/{"[email protected]", "example.com"},
4793 /*flags=*/0,
4794 },
4795
4796 // DNS wildcards match exactly one component.
4797 {
4798 /*cert_subject=*/{},
4799 /*cert_dns_names=*/{"*.example.com", "*.EXAMPLE.ORG"},
4800 /*cert_emails=*/{},
4801 /*valid_dns_names=*/
4802 {"www.example.com", "WWW.EXAMPLE.COM", "www.example.org",
4803 "WWW.EXAMPLE.ORG"},
4804 /*invalid_dns_names=*/{"example.com", "test.www.example.com"},
4805 /*valid_emails=*/{},
4806 /*invalid_emails=*/{"[email protected]", "www.example.com"},
4807 /*flags=*/0,
4808 },
4809
4810 // DNS wildcards can be disabled.
4811 // TODO(davidben): Can we remove this feature? Does anyone use it?
4812 {
4813 /*cert_subject=*/{},
4814 /*cert_dns_names=*/{"example.com", "*.example.com"},
4815 /*cert_emails=*/{},
4816 /*valid_dns_names=*/{"example.com"},
4817 /*invalid_dns_names=*/{"www.example.com"},
4818 /*valid_emails=*/{},
4819 /*invalid_emails=*/{},
4820 /*flags=*/X509_CHECK_FLAG_NO_WILDCARDS,
4821 },
4822
4823 // Invalid DNS wildcards do not match.
4824 {
4825 /*cert_subject=*/{},
4826 /*cert_dns_names=*/
4827 {"a.*", "**.b.example", "*c.example", "d*.example", "e*e.example",
4828 "*", ".", "..", "*."},
4829 /*cert_emails=*/{},
4830 /*valid_dns_names=*/{},
4831 /*invalid_dns_names=*/
4832 {"a.example", "test.b.example", "cc.example", "dd.example",
4833 "eee.example", "f", "g."},
4834 /*valid_emails=*/{},
4835 /*invalid_emails=*/{},
4836 /*flags=*/0,
4837 },
4838
4839 // IDNs match like any other DNS labels.
4840 {
4841 /*cert_subject=*/{},
4842 /*cert_dns_names=*/
4843 {"xn--rger-koa.a.example", "*.xn--rger-koa.b.example",
4844 "www.xn--rger-koa.c.example"},
4845 /*cert_emails=*/{},
4846 /*valid_dns_names=*/
4847 {"xn--rger-koa.a.example", "www.xn--rger-koa.b.example",
4848 "www.xn--rger-koa.c.example"},
4849 /*invalid_dns_names=*/
4850 {"www.xn--rger-koa.a.example", "xn--rger-koa.b.example",
4851 "www.xn--rger-koa.d.example"},
4852 /*valid_emails=*/{},
4853 /*invalid_emails=*/{},
4854 /*flags=*/0,
4855 },
4856
4857 // For now, DNS names are also extracted out of the common name, but only
4858 // there is no SAN list.
4859 // TODO(https://crbug.com/boringssl/464): Remove this.
4860 {
4861 /*cert_subject=*/{{NID_commonName, "a.example"},
4862 {NID_commonName, "*.b.example"}},
4863 /*cert_dns_names=*/{},
4864 /*cert_emails=*/{},
4865 /*valid_dns_names=*/
4866 {"a.example", "A.EXAMPLE", "test.b.example", "TEST.B.EXAMPLE"},
4867 /*invalid_dns_names=*/{},
4868 /*valid_emails=*/{},
4869 /*invalid_emails=*/{},
4870 /*flags=*/0,
4871 },
4872 {
4873 /*cert_subject=*/{{NID_commonName, "a.example"},
4874 {NID_commonName, "*.b.example"}},
4875 /*cert_dns_names=*/{"example.com"},
4876 /*cert_emails=*/{},
4877 /*valid_dns_names=*/{},
4878 /*invalid_dns_names=*/
4879 {"a.example", "A.EXAMPLE", "test.b.example", "TEST.B.EXAMPLE"},
4880 /*valid_emails=*/{},
4881 /*invalid_emails=*/{},
4882 /*flags=*/0,
4883 },
4884
4885 // Other subject RDNs do not provide DNS names.
4886 {
4887 /*cert_subject=*/{{NID_organizationName, "example.com"}},
4888 /*cert_dns_names=*/{},
4889 /*cert_emails=*/{},
4890 /*valid_dns_names=*/{},
4891 /*invalid_dns_names=*/{"example.com"},
4892 /*valid_emails=*/{},
4893 /*invalid_emails=*/{},
4894 /*flags=*/0,
4895 },
4896
4897 // Input DNS names cannot have wildcards.
4898 {
4899 /*cert_subject=*/{},
4900 /*cert_dns_names=*/{"www.example.com"},
4901 /*cert_emails=*/{},
4902 /*valid_dns_names=*/{},
4903 /*invalid_dns_names=*/{"*.example.com"},
4904 /*valid_emails=*/{},
4905 /*invalid_emails=*/{},
4906 /*flags=*/0,
4907 },
4908
4909 // OpenSSL has some non-standard wildcard syntax for input DNS names. We
4910 // do not support this.
4911 {
4912 /*cert_subject=*/{},
4913 /*cert_dns_names=*/{"www.a.example", "*.b.test"},
4914 /*cert_emails=*/{},
4915 /*valid_dns_names=*/{},
4916 /*invalid_dns_names=*/
4917 {".www.a.example", ".www.b.test", ".a.example", ".b.test", ".example",
4918 ".test"},
4919 /*valid_emails=*/{},
4920 /*invalid_emails=*/{},
4921 /*flags=*/0,
4922 },
4923
4924 // Emails match case-sensitively before the '@' and case-insensitively
4925 // after. They do not match DNS names.
4926 {
4927 /*cert_subject=*/{},
4928 /*cert_dns_names=*/{},
4929 /*cert_emails=*/{"[email protected]", "[email protected]"},
4930 /*valid_dns_names=*/{},
4931 /*invalid_dns_names=*/{"a.example", "b.example"},
4932 /*valid_emails=*/
4933 {"[email protected]", "[email protected]", "[email protected]",
4934 "[email protected]"},
4935 /*invalid_emails=*/
4936 {"[email protected]", "[email protected]", "[email protected]",
4937 "[email protected]"},
4938 /*flags=*/0,
4939 },
4940
4941 // Emails may also be found in the subject.
4942 {
4943 /*cert_subject=*/{{NID_pkcs9_emailAddress, "[email protected]"},
4944 {NID_pkcs9_emailAddress, "[email protected]"}},
4945 /*cert_dns_names=*/{},
4946 /*cert_emails=*/{},
4947 /*valid_dns_names=*/{},
4948 /*invalid_dns_names=*/{"a.example", "b.example"},
4949 /*valid_emails=*/
4950 {"[email protected]", "[email protected]", "[email protected]",
4951 "[email protected]"},
4952 /*invalid_emails=*/
4953 {"[email protected]", "[email protected]", "[email protected]",
4954 "[email protected]"},
4955 /*flags=*/0,
4956 },
4957
4958 // There are no email wildcard names.
4959 {
4960 /*cert_subject=*/{},
4961 /*cert_dns_names=*/{},
4962 /*cert_emails=*/{"test@*.a.example", "@b.example", "*@c.example"},
4963 /*valid_dns_names=*/{},
4964 /*invalid_dns_names=*/{},
4965 /*valid_emails=*/{},
4966 /*invalid_emails=*/
4967 {"[email protected]", "[email protected]", "[email protected]"},
4968 /*flags=*/0,
4969 },
4970
4971 // Unrelated RDNs can be skipped when looking in the subject.
4972 {
4973 /*cert_subject=*/{{NID_organizationName, "Acme Corporation"},
4974 {NID_commonName, "a.example"},
4975 {NID_pkcs9_emailAddress, "[email protected]"},
4976 {NID_countryName, "US"}},
4977 /*cert_dns_names=*/{},
4978 /*cert_emails=*/{},
4979 /*valid_dns_names=*/{"a.example"},
4980 /*invalid_dns_names=*/{},
4981 /*valid_emails=*/{"[email protected]"},
4982 /*invalid_emails=*/{},
4983 /*flags=*/0,
4984 },
4985 };
4986
4987 size_t i = 0;
4988 for (const auto &t : kTests) {
4989 SCOPED_TRACE(i++);
4990
4991 // Issue a test certificate.
4992 bssl::UniquePtr<X509> cert =
4993 MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false);
4994 ASSERT_TRUE(cert);
4995 if (!t.cert_subject.empty()) {
4996 bssl::UniquePtr<X509_NAME> subject(X509_NAME_new());
4997 ASSERT_TRUE(subject);
4998 for (const auto &entry : t.cert_subject) {
4999 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5000 subject.get(), entry.first, MBSTRING_ASC,
5001 reinterpret_cast<const unsigned char *>(entry.second.data()),
5002 entry.second.size(), /*loc=*/-1, /*set=*/0));
5003 }
5004 ASSERT_TRUE(X509_set_subject_name(cert.get(), subject.get()));
5005 }
5006 bssl::UniquePtr<GENERAL_NAMES> sans(sk_GENERAL_NAME_new_null());
5007 ASSERT_TRUE(sans);
5008 for (const auto &dns : t.cert_dns_names) {
5009 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
5010 ASSERT_TRUE(name);
5011 name->type = GEN_DNS;
5012 name->d.dNSName = ASN1_IA5STRING_new();
5013 ASSERT_TRUE(name->d.dNSName);
5014 ASSERT_TRUE(ASN1_STRING_set(name->d.dNSName, dns.data(), dns.size()));
5015 ASSERT_TRUE(bssl::PushToStack(sans.get(), std::move(name)));
5016 }
5017 for (const auto &email : t.cert_emails) {
5018 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
5019 ASSERT_TRUE(name);
5020 name->type = GEN_EMAIL;
5021 name->d.rfc822Name = ASN1_IA5STRING_new();
5022 ASSERT_TRUE(name->d.rfc822Name);
5023 ASSERT_TRUE(
5024 ASN1_STRING_set(name->d.rfc822Name, email.data(), email.size()));
5025 ASSERT_TRUE(bssl::PushToStack(sans.get(), std::move(name)));
5026 }
5027 if (sk_GENERAL_NAME_num(sans.get()) != 0) {
5028 ASSERT_TRUE(X509_add1_ext_i2d(cert.get(), NID_subject_alt_name,
5029 sans.get(), /*crit=*/0, /*flags=*/0));
5030 }
5031 ASSERT_TRUE(X509_sign(cert.get(), key.get(), EVP_sha256()));
5032
5033 for (const auto &dns : t.valid_dns_names) {
5034 SCOPED_TRACE(dns);
5035 EXPECT_EQ(1, X509_check_host(cert.get(), dns.data(), dns.size(), t.flags,
5036 /*peername=*/nullptr));
5037 EXPECT_EQ(X509_V_OK,
5038 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
5039 /*crls=*/{}, /*flags=*/0, [&](X509_STORE_CTX *ctx) {
5040 X509_VERIFY_PARAM *param =
5041 X509_STORE_CTX_get0_param(ctx);
5042 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(
5043 param, dns.data(), dns.size()));
5044 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
5045 }));
5046 }
5047
5048 for (const auto &dns : t.invalid_dns_names) {
5049 SCOPED_TRACE(dns);
5050 EXPECT_EQ(0, X509_check_host(cert.get(), dns.data(), dns.size(), t.flags,
5051 /*peername=*/nullptr));
5052 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
5053 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
5054 /*crls=*/{}, /*flags=*/0, [&](X509_STORE_CTX *ctx) {
5055 X509_VERIFY_PARAM *param =
5056 X509_STORE_CTX_get0_param(ctx);
5057 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(
5058 param, dns.data(), dns.size()));
5059 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
5060 }));
5061 }
5062
5063 for (const auto &email : t.valid_emails) {
5064 SCOPED_TRACE(email);
5065 EXPECT_EQ(
5066 1, X509_check_email(cert.get(), email.data(), email.size(), t.flags));
5067 EXPECT_EQ(X509_V_OK,
5068 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
5069 /*crls=*/{}, /*flags=*/0, [&](X509_STORE_CTX *ctx) {
5070 X509_VERIFY_PARAM *param =
5071 X509_STORE_CTX_get0_param(ctx);
5072 ASSERT_TRUE(X509_VERIFY_PARAM_set1_email(
5073 param, email.data(), email.size()));
5074 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
5075 }));
5076 }
5077
5078 for (const auto &email : t.invalid_emails) {
5079 SCOPED_TRACE(email);
5080 EXPECT_EQ(
5081 0, X509_check_email(cert.get(), email.data(), email.size(), t.flags));
5082 EXPECT_EQ(X509_V_ERR_EMAIL_MISMATCH,
5083 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
5084 /*crls=*/{}, /*flags=*/0, [&](X509_STORE_CTX *ctx) {
5085 X509_VERIFY_PARAM *param =
5086 X509_STORE_CTX_get0_param(ctx);
5087 ASSERT_TRUE(X509_VERIFY_PARAM_set1_email(
5088 param, email.data(), email.size()));
5089 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
5090 }));
5091 }
5092 }
5093 }
5094
TEST(X509Test,AddDuplicates)5095 TEST(X509Test, AddDuplicates) {
5096 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
5097 bssl::UniquePtr<X509> a(CertFromPEM(kCrossSigningRootPEM));
5098 bssl::UniquePtr<X509> b(CertFromPEM(kRootCAPEM));
5099
5100 ASSERT_TRUE(store);
5101 ASSERT_TRUE(a);
5102 ASSERT_TRUE(b);
5103
5104 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
5105 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
5106 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
5107 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
5108 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
5109 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
5110
5111 EXPECT_EQ(sk_X509_OBJECT_num(X509_STORE_get0_objects(store.get())), 2u);
5112 }
5113
TEST(X509Test,BytesToHex)5114 TEST(X509Test, BytesToHex) {
5115 struct {
5116 std::vector<uint8_t> bytes;
5117 const char *hex;
5118 } kTests[] = {
5119 {{}, ""},
5120 {{0x00}, "00"},
5121 {{0x00, 0x11, 0x22}, "00:11:22"},
5122 {{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
5123 "01:23:45:67:89:AB:CD:EF"},
5124 };
5125 for (const auto &t : kTests) {
5126 SCOPED_TRACE(Bytes(t.bytes));
5127 bssl::UniquePtr<char> hex(
5128 x509v3_bytes_to_hex(t.bytes.data(), t.bytes.size()));
5129 ASSERT_TRUE(hex);
5130 EXPECT_STREQ(hex.get(), t.hex);
5131 }
5132 }
5133
TEST(X509Test,NamePrint)5134 TEST(X509Test, NamePrint) {
5135 // kTestName is a DER-encoded X.509 that covers many cases.
5136 //
5137 // SEQUENCE {
5138 // SET {
5139 // SEQUENCE {
5140 // # countryName
5141 // OBJECT_IDENTIFIER { 2.5.4.6 }
5142 // PrintableString { "US" }
5143 // }
5144 // }
5145 // # Sets may be multi-valued, with different attributes. Try to keep this
5146 // # in DER set order, in case we ever enforce this in the parser.
5147 // SET {
5148 // SEQUENCE {
5149 // # stateOrProvinceName
5150 // OBJECT_IDENTIFIER { 2.5.4.8 }
5151 // PrintableString { "Some State" }
5152 // }
5153 // SEQUENCE {
5154 // # stateOrProvinceName
5155 // OBJECT_IDENTIFIER { 2.5.4.8 }
5156 // UTF8String { "Some Other State \xe2\x98\x83" }
5157 // }
5158 // SEQUENCE {
5159 // # stateOrProvinceName
5160 // OBJECT_IDENTIFIER { 2.5.4.8 }
5161 // BMPString { u"Another State \u2603" }
5162 // }
5163 // SEQUENCE {
5164 // # A custom OID
5165 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
5166 // UniversalString { U"\u2603" }
5167 // }
5168 // }
5169 // # Custom OIDs may have non-string values.
5170 // SET {
5171 // SEQUENCE {
5172 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.3 }
5173 // SEQUENCE { INTEGER { 1 } INTEGER { 2 } }
5174 // }
5175 // }
5176 // SET {
5177 // SEQUENCE {
5178 // # organizationName
5179 // OBJECT_IDENTIFIER { 2.5.4.10 }
5180 // PrintableString { "Org Name" }
5181 // }
5182 // }
5183 // SET {
5184 // SEQUENCE {
5185 // # commonName
5186 // OBJECT_IDENTIFIER { 2.5.4.3 }
5187 // # Embed common delimiter forms to test how well they get escaped.
5188 // UTF8String { "Common
5189 // Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\nCN=A\n" }
5190 // }
5191 // }
5192 // SET {
5193 // SEQUENCE {
5194 // # commonName
5195 // OBJECT_IDENTIFIER { 2.5.4.3 }
5196 // # Test escaping of leading and trailing spaces.
5197 // UTF8String { " spaces " }
5198 // }
5199 // }
5200 static const uint8_t kTestName[] = {
5201 0x30, 0x82, 0x01, 0x00, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
5202 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x6d, 0x30, 0x11, 0x06, 0x03, 0x55,
5203 0x04, 0x08, 0x13, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x20, 0x53, 0x74, 0x61,
5204 0x74, 0x65, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x14, 0x53,
5205 0x6f, 0x6d, 0x65, 0x20, 0x4f, 0x74, 0x68, 0x65, 0x72, 0x20, 0x53, 0x74,
5206 0x61, 0x74, 0x65, 0x20, 0xe2, 0x98, 0x83, 0x30, 0x25, 0x06, 0x03, 0x55,
5207 0x04, 0x08, 0x1e, 0x1e, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x74,
5208 0x00, 0x68, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, 0x53, 0x00, 0x74,
5209 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x26, 0x03, 0x30, 0x14,
5210 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
5211 0x09, 0x02, 0x1c, 0x04, 0x00, 0x00, 0x26, 0x03, 0x31, 0x18, 0x30, 0x16,
5212 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
5213 0x09, 0x03, 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x02, 0x31, 0x11,
5214 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x4f, 0x72, 0x67,
5215 0x20, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x42, 0x30, 0x40, 0x06, 0x03, 0x55,
5216 0x04, 0x03, 0x0c, 0x39, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x20, 0x4e,
5217 0x61, 0x6d, 0x65, 0x2f, 0x43, 0x4e, 0x3d, 0x41, 0x2f, 0x43, 0x4e, 0x3d,
5218 0x42, 0x2c, 0x43, 0x4e, 0x3d, 0x41, 0x2c, 0x43, 0x4e, 0x3d, 0x42, 0x2b,
5219 0x43, 0x4e, 0x3d, 0x41, 0x2b, 0x43, 0x4e, 0x3d, 0x42, 0x3b, 0x43, 0x4e,
5220 0x3d, 0x41, 0x3b, 0x43, 0x4e, 0x3d, 0x42, 0x0a, 0x43, 0x4e, 0x3d, 0x41,
5221 0x0a, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08,
5222 0x20, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x20};
5223
5224 const uint8_t *ptr = kTestName;
5225 bssl::UniquePtr<X509_NAME> name(
5226 d2i_X509_NAME(nullptr, &ptr, sizeof(kTestName)));
5227 ASSERT_TRUE(name);
5228 EXPECT_EQ(ptr, kTestName + sizeof(kTestName));
5229
5230 struct {
5231 int indent;
5232 unsigned long flags;
5233 std::string printed;
5234 } kTests[] = {
5235 // RFC 2253 uses , and + separators and encodes the RDNs in reverse.
5236 // OpenSSL's implementation additionally happens to reverse the values
5237 // within each RDN. RFC 2253 says any order is permissible.
5238 {/*indent=*/0,
5239 /*flags=*/XN_FLAG_RFC2253,
5240 "CN=\\ spaces\\ ,"
5241 "CN=Common "
5242 "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A,"
5243 "O=Org Name,"
5244 "1.2.840.113554.4.1.72585.3=#3006020101020102,"
5245 "1.2.840.113554.4.1.72585.2=#1C0400002603+"
5246 "ST=Another State \\E2\\98\\83+"
5247 "ST=Some Other State \\E2\\98\\83+"
5248 "ST=Some State,"
5249 "C=US"},
5250 {/*indent=*/2,
5251 /*flags=*/XN_FLAG_RFC2253,
5252 " "
5253 "CN=\\ spaces\\ ,"
5254 "CN=Common "
5255 "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A,"
5256 "O=Org Name,"
5257 "1.2.840.113554.4.1.72585.3=#3006020101020102,"
5258 "1.2.840.113554.4.1.72585.2=#1C0400002603+"
5259 "ST=Another State \\E2\\98\\83+"
5260 "ST=Some Other State \\E2\\98\\83+"
5261 "ST=Some State,"
5262 "C=US"},
5263 // |XN_FLAG_ONELINE| is an OpenSSL-specific single-line format. It also
5264 // omits |XN_FLAG_DUMP_UNKNOWN_FIELDS|, so unknown OIDs that use known
5265 // string types will still be decoded. (This may drop important
5266 // information if the unknown OID distinguishes between string types.) It
5267 // also passes |ASN1_STRFLGS_ESC_QUOTE|.
5268 {/*indent=*/0,
5269 /*flags=*/XN_FLAG_ONELINE,
5270 "C = US, "
5271 "ST = Some State + "
5272 "ST = Some Other State \\E2\\98\\83 + "
5273 "ST = Another State \\E2\\98\\83 + "
5274 "1.2.840.113554.4.1.72585.2 = \\E2\\98\\83, "
5275 "1.2.840.113554.4.1.72585.3 = #3006020101020102, "
5276 "O = Org Name, "
5277 "CN = \"Common "
5278 "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\", "
5279 "CN = \" spaces \""},
5280 // Callers can also customize the output, with both |XN_FLAG_*| and
5281 // |ASN1_STRFLGS_*|. |XN_FLAG_SEP_SPLUS_SPC| uses semicolon separators.
5282 {/*indent=*/0,
5283 /*flags=*/XN_FLAG_SEP_SPLUS_SPC | ASN1_STRFLGS_RFC2253 |
5284 ASN1_STRFLGS_ESC_QUOTE,
5285 "C=US; "
5286 "ST=Some State + "
5287 "ST=Some Other State \\E2\\98\\83 + "
5288 "ST=Another State \\E2\\98\\83 + "
5289 "1.2.840.113554.4.1.72585.2=\\E2\\98\\83; "
5290 "1.2.840.113554.4.1.72585.3=#3006020101020102; "
5291 "O=Org Name; "
5292 "CN=\"Common "
5293 "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\"; "
5294 "CN=\" spaces \""},
5295 // Node uses these parameters.
5296 {/*indent=*/0,
5297 /*flags=*/ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL |
5298 ASN1_STRFLGS_UTF8_CONVERT | XN_FLAG_SEP_MULTILINE | XN_FLAG_FN_SN,
5299 "C=US\n"
5300 "ST=Some State + "
5301 "ST=Some Other State \xE2\x98\x83 + "
5302 "ST=Another State \xE2\x98\x83 + "
5303 "1.2.840.113554.4.1.72585.2=\xE2\x98\x83\n"
5304 "1.2.840.113554.4.1.72585.3=0\\06\\02\\01\\01\\02\\01\\02\n"
5305 "O=Org Name\n"
5306 "CN=Common "
5307 "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A\n"
5308 "CN=\\ spaces\\ "},
5309 // |XN_FLAG_COMPAT| matches |X509_NAME_print|, rather than
5310 // |X509_NAME_print_ex|.
5311 //
5312 // TODO(davidben): This works by post-processing the output of
5313 // |X509_NAME_oneline|, which uses "/"" separators, and replacing with
5314 // ", ". The escaping is ambiguous and the post-processing is buggy, so
5315 // some of the trailing slashes are still present and some internal
5316 // slashes are mis-converted.
5317 {/*indent=*/0,
5318 /*flags=*/XN_FLAG_COMPAT,
5319 "C=US, "
5320 "ST=Some State, "
5321 "ST=Some Other State \\xE2\\x98\\x83, "
5322 "ST=\\x00A\\x00n\\x00o\\x00t\\x00h\\x00e\\x00r\\x00 "
5323 "\\x00S\\x00t\\x00a\\x00t\\x00e\\x00 &\\x03/"
5324 "1.2.840.113554.4.1.72585.2=\\x00\\x00&\\x03/"
5325 "1.2.840.113554.4.1.72585.3=0\\x06\\x02\\x01\\x01\\x02\\x01\\x02, "
5326 "O=Org Name, "
5327 "CN=Common Name, "
5328 "CN=A, CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\x0ACN=A\\x0A, "
5329 "CN= spaces "},
5330 };
5331 for (const auto &t : kTests) {
5332 SCOPED_TRACE(t.printed);
5333 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
5334 ASSERT_TRUE(bio);
5335 int len = X509_NAME_print_ex(bio.get(), name.get(), t.indent, t.flags);
5336 ASSERT_GT(len, 0);
5337
5338 const uint8_t *printed;
5339 size_t printed_len;
5340 ASSERT_TRUE(BIO_mem_contents(bio.get(), &printed, &printed_len));
5341 EXPECT_EQ(std::string(printed, printed + printed_len), t.printed);
5342 if (t.flags != XN_FLAG_COMPAT) {
5343 // TODO(davidben): |XN_FLAG_COMPAT| does not return the length.
5344 EXPECT_EQ(static_cast<size_t>(len), printed_len);
5345
5346 // Passing a null |BIO| measures the output instead.
5347 len = X509_NAME_print_ex(nullptr, name.get(), t.indent, t.flags);
5348 EXPECT_GT(len, 0);
5349 EXPECT_EQ(static_cast<size_t>(len), printed_len);
5350 }
5351 }
5352
5353 // TODO(davidben): This escapes the underlying bytes in the string, but that
5354 // is ambiguous without capturing the type. Should this escape like
5355 // |ASN1_STRFLGS_UTF8_CONVERT| instead?
5356 static const char *kOnelineComponents[] = {
5357 "/C=US",
5358 "/ST=Some State",
5359 "/ST=Some Other State \\xE2\\x98\\x83",
5360 ("/ST=\\x00A\\x00n\\x00o\\x00t\\x00h\\x00e\\x00r\\x00 "
5361 "\\x00S\\x00t\\x00a\\x00t\\x00e\\x00 &\\x03"),
5362 "/1.2.840.113554.4.1.72585.2=\\x00\\x00&\\x03",
5363 "/1.2.840.113554.4.1.72585.3=0\\x06\\x02\\x01\\x01\\x02\\x01\\x02",
5364 "/O=Org Name",
5365 "/CN=Common Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\x0ACN=A\\x0A",
5366 "/CN= spaces ",
5367 };
5368 std::string oneline_expected;
5369 for (const auto& component : kOnelineComponents) {
5370 oneline_expected += component;
5371 }
5372
5373 // Given null buffer, |X509_NAME_oneline| allocates a new output.
5374 bssl::UniquePtr<char> oneline(X509_NAME_oneline(name.get(), nullptr, 0));
5375 ASSERT_TRUE(oneline);
5376 EXPECT_EQ(oneline.get(), oneline_expected);
5377
5378 // Otherwise it writes to the specified buffer. Note one extra byte is needed
5379 // for the trailing NUL.
5380 char buf[1024];
5381 ASSERT_GE(sizeof(buf), oneline_expected.size() + 2);
5382 ASSERT_EQ(buf,
5383 X509_NAME_oneline(name.get(), buf, oneline_expected.size() + 1));
5384 EXPECT_EQ(buf, oneline_expected);
5385
5386 memset(buf, 'a', sizeof(buf));
5387 ASSERT_EQ(buf,
5388 X509_NAME_oneline(name.get(), buf, oneline_expected.size() + 2));
5389 EXPECT_EQ(buf, oneline_expected);
5390
5391 // If the length is too small, |X509_NAME_oneline| truncates at name
5392 // entry boundaries.
5393 EXPECT_EQ(nullptr, X509_NAME_oneline(name.get(), buf, 0));
5394 for (size_t len = 1; len < oneline_expected.size(); len++) {
5395 SCOPED_TRACE(len);
5396 memset(buf, 'a', sizeof(buf));
5397 EXPECT_EQ(buf, X509_NAME_oneline(name.get(), buf, len));
5398
5399 std::string truncated;
5400 for (const auto& component : kOnelineComponents) {
5401 if (truncated.size() + strlen(component) + 1 > len) {
5402 break;
5403 }
5404 truncated += component;
5405 }
5406 EXPECT_EQ(buf, truncated);
5407 }
5408 }
5409
5410 // kLargeSerialPEM is a certificate with a large serial number.
5411 static const char kLargeSerialPEM[] = R"(
5412 -----BEGIN CERTIFICATE-----
5413 MIICZjCCAc+gAwIBAgIQASNFZ4mrze8BI0VniavN7zANBgkqhkiG9w0BAQsFADA2
5414 MRowGAYDVQQKExFCb3JpbmdTU0wgVEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRp
5415 YXRlIENBMCAXDTE1MDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAyMRowGAYD
5416 VQQKExFCb3JpbmdTU0wgVEVTVElORzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wgZ8w
5417 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPRTRliCpKEnug6OzI0rJVcQep5p+aT
5418 9sCg+pj+HVyg/DYTwqZ6qJRKhM+MbkhdJuU7FyqlsBeCeM/OjwMjcY0yEB/xJg1i
5419 ygfuBztTLuPnHxtSuKwae5MeqSofp3j97sRMnuLcKlHxu8rXoOCAS9BO50uKnPwU
5420 Ee1iEVqR92FPAgMBAAGjdzB1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
5421 BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAZBgNVHQ4EEgQQo3mm9u6v
5422 uaVeN4wRgDTidTAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
5423 DQEBCwUAA4GBAGP+n4kKGn/8uddYLWTXbUsz+KLuEXNDMyu3vRufLjTpIbP2MCNo
5424 85fhLeC3fzKuGOk+6QGVLOBBcWDrrLqrmqnWdBMPULDo2QoF71a4GVjeJh+ax/tZ
5425 PyeGVPUK21TE0LDIxf2a11d1CJw582MgZQIPk4tXk+AcU9EqIceKgECG
5426 -----END CERTIFICATE-----
5427 )";
5428
TEST(X509Test,Print)5429 TEST(X509Test, Print) {
5430 bssl::UniquePtr<X509> cert(CertFromPEM(kLargeSerialPEM));
5431 ASSERT_TRUE(cert);
5432
5433 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
5434 ASSERT_TRUE(bio);
5435 EXPECT_TRUE(X509_print_ex(bio.get(), cert.get(), 0, 0));
5436 // Nothing should be left in the error queue.
5437 EXPECT_EQ(0u, ERR_peek_error());
5438
5439 // This output is not guaranteed to be stable, but we assert on it to make
5440 // sure something is printed.
5441 const uint8_t *data;
5442 size_t data_len;
5443 ASSERT_TRUE(BIO_mem_contents(bio.get(), &data, &data_len));
5444 std::string print(reinterpret_cast<const char*>(data), data_len);
5445 EXPECT_EQ(print, R"(Certificate:
5446 Data:
5447 Version: 3 (0x2)
5448 Serial Number:
5449 01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef
5450 Signature Algorithm: sha256WithRSAEncryption
5451 Issuer: O=BoringSSL TESTING, CN=Intermediate CA
5452 Validity
5453 Not Before: Jan 1 00:00:00 2015 GMT
5454 Not After : Jan 1 00:00:00 2100 GMT
5455 Subject: O=BoringSSL TESTING, CN=example.com
5456 Subject Public Key Info:
5457 Public Key Algorithm: rsaEncryption
5458 Public-Key: (1024 bit)
5459 Modulus:
5460 00:c3:d1:4d:19:62:0a:92:84:9e:e8:3a:3b:32:34:
5461 ac:95:5c:41:ea:79:a7:e6:93:f6:c0:a0:fa:98:fe:
5462 1d:5c:a0:fc:36:13:c2:a6:7a:a8:94:4a:84:cf:8c:
5463 6e:48:5d:26:e5:3b:17:2a:a5:b0:17:82:78:cf:ce:
5464 8f:03:23:71:8d:32:10:1f:f1:26:0d:62:ca:07:ee:
5465 07:3b:53:2e:e3:e7:1f:1b:52:b8:ac:1a:7b:93:1e:
5466 a9:2a:1f:a7:78:fd:ee:c4:4c:9e:e2:dc:2a:51:f1:
5467 bb:ca:d7:a0:e0:80:4b:d0:4e:e7:4b:8a:9c:fc:14:
5468 11:ed:62:11:5a:91:f7:61:4f
5469 Exponent: 65537 (0x10001)
5470 X509v3 extensions:
5471 X509v3 Key Usage: critical
5472 Digital Signature, Key Encipherment
5473 X509v3 Extended Key Usage:
5474 TLS Web Server Authentication, TLS Web Client Authentication
5475 X509v3 Basic Constraints: critical
5476 CA:FALSE
5477 X509v3 Subject Key Identifier:
5478 A3:79:A6:F6:EE:AF:B9:A5:5E:37:8C:11:80:34:E2:75
5479 X509v3 Authority Key Identifier:
5480 keyid:8C:1A:68:A8:B5:76:DB:5D:57:7B:1F:8D:14:B2:06:A3
5481
5482 Signature Algorithm: sha256WithRSAEncryption
5483 63:fe:9f:89:0a:1a:7f:fc:b9:d7:58:2d:64:d7:6d:4b:33:f8:
5484 a2:ee:11:73:43:33:2b:b7:bd:1b:9f:2e:34:e9:21:b3:f6:30:
5485 23:68:f3:97:e1:2d:e0:b7:7f:32:ae:18:e9:3e:e9:01:95:2c:
5486 e0:41:71:60:eb:ac:ba:ab:9a:a9:d6:74:13:0f:50:b0:e8:d9:
5487 0a:05:ef:56:b8:19:58:de:26:1f:9a:c7:fb:59:3f:27:86:54:
5488 f5:0a:db:54:c4:d0:b0:c8:c5:fd:9a:d7:57:75:08:9c:39:f3:
5489 63:20:65:02:0f:93:8b:57:93:e0:1c:53:d1:2a:21:c7:8a:80:
5490 40:86
5491 )");
5492 }
5493
TEST(X509Test,AddExt)5494 TEST(X509Test, AddExt) {
5495 bssl::UniquePtr<X509> x509(X509_new());
5496 ASSERT_TRUE(x509);
5497
5498 struct Extension {
5499 int nid;
5500 bool critical;
5501 std::vector<uint8_t> data;
5502 };
5503 auto expect_extensions = [&](const std::vector<Extension> &exts) {
5504 ASSERT_EQ(static_cast<size_t>(X509_get_ext_count(x509.get())), exts.size());
5505 for (size_t i = 0; i < exts.size(); i++) {
5506 SCOPED_TRACE(i);
5507 const X509_EXTENSION *ext = X509_get_ext(x509.get(), static_cast<int>(i));
5508 EXPECT_EQ(OBJ_obj2nid(X509_EXTENSION_get_object(ext)), exts[i].nid);
5509 EXPECT_EQ(X509_EXTENSION_get_critical(ext), exts[i].critical ? 1 : 0);
5510 const ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(ext);
5511 EXPECT_EQ(Bytes(ASN1_STRING_get0_data(data), ASN1_STRING_length(data)),
5512 Bytes(exts[i].data));
5513 }
5514 };
5515
5516 // Make a few sample extensions.
5517
5518 // SEQUENCE {}
5519 std::vector<uint8_t> basic1_der = {0x30, 0x00};
5520 const uint8_t *inp = basic1_der.data();
5521 bssl::UniquePtr<BASIC_CONSTRAINTS> basic1_obj(
5522 d2i_BASIC_CONSTRAINTS(nullptr, &inp, basic1_der.size()));
5523 EXPECT_EQ(inp, basic1_der.data() + basic1_der.size());
5524
5525 // SEQUENCE { BOOLEAN { TRUE } }
5526 std::vector<uint8_t> basic2_der = {0x30, 0x03, 0x01, 0x01, 0xff};
5527 inp = basic2_der.data();
5528 bssl::UniquePtr<BASIC_CONSTRAINTS> basic2_obj(
5529 d2i_BASIC_CONSTRAINTS(nullptr, &inp, basic2_der.size()));
5530 EXPECT_EQ(inp, basic2_der.data() + basic2_der.size());
5531
5532 // OCTET_STRING {}
5533 std::vector<uint8_t> skid1_der = {0x04, 0x00};
5534 inp = skid1_der.data();
5535 bssl::UniquePtr<ASN1_OCTET_STRING> skid1_obj(
5536 d2i_ASN1_OCTET_STRING(nullptr, &inp, skid1_der.size()));
5537 EXPECT_EQ(inp, skid1_der.data() + skid1_der.size());
5538
5539 // OCTET_STRING { "a" }
5540 std::vector<uint8_t> skid2_der = {0x04, 0x01, 0x61};
5541 inp = skid2_der.data();
5542 bssl::UniquePtr<ASN1_OCTET_STRING> skid2_obj(
5543 d2i_ASN1_OCTET_STRING(nullptr, &inp, skid2_der.size()));
5544 EXPECT_EQ(inp, skid2_der.data() + skid2_der.size());
5545
5546 // Initially, the extension list is empty.
5547 expect_extensions({});
5548
5549 // Adding extensions works with the default settings.
5550 EXPECT_EQ(
5551 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5552 /*crit=*/1, X509V3_ADD_DEFAULT));
5553 expect_extensions({{NID_basic_constraints, true, basic1_der}});
5554 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_subject_key_identifier,
5555 skid1_obj.get(),
5556 /*crit=*/0, X509V3_ADD_DEFAULT));
5557 expect_extensions({{NID_basic_constraints, true, basic1_der},
5558 {NID_subject_key_identifier, false, skid1_der}});
5559
5560 // By default, we cannot add duplicates.
5561 EXPECT_EQ(
5562 0, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic2_obj.get(),
5563 /*crit=*/0, X509V3_ADD_DEFAULT));
5564 expect_extensions({{NID_basic_constraints, true, basic1_der},
5565 {NID_subject_key_identifier, false, skid1_der}});
5566
5567 // |X509V3_ADD_KEEP_EXISTING| silently keeps the existing extension if already
5568 // present.
5569 EXPECT_EQ(
5570 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic2_obj.get(),
5571 /*crit=*/0, X509V3_ADD_KEEP_EXISTING));
5572 expect_extensions({{NID_basic_constraints, true, basic1_der},
5573 {NID_subject_key_identifier, false, skid1_der}});
5574
5575 // |X509V3_ADD_REPLACE| replaces it.
5576 EXPECT_EQ(
5577 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic2_obj.get(),
5578 /*crit=*/0, X509V3_ADD_REPLACE));
5579 expect_extensions({{NID_basic_constraints, false, basic2_der},
5580 {NID_subject_key_identifier, false, skid1_der}});
5581
5582 // |X509V3_ADD_REPLACE_EXISTING| also replaces matches.
5583 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_subject_key_identifier,
5584 skid2_obj.get(),
5585 /*crit=*/1, X509V3_ADD_REPLACE_EXISTING));
5586 expect_extensions({{NID_basic_constraints, false, basic2_der},
5587 {NID_subject_key_identifier, true, skid2_der}});
5588
5589 // |X509V3_ADD_DELETE| ignores the value and deletes the extension.
5590 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5591 X509V3_ADD_DELETE));
5592 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5593
5594 // Not finding an extension to delete is an error.
5595 EXPECT_EQ(0, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5596 X509V3_ADD_DELETE));
5597 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5598
5599 // |X509V3_ADD_REPLACE_EXISTING| fails if it cannot find a match.
5600 EXPECT_EQ(
5601 0, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5602 /*crit=*/1, X509V3_ADD_REPLACE_EXISTING));
5603 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5604
5605 // |X509V3_ADD_REPLACE| adds a new extension if not preseent.
5606 EXPECT_EQ(
5607 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5608 /*crit=*/1, X509V3_ADD_REPLACE));
5609 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5610 {NID_basic_constraints, true, basic1_der}});
5611
5612 // Delete the extension again.
5613 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5614 X509V3_ADD_DELETE));
5615 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5616
5617 // |X509V3_ADD_KEEP_EXISTING| adds a new extension if not preseent.
5618 EXPECT_EQ(
5619 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5620 /*crit=*/1, X509V3_ADD_KEEP_EXISTING));
5621 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5622 {NID_basic_constraints, true, basic1_der}});
5623
5624 // Delete the extension again.
5625 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5626 X509V3_ADD_DELETE));
5627 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5628
5629 // |X509V3_ADD_APPEND| adds a new extension if not present.
5630 EXPECT_EQ(
5631 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5632 /*crit=*/1, X509V3_ADD_APPEND));
5633 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5634 {NID_basic_constraints, true, basic1_der}});
5635
5636 // |X509V3_ADD_APPEND| keeps adding duplicates (invalid) even if present.
5637 EXPECT_EQ(
5638 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic2_obj.get(),
5639 /*crit=*/0, X509V3_ADD_APPEND));
5640 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5641 {NID_basic_constraints, true, basic1_der},
5642 {NID_basic_constraints, false, basic2_der}});
5643
5644 // |X509V3_ADD_DELETE| only deletes one extension at a time.
5645 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5646 X509V3_ADD_DELETE));
5647 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5648 {NID_basic_constraints, false, basic2_der}});
5649 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5650 X509V3_ADD_DELETE));
5651 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5652 }
5653
TEST(X509Test,NameEntry)5654 TEST(X509Test, NameEntry) {
5655 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
5656 ASSERT_TRUE(name);
5657
5658 auto check_name = [&](const char *expected_rfc2253) {
5659 // Check RDN indices are self-consistent.
5660 int num = X509_NAME_entry_count(name.get());
5661 if (num > 0) {
5662 // RDN indices must start at zero.
5663 EXPECT_EQ(0, X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 0)));
5664 }
5665 for (int i = 1; i < num; i++) {
5666 int prev = X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), i - 1));
5667 int current = X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), i));
5668 // RDN indices must increase consecutively.
5669 EXPECT_TRUE(prev == current || prev + 1 == current)
5670 << "Entry " << i << " has RDN index " << current
5671 << " which is inconsistent with previous index " << prev;
5672 }
5673
5674 // Check the name based on the RFC 2253 serialization. Note the RFC 2253
5675 // serialization is in reverse.
5676 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
5677 ASSERT_TRUE(bio);
5678 EXPECT_GE(X509_NAME_print_ex(bio.get(), name.get(), 0, XN_FLAG_RFC2253), 0);
5679 const uint8_t *data;
5680 size_t len;
5681 ASSERT_TRUE(BIO_mem_contents(bio.get(), &data, &len));
5682 EXPECT_EQ(expected_rfc2253, std::string(data, data + len));
5683 };
5684
5685 check_name("");
5686
5687 // |loc| = -1, |set| = 0 appends as new RDNs.
5688 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5689 name.get(), NID_organizationName, MBSTRING_UTF8,
5690 reinterpret_cast<const unsigned char *>("Org"), /*len=*/-1, /*loc=*/-1,
5691 /*set=*/0));
5692 check_name("O=Org");
5693
5694 // |loc| = -1, |set| = 0 appends as new RDNs.
5695 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5696 name.get(), NID_commonName, MBSTRING_UTF8,
5697 reinterpret_cast<const unsigned char *>("Name"), /*len=*/-1, /*loc=*/-1,
5698 /*set=*/0));
5699 check_name("CN=Name,O=Org");
5700
5701 // Inserting in the middle of the set, but with |set| = 0 inserts a new RDN
5702 // and fixes the "set" values as needed.
5703 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5704 name.get(), NID_organizationalUnitName, MBSTRING_UTF8,
5705 reinterpret_cast<const unsigned char *>("Unit"), /*len=*/-1, /*loc=*/1,
5706 /*set=*/0));
5707 check_name("CN=Name,OU=Unit,O=Org");
5708
5709 // |set = -1| adds to the previous entry's RDN. (Although putting O and OU at
5710 // the same level makes little sense, the test is written this way to check
5711 // the function isn't using attribute types to order things.)
5712 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5713 name.get(), NID_organizationName, MBSTRING_UTF8,
5714 reinterpret_cast<const unsigned char *>("Org2"), /*len=*/-1, /*loc=*/2,
5715 /*set=*/-1));
5716 check_name("CN=Name,O=Org2+OU=Unit,O=Org");
5717
5718 // |set| = 1 adds to the next entry's RDN.
5719 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5720 name.get(), NID_commonName, MBSTRING_UTF8,
5721 reinterpret_cast<const unsigned char *>("Name2"), /*len=*/-1, /*loc=*/2,
5722 /*set=*/-1));
5723 check_name("CN=Name,O=Org2+CN=Name2+OU=Unit,O=Org");
5724
5725 // If there is no previous RDN, |set| = -1 makes a new RDN.
5726 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5727 name.get(), NID_countryName, MBSTRING_UTF8,
5728 reinterpret_cast<const unsigned char *>("US"), /*len=*/-1, /*loc=*/0,
5729 /*set=*/-1));
5730 check_name("CN=Name,O=Org2+CN=Name2+OU=Unit,O=Org,C=US");
5731
5732 // Likewise if there is no next RDN.
5733 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5734 name.get(), NID_commonName, MBSTRING_UTF8,
5735 reinterpret_cast<const unsigned char *>("Name3"), /*len=*/-1, /*loc=*/-1,
5736 /*set=*/1));
5737 check_name("CN=Name3,CN=Name,O=Org2+CN=Name2+OU=Unit,O=Org,C=US");
5738
5739 // If |set| = 0 and we insert in the middle of an existing RDN, it adds an
5740 // RDN boundary after the entry but not before. This is a quirk of how the
5741 // function is implemented and hopefully not something any caller depends on.
5742 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5743 name.get(), NID_commonName, MBSTRING_UTF8,
5744 reinterpret_cast<const unsigned char *>("Name4"), /*len=*/-1, /*loc=*/3,
5745 /*set=*/0));
5746 check_name("CN=Name3,CN=Name,O=Org2+CN=Name2,CN=Name4+OU=Unit,O=Org,C=US");
5747
5748 // Entries may be deleted.
5749 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 7));
5750 check_name("CN=Name,O=Org2+CN=Name2,CN=Name4+OU=Unit,O=Org,C=US");
5751
5752 // When deleting the only attribute in an RDN, index invariants should still
5753 // hold.
5754 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 0));
5755 check_name("CN=Name,O=Org2+CN=Name2,CN=Name4+OU=Unit,O=Org");
5756
5757 // Index invariants also hold when deleting attributes from non-singular RDNs.
5758 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 1));
5759 check_name("CN=Name,O=Org2+CN=Name2,CN=Name4,O=Org");
5760 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 1));
5761 check_name("CN=Name,O=Org2+CN=Name2,O=Org");
5762
5763 // Same as above, but delete the second attribute first.
5764 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 2));
5765 check_name("CN=Name,CN=Name2,O=Org");
5766 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 1));
5767 check_name("CN=Name,O=Org");
5768 }
5769
5770 // Tests that non-integer types are rejected when passed as an argument to
5771 // X509_set_serialNumber().
TEST(X509Test,SetSerialNumberChecksASN1StringType)5772 TEST(X509Test, SetSerialNumberChecksASN1StringType) {
5773 bssl::UniquePtr<X509> root = CertFromPEM(kRootCAPEM);
5774 ASSERT_TRUE(root);
5775
5776 // Passing an IA5String to X509_set_serialNumber() should fail.
5777 bssl::UniquePtr<ASN1_IA5STRING> str(ASN1_IA5STRING_new());
5778 ASSERT_TRUE(str);
5779 EXPECT_FALSE(X509_set_serialNumber(root.get(), str.get()));
5780
5781 // Passing a negative serial number is allowed. While invalid, we do accept
5782 // them and some callers rely in this for tests.
5783 bssl::UniquePtr<ASN1_INTEGER> serial(ASN1_INTEGER_new());
5784 ASSERT_TRUE(serial);
5785 ASSERT_TRUE(ASN1_INTEGER_set_int64(serial.get(), -1));
5786 ASSERT_TRUE(X509_set_serialNumber(root.get(), serial.get()));
5787 int64_t val;
5788 ASSERT_TRUE(ASN1_INTEGER_get_int64(&val, X509_get0_serialNumber(root.get())));
5789 EXPECT_EQ(-1, val);
5790 }
5791
TEST(X509Test,Policy)5792 TEST(X509Test, Policy) {
5793 bssl::UniquePtr<ASN1_OBJECT> oid1(
5794 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.1", /*dont_search_names=*/1));
5795 ASSERT_TRUE(oid1);
5796 bssl::UniquePtr<ASN1_OBJECT> oid2(
5797 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.2", /*dont_search_names=*/1));
5798 ASSERT_TRUE(oid2);
5799 bssl::UniquePtr<ASN1_OBJECT> oid3(
5800 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.3", /*dont_search_names=*/1));
5801 ASSERT_TRUE(oid3);
5802 bssl::UniquePtr<ASN1_OBJECT> oid4(
5803 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.4", /*dont_search_names=*/1));
5804 ASSERT_TRUE(oid4);
5805 bssl::UniquePtr<ASN1_OBJECT> oid5(
5806 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.5", /*dont_search_names=*/1));
5807 ASSERT_TRUE(oid5);
5808
5809 bssl::UniquePtr<X509> root(
5810 CertFromPEM(GetTestData("crypto/x509/test/policy_root.pem").c_str()));
5811 ASSERT_TRUE(root);
5812 bssl::UniquePtr<X509> root_cross_inhibit_mapping(CertFromPEM(
5813 GetTestData("crypto/x509/test/policy_root_cross_inhibit_mapping.pem")
5814 .c_str()));
5815 ASSERT_TRUE(root_cross_inhibit_mapping);
5816 bssl::UniquePtr<X509> root2(
5817 CertFromPEM(GetTestData("crypto/x509/test/policy_root2.pem").c_str()));
5818 ASSERT_TRUE(root2);
5819 bssl::UniquePtr<X509> intermediate(CertFromPEM(
5820 GetTestData("crypto/x509/test/policy_intermediate.pem").c_str()));
5821 ASSERT_TRUE(intermediate);
5822 bssl::UniquePtr<X509> intermediate_any(CertFromPEM(
5823 GetTestData("crypto/x509/test/policy_intermediate_any.pem").c_str()));
5824 ASSERT_TRUE(intermediate_any);
5825 bssl::UniquePtr<X509> intermediate_duplicate(CertFromPEM(
5826 GetTestData("crypto/x509/test/policy_intermediate_duplicate.pem")
5827 .c_str()));
5828 ASSERT_TRUE(intermediate_duplicate);
5829 bssl::UniquePtr<X509> intermediate_invalid(CertFromPEM(
5830 GetTestData("crypto/x509/test/policy_intermediate_invalid.pem").c_str()));
5831 ASSERT_TRUE(intermediate_invalid);
5832 bssl::UniquePtr<X509> intermediate_mapped(CertFromPEM(
5833 GetTestData("crypto/x509/test/policy_intermediate_mapped.pem")
5834 .c_str()));
5835 ASSERT_TRUE(intermediate_mapped);
5836 bssl::UniquePtr<X509> intermediate_mapped_any(CertFromPEM(
5837 GetTestData("crypto/x509/test/policy_intermediate_mapped_any.pem")
5838 .c_str()));
5839 ASSERT_TRUE(intermediate_mapped_any);
5840 bssl::UniquePtr<X509> intermediate_mapped_oid3(CertFromPEM(
5841 GetTestData("crypto/x509/test/policy_intermediate_mapped_oid3.pem")
5842 .c_str()));
5843 ASSERT_TRUE(intermediate_mapped_oid3);
5844 bssl::UniquePtr<X509> intermediate_require(CertFromPEM(
5845 GetTestData("crypto/x509/test/policy_intermediate_require.pem").c_str()));
5846 ASSERT_TRUE(intermediate_require);
5847 bssl::UniquePtr<X509> intermediate_require1(CertFromPEM(
5848 GetTestData("crypto/x509/test/policy_intermediate_require1.pem")
5849 .c_str()));
5850 ASSERT_TRUE(intermediate_require1);
5851 bssl::UniquePtr<X509> intermediate_require2(CertFromPEM(
5852 GetTestData("crypto/x509/test/policy_intermediate_require2.pem")
5853 .c_str()));
5854 ASSERT_TRUE(intermediate_require2);
5855 bssl::UniquePtr<X509> intermediate_require_duplicate(CertFromPEM(
5856 GetTestData("crypto/x509/test/policy_intermediate_require_duplicate.pem")
5857 .c_str()));
5858 ASSERT_TRUE(intermediate_require_duplicate);
5859 bssl::UniquePtr<X509> intermediate_require_no_policies(CertFromPEM(
5860 GetTestData(
5861 "crypto/x509/test/policy_intermediate_require_no_policies.pem")
5862 .c_str()));
5863 ASSERT_TRUE(intermediate_require_no_policies);
5864 bssl::UniquePtr<X509> leaf(
5865 CertFromPEM(GetTestData("crypto/x509/test/policy_leaf.pem").c_str()));
5866 ASSERT_TRUE(leaf);
5867 bssl::UniquePtr<X509> leaf_any(
5868 CertFromPEM(GetTestData("crypto/x509/test/policy_leaf_any.pem").c_str()));
5869 ASSERT_TRUE(leaf_any);
5870 bssl::UniquePtr<X509> leaf_duplicate(CertFromPEM(
5871 GetTestData("crypto/x509/test/policy_leaf_duplicate.pem").c_str()));
5872 ASSERT_TRUE(leaf_duplicate);
5873 bssl::UniquePtr<X509> leaf_invalid(CertFromPEM(
5874 GetTestData("crypto/x509/test/policy_leaf_invalid.pem").c_str()));
5875 ASSERT_TRUE(leaf_invalid);
5876 bssl::UniquePtr<X509> leaf_none(CertFromPEM(
5877 GetTestData("crypto/x509/test/policy_leaf_none.pem").c_str()));
5878 ASSERT_TRUE(leaf_none);
5879 bssl::UniquePtr<X509> leaf_oid1(CertFromPEM(
5880 GetTestData("crypto/x509/test/policy_leaf_oid1.pem").c_str()));
5881 ASSERT_TRUE(leaf_oid1);
5882 bssl::UniquePtr<X509> leaf_oid2(CertFromPEM(
5883 GetTestData("crypto/x509/test/policy_leaf_oid2.pem").c_str()));
5884 ASSERT_TRUE(leaf_oid2);
5885 bssl::UniquePtr<X509> leaf_oid3(CertFromPEM(
5886 GetTestData("crypto/x509/test/policy_leaf_oid3.pem").c_str()));
5887 ASSERT_TRUE(leaf_oid3);
5888 bssl::UniquePtr<X509> leaf_oid4(CertFromPEM(
5889 GetTestData("crypto/x509/test/policy_leaf_oid4.pem").c_str()));
5890 ASSERT_TRUE(leaf_oid4);
5891 bssl::UniquePtr<X509> leaf_oid5(CertFromPEM(
5892 GetTestData("crypto/x509/test/policy_leaf_oid5.pem").c_str()));
5893 ASSERT_TRUE(leaf_oid5);
5894 bssl::UniquePtr<X509> leaf_require(CertFromPEM(
5895 GetTestData("crypto/x509/test/policy_leaf_require.pem").c_str()));
5896 ASSERT_TRUE(leaf_require);
5897 bssl::UniquePtr<X509> leaf_require1(CertFromPEM(
5898 GetTestData("crypto/x509/test/policy_leaf_require1.pem").c_str()));
5899 ASSERT_TRUE(leaf_require1);
5900
5901 auto set_policies = [](X509_STORE_CTX *ctx,
5902 std::vector<const ASN1_OBJECT *> oids) {
5903 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
5904 for (const ASN1_OBJECT *oid : oids) {
5905 bssl::UniquePtr<ASN1_OBJECT> copy(OBJ_dup(oid));
5906 ASSERT_TRUE(copy);
5907 ASSERT_TRUE(X509_VERIFY_PARAM_add0_policy(param, copy.get()));
5908 copy.release(); // |X509_VERIFY_PARAM_add0_policy| takes ownership on
5909 // success.
5910 }
5911 };
5912
5913 // The chain is good for |oid1| and |oid2|, but not |oid3|.
5914 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
5915 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY));
5916 EXPECT_EQ(X509_V_OK,
5917 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5918 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
5919 set_policies(ctx, {oid1.get()});
5920 }));
5921 EXPECT_EQ(X509_V_OK,
5922 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5923 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
5924 set_policies(ctx, {oid2.get()});
5925 }));
5926 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
5927 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5928 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
5929 set_policies(ctx, {oid3.get()});
5930 }));
5931 EXPECT_EQ(X509_V_OK,
5932 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5933 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
5934 set_policies(ctx, {oid1.get(), oid2.get()});
5935 }));
5936 EXPECT_EQ(X509_V_OK,
5937 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5938 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
5939 set_policies(ctx, {oid1.get(), oid3.get()});
5940 }));
5941
5942 // The policy extension cannot be parsed.
5943 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5944 Verify(leaf.get(), {root.get()}, {intermediate_invalid.get()},
5945 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5946 [&](X509_STORE_CTX *ctx) {
5947 set_policies(ctx, {oid1.get()});
5948 }));
5949 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5950 Verify(leaf_invalid.get(), {root.get()}, {intermediate.get()},
5951 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5952 [&](X509_STORE_CTX *ctx) {
5953 set_policies(ctx, {oid1.get()});
5954 }));
5955 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5956 Verify(leaf_invalid.get(), {root.get()}, {intermediate.get()},
5957 /*crls=*/{}));
5958
5959 // There is a duplicate policy in the policy extension.
5960 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5961 Verify(leaf.get(), {root.get()}, {intermediate_duplicate.get()},
5962 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5963 [&](X509_STORE_CTX *ctx) {
5964 set_policies(ctx, {oid1.get()});
5965 }));
5966
5967 // The policy extension in the leaf cannot be parsed.
5968 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5969 Verify(leaf_duplicate.get(), {root.get()}, {intermediate.get()},
5970 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5971 [&](X509_STORE_CTX *ctx) {
5972 set_policies(ctx, {oid1.get()});
5973 }));
5974
5975 // Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and
5976 // intersected with user-specified policies, but it is not required to result
5977 // in any valid policies.
5978 EXPECT_EQ(X509_V_OK,
5979 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5980 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
5981 set_policies(ctx, {oid1.get()});
5982 }));
5983 EXPECT_EQ(X509_V_OK,
5984 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5985 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
5986 set_policies(ctx, {oid3.get()});
5987 }));
5988
5989 // However, a CA with policy constraints can require an explicit policy.
5990 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()},
5991 {intermediate_require.get()}, /*crls=*/{},
5992 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
5993 set_policies(ctx, {oid1.get()});
5994 }));
5995 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
5996 Verify(leaf.get(), {root.get()}, {intermediate_require.get()},
5997 /*crls=*/{},
5998 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
5999 set_policies(ctx, {oid3.get()});
6000 }));
6001
6002 // requireExplicitPolicy applies even if the application does not configure a
6003 // user-initial-policy-set. If the validation results in no policies, the
6004 // chain is invalid.
6005 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
6006 Verify(leaf_none.get(), {root.get()}, {intermediate_require.get()},
6007 /*crls=*/{}));
6008
6009 // A leaf can also set requireExplicitPolicy.
6010 EXPECT_EQ(X509_V_OK,
6011 Verify(leaf_require.get(), {root.get()}, {intermediate.get()},
6012 /*crls=*/{}, /*flags=*/0));
6013 EXPECT_EQ(X509_V_OK, Verify(leaf_require.get(), {root.get()},
6014 {intermediate.get()}, /*crls=*/{},
6015 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6016 set_policies(ctx, {oid1.get()});
6017 }));
6018 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
6019 Verify(leaf_require.get(), {root.get()}, {intermediate.get()},
6020 /*crls=*/{},
6021 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6022 set_policies(ctx, {oid3.get()});
6023 }));
6024
6025 // requireExplicitPolicy is a count of certificates to skip. If the value is
6026 // not zero by the end of the chain, it doesn't count.
6027 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
6028 Verify(leaf.get(), {root.get()}, {intermediate_require1.get()},
6029 /*crls=*/{},
6030 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6031 set_policies(ctx, {oid3.get()});
6032 }));
6033 EXPECT_EQ(X509_V_OK,
6034 Verify(leaf.get(), {root.get()}, {intermediate_require2.get()},
6035 /*crls=*/{},
6036 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6037 set_policies(ctx, {oid3.get()});
6038 }));
6039 EXPECT_EQ(X509_V_OK,
6040 Verify(leaf_require1.get(), {root.get()}, {intermediate.get()},
6041 /*crls=*/{},
6042 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6043 set_policies(ctx, {oid3.get()});
6044 }));
6045
6046 // If multiple certificates specify the constraint, the more constrained value
6047 // wins.
6048 EXPECT_EQ(
6049 X509_V_ERR_NO_EXPLICIT_POLICY,
6050 Verify(leaf_require1.get(), {root.get()}, {intermediate_require1.get()},
6051 /*crls=*/{},
6052 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6053 set_policies(ctx, {oid3.get()});
6054 }));
6055 EXPECT_EQ(
6056 X509_V_ERR_NO_EXPLICIT_POLICY,
6057 Verify(leaf_require.get(), {root.get()}, {intermediate_require2.get()},
6058 /*crls=*/{},
6059 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6060 set_policies(ctx, {oid3.get()});
6061 }));
6062
6063 // An intermediate that requires an explicit policy, but then specifies no
6064 // policies should fail verification as a result.
6065 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
6066 Verify(leaf.get(), {root.get()},
6067 {intermediate_require_no_policies.get()}, /*crls=*/{},
6068 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6069 set_policies(ctx, {oid1.get()});
6070 }));
6071
6072 // A constrained intermediate's policy extension has a duplicate policy, which
6073 // is invalid. Historically this, and the above case, leaked memory.
6074 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
6075 Verify(leaf.get(), {root.get()},
6076 {intermediate_require_duplicate.get()}, /*crls=*/{},
6077 /*flags=*/0, [&](X509_STORE_CTX *ctx) {
6078 set_policies(ctx, {oid1.get()});
6079 }));
6080
6081 // The leaf asserts anyPolicy, but the intermediate does not. The resulting
6082 // valid policies are the intersection.
6083 EXPECT_EQ(
6084 X509_V_OK,
6085 Verify(leaf_any.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
6086 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
6087 set_policies(ctx, {oid1.get()});
6088 }));
6089 EXPECT_EQ(
6090 X509_V_ERR_NO_EXPLICIT_POLICY,
6091 Verify(leaf_any.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
6092 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
6093 set_policies(ctx, {oid3.get()});
6094 }));
6095
6096 // The intermediate asserts anyPolicy, but the leaf does not. The resulting
6097 // valid policies are the intersection.
6098 EXPECT_EQ(
6099 X509_V_OK,
6100 Verify(leaf.get(), {root.get()}, {intermediate_any.get()}, /*crls=*/{},
6101 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
6102 set_policies(ctx, {oid1.get()});
6103 }));
6104 EXPECT_EQ(
6105 X509_V_ERR_NO_EXPLICIT_POLICY,
6106 Verify(leaf.get(), {root.get()}, {intermediate_any.get()}, /*crls=*/{},
6107 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
6108 set_policies(ctx, {oid3.get()});
6109 }));
6110
6111 // Both assert anyPolicy. All policies are valid.
6112 EXPECT_EQ(X509_V_OK,
6113 Verify(leaf_any.get(), {root.get()}, {intermediate_any.get()},
6114 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6115 [&](X509_STORE_CTX *ctx) {
6116 set_policies(ctx, {oid1.get()});
6117 }));
6118 EXPECT_EQ(X509_V_OK,
6119 Verify(leaf_any.get(), {root.get()}, {intermediate_any.get()},
6120 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6121 [&](X509_STORE_CTX *ctx) {
6122 set_policies(ctx, {oid3.get()});
6123 }));
6124
6125 // With just a trust anchor, policy checking silently succeeds.
6126 EXPECT_EQ(X509_V_OK, Verify(root.get(), {root.get()}, {},
6127 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6128 [&](X509_STORE_CTX *ctx) {
6129 set_policies(ctx, {oid1.get()});
6130 }));
6131
6132 for (bool use_any : {false, true}) {
6133 SCOPED_TRACE(use_any);
6134 X509 *cert =
6135 use_any ? intermediate_mapped_any.get() : intermediate_mapped.get();
6136 // OID3 is mapped to {OID1, OID2}, which means OID1 and OID2 (or both) are
6137 // acceptable for OID3.
6138 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {cert},
6139 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6140 [&](X509_STORE_CTX *ctx) {
6141 set_policies(ctx, {oid3.get()});
6142 }));
6143 EXPECT_EQ(X509_V_OK, Verify(leaf_oid1.get(), {root.get()}, {cert},
6144 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6145 [&](X509_STORE_CTX *ctx) {
6146 set_policies(ctx, {oid3.get()});
6147 }));
6148 EXPECT_EQ(X509_V_OK, Verify(leaf_oid2.get(), {root.get()}, {cert},
6149 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6150 [&](X509_STORE_CTX *ctx) {
6151 set_policies(ctx, {oid3.get()});
6152 }));
6153
6154 // If the intermediate's policies were anyPolicy, OID3 at the leaf, despite
6155 // being mapped, is still acceptable as OID3 at the root. Despite the OID3
6156 // having expected_policy_set = {OID1, OID2}, it can match the anyPolicy
6157 // node instead.
6158 //
6159 // If the intermediate's policies listed OIDs explicitly, OID3 at the leaf
6160 // is not acceptable as OID3 at the root. OID3 has expected_polciy_set =
6161 // {OID1, OID2} and no other node allows OID3.
6162 EXPECT_EQ(use_any ? X509_V_OK : X509_V_ERR_NO_EXPLICIT_POLICY,
6163 Verify(leaf_oid3.get(), {root.get()}, {cert},
6164 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6165 [&](X509_STORE_CTX *ctx) {
6166 set_policies(ctx, {oid3.get()});
6167 }));
6168
6169 // If the intermediate's policies were anyPolicy, OID1 at the leaf is no
6170 // longer acceptable as OID1 at the root because policies only match
6171 // anyPolicy when they match no other policy.
6172 //
6173 // If the intermediate's policies listed OIDs explicitly, OID1 at the leaf
6174 // is acceptable as OID1 at the root because it will match both OID1 and
6175 // OID3 (mapped) policies.
6176 EXPECT_EQ(use_any ? X509_V_ERR_NO_EXPLICIT_POLICY : X509_V_OK,
6177 Verify(leaf_oid1.get(), {root.get()}, {cert},
6178 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6179 [&](X509_STORE_CTX *ctx) {
6180 set_policies(ctx, {oid1.get()});
6181 }));
6182
6183 // All pairs of OID4 and OID5 are mapped together, so either can stand for
6184 // the other.
6185 EXPECT_EQ(X509_V_OK, Verify(leaf_oid4.get(), {root.get()}, {cert},
6186 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6187 [&](X509_STORE_CTX *ctx) {
6188 set_policies(ctx, {oid4.get()});
6189 }));
6190 EXPECT_EQ(X509_V_OK, Verify(leaf_oid4.get(), {root.get()}, {cert},
6191 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6192 [&](X509_STORE_CTX *ctx) {
6193 set_policies(ctx, {oid5.get()});
6194 }));
6195 EXPECT_EQ(X509_V_OK, Verify(leaf_oid5.get(), {root.get()}, {cert},
6196 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6197 [&](X509_STORE_CTX *ctx) {
6198 set_policies(ctx, {oid4.get()});
6199 }));
6200 EXPECT_EQ(X509_V_OK, Verify(leaf_oid5.get(), {root.get()}, {cert},
6201 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6202 [&](X509_STORE_CTX *ctx) {
6203 set_policies(ctx, {oid5.get()});
6204 }));
6205
6206 EXPECT_EQ(X509_V_OK, Verify(leaf_oid4.get(), {root.get()}, {cert},
6207 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6208 [&](X509_STORE_CTX *ctx) {
6209 set_policies(ctx, {oid4.get(), oid5.get()});
6210 }));
6211 }
6212
6213 // Although |intermediate_mapped_oid3| contains many mappings, it only accepts
6214 // OID3. Nodes should not be created for the other mappings.
6215 EXPECT_EQ(X509_V_OK, Verify(leaf_oid1.get(), {root.get()},
6216 {intermediate_mapped_oid3.get()},
6217 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6218 [&](X509_STORE_CTX *ctx) {
6219 set_policies(ctx, {oid3.get()});
6220 }));
6221 EXPECT_EQ(
6222 X509_V_ERR_NO_EXPLICIT_POLICY,
6223 Verify(leaf_oid4.get(), {root.get()}, {intermediate_mapped_oid3.get()},
6224 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6225 [&](X509_STORE_CTX *ctx) {
6226 set_policies(ctx, {oid4.get()});
6227 }));
6228
6229 // Policy mapping can be inhibited, either by the caller or a certificate in
6230 // the chain, in which case mapped policies are unassertable (apart from some
6231 // anyPolicy edge cases).
6232 EXPECT_EQ(
6233 X509_V_ERR_NO_EXPLICIT_POLICY,
6234 Verify(leaf_oid1.get(), {root.get()}, {intermediate_mapped_oid3.get()},
6235 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY | X509_V_FLAG_INHIBIT_MAP,
6236 [&](X509_STORE_CTX *ctx) {
6237 set_policies(ctx, {oid3.get()});
6238 }));
6239 EXPECT_EQ(
6240 X509_V_ERR_NO_EXPLICIT_POLICY,
6241 Verify(leaf_oid1.get(), {root2.get()},
6242 {intermediate_mapped_oid3.get(), root_cross_inhibit_mapping.get()},
6243 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6244 [&](X509_STORE_CTX *ctx) {
6245 set_policies(ctx, {oid3.get()});
6246 }));
6247 }
6248
6249 #if defined(OPENSSL_THREADS)
6250 // A similar test to the above, but ensures the various bits of intermediate
6251 // state are computed safely.
TEST(X509Test,PolicyThreads)6252 TEST(X509Test, PolicyThreads) {
6253 const size_t kNumThreads = 10;
6254
6255 bssl::UniquePtr<ASN1_OBJECT> oid1(
6256 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.1", /*dont_search_names=*/1));
6257 ASSERT_TRUE(oid1);
6258 bssl::UniquePtr<ASN1_OBJECT> oid2(
6259 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.2", /*dont_search_names=*/1));
6260 ASSERT_TRUE(oid2);
6261 bssl::UniquePtr<ASN1_OBJECT> oid3(
6262 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.3", /*dont_search_names=*/1));
6263 ASSERT_TRUE(oid3);
6264
6265 auto set_policies = [](X509_STORE_CTX *ctx,
6266 std::vector<const ASN1_OBJECT *> oids) {
6267 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
6268 for (const ASN1_OBJECT *oid : oids) {
6269 bssl::UniquePtr<ASN1_OBJECT> copy(OBJ_dup(oid));
6270 ASSERT_TRUE(copy);
6271 ASSERT_TRUE(X509_VERIFY_PARAM_add0_policy(param, copy.get()));
6272 copy.release(); // |X509_VERIFY_PARAM_add0_policy| takes ownership on
6273 // success.
6274 }
6275 };
6276
6277 {
6278 bssl::UniquePtr<X509> root(
6279 CertFromPEM(GetTestData("crypto/x509/test/policy_root.pem").c_str()));
6280 ASSERT_TRUE(root);
6281 bssl::UniquePtr<X509> intermediate(CertFromPEM(
6282 GetTestData("crypto/x509/test/policy_intermediate.pem").c_str()));
6283 ASSERT_TRUE(intermediate);
6284 bssl::UniquePtr<X509> leaf(
6285 CertFromPEM(GetTestData("crypto/x509/test/policy_leaf.pem").c_str()));
6286 ASSERT_TRUE(leaf);
6287
6288 std::vector<std::thread> threads;
6289 for (size_t i = 0; i < kNumThreads; i++) {
6290 threads.emplace_back([&] {
6291 EXPECT_EQ(
6292 X509_V_OK,
6293 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
6294 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_STORE_CTX *ctx) {
6295 set_policies(ctx, {oid1.get()});
6296 }));
6297 });
6298 }
6299 for (auto &thread : threads) {
6300 thread.join();
6301 }
6302 }
6303
6304 {
6305 bssl::UniquePtr<X509> root(
6306 CertFromPEM(GetTestData("crypto/x509/test/policy_root.pem").c_str()));
6307 ASSERT_TRUE(root);
6308 bssl::UniquePtr<X509> intermediate(CertFromPEM(
6309 GetTestData("crypto/x509/test/policy_intermediate.pem").c_str()));
6310 ASSERT_TRUE(intermediate);
6311 bssl::UniquePtr<X509> leaf_invalid(CertFromPEM(
6312 GetTestData("crypto/x509/test/policy_leaf_invalid.pem").c_str()));
6313 ASSERT_TRUE(leaf_invalid);
6314
6315
6316 std::vector<std::thread> threads;
6317 for (size_t i = 0; i < kNumThreads; i++) {
6318 threads.emplace_back([&] {
6319 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
6320 Verify(leaf_invalid.get(), {root.get()}, {intermediate.get()},
6321 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
6322 [&](X509_STORE_CTX *ctx) {
6323 set_policies(ctx, {oid1.get()});
6324 }));
6325 });
6326 }
6327 for (auto &thread : threads) {
6328 thread.join();
6329 }
6330 }
6331 }
6332 #endif // OPENSSL_THREADS
6333
TEST(X509Test,ExtensionFromConf)6334 TEST(X509Test, ExtensionFromConf) {
6335 static const char kTestOID[] = "1.2.840.113554.4.1.72585.2";
6336 const struct {
6337 const char *name;
6338 std::string value;
6339 // conf is the serialized confdb, or nullptr if none is to be provided.
6340 const char *conf;
6341 // expected is the resulting extension, encoded in DER, or the empty string
6342 // if an error is expected.
6343 std::vector<uint8_t> expected;
6344 } kTests[] = {
6345 // Many extensions have built-in syntax.
6346 {"basicConstraints",
6347 "critical,CA:true",
6348 nullptr,
6349 {0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
6350 0x30, 0x03, 0x01, 0x01, 0xff}},
6351
6352 {"basicConstraints",
6353 "critical,CA:true,pathlen:1",
6354 nullptr,
6355 {0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
6356 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01}},
6357
6358 // key:value tuples can be repeated and just override the previous value.
6359 {"basicConstraints",
6360 "critical,CA:true,pathlen:100,pathlen:1",
6361 nullptr,
6362 {0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
6363 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01}},
6364
6365 // Extension contents may be referenced from a config section.
6366 {"basicConstraints",
6367 "critical,@section",
6368 "[section]\nCA = true\n",
6369 {0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
6370 0x30, 0x03, 0x01, 0x01, 0xff}},
6371
6372 // If no config is provided, this should fail.
6373 {"basicConstraints", "critical,@section", nullptr, {}},
6374
6375 // issuingDistributionPoint takes a list of name:value pairs. Omitting the
6376 // value is not allowed.
6377 {"issuingDistributionPoint", "fullname", nullptr, {}},
6378
6379 {"issuingDistributionPoint",
6380 "relativename:name",
6381 "[name]\nCN=Hello\n",
6382 {0x30, 0x1b, 0x06, 0x03, 0x55, 0x1d, 0x1c, 0x04, 0x14, 0x30,
6383 0x12, 0xa0, 0x10, 0xa1, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55,
6384 0x04, 0x03, 0x0c, 0x05, 0x48, 0x65, 0x6c, 0x6c, 0x6f}},
6385
6386 // relativename referencing a section which doesn't exist.
6387 {"issuingDistributionPoint",
6388 "relativename:wrong_section_name",
6389 "[name]\nCN=Hello\n",
6390 {}},
6391
6392 // relativename must be a single RDN. By default, the section-based name
6393 // syntax puts each attribute into its own RDN.
6394 {"issuingDistributionPoint",
6395 "relativename:name",
6396 "[name]\nCN=Hello\nC=US\n",
6397 {}},
6398
6399 // A single RDN with multiple attributes is allowed.
6400 {"issuingDistributionPoint",
6401 "relativename:name",
6402 "[name]\nCN=Hello\n+C=US\n",
6403 {0x30, 0x26, 0x06, 0x03, 0x55, 0x1d, 0x1c, 0x04, 0x1f, 0x30,
6404 0x1d, 0xa0, 0x1b, 0xa1, 0x19, 0x30, 0x09, 0x06, 0x03, 0x55,
6405 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x30, 0x0c, 0x06, 0x03,
6406 0x55, 0x04, 0x03, 0x0c, 0x05, 0x48, 0x65, 0x6c, 0x6c, 0x6f}},
6407
6408 // Duplicate reason keys are an error. Reaching this case is interesting.
6409 // The value can a string like "key:value,key:value", or it can be
6410 // "@section" and reference a config section. If using a string, duplicate
6411 // keys are possible, but then it is impossible to put commas in the
6412 // value, as onlysomereasons expects. If using a section reference, it is
6413 // impossible to have a duplicate key because the config file parser
6414 // overrides the old value.
6415 {"issuingDistributionPoint",
6416 "onlysomereasons:keyCompromise",
6417 nullptr,
6418 {0x30, 0x0d, 0x06, 0x03, 0x55, 0x1d, 0x1c, 0x04, 0x06, 0x30, 0x04, 0x83,
6419 0x02, 0x06, 0x40}},
6420 {"issuingDistributionPoint",
6421 "onlysomereasons:keyCompromise,onlysomereasons:CACompromise\n",
6422 nullptr,
6423 {}},
6424
6425 // subjectAltName has a series of string-based inputs for each name type.
6426 {"subjectAltName",
6427 "email:[email protected], URI:https://example.com, DNS:example.com, "
6428 "RID:1.2.3.4, IP:127.0.0.1, IP:::1, dirName:section, "
6429 "otherName:1.2.3.4;BOOLEAN:TRUE",
6430 "[section]\nCN=Test\n",
6431 {0x30, 0x78, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x71, 0x30, 0x6f, 0x81,
6432 0x0f, 0x66, 0x6f, 0x6f, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
6433 0x2e, 0x63, 0x6f, 0x6d, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a,
6434 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
6435 0x6d, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63,
6436 0x6f, 0x6d, 0x88, 0x03, 0x2a, 0x03, 0x04, 0x87, 0x04, 0x7f, 0x00, 0x00,
6437 0x01, 0x87, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6438 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xa4, 0x11, 0x30, 0x0f, 0x31,
6439 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x04, 0x54, 0x65,
6440 0x73, 0x74, 0xa0, 0x0a, 0x06, 0x03, 0x2a, 0x03, 0x04, 0xa0, 0x03, 0x01,
6441 0x01, 0xff}},
6442
6443 // Syntax errors in each case, where they exist. (The string types just
6444 // copy the string in as-is.)
6445 {"subjectAltName", "RID:not_an_oid", nullptr, {}},
6446 {"subjectAltName", "IP:not_an_ip", nullptr, {}},
6447 {"subjectAltName", "dirName:no_conf_db", nullptr, {}},
6448 {"subjectAltName", "dirName:missing_section", "[section]\nCN=Test\n", {}},
6449 {"subjectAltName", "otherName:missing_semicolon", nullptr, {}},
6450 {"subjectAltName", "otherName:1.2.3.4", nullptr, {}},
6451 {"subjectAltName", "otherName:invalid_oid;BOOLEAN:TRUE", nullptr, {}},
6452 {"subjectAltName", "otherName:1.2.3.4;invalid_value", nullptr, {}},
6453
6454 {"policyMappings",
6455 "1.1.1.1:2.2.2.2",
6456 nullptr,
6457 {0x30, 0x15, 0x06, 0x03, 0x55, 0x1d, 0x21, 0x04, 0x0e, 0x30, 0x0c, 0x30,
6458 0x0a, 0x06, 0x03, 0x29, 0x01, 0x01, 0x06, 0x03, 0x52, 0x02, 0x02}},
6459 {"policyMappings", "invalid_oid:2.2.2.2", nullptr, {}},
6460 {"policyMappings", "1.1.1.1:invalid_oid", nullptr, {}},
6461
6462 // The "DER:" prefix just specifies an arbitrary byte string. Colons
6463 // separators are ignored.
6464 {kTestOID, "DER:0001020304", nullptr, {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86,
6465 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6466 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05,
6467 0x00, 0x01, 0x02, 0x03, 0x04}},
6468 {kTestOID,
6469 "DER:00:01:02:03:04",
6470 nullptr,
6471 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6472 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x00, 0x01, 0x02, 0x03, 0x04}},
6473 {kTestOID, "DER:invalid hex", nullptr, {}},
6474
6475 // The "ASN1:" prefix implements a complex language for describing ASN.1
6476 // structures. See
6477 // https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html
6478 {kTestOID, "ASN1:invalid", nullptr, {}},
6479 {kTestOID,
6480 "ASN1:BOOLEAN:TRUE",
6481 nullptr,
6482 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6483 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x01, 0x01, 0xff}},
6484 {kTestOID, "ASN1:BOOL:yes", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
6485 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6486 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
6487 0x01, 0x01, 0xff}},
6488 {kTestOID,
6489 "ASN1:BOOLEAN:NO",
6490 nullptr,
6491 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6492 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x01, 0x01, 0x00}},
6493 {kTestOID,
6494 "ASN1:BOOLEAN", // Missing value
6495 nullptr,
6496 {}},
6497 {kTestOID, "ASN1:BOOLEAN:invalid", nullptr, {}},
6498 {kTestOID, "ASN1:BOOLEAN:TRUE,invalid", nullptr, {}},
6499
6500 {kTestOID, "ASN1:NULL", nullptr, {0x30, 0x12, 0x06, 0x0c, 0x2a,
6501 0x86, 0x48, 0x86, 0xf7, 0x12,
6502 0x04, 0x01, 0x84, 0xb7, 0x09,
6503 0x02, 0x04, 0x02, 0x05, 0x00}},
6504 {kTestOID, "ASN1:NULL,invalid", nullptr, {}},
6505 {kTestOID, "ASN1:NULL:invalid", nullptr, {}},
6506
6507 // Missing value.
6508 {kTestOID, "ASN1:INTEGER", nullptr, {}},
6509 {kTestOID, "ASN1:INTEGER:", nullptr, {}},
6510 {kTestOID, "ASN1:INTEGER,invalid", nullptr, {}},
6511
6512 // INTEGER may be decimal or hexadecimal.
6513 {kTestOID, "ASN1:INT:-0x10", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
6514 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6515 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
6516 0x02, 0x01, 0xf0}},
6517 {kTestOID, "ASN1:INT:-10", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
6518 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6519 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
6520 0x02, 0x01, 0xf6}},
6521 {kTestOID, "ASN1:INT:0", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
6522 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6523 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
6524 0x02, 0x01, 0x00}},
6525 {kTestOID,
6526 "ASN1:INTEGER:10",
6527 nullptr,
6528 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6529 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x02, 0x01, 0x0a}},
6530 {kTestOID,
6531 "ASN1:INTEGER:0x10",
6532 nullptr,
6533 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6534 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x02, 0x01, 0x10}},
6535
6536 {kTestOID, "ASN1:ENUM:0", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
6537 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6538 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
6539 0x0a, 0x01, 0x00}},
6540 {kTestOID,
6541 "ASN1:ENUMERATED:0",
6542 nullptr,
6543 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6544 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x0a, 0x01, 0x00}},
6545
6546 // OIDs may be spelled out or specified by name.
6547 {kTestOID, "ASN1:OBJECT:invalid", nullptr, {}},
6548 {kTestOID,
6549 "ASN1:OBJECT:basicConstraints",
6550 nullptr,
6551 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6552 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x06, 0x03, 0x55, 0x1d, 0x13}},
6553 {kTestOID,
6554 "ASN1:OBJECT:2.5.29.19",
6555 nullptr,
6556 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6557 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x06, 0x03, 0x55, 0x1d, 0x13}},
6558 {kTestOID,
6559 "ASN1:OID:2.5.29.19",
6560 nullptr,
6561 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6562 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x06, 0x03, 0x55, 0x1d, 0x13}},
6563
6564 {kTestOID, "ASN1:UTC:invalid", nullptr, {}},
6565 {kTestOID, "ASN1:UTC:20001231235959Z", nullptr, {}},
6566 {kTestOID, "ASN1:UTCTIME:invalid", nullptr, {}},
6567 {kTestOID,
6568 "ASN1:UTC:001231235959Z",
6569 nullptr,
6570 {0x30, 0x1f, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6571 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0f, 0x17, 0x0d, 0x30, 0x30,
6572 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a}},
6573 {kTestOID,
6574 "ASN1:UTCTIME:001231235959Z",
6575 nullptr,
6576 {0x30, 0x1f, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6577 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0f, 0x17, 0x0d, 0x30, 0x30,
6578 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a}},
6579
6580 {kTestOID, "ASN1:GENTIME:invalid", nullptr, {}},
6581 {kTestOID, "ASN1:GENTIME:001231235959Z", nullptr, {}},
6582 {kTestOID, "ASN1:GENERALIZEDTIME:invalid", nullptr, {}},
6583 {kTestOID,
6584 "ASN1:GENTIME:20001231235959Z",
6585 nullptr,
6586 {0x30, 0x21, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6587 0x84, 0xb7, 0x09, 0x02, 0x04, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x30, 0x30,
6588 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a}},
6589 {kTestOID,
6590 "ASN1:GENERALIZEDTIME:20001231235959Z",
6591 nullptr,
6592 {0x30, 0x21, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6593 0x84, 0xb7, 0x09, 0x02, 0x04, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x30, 0x30,
6594 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a}},
6595
6596 // The default input format for string types is ASCII, which is then
6597 // converted into the target string type.
6598 {kTestOID, "ASN1:UTF8:hello", nullptr, {0x30, 0x17, 0x06, 0x0c, 0x2a,
6599 0x86, 0x48, 0x86, 0xf7, 0x12,
6600 0x04, 0x01, 0x84, 0xb7, 0x09,
6601 0x02, 0x04, 0x07, 0x0c, 0x05,
6602 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6603 {kTestOID,
6604 "ASN1:UTF8String:hello",
6605 nullptr,
6606 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6607 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6608 0x0c, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6609 {kTestOID,
6610 "ASN1:UNIV:hello",
6611 nullptr,
6612 {0x30, 0x26, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6613 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x16, 0x1c, 0x14,
6614 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x65, 0x00, 0x00,
6615 0x00, 0x6c, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x6f}},
6616 {kTestOID,
6617 "ASN1:UNIVERSALSTRING:hello",
6618 nullptr,
6619 {0x30, 0x26, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6620 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x16, 0x1c, 0x14,
6621 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x65, 0x00, 0x00,
6622 0x00, 0x6c, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x6f}},
6623 {kTestOID,
6624 "ASN1:BMP:hello",
6625 nullptr,
6626 {0x30, 0x1c, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6627 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0c, 0x1e, 0x0a,
6628 0x00, 0x68, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x6f}},
6629 {kTestOID,
6630 "ASN1:BMPSTRING:hello",
6631 nullptr,
6632 {0x30, 0x1c, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6633 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0c, 0x1e, 0x0a,
6634 0x00, 0x68, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x6f}},
6635 {kTestOID, "ASN1:IA5:hello", nullptr, {0x30, 0x17, 0x06, 0x0c, 0x2a,
6636 0x86, 0x48, 0x86, 0xf7, 0x12,
6637 0x04, 0x01, 0x84, 0xb7, 0x09,
6638 0x02, 0x04, 0x07, 0x16, 0x05,
6639 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6640 {kTestOID,
6641 "ASN1:IA5STRING:hello",
6642 nullptr,
6643 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6644 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6645 0x16, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6646 {kTestOID,
6647 "ASN1:PRINTABLE:hello",
6648 nullptr,
6649 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6650 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6651 0x13, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6652 {kTestOID,
6653 "ASN1:PRINTABLESTRING:hello",
6654 nullptr,
6655 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6656 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6657 0x13, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6658 {kTestOID, "ASN1:T61:hello", nullptr, {0x30, 0x17, 0x06, 0x0c, 0x2a,
6659 0x86, 0x48, 0x86, 0xf7, 0x12,
6660 0x04, 0x01, 0x84, 0xb7, 0x09,
6661 0x02, 0x04, 0x07, 0x14, 0x05,
6662 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6663 {kTestOID,
6664 "ASN1:T61STRING:hello",
6665 nullptr,
6666 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6667 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6668 0x14, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6669 {kTestOID,
6670 "ASN1:TELETEXSTRING:hello",
6671 nullptr,
6672 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6673 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6674 0x14, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6675
6676 // FORMAT:UTF8 switches the input format to UTF-8. This should be
6677 // converted to the destination string, or rejected if invalid.
6678 {kTestOID,
6679 "ASN1:FORMAT:UTF8,UTF8:\xe2\x98\x83",
6680 nullptr,
6681 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6682 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x0c, 0x03, 0xe2, 0x98, 0x83}},
6683 {kTestOID,
6684 "ASN1:FORMAT:UTF8,UNIV:\xe2\x98\x83",
6685 nullptr,
6686 {0x30, 0x16, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86,
6687 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02,
6688 0x04, 0x06, 0x1c, 0x04, 0x00, 0x00, 0x26, 0x03}},
6689 {kTestOID,
6690 "ASN1:FORMAT:UTF8,BMP:\xe2\x98\x83",
6691 nullptr,
6692 {0x30, 0x14, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6693 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x04, 0x1e, 0x02, 0x26, 0x03}},
6694 {kTestOID, "ASN1:FORMAT:UTF8,IA5:\xe2\x98\x83", nullptr, {}},
6695 {kTestOID,
6696 "ASN1:FORMAT:UTF8,IA5:hello",
6697 nullptr,
6698 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6699 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6700 0x16, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6701 {kTestOID, "ASN1:FORMAT:UTF8,PRINTABLE:\xe2\x98\x83", nullptr, {}},
6702 {kTestOID,
6703 "ASN1:FORMAT:UTF8,PRINTABLE:hello",
6704 nullptr,
6705 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6706 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6707 0x13, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6708 {kTestOID, "ASN1:FORMAT:UTF8,T61:\xe2\x98\x83", nullptr, {}},
6709 {kTestOID,
6710 "ASN1:FORMAT:UTF8,T61:\xc3\xb7",
6711 nullptr,
6712 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6713 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x14, 0x01, 0xf7}},
6714
6715 // Invalid UTF-8.
6716 {kTestOID, "ASN1:FORMAT:UTF8,UTF8:\xff", nullptr, {}},
6717
6718 // We don't support these string types.
6719 {kTestOID, "ASN1:NUMERIC:0", nullptr, {}},
6720 {kTestOID, "ASN1:NUMERICSTRING:0", nullptr, {}},
6721 {kTestOID, "ASN1:VISIBLE:hello", nullptr, {}},
6722 {kTestOID, "ASN1:VISIBLESTRING:hello", nullptr, {}},
6723 {kTestOID, "ASN1:GeneralString:hello", nullptr, {}},
6724
6725 // OCTET STRING and BIT STRING also default to ASCII, but also accept HEX.
6726 // BIT STRING interprets OCTET STRING formats by having zero unused bits.
6727 {kTestOID, "ASN1:OCT:hello", nullptr, {0x30, 0x17, 0x06, 0x0c, 0x2a,
6728 0x86, 0x48, 0x86, 0xf7, 0x12,
6729 0x04, 0x01, 0x84, 0xb7, 0x09,
6730 0x02, 0x04, 0x07, 0x04, 0x05,
6731 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6732 {kTestOID,
6733 "ASN1:OCTETSTRING:hello",
6734 nullptr,
6735 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6736 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6737 0x04, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6738 {kTestOID,
6739 "ASN1:FORMAT:HEX,OCT:0123abcd",
6740 nullptr,
6741 {0x30, 0x16, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86,
6742 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02,
6743 0x04, 0x06, 0x04, 0x04, 0x01, 0x23, 0xab, 0xcd}},
6744 {kTestOID,
6745 "ASN1:BITSTR:hello",
6746 nullptr,
6747 {0x30, 0x18, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6748 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x08,
6749 0x03, 0x06, 0x00, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6750 {kTestOID,
6751 "ASN1:BITSTRING:hello",
6752 nullptr,
6753 {0x30, 0x18, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6754 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x08,
6755 0x03, 0x06, 0x00, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6756 {kTestOID,
6757 "ASN1:FORMAT:HEX,BITSTR:0123abcd",
6758 nullptr,
6759 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6760 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6761 0x03, 0x05, 0x00, 0x01, 0x23, 0xab, 0xcd}},
6762
6763 {kTestOID, "ASN1:FORMAT:HEX,OCT:invalid hex", nullptr, {}},
6764
6765 // BIT STRING additionally supports a BITLIST type, which specifies a
6766 // list of bits to set.
6767 {kTestOID,
6768 "ASN1:FORMAT:BITLIST,BITSTR:1,5",
6769 nullptr,
6770 {0x30, 0x14, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6771 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x04, 0x03, 0x02, 0x02, 0x44}},
6772
6773 {kTestOID, "ASN1:FORMAT:BITLIST,BITSTR:1,invalid,5", nullptr, {}},
6774 // Negative bit inidices are not allowed.
6775 {kTestOID, "ASN1:FORMAT:BITLIST,BITSTR:-1", nullptr, {}},
6776 // We cap bit indices at 256.
6777 {kTestOID, "ASN1:FORMAT:BITLIST,BITSTR:257", nullptr, {}},
6778 {kTestOID,
6779 "ASN1:FORMAT:BITLIST,BITSTR:256",
6780 nullptr,
6781 {0x30, 0x34, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6782 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x24, 0x03, 0x22, 0x07, 0x00,
6783 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6784 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6785 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}},
6786
6787 // Unsupported formats for string types.
6788 {kTestOID, "ASN1:FORMAT:BITLIST,IA5:abcd", nullptr, {}},
6789 {kTestOID, "ASN1:FORMAT:BITLIST,UTF8:abcd", nullptr, {}},
6790 {kTestOID, "ASN1:FORMAT:BITLIST,OCT:abcd", nullptr, {}},
6791 {kTestOID, "ASN1:FORMAT:BITLIST,UTC:abcd", nullptr, {}},
6792 {kTestOID, "ASN1:FORMAT:HEX,IA5:abcd", nullptr, {}},
6793 {kTestOID, "ASN1:FORMAT:HEX,UTF8:abcd", nullptr, {}},
6794 {kTestOID, "ASN1:FORMAT:HEX,UTC:abcd", nullptr, {}},
6795 {kTestOID, "ASN1:FORMAT:UTF8,OCT:abcd", nullptr, {}},
6796 {kTestOID, "ASN1:FORMAT:UTF8,UTC:abcd", nullptr, {}},
6797
6798 // Invalid format type.
6799 {kTestOID, "ASN1:FORMAT:invalid,IA5:abcd", nullptr, {}},
6800
6801 // SEQUENCE and SET encode empty values when there is no value.
6802 {kTestOID, "ASN1:SEQ", nullptr, {0x30, 0x12, 0x06, 0x0c, 0x2a, 0x86, 0x48,
6803 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
6804 0x09, 0x02, 0x04, 0x02, 0x30, 0x00}},
6805 {kTestOID, "ASN1:SET", nullptr, {0x30, 0x12, 0x06, 0x0c, 0x2a, 0x86, 0x48,
6806 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
6807 0x09, 0x02, 0x04, 0x02, 0x31, 0x00}},
6808 {kTestOID, "ASN1:SEQUENCE", nullptr, {0x30, 0x12, 0x06, 0x0c, 0x2a,
6809 0x86, 0x48, 0x86, 0xf7, 0x12,
6810 0x04, 0x01, 0x84, 0xb7, 0x09,
6811 0x02, 0x04, 0x02, 0x30, 0x00}},
6812
6813 // Otherwise, they require a corresponding section in the config database
6814 // to encode values. This can be nested recursively.
6815 {kTestOID, "ASN1:SEQ:missing_confdb", nullptr, {}},
6816 {kTestOID, "ASN1:SET:missing_confdb", nullptr, {}},
6817 {kTestOID,
6818 "ASN1:SEQ:seq",
6819 R"(
6820 [seq]
6821 val1 = NULL
6822 val2 = IA5:a
6823 val3 = SET:set
6824 [set]
6825 # Config names do not matter, only the order.
6826 val4 = INT:1
6827 val3 = INT:2
6828 val2 = SEQ:empty
6829 val1 = INT:3
6830 [empty]
6831 )",
6832 {0x30, 0x24, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6833 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x14, 0x30, 0x12,
6834 0x05, 0x00, 0x16, 0x01, 0x61, 0x31, 0x0b, 0x02, 0x01, 0x01,
6835 0x02, 0x01, 0x02, 0x02, 0x01, 0x03, 0x30, 0x00}},
6836
6837 // There is a recursion limit to stop infinite recursion.
6838 {kTestOID,
6839 "ASN1:SEQ:seq1",
6840 R"(
6841 [seq1]
6842 val = SEQ:seq2
6843 [seq2]
6844 val = SEQ:seq1
6845 )",
6846 {}},
6847
6848 // Various modifiers wrap with explicit tagging or universal types.
6849 {kTestOID,
6850 "ASN1:EXP:0,EXP:16U,EXP:100A,EXP:1000C,OCTWRAP,SEQWRAP,SETWRAP,BITWRAP,"
6851 "NULL",
6852 nullptr,
6853 {0x30, 0x26, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6854 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x16, 0xa0, 0x14,
6855 0x30, 0x12, 0x7f, 0x64, 0x0f, 0xbf, 0x87, 0x68, 0x0b, 0x04,
6856 0x09, 0x30, 0x07, 0x31, 0x05, 0x03, 0x03, 0x00, 0x05, 0x00}},
6857
6858 // Invalid tag numbers.
6859 {kTestOID, "ASN1:EXP:-1,NULL", nullptr, {}},
6860 {kTestOID, "ASN1:EXP:1?,NULL", nullptr, {}},
6861 // Fits in |uint32_t| but exceeds |CBS_ASN1_TAG_NUMBER_MASK|, the largest
6862 // tag number we support.
6863 {kTestOID, "ASN1:EXP:536870912,NULL", nullptr, {}},
6864
6865 // Implicit tagging may also be applied to the underlying type, or the
6866 // wrapping modifiers.
6867 {kTestOID,
6868 "ASN1:IMP:1A,OCTWRAP,IMP:10,SEQWRAP,IMP:100,SETWRAP,IMP:1000,BITWRAP,"
6869 "IMP:10000,NULL",
6870 nullptr,
6871 {0x30, 0x20, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6872 0x84, 0xb7, 0x09, 0x02, 0x04, 0x10, 0x41, 0x0e, 0xaa, 0x0c, 0xbf, 0x64,
6873 0x09, 0x9f, 0x87, 0x68, 0x05, 0x00, 0x9f, 0xce, 0x10, 0x00}},
6874
6875 // Implicit tagging may not be applied to explicit tagging or itself.
6876 // There's no rule against this in ASN.1, but OpenSSL does not allow it
6877 // here.
6878 {kTestOID, "ASN1:IMP:1,EXP:1,NULL", nullptr, {}},
6879 {kTestOID, "ASN1:IMP:1,IMP:1,NULL", nullptr, {}},
6880
6881 // [UNIVERSAL 0] is reserved.
6882 {kTestOID, "ASN1:0U,NULL", nullptr, {}},
6883
6884 // Leading and trailing spaces on name:value pairs are removed. However,
6885 // while these pairs are delimited by commas, a type will consumes
6886 // everything after it, including commas, and spaces. So this is the
6887 // string " a, b ".
6888 {kTestOID,
6889 "ASN1: EXP:0 , IA5: a, b ",
6890 nullptr,
6891 {0x30, 0x1a, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6892 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0a, 0xa0, 0x08,
6893 0x16, 0x06, 0x20, 0x61, 0x2c, 0x20, 0x62, 0x20}},
6894
6895 // Modifiers without a final type.
6896 {kTestOID, "ASN1:EXP:1", nullptr, {}},
6897
6898 // Put it all together to describe a test Ed25519 key (wrapped inside an
6899 // X.509 extension).
6900 {kTestOID,
6901 "ASN1:SEQUENCE:pkcs8",
6902 R"(
6903 [pkcs8]
6904 vers = INT:0
6905 alg = SEQWRAP,OID:1.3.101.112
6906 key = FORMAT:HEX,OCTWRAP,OCT:9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60
6907 )",
6908 {0x30, 0x40, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6909 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x30, 0x30, 0x2e, 0x02, 0x01,
6910 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04,
6911 0x20, 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
6912 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69, 0x7b,
6913 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae, 0x7f, 0x60}},
6914
6915 // Sections can be referenced multiple times.
6916 {kTestOID,
6917 "ASN1:SEQUENCE:seq1",
6918 R"(
6919 [seq1]
6920 val1 = SEQUENCE:seq2
6921 val2 = SEQUENCE:seq2
6922 [seq2]
6923 val1 = INT:1
6924 val2 = INT:2
6925 )",
6926 {0x30, 0x22, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6927 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x12,
6928 0x30, 0x10, 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01,
6929 0x02, 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x02}},
6930
6931 // But we cap this before it blows up exponentially.
6932 {kTestOID,
6933 "ASN1:SEQ:seq1",
6934 R"(
6935 [seq1]
6936 val1 = SEQ:seq2
6937 val2 = SEQ:seq2
6938 [seq2]
6939 val1 = SEQ:seq3
6940 val2 = SEQ:seq3
6941 [seq3]
6942 val1 = SEQ:seq4
6943 val2 = SEQ:seq4
6944 [seq4]
6945 val1 = SEQ:seq5
6946 val2 = SEQ:seq5
6947 [seq5]
6948 val1 = SEQ:seq6
6949 val2 = SEQ:seq6
6950 [seq6]
6951 val1 = SEQ:seq7
6952 val2 = SEQ:seq7
6953 [seq7]
6954 val1 = SEQ:seq8
6955 val2 = SEQ:seq8
6956 [seq8]
6957 val1 = SEQ:seq9
6958 val2 = SEQ:seq9
6959 [seq9]
6960 val1 = SEQ:seq10
6961 val2 = SEQ:seq10
6962 [seq10]
6963 val1 = SEQ:seq11
6964 val2 = SEQ:seq11
6965 [seq11]
6966 val1 = SEQ:seq12
6967 val2 = SEQ:seq12
6968 [seq12]
6969 val1 = IA5:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
6970 val2 = IA5:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
6971 )",
6972 {}},
6973
6974 // Integer sizes are capped to mitigate quadratic behavior.
6975 {kTestOID, "ASN1:INT:" + std::string(16384, '9'), nullptr, {}},
6976 };
6977 for (const auto &t : kTests) {
6978 SCOPED_TRACE(t.name);
6979 SCOPED_TRACE(t.value);
6980 SCOPED_TRACE(t.conf);
6981
6982 bssl::UniquePtr<CONF> conf;
6983 if (t.conf != nullptr) {
6984 conf.reset(NCONF_new(nullptr));
6985 ASSERT_TRUE(conf);
6986 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(t.conf, strlen(t.conf)));
6987 ASSERT_TRUE(bio);
6988 long error_line;
6989 ASSERT_TRUE(NCONF_load_bio(conf.get(), bio.get(), &error_line))
6990 << "Failed to load config at line " << error_line;
6991 }
6992
6993 bssl::UniquePtr<X509_EXTENSION> ext(
6994 X509V3_EXT_nconf(conf.get(), nullptr, t.name, t.value.c_str()));
6995 if (t.expected.empty()) {
6996 EXPECT_FALSE(ext);
6997 } else {
6998 ASSERT_TRUE(ext);
6999 uint8_t *der = nullptr;
7000 int len = i2d_X509_EXTENSION(ext.get(), &der);
7001 ASSERT_GE(len, 0);
7002 bssl::UniquePtr<uint8_t> free_der(der);
7003 EXPECT_EQ(Bytes(t.expected), Bytes(der, len));
7004 }
7005
7006 // Repeat the test with an explicit |X509V3_CTX|.
7007 X509V3_CTX ctx;
7008 X509V3_set_ctx(&ctx, nullptr, nullptr, nullptr, nullptr, 0);
7009 X509V3_set_nconf(&ctx, conf.get());
7010 ext.reset(X509V3_EXT_nconf(conf.get(), &ctx, t.name, t.value.c_str()));
7011 if (t.expected.empty()) {
7012 EXPECT_FALSE(ext);
7013 } else {
7014 ASSERT_TRUE(ext);
7015 uint8_t *der = nullptr;
7016 int len = i2d_X509_EXTENSION(ext.get(), &der);
7017 ASSERT_GE(len, 0);
7018 bssl::UniquePtr<uint8_t> free_der(der);
7019 EXPECT_EQ(Bytes(t.expected), Bytes(der, len));
7020 }
7021 }
7022 }
7023
TEST(X509Test,AddUnserializableExtension)7024 TEST(X509Test, AddUnserializableExtension) {
7025 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
7026 ASSERT_TRUE(key);
7027 bssl::UniquePtr<X509> x509 =
7028 MakeTestCert("Issuer", "Subject", key.get(), /*is_ca=*/true);
7029 ASSERT_TRUE(x509);
7030 bssl::UniquePtr<X509_EXTENSION> ext(X509_EXTENSION_new());
7031 ASSERT_TRUE(X509_EXTENSION_set_object(ext.get(), OBJ_get_undef()));
7032 EXPECT_FALSE(X509_add_ext(x509.get(), ext.get(), /*loc=*/-1));
7033 }
7034
7035 // Test that, when constructing an |X509_NAME|, names are sorted by DER order.
TEST(X509Test,SortRDN)7036 TEST(X509Test, SortRDN) {
7037 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
7038 ASSERT_TRUE(name);
7039
7040 auto append_entry_new_rdn = [&](const char *str) {
7041 return X509_NAME_add_entry_by_NID(name.get(), NID_commonName, MBSTRING_ASC,
7042 reinterpret_cast<const uint8_t *>(str),
7043 strlen(str), /*loc=*/-1, /*set=*/0);
7044 };
7045 auto append_entry_prev_rdn = [&](const char *str) {
7046 return X509_NAME_add_entry_by_NID(name.get(), NID_commonName, MBSTRING_ASC,
7047 reinterpret_cast<const uint8_t *>(str),
7048 strlen(str), /*loc=*/-1, /*set=*/-1);
7049 };
7050
7051 // This is the sort order to expect.
7052 ASSERT_TRUE(append_entry_new_rdn("A"));
7053 ASSERT_TRUE(append_entry_prev_rdn("B"));
7054 ASSERT_TRUE(append_entry_prev_rdn("AA"));
7055 ASSERT_TRUE(append_entry_prev_rdn("AB"));
7056
7057 // The same RDN, with entries added in a different order.
7058 ASSERT_TRUE(append_entry_new_rdn("AB"));
7059 ASSERT_TRUE(append_entry_prev_rdn("AA"));
7060 ASSERT_TRUE(append_entry_prev_rdn("B"));
7061 ASSERT_TRUE(append_entry_prev_rdn("A"));
7062
7063 // The same RDN, with entries added in a different order.
7064 ASSERT_TRUE(append_entry_new_rdn("A"));
7065 ASSERT_TRUE(append_entry_prev_rdn("AA"));
7066 ASSERT_TRUE(append_entry_prev_rdn("B"));
7067 ASSERT_TRUE(append_entry_prev_rdn("AB"));
7068
7069 uint8_t *der = nullptr;
7070 int der_len = i2d_X509_NAME(name.get(), &der);
7071 ASSERT_GT(der_len, 0);
7072 bssl::UniquePtr<uint8_t> free_der(der);
7073
7074 // SEQUENCE {
7075 // SET {
7076 // SEQUENCE {
7077 // # commonName
7078 // OBJECT_IDENTIFIER { 2.5.4.3 }
7079 // UTF8String { "A" }
7080 // }
7081 // SEQUENCE {
7082 // # commonName
7083 // OBJECT_IDENTIFIER { 2.5.4.3 }
7084 // UTF8String { "B" }
7085 // }
7086 // SEQUENCE {
7087 // # commonName
7088 // OBJECT_IDENTIFIER { 2.5.4.3 }
7089 // UTF8String { "AA" }
7090 // }
7091 // SEQUENCE {
7092 // # commonName
7093 // OBJECT_IDENTIFIER { 2.5.4.3 }
7094 // UTF8String { "AB" }
7095 // }
7096 // }
7097 // ...two more copies of the above SET...
7098 // }
7099 static uint8_t kExpected[] = {
7100 0x30, 0x81, 0x84, 0x31, 0x2a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03,
7101 0x0c, 0x01, 0x41, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x01,
7102 0x42, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x41, 0x41,
7103 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x41, 0x42, 0x31,
7104 0x2a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x01, 0x41, 0x30,
7105 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x01, 0x42, 0x30, 0x09, 0x06,
7106 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x41, 0x41, 0x30, 0x09, 0x06, 0x03,
7107 0x55, 0x04, 0x03, 0x0c, 0x02, 0x41, 0x42, 0x31, 0x2a, 0x30, 0x08, 0x06,
7108 0x03, 0x55, 0x04, 0x03, 0x0c, 0x01, 0x41, 0x30, 0x08, 0x06, 0x03, 0x55,
7109 0x04, 0x03, 0x0c, 0x01, 0x42, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03,
7110 0x0c, 0x02, 0x41, 0x41, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
7111 0x02, 0x41, 0x42};
7112 EXPECT_EQ(Bytes(kExpected), Bytes(der, der_len));
7113 }
7114
TEST(X509Test,NameAttributeValues)7115 TEST(X509Test, NameAttributeValues) {
7116 // 1.2.840.113554.4.1.72585.0. We use an unrecognized OID because using an
7117 // arbitrary ASN.1 type as the value for commonName is invalid. Our parser
7118 // does not check this, but best to avoid unrelated errors in tests, in case
7119 // we decide to later.
7120 static const uint8_t kOID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
7121 0x04, 0x01, 0x84, 0xb7, 0x09, 0x00};
7122 static const char kOIDText[] = "1.2.840.113554.4.1.72585.0";
7123
7124 auto encode_single_attribute_name =
7125 [](CBS_ASN1_TAG tag,
7126 const std::string &contents) -> std::vector<uint8_t> {
7127 bssl::ScopedCBB cbb;
7128 CBB seq, rdn, attr, attr_type, attr_value;
7129 if (!CBB_init(cbb.get(), 128) ||
7130 !CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE) ||
7131 !CBB_add_asn1(&seq, &rdn, CBS_ASN1_SET) ||
7132 !CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE) ||
7133 !CBB_add_asn1(&attr, &attr_type, CBS_ASN1_OBJECT) ||
7134 !CBB_add_bytes(&attr_type, kOID, sizeof(kOID)) ||
7135 !CBB_add_asn1(&attr, &attr_value, tag) ||
7136 !CBB_add_bytes(&attr_value,
7137 reinterpret_cast<const uint8_t *>(contents.data()),
7138 contents.size()) ||
7139 !CBB_flush(cbb.get())) {
7140 ADD_FAILURE() << "Could not encode name";
7141 return {};
7142 };
7143 return std::vector<uint8_t>(CBB_data(cbb.get()),
7144 CBB_data(cbb.get()) + CBB_len(cbb.get()));
7145 };
7146
7147 const struct {
7148 CBS_ASN1_TAG der_tag;
7149 std::string der_contents;
7150 int str_type;
7151 std::string str_contents;
7152 } kTests[] = {
7153 // String types are parsed as string types.
7154 {CBS_ASN1_BITSTRING, std::string("\0", 1), V_ASN1_BIT_STRING, ""},
7155 {CBS_ASN1_UTF8STRING, "abc", V_ASN1_UTF8STRING, "abc"},
7156 {CBS_ASN1_NUMERICSTRING, "123", V_ASN1_NUMERICSTRING, "123"},
7157 {CBS_ASN1_PRINTABLESTRING, "abc", V_ASN1_PRINTABLESTRING, "abc"},
7158 {CBS_ASN1_T61STRING, "abc", V_ASN1_T61STRING, "abc"},
7159 {CBS_ASN1_IA5STRING, "abc", V_ASN1_IA5STRING, "abc"},
7160 {CBS_ASN1_UNIVERSALSTRING, std::string("\0\0\0a", 4),
7161 V_ASN1_UNIVERSALSTRING, std::string("\0\0\0a", 4)},
7162 {CBS_ASN1_BMPSTRING, std::string("\0a", 2), V_ASN1_BMPSTRING,
7163 std::string("\0a", 2)},
7164
7165 // ENUMERATED is supported but, currently, INTEGER is not.
7166 {CBS_ASN1_ENUMERATED, "\x01", V_ASN1_ENUMERATED, "\x01"},
7167
7168 // Test negative values. These are interesting because, when encoding, the
7169 // ASN.1 type must be determined from the string type, but the string type
7170 // has an extra |V_ASN1_NEG| bit.
7171 {CBS_ASN1_ENUMERATED, "\xff", V_ASN1_NEG_ENUMERATED, "\x01"},
7172
7173 // SEQUENCE is supported but, currently, SET is not. Note the
7174 // |ASN1_STRING| representation will include the tag and length.
7175 {CBS_ASN1_SEQUENCE, "", V_ASN1_SEQUENCE, std::string("\x30\x00", 2)},
7176
7177 // These types are not actually supported by the library but,
7178 // historically, we would parse them, and not other unsupported types, due
7179 // to quirks of |ASN1_tag2bit|.
7180 {7, "", V_ASN1_OBJECT_DESCRIPTOR, ""},
7181 {8, "", V_ASN1_EXTERNAL, ""},
7182 {9, "", V_ASN1_REAL, ""},
7183 {11, "", 11 /* EMBEDDED PDV */, ""},
7184 {13, "", 13 /* RELATIVE-OID */, ""},
7185 {14, "", 14 /* TIME */, ""},
7186 {15, "", 15 /* not a type; reserved value */, ""},
7187 {29, "", 29 /* CHARACTER STRING */, ""},
7188
7189 // TODO(crbug.com/boringssl/412): Attribute values are an ANY DEFINED BY
7190 // type, so we actually shoudl be accepting all ASN.1 types. We currently
7191 // do not and only accept the above types. Extend this test when we fix
7192 // this.
7193 };
7194 for (const auto &t : kTests) {
7195 SCOPED_TRACE(t.der_tag);
7196 SCOPED_TRACE(Bytes(t.der_contents));
7197
7198 // Construct an X.509 name containing a single RDN with a single attribute:
7199 // kOID with the specified value.
7200 auto encoded = encode_single_attribute_name(t.der_tag, t.der_contents);
7201 ASSERT_FALSE(encoded.empty());
7202 SCOPED_TRACE(Bytes(encoded));
7203
7204 // The input should parse.
7205 const uint8_t *inp = encoded.data();
7206 bssl::UniquePtr<X509_NAME> name(
7207 d2i_X509_NAME(nullptr, &inp, encoded.size()));
7208 ASSERT_TRUE(name);
7209 EXPECT_EQ(inp, encoded.data() + encoded.size())
7210 << "input was not fully consumed";
7211
7212 // Check there is a single attribute with the expected in-memory
7213 // representation.
7214 ASSERT_EQ(1, X509_NAME_entry_count(name.get()));
7215 const X509_NAME_ENTRY *entry = X509_NAME_get_entry(name.get(), 0);
7216 const ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
7217 EXPECT_EQ(Bytes(OBJ_get0_data(obj), OBJ_length(obj)), Bytes(kOID));
7218 const ASN1_STRING *value = X509_NAME_ENTRY_get_data(entry);
7219 EXPECT_EQ(ASN1_STRING_type(value), t.str_type);
7220 EXPECT_EQ(Bytes(ASN1_STRING_get0_data(value), ASN1_STRING_length(value)),
7221 Bytes(t.str_contents));
7222
7223 // The name should re-encode with the same input.
7224 uint8_t *der = nullptr;
7225 int der_len = i2d_X509_NAME(name.get(), &der);
7226 ASSERT_GE(der_len, 0);
7227 bssl::UniquePtr<uint8_t> free_der(der);
7228 EXPECT_EQ(Bytes(der, der_len), Bytes(encoded));
7229
7230 // X509_NAME internally caches its encoding, which means the check above
7231 // does not fully test re-encoding. Repeat the test by constructing an
7232 // |X509_NAME| from the string representation.
7233 name.reset(X509_NAME_new());
7234 ASSERT_TRUE(name);
7235 ASSERT_TRUE(X509_NAME_add_entry_by_txt(
7236 name.get(), kOIDText, t.str_type,
7237 reinterpret_cast<const uint8_t *>(t.str_contents.data()),
7238 t.str_contents.size(), /*loc=*/-1, /*set=*/0));
7239
7240 // The name should re-encode with the same input.
7241 der = nullptr;
7242 der_len = i2d_X509_NAME(name.get(), &der);
7243 ASSERT_GE(der_len, 0);
7244 free_der.reset(der);
7245 EXPECT_EQ(Bytes(der, der_len), Bytes(encoded));
7246 }
7247
7248 const struct {
7249 CBS_ASN1_TAG der_tag;
7250 std::string der_contents;
7251 } kInvalidTests[] = {
7252 // Errors in supported universal types should be handled.
7253 {CBS_ASN1_NULL, "not null"},
7254 {CBS_ASN1_BOOLEAN, "not bool"},
7255 {CBS_ASN1_OBJECT, ""},
7256 {CBS_ASN1_INTEGER, std::string("\0\0", 2)},
7257 {CBS_ASN1_ENUMERATED, std::string("\0\0", 2)},
7258 {CBS_ASN1_BITSTRING, ""},
7259 {CBS_ASN1_UTF8STRING, "not utf-8 \xff"},
7260 {CBS_ASN1_BMPSTRING, "not utf-16 "},
7261 {CBS_ASN1_UNIVERSALSTRING, "not utf-32"},
7262 {CBS_ASN1_UTCTIME, "not utctime"},
7263 {CBS_ASN1_GENERALIZEDTIME, "not generalizedtime"},
7264 {CBS_ASN1_UTF8STRING | CBS_ASN1_CONSTRUCTED, ""},
7265 {CBS_ASN1_SEQUENCE & ~CBS_ASN1_CONSTRUCTED, ""},
7266
7267 // TODO(crbug.com/boringssl/412): The following inputs should parse, but
7268 // are currently rejected because they cannot be represented in
7269 // |ASN1_PRINTABLE|, either because they don't fit in |ASN1_STRING| or
7270 // simply in the |B_ASN1_PRINTABLE| bitmask.
7271 {CBS_ASN1_NULL, ""},
7272 {CBS_ASN1_BOOLEAN, std::string("\x00", 1)},
7273 {CBS_ASN1_BOOLEAN, "\xff"},
7274 {CBS_ASN1_OBJECT, "\x01\x02\x03\x04"},
7275 {CBS_ASN1_INTEGER, "\x01"},
7276 {CBS_ASN1_INTEGER, "\xff"},
7277 {CBS_ASN1_OCTETSTRING, ""},
7278 {CBS_ASN1_UTCTIME, "700101000000Z"},
7279 {CBS_ASN1_GENERALIZEDTIME, "19700101000000Z"},
7280 {CBS_ASN1_SET, ""},
7281 {CBS_ASN1_APPLICATION | CBS_ASN1_CONSTRUCTED | 42, ""},
7282 {CBS_ASN1_APPLICATION | 42, ""},
7283 };
7284 for (const auto &t : kInvalidTests) {
7285 SCOPED_TRACE(t.der_tag);
7286 SCOPED_TRACE(Bytes(t.der_contents));
7287
7288 // Construct an X.509 name containing a single RDN with a single attribute:
7289 // kOID with the specified value.
7290 auto encoded = encode_single_attribute_name(t.der_tag, t.der_contents);
7291 ASSERT_FALSE(encoded.empty());
7292 SCOPED_TRACE(Bytes(encoded));
7293
7294 // The input should not parse.
7295 const uint8_t *inp = encoded.data();
7296 bssl::UniquePtr<X509_NAME> name(
7297 d2i_X509_NAME(nullptr, &inp, encoded.size()));
7298 EXPECT_FALSE(name);
7299 }
7300 }
7301
TEST(X509Test,GetTextByOBJ)7302 TEST(X509Test, GetTextByOBJ) {
7303 struct OBJTestCase {
7304 const char *content;
7305 int content_type;
7306 int len;
7307 int expected_result;
7308 const char *expected_string;
7309 } kTests[] = {
7310 {"", V_ASN1_UTF8STRING, 0, 0, ""},
7311 {"derp", V_ASN1_UTF8STRING, 4, 4, "derp"},
7312 {"\x30\x00", // Empty sequence can not be converted to UTF-8
7313 V_ASN1_SEQUENCE, 2, -1, ""},
7314 {
7315 "der\0p",
7316 V_ASN1_TELETEXSTRING,
7317 5,
7318 -1,
7319 "",
7320 },
7321 {
7322 "0123456789ABCDEF",
7323 V_ASN1_IA5STRING,
7324 16,
7325 16,
7326 "0123456789ABCDEF",
7327 },
7328 {
7329 "\x07\xff",
7330 V_ASN1_BMPSTRING,
7331 2,
7332 2,
7333 "\xdf\xbf",
7334 },
7335 {
7336 "\x00\xc3\x00\xaf",
7337 V_ASN1_BMPSTRING,
7338 4,
7339 4,
7340 "\xc3\x83\xc2\xaf",
7341 },
7342 };
7343 for (const auto &test : kTests) {
7344 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
7345 ASSERT_TRUE(name);
7346 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
7347 name.get(), NID_commonName, test.content_type,
7348 reinterpret_cast<const uint8_t *>(test.content), test.len, /*loc=*/-1,
7349 /*set=*/0));
7350 char text[256] = {};
7351 EXPECT_EQ(test.expected_result,
7352 X509_NAME_get_text_by_NID(name.get(), NID_commonName, text,
7353 sizeof(text)));
7354 EXPECT_STREQ(text, test.expected_string);
7355 if (test.expected_result > 0) {
7356 // Test truncation. The function writes a trailing NUL byte so the
7357 // buffer needs to be one bigger than the expected result.
7358 char small[2] = "a";
7359 EXPECT_EQ(
7360 -1, X509_NAME_get_text_by_NID(name.get(), NID_commonName, small, 1));
7361 // The buffer should be unmodified by truncation failure.
7362 EXPECT_STREQ(small, "a");
7363 }
7364 }
7365 }
7366
TEST(X509Test,ParamInheritance)7367 TEST(X509Test, ParamInheritance) {
7368 // |X509_VERIFY_PARAM_inherit| with both unset.
7369 {
7370 bssl::UniquePtr<X509_VERIFY_PARAM> dest(X509_VERIFY_PARAM_new());
7371 ASSERT_TRUE(dest);
7372 bssl::UniquePtr<X509_VERIFY_PARAM> src(X509_VERIFY_PARAM_new());
7373 ASSERT_TRUE(src);
7374 ASSERT_TRUE(X509_VERIFY_PARAM_inherit(dest.get(), src.get()));
7375 EXPECT_EQ(X509_VERIFY_PARAM_get_depth(dest.get()), -1);
7376 }
7377
7378 // |X509_VERIFY_PARAM_inherit| with source set.
7379 {
7380 bssl::UniquePtr<X509_VERIFY_PARAM> dest(X509_VERIFY_PARAM_new());
7381 ASSERT_TRUE(dest);
7382 bssl::UniquePtr<X509_VERIFY_PARAM> src(X509_VERIFY_PARAM_new());
7383 ASSERT_TRUE(src);
7384 X509_VERIFY_PARAM_set_depth(src.get(), 5);
7385 ASSERT_TRUE(X509_VERIFY_PARAM_inherit(dest.get(), src.get()));
7386 EXPECT_EQ(X509_VERIFY_PARAM_get_depth(dest.get()), 5);
7387 }
7388
7389 // |X509_VERIFY_PARAM_inherit| with destination set.
7390 {
7391 bssl::UniquePtr<X509_VERIFY_PARAM> dest(X509_VERIFY_PARAM_new());
7392 ASSERT_TRUE(dest);
7393 bssl::UniquePtr<X509_VERIFY_PARAM> src(X509_VERIFY_PARAM_new());
7394 ASSERT_TRUE(src);
7395 X509_VERIFY_PARAM_set_depth(dest.get(), 5);
7396 ASSERT_TRUE(X509_VERIFY_PARAM_inherit(dest.get(), src.get()));
7397 EXPECT_EQ(X509_VERIFY_PARAM_get_depth(dest.get()), 5);
7398 }
7399
7400 // |X509_VERIFY_PARAM_inherit| with both set.
7401 {
7402 bssl::UniquePtr<X509_VERIFY_PARAM> dest(X509_VERIFY_PARAM_new());
7403 ASSERT_TRUE(dest);
7404 bssl::UniquePtr<X509_VERIFY_PARAM> src(X509_VERIFY_PARAM_new());
7405 ASSERT_TRUE(src);
7406 X509_VERIFY_PARAM_set_depth(dest.get(), 5);
7407 X509_VERIFY_PARAM_set_depth(src.get(), 10);
7408 ASSERT_TRUE(X509_VERIFY_PARAM_inherit(dest.get(), src.get()));
7409 // The existing value is used.
7410 EXPECT_EQ(X509_VERIFY_PARAM_get_depth(dest.get()), 5);
7411 }
7412
7413 // |X509_VERIFY_PARAM_set1| with both unset.
7414 {
7415 bssl::UniquePtr<X509_VERIFY_PARAM> dest(X509_VERIFY_PARAM_new());
7416 ASSERT_TRUE(dest);
7417 bssl::UniquePtr<X509_VERIFY_PARAM> src(X509_VERIFY_PARAM_new());
7418 ASSERT_TRUE(src);
7419 ASSERT_TRUE(X509_VERIFY_PARAM_set1(dest.get(), src.get()));
7420 EXPECT_EQ(X509_VERIFY_PARAM_get_depth(dest.get()), -1);
7421 }
7422
7423 // |X509_VERIFY_PARAM_set1| with source set.
7424 {
7425 bssl::UniquePtr<X509_VERIFY_PARAM> dest(X509_VERIFY_PARAM_new());
7426 ASSERT_TRUE(dest);
7427 bssl::UniquePtr<X509_VERIFY_PARAM> src(X509_VERIFY_PARAM_new());
7428 ASSERT_TRUE(src);
7429 X509_VERIFY_PARAM_set_depth(src.get(), 5);
7430 ASSERT_TRUE(X509_VERIFY_PARAM_set1(dest.get(), src.get()));
7431 EXPECT_EQ(X509_VERIFY_PARAM_get_depth(dest.get()), 5);
7432 }
7433
7434 // |X509_VERIFY_PARAM_set1| with destination set.
7435 {
7436 bssl::UniquePtr<X509_VERIFY_PARAM> dest(X509_VERIFY_PARAM_new());
7437 ASSERT_TRUE(dest);
7438 bssl::UniquePtr<X509_VERIFY_PARAM> src(X509_VERIFY_PARAM_new());
7439 ASSERT_TRUE(src);
7440 X509_VERIFY_PARAM_set_depth(dest.get(), 5);
7441 ASSERT_TRUE(X509_VERIFY_PARAM_set1(dest.get(), src.get()));
7442 EXPECT_EQ(X509_VERIFY_PARAM_get_depth(dest.get()), 5);
7443 }
7444
7445 // |X509_VERIFY_PARAM_set1| with both set.
7446 {
7447 bssl::UniquePtr<X509_VERIFY_PARAM> dest(X509_VERIFY_PARAM_new());
7448 ASSERT_TRUE(dest);
7449 bssl::UniquePtr<X509_VERIFY_PARAM> src(X509_VERIFY_PARAM_new());
7450 ASSERT_TRUE(src);
7451 X509_VERIFY_PARAM_set_depth(dest.get(), 5);
7452 X509_VERIFY_PARAM_set_depth(src.get(), 10);
7453 ASSERT_TRUE(X509_VERIFY_PARAM_set1(dest.get(), src.get()));
7454 // The new value is used.
7455 EXPECT_EQ(X509_VERIFY_PARAM_get_depth(dest.get()), 10);
7456 }
7457 }
7458
TEST(X509Test,PublicKeyCache)7459 TEST(X509Test, PublicKeyCache) {
7460 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
7461 ASSERT_TRUE(key);
7462
7463 X509_PUBKEY *pub = nullptr;
7464 ASSERT_TRUE(X509_PUBKEY_set(&pub, key.get()));
7465 bssl::UniquePtr<X509_PUBKEY> free_pub(pub);
7466
7467 bssl::UniquePtr<EVP_PKEY> key2(X509_PUBKEY_get(pub));
7468 ASSERT_TRUE(key2);
7469 EXPECT_EQ(1, EVP_PKEY_cmp(key.get(), key2.get()));
7470
7471 // Replace |pub| with different (garbage) values.
7472 ASSERT_TRUE(X509_PUBKEY_set0_param(pub, OBJ_nid2obj(NID_subject_alt_name),
7473 V_ASN1_NULL, nullptr, nullptr, 0));
7474
7475 // The cached key should no longer be returned.
7476 key2.reset(X509_PUBKEY_get(pub));
7477 EXPECT_FALSE(key2);
7478 }
7479
7480 // Tests some unusual behavior in |X509_STORE_CTX_set_purpose| and
7481 // |X509_STORE_CTX_set_trust|.
TEST(X509Test,ContextTrustAndPurpose)7482 TEST(X509Test, ContextTrustAndPurpose) {
7483 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
7484 ASSERT_TRUE(store);
7485 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
7486 ASSERT_TRUE(leaf);
7487
7488 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
7489 ASSERT_TRUE(ctx);
7490 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), leaf.get(), nullptr));
7491
7492 // Initially, neither parameter is set.
7493 EXPECT_EQ(ctx->param->purpose, 0);
7494 EXPECT_EQ(ctx->param->trust, 0);
7495
7496 // Invalid purpose and trust types fail.
7497 EXPECT_FALSE(X509_STORE_CTX_set_purpose(ctx.get(), 999));
7498 EXPECT_FALSE(X509_STORE_CTX_set_trust(ctx.get(), 999));
7499
7500 // It is not possible to set |X509_PURPOSE_ANY| with this API, because there
7501 // is no corresponding trust.
7502 EXPECT_FALSE(X509_STORE_CTX_set_purpose(ctx.get(), X509_PURPOSE_ANY));
7503
7504 // Setting a purpose also sets the corresponding trust.
7505 ASSERT_TRUE(X509_STORE_CTX_set_purpose(ctx.get(), X509_PURPOSE_SSL_SERVER));
7506 EXPECT_EQ(ctx->param->purpose, X509_PURPOSE_SSL_SERVER);
7507 EXPECT_EQ(ctx->param->trust, X509_TRUST_SSL_SERVER);
7508
7509 // Once set, the functions silently do nothing.
7510 ASSERT_TRUE(X509_STORE_CTX_set_purpose(ctx.get(), X509_PURPOSE_SSL_CLIENT));
7511 ASSERT_TRUE(X509_STORE_CTX_set_trust(ctx.get(), X509_TRUST_SSL_CLIENT));
7512 EXPECT_EQ(ctx->param->purpose, X509_PURPOSE_SSL_SERVER);
7513 EXPECT_EQ(ctx->param->trust, X509_TRUST_SSL_SERVER);
7514
7515 // Start over.
7516 ctx.reset(X509_STORE_CTX_new());
7517 ASSERT_TRUE(ctx);
7518 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), leaf.get(), nullptr));
7519 EXPECT_EQ(ctx->param->purpose, 0);
7520 EXPECT_EQ(ctx->param->trust, 0);
7521
7522 // Setting trust leaves purpose unset.
7523 ASSERT_TRUE(X509_STORE_CTX_set_trust(ctx.get(), X509_TRUST_SSL_SERVER));
7524 EXPECT_EQ(ctx->param->purpose, 0);
7525 EXPECT_EQ(ctx->param->trust, X509_TRUST_SSL_SERVER);
7526
7527 // If trust is set, but not purpose, |X509_STORE_CTX_set_purpose| only sets
7528 // purpose.
7529 ASSERT_TRUE(X509_STORE_CTX_set_purpose(ctx.get(), X509_PURPOSE_SSL_CLIENT));
7530 EXPECT_EQ(ctx->param->purpose, X509_PURPOSE_SSL_CLIENT);
7531 EXPECT_EQ(ctx->param->trust, X509_TRUST_SSL_SERVER);
7532
7533 // Start over.
7534 ctx.reset(X509_STORE_CTX_new());
7535 ASSERT_TRUE(ctx);
7536 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), leaf.get(), nullptr));
7537 EXPECT_EQ(ctx->param->purpose, 0);
7538 EXPECT_EQ(ctx->param->trust, 0);
7539
7540 // If purpose is set, but not trust, |X509_STORE_CTX_set_purpose| only sets
7541 // trust.
7542 ASSERT_TRUE(X509_VERIFY_PARAM_set_purpose(
7543 X509_STORE_CTX_get0_param(ctx.get()), X509_PURPOSE_SSL_CLIENT));
7544 EXPECT_EQ(ctx->param->purpose, X509_PURPOSE_SSL_CLIENT);
7545 EXPECT_EQ(ctx->param->trust, 0);
7546
7547 ASSERT_TRUE(X509_STORE_CTX_set_purpose(ctx.get(), X509_PURPOSE_SSL_SERVER));
7548 EXPECT_EQ(ctx->param->purpose, X509_PURPOSE_SSL_CLIENT);
7549 EXPECT_EQ(ctx->param->trust, X509_TRUST_SSL_SERVER);
7550 }
7551
TEST(X509Test,Purpose)7552 TEST(X509Test, Purpose) {
7553 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
7554 ASSERT_TRUE(key);
7555
7556 struct {
7557 int purpose;
7558 int eku_nid;
7559 std::vector<KeyUsage> key_usages;
7560 } kTests[] = {
7561 {X509_PURPOSE_SSL_CLIENT,
7562 NID_client_auth,
7563 {KeyUsage::kDigitalSignature, KeyUsage::kKeyAgreement}},
7564 {X509_PURPOSE_SSL_SERVER,
7565 NID_server_auth,
7566 {KeyUsage::kDigitalSignature, KeyUsage::kKeyAgreement,
7567 KeyUsage::kKeyEncipherment}},
7568 {X509_PURPOSE_NS_SSL_SERVER,
7569 NID_server_auth,
7570 {KeyUsage::kKeyEncipherment}},
7571 {X509_PURPOSE_SMIME_SIGN,
7572 NID_email_protect,
7573 {KeyUsage::kDigitalSignature, KeyUsage::kNonRepudiation}},
7574 {X509_PURPOSE_SMIME_ENCRYPT,
7575 NID_email_protect,
7576 {KeyUsage::kKeyEncipherment}},
7577 {X509_PURPOSE_CRL_SIGN, NID_undef, {KeyUsage::kCRLSign}},
7578 };
7579 for (const auto &t : kTests) {
7580 SCOPED_TRACE(t.purpose);
7581
7582 auto configure_callback = [&](X509_STORE_CTX *ctx) {
7583 X509_STORE_CTX_set_purpose(ctx, t.purpose);
7584 };
7585
7586 // An unconstrained cert chain is valid.
7587 bssl::UniquePtr<X509> root =
7588 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
7589 ASSERT_TRUE(root);
7590 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
7591
7592 bssl::UniquePtr<X509> intermediate =
7593 MakeTestCert("Root", "Intermediate", key.get(), /*is_ca=*/true);
7594 ASSERT_TRUE(intermediate);
7595 ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
7596
7597 bssl::UniquePtr<X509> leaf =
7598 MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
7599 ASSERT_TRUE(leaf);
7600 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7601
7602 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
7603 {}, 0, configure_callback));
7604
7605 // A leaf and intermediate with compatible constraints is valid.
7606 intermediate =
7607 MakeTestCert("Root", "Intermediate", key.get(), /*is_ca=*/true);
7608 ASSERT_TRUE(intermediate);
7609 ASSERT_TRUE(AddKeyUsage(intermediate.get(), {KeyUsage::kKeyCertSign}));
7610 if (t.eku_nid != NID_undef) {
7611 ASSERT_TRUE(AddExtendedKeyUsage(intermediate.get(), {t.eku_nid}));
7612 }
7613 ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
7614
7615 leaf = MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
7616 ASSERT_TRUE(leaf);
7617 if (t.eku_nid != NID_undef) {
7618 ASSERT_TRUE(AddExtendedKeyUsage(leaf.get(), {t.eku_nid}));
7619 }
7620 ASSERT_TRUE(AddKeyUsage(leaf.get(), t.key_usages));
7621 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7622
7623 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
7624 {}, 0, configure_callback));
7625
7626 // Each key usage asserted individually is valid.
7627 for (KeyUsage usage : t.key_usages) {
7628 SCOPED_TRACE(static_cast<int>(usage));
7629 leaf = MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
7630 ASSERT_TRUE(leaf);
7631 if (t.eku_nid != NID_undef) {
7632 ASSERT_TRUE(AddExtendedKeyUsage(leaf.get(), {t.eku_nid}));
7633 }
7634 ASSERT_TRUE(AddKeyUsage(leaf.get(), {usage}));
7635 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7636 EXPECT_EQ(X509_V_OK,
7637 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0,
7638 configure_callback));
7639 }
7640
7641 // A leaf with the wrong EKU is invalid.
7642 if (t.eku_nid != NID_undef) {
7643 leaf = MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
7644 ASSERT_TRUE(leaf);
7645 ASSERT_TRUE(AddExtendedKeyUsage(leaf.get(), {NID_rsaEncryption}));
7646 ASSERT_TRUE(AddKeyUsage(leaf.get(), t.key_usages));
7647 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7648 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE,
7649 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0,
7650 configure_callback));
7651 }
7652
7653 // A leaf without any of the requested key usages is invalid.
7654 std::vector<KeyUsage> usages;
7655 for (int i = 0; i < 10; i++) {
7656 auto k = static_cast<KeyUsage>(i);
7657 if (std::find(t.key_usages.begin(), t.key_usages.end(), k) ==
7658 t.key_usages.end()) {
7659 usages.push_back(k);
7660 }
7661 }
7662 leaf = MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
7663 ASSERT_TRUE(leaf);
7664 if (t.eku_nid != NID_undef) {
7665 ASSERT_TRUE(AddExtendedKeyUsage(leaf.get(), {t.eku_nid}));
7666 }
7667 ASSERT_TRUE(AddKeyUsage(leaf.get(), usages));
7668 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7669 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE,
7670 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0,
7671 configure_callback));
7672
7673 // Extra EKUs and key usages are fine.
7674 usages.clear();
7675 for (int i = 0; i < 10; i++) {
7676 usages.push_back(static_cast<KeyUsage>(i));
7677 }
7678 leaf = MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
7679 ASSERT_TRUE(leaf);
7680 if (t.eku_nid != NID_undef) {
7681 ASSERT_TRUE(
7682 AddExtendedKeyUsage(leaf.get(), {t.eku_nid, NID_rsaEncryption}));
7683 }
7684 ASSERT_TRUE(AddKeyUsage(leaf.get(), usages));
7685 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7686 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
7687 {}, 0, configure_callback));
7688
7689 // anyExtendedKeyUsage is not allowed in place of a concrete EKU.
7690 if (t.eku_nid != NID_undef) {
7691 leaf = MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
7692 ASSERT_TRUE(leaf);
7693 ASSERT_TRUE(AddExtendedKeyUsage(leaf.get(), {NID_anyExtendedKeyUsage}));
7694 ASSERT_TRUE(AddKeyUsage(leaf.get(), t.key_usages));
7695 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7696 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE,
7697 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0,
7698 configure_callback));
7699 }
7700
7701 // Restore |leaf| to a valid option.
7702 leaf = MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
7703 ASSERT_TRUE(leaf);
7704 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7705
7706 // The intermediate must have the keyCertSign bit. This bit is checked in
7707 // multiple places. The first place that fails is in looking for candidate
7708 // issuers.
7709 intermediate =
7710 MakeTestCert("Root", "Intermediate", key.get(), /*is_ca=*/true);
7711 ASSERT_TRUE(intermediate);
7712 ASSERT_TRUE(AddKeyUsage(intermediate.get(), {KeyUsage::kDigitalSignature}));
7713 if (t.eku_nid != NID_undef) {
7714 ASSERT_TRUE(AddExtendedKeyUsage(intermediate.get(), {t.eku_nid}));
7715 }
7716 ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
7717 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
7718 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0,
7719 configure_callback));
7720
7721 // The intermediate must have the EKU asserted.
7722 if (t.eku_nid != NID_undef) {
7723 intermediate =
7724 MakeTestCert("Root", "Intermediate", key.get(), /*is_ca=*/true);
7725 ASSERT_TRUE(intermediate);
7726 ASSERT_TRUE(AddKeyUsage(intermediate.get(), {KeyUsage::kKeyCertSign}));
7727 ASSERT_TRUE(AddExtendedKeyUsage(intermediate.get(), {NID_rsaEncryption}));
7728 ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
7729 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE,
7730 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0,
7731 configure_callback));
7732 }
7733 }
7734 }
7735
TEST(X509Test,Trust)7736 TEST(X509Test, Trust) {
7737 struct Certs {
7738 bssl::UniquePtr<X509> normal;
7739 bssl::UniquePtr<X509> trusted_server, distrusted_server;
7740 bssl::UniquePtr<X509> trusted_any, distrusted_any;
7741 };
7742 auto certs_from_pem = [](const char *pem) -> Certs {
7743 Certs certs;
7744 certs.normal = CertFromPEM(pem);
7745 certs.trusted_server = CertFromPEM(pem);
7746 certs.distrusted_server = CertFromPEM(pem);
7747 certs.trusted_any = CertFromPEM(pem);
7748 certs.distrusted_any = CertFromPEM(pem);
7749 if (certs.normal == nullptr || certs.trusted_server == nullptr ||
7750 certs.distrusted_server == nullptr || certs.trusted_any == nullptr ||
7751 certs.distrusted_any == nullptr ||
7752 !X509_add1_trust_object(certs.trusted_server.get(),
7753 OBJ_nid2obj(NID_server_auth)) ||
7754 !X509_add1_reject_object(certs.distrusted_server.get(),
7755 OBJ_nid2obj(NID_server_auth)) ||
7756 !X509_add1_trust_object(certs.trusted_any.get(),
7757 OBJ_nid2obj(NID_anyExtendedKeyUsage)) ||
7758 !X509_add1_reject_object(certs.distrusted_any.get(),
7759 OBJ_nid2obj(NID_anyExtendedKeyUsage))) {
7760 return Certs{};
7761 }
7762 return certs;
7763 };
7764
7765 Certs root = certs_from_pem(kRootCAPEM);
7766 Certs intermediate = certs_from_pem(kIntermediatePEM);
7767 Certs leaf = certs_from_pem(kLeafPEM);
7768 ASSERT_TRUE(root.normal);
7769 ASSERT_TRUE(intermediate.normal);
7770 ASSERT_TRUE(leaf.normal);
7771
7772 // By default, trust is determined by a combination of self-signedness and
7773 // NID_anyExtendedKeyUsage.
7774 EXPECT_EQ(X509_V_OK, Verify(leaf.normal.get(), {root.normal.get()},
7775 {intermediate.normal.get()}, {}));
7776 EXPECT_EQ(X509_V_OK, Verify(leaf.normal.get(), {root.trusted_any.get()},
7777 {intermediate.normal.get()}, {}));
7778 EXPECT_EQ(X509_V_ERR_CERT_REJECTED,
7779 Verify(leaf.normal.get(), {root.distrusted_any.get()},
7780 {intermediate.normal.get()}, {}));
7781
7782 // Intermediate certificates are not self-signed, so must have an
7783 // NID_anyExtendedKeyUsage trust setting.
7784 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
7785 Verify(leaf.normal.get(), {intermediate.normal.get()}, {}, {}));
7786 EXPECT_EQ(X509_V_OK, Verify(leaf.normal.get(),
7787 {intermediate.trusted_any.get()}, {}, {}));
7788 EXPECT_EQ(
7789 X509_V_ERR_CERT_REJECTED,
7790 Verify(leaf.normal.get(), {intermediate.distrusted_any.get()}, {}, {}));
7791
7792 // If a certificate has trust settings, but only for a different OID, the
7793 // self-signed rule still takes effect.
7794 EXPECT_EQ(X509_V_OK, Verify(leaf.normal.get(), {root.trusted_server.get()},
7795 {intermediate.normal.get()}, {}));
7796 EXPECT_EQ(X509_V_OK, Verify(leaf.normal.get(), {root.distrusted_server.get()},
7797 {intermediate.normal.get()}, {}));
7798 EXPECT_EQ(
7799 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
7800 Verify(leaf.normal.get(), {intermediate.trusted_server.get()}, {}, {}));
7801
7802 // |X509_TRUST_SSL_SERVER| should instead look at self-signedness and
7803 // |NID_server_auth|.
7804 auto set_server_trust = [](X509_STORE_CTX *ctx) {
7805 X509_STORE_CTX_set_trust(ctx, X509_TRUST_SSL_SERVER);
7806 };
7807 EXPECT_EQ(X509_V_OK, Verify(leaf.normal.get(), {root.normal.get()},
7808 {intermediate.normal.get()}, {}, /*flags=*/0,
7809 set_server_trust));
7810 EXPECT_EQ(X509_V_OK, Verify(leaf.normal.get(), {root.trusted_server.get()},
7811 {intermediate.normal.get()}, {}, /*flags=*/0,
7812 set_server_trust));
7813 EXPECT_EQ(
7814 X509_V_ERR_CERT_REJECTED,
7815 Verify(leaf.normal.get(), {root.distrusted_server.get()},
7816 {intermediate.normal.get()}, {}, /*flags=*/0, set_server_trust));
7817
7818 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
7819 Verify(leaf.normal.get(), {intermediate.normal.get()}, {}, {},
7820 /*flags=*/0, set_server_trust));
7821 EXPECT_EQ(X509_V_OK, Verify(leaf.normal.get(),
7822 {intermediate.trusted_server.get()}, {}, {},
7823 /*flags=*/0, set_server_trust));
7824 EXPECT_EQ(X509_V_ERR_CERT_REJECTED,
7825 Verify(leaf.normal.get(), {intermediate.distrusted_server.get()},
7826 {}, {}, /*flags=*/0, set_server_trust));
7827
7828 // NID_anyExtendedKeyUsage is just an unrelated OID to X509_TRUST_SSL_SERVER.
7829 // Unlike the default behavior, once a certificate has explicit trust settings
7830 // for any OID, the self-signed check is disabled.
7831 EXPECT_EQ(
7832 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
7833 Verify(leaf.normal.get(), {root.trusted_any.get()},
7834 {intermediate.normal.get()}, {}, /*flags=*/0, set_server_trust));
7835
7836 // Trust settings on a certificate are ignored if the leaf did not come from
7837 // |X509_STORE|. This is important because trust settings may be serialized
7838 // via |d2i_X509_AUX|. It is often not obvious which functions may trigger
7839 // this, so callers may inadvertently run with attacker-supplied trust
7840 // settings on untrusted certificates.
7841 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
7842 Verify(leaf.trusted_server.get(), /*roots=*/{},
7843 /*intermediates=*/{intermediate.trusted_server.get()}, {},
7844 /*flags=*/0, set_server_trust));
7845 EXPECT_EQ(
7846 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN,
7847 Verify(leaf.trusted_server.get(), /*roots=*/{},
7848 /*intermediates=*/
7849 {intermediate.trusted_server.get(), root.trusted_server.get()}, {},
7850 /*flags=*/0, set_server_trust));
7851
7852 // Likewise, distrusts only take effect from |X509_STORE|.
7853 EXPECT_EQ(X509_V_OK, Verify(leaf.distrusted_server.get(), {root.normal.get()},
7854 {intermediate.normal.get()}, {},
7855 /*flags=*/0, set_server_trust));
7856 }
7857
7858 // Test some APIs that rust-openssl uses to look up purposes by name.
TEST(X509Test,PurposeByShortName)7859 TEST(X509Test, PurposeByShortName) {
7860 int idx = X509_PURPOSE_get_by_sname("sslserver");
7861 ASSERT_NE(idx, -1);
7862 const X509_PURPOSE *purpose = X509_PURPOSE_get0(idx);
7863 ASSERT_TRUE(purpose);
7864 EXPECT_EQ(X509_PURPOSE_get_id(purpose), X509_PURPOSE_SSL_SERVER);
7865 }
7866
TEST(X509Test,CriticalExtension)7867 TEST(X509Test, CriticalExtension) {
7868 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
7869 ASSERT_TRUE(key);
7870
7871 bssl::UniquePtr<X509> root =
7872 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
7873 ASSERT_TRUE(root);
7874 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
7875
7876 // Issue a certificate with a critical Netscape certificate type extension. We
7877 // do not recognize this extension, so this certificate should be rejected.
7878 bssl::UniquePtr<X509> leaf =
7879 MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false);
7880 ASSERT_TRUE(leaf);
7881 bssl::UniquePtr<ASN1_BIT_STRING> cert_type(ASN1_BIT_STRING_new());
7882 ASSERT_TRUE(cert_type);
7883 ASSERT_TRUE(ASN1_BIT_STRING_set_bit(cert_type.get(), /*n=*/0, /*value=*/1));
7884 ASSERT_TRUE(X509_add1_ext_i2d(leaf.get(), NID_netscape_cert_type,
7885 cert_type.get(),
7886 /*crit=*/1, /*flags=*/0));
7887 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
7888
7889 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION,
7890 Verify(leaf.get(), {root.get()}, {}, {}));
7891 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {}, {},
7892 X509_V_FLAG_IGNORE_CRITICAL));
7893 }
7894
7895 enum NameHash { kOldHash, kNewHash };
7896
7897 // TemporaryHashDir constructs a temporary directory in the format of
7898 // |X509_LOOKUP_hash_dir|.
7899 class TemporaryHashDir {
7900 public:
TemporaryHashDir(int type)7901 explicit TemporaryHashDir(int type) : type_(type) {}
7902
Init()7903 bool Init() { return dir_.Init(); }
path() const7904 const std::string &path() const { return dir_.path(); }
7905
num_cert_hashes() const7906 size_t num_cert_hashes() const { return next_cert_.size(); }
num_crl_hashes() const7907 size_t num_crl_hashes() const { return next_crl_.size(); }
7908
AddCert(X509 * x509,NameHash name_hash)7909 bool AddCert(X509 *x509, NameHash name_hash) {
7910 return AddCertWithHash(HashName(name_hash, X509_get_subject_name(x509)),
7911 x509);
7912 }
7913
AddCRL(X509_CRL * crl,NameHash name_hash)7914 bool AddCRL(X509_CRL *crl, NameHash name_hash) {
7915 return AddCRLWithHash(HashName(name_hash, X509_CRL_get_issuer(crl)), crl);
7916 }
7917
AddCertWithHash(uint32_t hash,X509 * cert)7918 bool AddCertWithHash(uint32_t hash, X509 *cert) {
7919 std::vector<uint8_t> data = EncodeCert(cert);
7920 if (data.empty()) {
7921 return false;
7922 }
7923 auto &num = next_cert_[hash];
7924 char path[32];
7925 snprintf(path, sizeof(path), "%08x.%d", hash, num);
7926 if (!dir_.AddFile(path, data)) {
7927 return false;
7928 }
7929 num++;
7930 return true;
7931 }
7932
AddCRLWithHash(uint32_t hash,X509_CRL * crl)7933 bool AddCRLWithHash(uint32_t hash, X509_CRL *crl) {
7934 std::vector<uint8_t> data = EncodeCRL(crl);
7935 if (data.empty()) {
7936 return false;
7937 }
7938 auto &num = next_crl_[hash];
7939 char path[32];
7940 snprintf(path, sizeof(path), "%08x.r%d", hash, num);
7941 if (!dir_.AddFile(path, data)) {
7942 return false;
7943 }
7944 num++;
7945 return true;
7946 }
7947
ReplaceLastCRL(X509_CRL * crl,NameHash name_hash)7948 bool ReplaceLastCRL(X509_CRL *crl, NameHash name_hash) {
7949 uint32_t hash = HashName(name_hash, X509_CRL_get_issuer(crl));
7950 auto iter = next_crl_.find(hash);
7951 if (iter == next_crl_.end()) {
7952 return false;
7953 }
7954 std::vector<uint8_t> data = EncodeCRL(crl);
7955 if (data.empty()) {
7956 return false;
7957 }
7958 char path[32];
7959 snprintf(path, sizeof(path), "%08x.r%d", hash, iter->second - 1);
7960 return dir_.AddFile(path, data);
7961 }
7962
7963 private:
HashName(NameHash name_hash,X509_NAME * name)7964 static uint32_t HashName(NameHash name_hash, X509_NAME *name) {
7965 return name_hash == kOldHash ? X509_NAME_hash_old(name)
7966 : X509_NAME_hash(name);
7967 }
7968
EncodeCert(X509 * cert)7969 std::vector<uint8_t> EncodeCert(X509 *cert) {
7970 if (type_ == X509_FILETYPE_ASN1) {
7971 uint8_t *der = nullptr;
7972 int der_len = i2d_X509(cert, &der);
7973 if (der_len < 0) {
7974 return {};
7975 }
7976 bssl::UniquePtr<uint8_t> free_der(der);
7977 return std::vector<uint8_t>(der, der + der_len);
7978 }
7979
7980 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
7981 const uint8_t *pem;
7982 size_t pem_len;
7983 if (bio == nullptr || //
7984 !PEM_write_bio_X509(bio.get(), cert) ||
7985 !BIO_mem_contents(bio.get(), &pem, &pem_len)) {
7986 return {};
7987 }
7988 return std::vector<uint8_t>(pem, pem + pem_len);
7989 }
7990
EncodeCRL(X509_CRL * crl)7991 std::vector<uint8_t> EncodeCRL(X509_CRL *crl) {
7992 if (type_ == X509_FILETYPE_ASN1) {
7993 uint8_t *der = nullptr;
7994 int der_len = i2d_X509_CRL(crl, &der);
7995 if (der_len < 0) {
7996 return {};
7997 }
7998 bssl::UniquePtr<uint8_t> free_der(der);
7999 return std::vector<uint8_t>(der, der + der_len);
8000 }
8001
8002 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
8003 const uint8_t *pem;
8004 size_t pem_len;
8005 if (bio == nullptr || //
8006 !PEM_write_bio_X509_CRL(bio.get(), crl) ||
8007 !BIO_mem_contents(bio.get(), &pem, &pem_len)) {
8008 return {};
8009 }
8010 return std::vector<uint8_t>(pem, pem + pem_len);
8011 }
8012
8013 int type_;
8014 bssl::TemporaryDirectory dir_;
8015 std::map<uint32_t, int> next_cert_;
8016 std::map<uint32_t, int> next_crl_;
8017 };
8018
8019 // TODO(davidben): Also test CRL handling. There are some interesting behaviors
8020 // in here.
TEST(X509Test,DirHash)8021 TEST(X509Test, DirHash) {
8022 if (bssl::SkipTempFileTests()) {
8023 GTEST_SKIP();
8024 }
8025
8026 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
8027 ASSERT_TRUE(key);
8028
8029 // Test both formats.
8030 for (int type : {X509_FILETYPE_PEM, X509_FILETYPE_ASN1}) {
8031 SCOPED_TRACE(type);
8032
8033 // Generate some roots and fill a directory with OpenSSL's directory hash
8034 // format. The hash depends only on the name, so we do not need to
8035 // pre-generate the certificates. Test both DER and PEM.
8036 TemporaryHashDir dir(type);
8037 ASSERT_TRUE(dir.Init());
8038
8039 auto add_root = [&](const std::string &name, NameHash name_hash) -> bool {
8040 bssl::UniquePtr<X509> ca =
8041 MakeTestCert(name.c_str(), name.c_str(), key.get(), /*is_ca=*/true);
8042 if (ca == nullptr || !X509_sign(ca.get(), key.get(), EVP_sha256())) {
8043 return false;
8044 }
8045 return dir.AddCert(ca.get(), name_hash);
8046 };
8047
8048 auto issue_crl =
8049 [&](const std::string &name, int this_update_offset_day,
8050 const std::vector<uint64_t> &serials) -> bssl::UniquePtr<X509_CRL> {
8051 bssl::UniquePtr<X509_CRL> crl = MakeTestCRL(
8052 name.c_str(), this_update_offset_day, /*next_update_offset_day=*/1);
8053 if (crl == nullptr) {
8054 return nullptr;
8055 }
8056 for (uint64_t serial : serials) {
8057 // The revocation time does not matter for this test. Pretend the
8058 // certificate was just revoked.
8059 if (!AddRevokedSerialU64(crl.get(), serial,
8060 /*offset_day=*/this_update_offset_day)) {
8061 return nullptr;
8062 }
8063 }
8064 if (!X509_CRL_sign(crl.get(), key.get(), EVP_sha256())) {
8065 return nullptr;
8066 }
8067 return crl;
8068 };
8069
8070 auto add_crl = [&](const std::string &name, NameHash name_hash,
8071 int this_update_offset_day,
8072 const std::vector<uint64_t> &serials) -> bool {
8073 bssl::UniquePtr<X509_CRL> crl =
8074 issue_crl(name, this_update_offset_day, serials);
8075 return crl != nullptr && dir.AddCRL(crl.get(), name_hash);
8076 };
8077
8078 std::string ca1 = "Test CA 1";
8079 ASSERT_TRUE(add_root(ca1, kNewHash));
8080
8081 std::string ca2 = "Test CA 2";
8082 ASSERT_TRUE(add_root(ca2, kOldHash));
8083
8084 // Install CA 3 at its new hash. CA 3's name is not canonical, but the new
8085 // hash runs after canonicalization, so OpenSSL should be able to find it.
8086 std::string ca3 = "Test CA 3";
8087 std::string ca3_noncanonical = " test ca 3 ";
8088 ASSERT_TRUE(add_root(ca3_noncanonical, kNewHash));
8089
8090 // These two CAs collide under |X509_NAME_hash|.
8091 std::string collide_name1 = "Test CA 1191514847";
8092 std::string collide_name2 = "Test CA 1570301806";
8093 size_t num_cert_hashes = dir.num_cert_hashes();
8094 ASSERT_TRUE(add_root(collide_name1, kNewHash));
8095 EXPECT_EQ(dir.num_cert_hashes(), num_cert_hashes + 1);
8096 ASSERT_TRUE(add_root(collide_name2, kNewHash));
8097 EXPECT_EQ(dir.num_cert_hashes(), num_cert_hashes + 1);
8098
8099 // These two CAs collide under |X509_NAME_hash_old|.
8100 std::string old_collide_name1 = "Test CA 1069881739";
8101 std::string old_collide_name2 = "Test CA 940754110";
8102 num_cert_hashes = dir.num_cert_hashes();
8103 ASSERT_TRUE(add_root(old_collide_name1, kOldHash));
8104 EXPECT_EQ(dir.num_cert_hashes(), num_cert_hashes + 1);
8105 ASSERT_TRUE(add_root(old_collide_name2, kOldHash));
8106 EXPECT_EQ(dir.num_cert_hashes(), num_cert_hashes + 1);
8107
8108 // Make an |X509_STORE| that gets CAs from |dir|.
8109 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
8110 ASSERT_TRUE(store);
8111 X509_LOOKUP *lookup =
8112 X509_STORE_add_lookup(store.get(), X509_LOOKUP_hash_dir());
8113 ASSERT_TRUE(lookup);
8114 ASSERT_TRUE(X509_LOOKUP_add_dir(lookup, dir.path().c_str(), type));
8115
8116 auto test_issuer_flags = [&](const std::string &issuer, uint64_t serial,
8117 unsigned long flags) -> int {
8118 bssl::UniquePtr<X509> cert =
8119 MakeTestCert(issuer.c_str(), "Leaf", key.get(), /*is_ca=*/false);
8120 bssl::UniquePtr<ASN1_INTEGER> serial_asn1(ASN1_INTEGER_new());
8121 if (cert == nullptr || serial_asn1 == nullptr ||
8122 !ASN1_INTEGER_set_uint64(serial_asn1.get(), serial) ||
8123 !X509_set_serialNumber(cert.get(), serial_asn1.get()) ||
8124 !X509_sign(cert.get(), key.get(), EVP_sha256())) {
8125 return X509_V_ERR_UNSPECIFIED;
8126 }
8127
8128 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
8129 if (ctx == nullptr ||
8130 !X509_STORE_CTX_init(ctx.get(), store.get(), cert.get(),
8131 /*chain=*/nullptr)) {
8132 return X509_V_ERR_UNSPECIFIED;
8133 }
8134 X509_STORE_CTX_set_flags(ctx.get(), flags);
8135 X509_STORE_CTX_set_time_posix(ctx.get(), /*flags=*/0, kReferenceTime);
8136
8137 return X509_verify_cert(ctx.get()) ? X509_V_OK
8138 : X509_STORE_CTX_get_error(ctx.get());
8139 };
8140
8141 auto test_issuer = [&](const std::string &issuer) -> int {
8142 return test_issuer_flags(issuer, /*serial=*/0, /*flags=*/0);
8143 };
8144 auto test_issuer_crl = [&](const std::string &issuer,
8145 uint64_t serial) -> int {
8146 return test_issuer_flags(issuer, serial, X509_V_FLAG_CRL_CHECK);
8147 };
8148
8149 // All these roots are in the store and should be found. Although Test CA
8150 // 3 was installed under a non-canonical name, the new hash accounts for
8151 // this.
8152 EXPECT_EQ(X509_V_OK, test_issuer(ca1));
8153 EXPECT_EQ(X509_V_OK, test_issuer(ca2));
8154 EXPECT_EQ(X509_V_OK, test_issuer(ca3));
8155 EXPECT_EQ(X509_V_OK, test_issuer(collide_name1));
8156 EXPECT_EQ(X509_V_OK, test_issuer(collide_name2));
8157 EXPECT_EQ(X509_V_OK, test_issuer(old_collide_name1));
8158 EXPECT_EQ(X509_V_OK, test_issuer(old_collide_name2));
8159
8160 // Repeat the tests. This time it will pick up the certificate from the
8161 // cache.
8162 EXPECT_EQ(X509_V_OK, test_issuer(ca1));
8163 EXPECT_EQ(X509_V_OK, test_issuer(ca2));
8164 EXPECT_EQ(X509_V_OK, test_issuer(ca3));
8165 EXPECT_EQ(X509_V_OK, test_issuer(collide_name1));
8166 EXPECT_EQ(X509_V_OK, test_issuer(collide_name2));
8167 EXPECT_EQ(X509_V_OK, test_issuer(old_collide_name1));
8168 EXPECT_EQ(X509_V_OK, test_issuer(old_collide_name2));
8169
8170 // Test a certificate not in the store.
8171 ERR_clear_error();
8172 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
8173 test_issuer("Not In Store"));
8174
8175 // Although, internally, this hits the filesystem and finds that a file does
8176 // not exist, there should not be anything on the error queue about a
8177 // missing file. |X509_verify_cert| generally does not use the error queue,
8178 // so it will be empty. See https://crbug.com/boringssl/708.
8179 EXPECT_EQ(ERR_get_error(), 0u);
8180
8181 // Test CRL handling. First, if we cannot find a CRL, verification will
8182 // fail.
8183 //
8184 // TODO(crbug.com/boringssl/690): We should test both the old and new hash,
8185 // but the CRL reloading process does not work for the old hash due to a
8186 // bug. It notices the cached old CRL, mistakes it for something loaded via
8187 // the new hash, and never bothers checking the old hash.
8188 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
8189 test_issuer_crl(collide_name1, /*serial=*/1));
8190
8191 // Install an empty CRL. Verification should now succeed.
8192 ASSERT_TRUE(add_crl(collide_name1, kNewHash,
8193 /*this_update_offset_day=*/-10, /*serials=*/{}));
8194 EXPECT_EQ(X509_V_OK, test_issuer_crl(collide_name1, /*serial=*/1));
8195
8196 // Verify again. Unlike roots, which are cached, this will query the
8197 // directory again.
8198 EXPECT_EQ(X509_V_OK, test_issuer_crl(collide_name1, /*serial=*/1));
8199
8200 // The extra query is so that a newer CRL is picked up, at an incrementing
8201 // number. This feature is less useful than it sounds because all CRLs are
8202 // persistently cached.
8203 ASSERT_TRUE(add_crl(collide_name1, kNewHash,
8204 /*this_update_offset_day=*/-9, /*serials=*/{1}));
8205 EXPECT_EQ(X509_V_ERR_CERT_REVOKED,
8206 test_issuer_crl(collide_name1, /*serial=*/1));
8207
8208 // Serial number 2 is not revoked.
8209 EXPECT_EQ(X509_V_OK, test_issuer_crl(collide_name1, /*serial=*/2));
8210
8211 // A new CRL at an already loaded name is ignored because OpenSSL skips
8212 // loading the older ones and relies on them being persistently cached in
8213 // memory.
8214 //
8215 // TODO(crbug.com/boringssl/690): This behavior is almost certainly not what
8216 // anyone wants. Rework this.
8217 bssl::UniquePtr<X509_CRL> crl = issue_crl(
8218 collide_name1, /*this_update_offset_day=*/-8, /*serials=*/{1, 2});
8219 ASSERT_TRUE(crl);
8220 ASSERT_TRUE(dir.ReplaceLastCRL(crl.get(), kNewHash));
8221 EXPECT_EQ(X509_V_OK, test_issuer_crl(collide_name1, /*serial=*/2));
8222
8223 // If there are many new CRLs, they are all loaded and the newest is wins.
8224 ASSERT_TRUE(add_crl(collide_name1, kNewHash,
8225 /*this_update_offset_day=*/-7, /*serials=*/{1, 2}));
8226 ASSERT_TRUE(add_crl(collide_name1, kNewHash,
8227 /*this_update_offset_day=*/-5, /*serials=*/{1, 2, 3}));
8228 ASSERT_TRUE(add_crl(collide_name1, kNewHash,
8229 /*this_update_offset_day=*/-6, /*serials=*/{1, 2}));
8230
8231 // r3 should have won, which revokes all three serials:
8232 EXPECT_EQ(X509_V_ERR_CERT_REVOKED,
8233 test_issuer_crl(collide_name1, /*serial=*/1));
8234 EXPECT_EQ(X509_V_ERR_CERT_REVOKED,
8235 test_issuer_crl(collide_name1, /*serial=*/2));
8236 EXPECT_EQ(X509_V_ERR_CERT_REVOKED,
8237 test_issuer_crl(collide_name1, /*serial=*/3));
8238
8239 // If the new CRL is older than a previously loaded one, it is ignored.
8240 ASSERT_TRUE(add_crl(collide_name1, kNewHash,
8241 /*this_update_offset_day=*/-100, /*serials=*/{}));
8242
8243 // Finally, test hash collisions. The internal book-keeping for where to
8244 // start loading should be compatible with a second CA whose hash collides.
8245 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
8246 test_issuer_crl(collide_name2, /*serial=*/1));
8247 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
8248 test_issuer_crl(collide_name2, /*serial=*/2));
8249 ASSERT_TRUE(add_crl(collide_name2, kNewHash,
8250 /*this_update_offset_day=*/-10, /*serials=*/{1}));
8251 EXPECT_EQ(X509_V_ERR_CERT_REVOKED,
8252 test_issuer_crl(collide_name2, /*serial=*/1));
8253 EXPECT_EQ(X509_V_OK, test_issuer_crl(collide_name2, /*serial=*/2));
8254
8255 // Confirm all CRLs we added had the same hash.
8256 EXPECT_EQ(dir.num_crl_hashes(), 1u);
8257 }
8258 }
8259
8260 // Test that two directory hash paths are treated as a sequence of paths,
8261 // separated by a separator.
TEST(X509Test,DirHashSeparator)8262 TEST(X509Test, DirHashSeparator) {
8263 #if defined(OPENSSL_WINDOWS)
8264 const char kSeparator = ';';
8265 #else
8266 const char kSeparator = ':';
8267 #endif
8268
8269 if (bssl::SkipTempFileTests()) {
8270 GTEST_SKIP();
8271 }
8272
8273 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
8274 ASSERT_TRUE(key);
8275
8276 // Make two directories and place one CA in each.
8277 TemporaryHashDir dir1(X509_FILETYPE_PEM), dir2(X509_FILETYPE_PEM);
8278 ASSERT_TRUE(dir1.Init());
8279 ASSERT_TRUE(dir2.Init());
8280
8281 bssl::UniquePtr<X509> ca1 =
8282 MakeTestCert("Test CA 1", "Test CA 1", key.get(), /*is_ca=*/true);
8283 ASSERT_TRUE(ca1);
8284 ASSERT_TRUE(X509_sign(ca1.get(), key.get(), EVP_sha256()));
8285 ASSERT_TRUE(dir1.AddCert(ca1.get(), kNewHash));
8286
8287 bssl::UniquePtr<X509> ca2 =
8288 MakeTestCert("Test CA 2", "Test CA 2", key.get(), /*is_ca=*/true);
8289 ASSERT_TRUE(ca2);
8290 ASSERT_TRUE(X509_sign(ca2.get(), key.get(), EVP_sha256()));
8291 ASSERT_TRUE(dir1.AddCert(ca2.get(), kNewHash));
8292
8293 // Make an |X509_STORE| that gets CAs from |dir1| and |dir2|.
8294 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
8295 ASSERT_TRUE(store);
8296 std::string paths = dir1.path() + kSeparator + dir2.path();
8297 ASSERT_TRUE(
8298 X509_STORE_load_locations(store.get(), /*file=*/nullptr, paths.c_str()));
8299
8300 // Both CAs should work.
8301 {
8302 bssl::UniquePtr<X509> cert =
8303 MakeTestCert("Test CA 1", "Leaf", key.get(), /*is_ca=*/false);
8304 ASSERT_TRUE(cert);
8305 ASSERT_TRUE(X509_sign(cert.get(), key.get(), EVP_sha256()));
8306 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
8307 ASSERT_TRUE(ctx);
8308 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), cert.get(),
8309 /*chain=*/nullptr));
8310 X509_STORE_CTX_set_time_posix(ctx.get(), /*flags=*/0, kReferenceTime);
8311 EXPECT_TRUE(X509_verify_cert(ctx.get()))
8312 << X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx.get()));
8313 }
8314
8315 {
8316 bssl::UniquePtr<X509> cert =
8317 MakeTestCert("Test CA 2", "Leaf", key.get(), /*is_ca=*/false);
8318 ASSERT_TRUE(cert);
8319 ASSERT_TRUE(X509_sign(cert.get(), key.get(), EVP_sha256()));
8320 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
8321 ASSERT_TRUE(ctx);
8322 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), cert.get(),
8323 /*chain=*/nullptr));
8324 X509_STORE_CTX_set_time_posix(ctx.get(), /*flags=*/0, kReferenceTime);
8325 EXPECT_TRUE(X509_verify_cert(ctx.get()))
8326 << X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx.get()));
8327 }
8328 }
8329
8330 #if defined(OPENSSL_THREADS)
8331 // Test that directory hash lookup is thread-safe.
TEST(X509Test,DirHashThreads)8332 TEST(X509Test, DirHashThreads) {
8333 if (bssl::SkipTempFileTests()) {
8334 GTEST_SKIP();
8335 }
8336
8337 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
8338 ASSERT_TRUE(key);
8339
8340 // Generate some roots and fill a directory with OpenSSL's directory hash
8341 // format. The hash depends only on the name, so we do not need to
8342 // pre-generate the certificates. Test both DER and PEM.
8343 TemporaryHashDir dir(X509_FILETYPE_PEM);
8344 ASSERT_TRUE(dir.Init());
8345
8346 auto add_root = [&](const std::string &name, NameHash name_hash) -> bool {
8347 bssl::UniquePtr<X509> ca =
8348 MakeTestCert(name.c_str(), name.c_str(), key.get(), /*is_ca=*/true);
8349 return ca != nullptr && //
8350 X509_sign(ca.get(), key.get(), EVP_sha256()) &&
8351 dir.AddCert(ca.get(), name_hash);
8352 };
8353
8354 auto issue_cert = [&](const std::string &issuer) -> bssl::UniquePtr<X509> {
8355 bssl::UniquePtr<X509> cert =
8356 MakeTestCert(issuer.c_str(), "Leaf", key.get(), /*is_ca=*/false);
8357 if (cert == nullptr || !X509_sign(cert.get(), key.get(), EVP_sha256())) {
8358 return nullptr;
8359 }
8360 return cert;
8361 };
8362
8363 auto add_crl = [&](const std::string &name,
8364 int this_update_offset_day, NameHash name_hash) -> bool {
8365 bssl::UniquePtr<X509_CRL> crl = MakeTestCRL(
8366 name.c_str(), this_update_offset_day, /*next_update_offset_day=*/1);
8367 return crl != nullptr &&
8368 X509_CRL_sign(crl.get(), key.get(), EVP_sha256()) &&
8369 dir.AddCRL(crl.get(), name_hash);
8370 };
8371
8372 // These two CAs collide under |X509_NAME_hash|.
8373 std::string ca1 = "Test CA 1191514847";
8374 std::string ca2 = "Test CA 1570301806";
8375 ASSERT_TRUE(add_root(ca1, kNewHash));
8376 ASSERT_TRUE(add_root(ca2, kNewHash));
8377 ASSERT_TRUE(add_crl(ca1, -2, kNewHash));
8378 ASSERT_TRUE(add_crl(ca2, -1, kNewHash));
8379 ASSERT_TRUE(add_crl(ca2, -2, kNewHash));
8380 ASSERT_TRUE(add_crl(ca1, -1, kNewHash));
8381 // Verify the hashes collided.
8382 ASSERT_EQ(dir.num_cert_hashes(), 1u);
8383 ASSERT_EQ(dir.num_crl_hashes(), 1u);
8384 bssl::UniquePtr<X509> leaf1 = issue_cert(ca1);
8385 ASSERT_TRUE(leaf1);
8386 bssl::UniquePtr<X509> leaf2 = issue_cert(ca2);
8387 ASSERT_TRUE(leaf2);
8388
8389 // These two CAs collide under |X509_NAME_hash_old|.
8390 std::string old_ca1 = "Test CA 1069881739";
8391 std::string old_ca2 = "Test CA 940754110";
8392 ASSERT_TRUE(add_root(old_ca1, kOldHash));
8393 ASSERT_TRUE(add_root(old_ca2, kOldHash));
8394 ASSERT_TRUE(add_crl(old_ca1, -2, kOldHash));
8395 ASSERT_TRUE(add_crl(old_ca2, -1, kOldHash));
8396 ASSERT_TRUE(add_crl(old_ca2, -2, kOldHash));
8397 ASSERT_TRUE(add_crl(old_ca1, -1, kOldHash));
8398 // Verify the hashes collided.
8399 ASSERT_EQ(dir.num_cert_hashes(), 2u);
8400 ASSERT_EQ(dir.num_crl_hashes(), 2u);
8401 bssl::UniquePtr<X509> old_leaf1 = issue_cert(old_ca1);
8402 ASSERT_TRUE(old_leaf1);
8403 bssl::UniquePtr<X509> old_leaf2 = issue_cert(old_ca2);
8404 ASSERT_TRUE(old_leaf2);
8405
8406 // Make an |X509_STORE| that gets CAs from |dir|.
8407 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
8408 ASSERT_TRUE(store);
8409 ASSERT_TRUE(X509_STORE_load_locations(store.get(), /*file=*/nullptr,
8410 dir.path().c_str()));
8411
8412 auto verify = [&](X509 *cert, bool crl_check) {
8413 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
8414 ASSERT_TRUE(ctx);
8415 ASSERT_TRUE(X509_STORE_CTX_init(ctx.get(), store.get(), cert,
8416 /*chain=*/nullptr));
8417 X509_STORE_CTX_set_flags(ctx.get(), crl_check ? X509_V_FLAG_CRL_CHECK : 0);
8418 X509_STORE_CTX_set_time_posix(ctx.get(), /*flags=*/0, kReferenceTime);
8419 EXPECT_TRUE(X509_verify_cert(ctx.get()))
8420 << X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx.get()));
8421 };
8422
8423 const size_t kNumThreads = 10;
8424 std::vector<std::thread> threads;
8425 for (size_t i = 0; i < kNumThreads; i++) {
8426 threads.emplace_back([&] { verify(leaf1.get(), false); });
8427 threads.emplace_back([&] { verify(leaf1.get(), true); });
8428 threads.emplace_back([&] { verify(leaf2.get(), false); });
8429 threads.emplace_back([&] { verify(leaf2.get(), true); });
8430
8431 threads.emplace_back([&] { verify(old_leaf1.get(), false); });
8432 threads.emplace_back([&] { verify(old_leaf1.get(), true); });
8433 threads.emplace_back([&] { verify(old_leaf2.get(), false); });
8434 threads.emplace_back([&] { verify(old_leaf2.get(), true); });
8435 }
8436 for (auto &thread : threads) {
8437 thread.join();
8438 }
8439 }
8440 #endif // OPENSSL_THREADS
8441
8442 // Test that, when there are two CAs with the same name, but different key
8443 // identifiers, certificate and CRL lookup can disambiguate correctly.
TEST(X509Test,DuplicateName)8444 TEST(X509Test, DuplicateName) {
8445 // Make two certificate chains and empty CRLs, with the same names but
8446 // different keys.
8447 bssl::UniquePtr<EVP_PKEY> key1 = PrivateKeyFromPEM(kP256Key);
8448 ASSERT_TRUE(key1);
8449 uint8_t key_id1[] = {'K', 'e', 'y', '1'};
8450 bssl::UniquePtr<X509> ca1 =
8451 MakeTestCert("CA", "CA", key1.get(), /*is_ca=*/true);
8452 ASSERT_TRUE(ca1);
8453 ASSERT_TRUE(AddSubjectKeyIdentifier(ca1.get(), key_id1));
8454 ASSERT_TRUE(X509_sign(ca1.get(), key1.get(), EVP_sha256()));
8455 bssl::UniquePtr<X509> leaf1 =
8456 MakeTestCert("CA", "Leaf", key1.get(), /*is_ca=*/false);
8457 ASSERT_TRUE(leaf1);
8458 ASSERT_TRUE(AddAuthorityKeyIdentifier(leaf1.get(), key_id1));
8459 ASSERT_TRUE(X509_sign(leaf1.get(), key1.get(), EVP_sha256()));
8460 bssl::UniquePtr<X509_CRL> crl1 = MakeTestCRL("CA", -1, 1);
8461 ASSERT_TRUE(crl1);
8462 ASSERT_TRUE(AddAuthorityKeyIdentifier(crl1.get(), key_id1));
8463 ASSERT_TRUE(X509_CRL_sign(crl1.get(), key1.get(), EVP_sha256()));
8464 // TODO(davidben): Some state in CRLs does not get correctly set up unless it
8465 // is parsed from data. |X509_CRL_sign| should reset it internally.
8466 crl1 = ReencodeCRL(crl1.get());
8467 ASSERT_TRUE(crl1);
8468
8469 bssl::UniquePtr<EVP_PKEY> key2 = PrivateKeyFromPEM(kRSAKey);
8470 ASSERT_TRUE(key2);
8471 uint8_t key_id2[] = {'K', 'e', 'y', '2'};
8472 bssl::UniquePtr<X509> ca2 =
8473 MakeTestCert("CA", "CA", key2.get(), /*is_ca=*/true);
8474 ASSERT_TRUE(ca2);
8475 ASSERT_TRUE(AddSubjectKeyIdentifier(ca2.get(), key_id2));
8476 ASSERT_TRUE(X509_sign(ca2.get(), key2.get(), EVP_sha256()));
8477 bssl::UniquePtr<X509> leaf2 =
8478 MakeTestCert("CA", "Leaf", key2.get(), /*is_ca=*/false);
8479 ASSERT_TRUE(leaf2);
8480 ASSERT_TRUE(AddAuthorityKeyIdentifier(leaf2.get(), key_id2));
8481 ASSERT_TRUE(X509_sign(leaf2.get(), key2.get(), EVP_sha256()));
8482 bssl::UniquePtr<X509_CRL> crl2 = MakeTestCRL("CA", -2, 2);
8483 ASSERT_TRUE(crl2);
8484 ASSERT_TRUE(AddAuthorityKeyIdentifier(crl2.get(), key_id2));
8485 ASSERT_TRUE(X509_CRL_sign(crl2.get(), key2.get(), EVP_sha256()));
8486 // TODO(davidben): Some state in CRLs does not get correctly set up unless it
8487 // is parsed from data. |X509_CRL_sign| should reset it internally.
8488 crl2 = ReencodeCRL(crl2.get());
8489 ASSERT_TRUE(crl2);
8490
8491 for (bool key1_first : {false, true}) {
8492 SCOPED_TRACE(key1_first);
8493 X509 *first_leaf = leaf1.get();
8494 X509 *second_leaf = leaf2.get();
8495 if (!key1_first) {
8496 std::swap(first_leaf, second_leaf);
8497 }
8498
8499 for (bool use_dir : {false, true}) {
8500 SCOPED_TRACE(use_dir);
8501 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
8502 ASSERT_TRUE(store);
8503 TemporaryHashDir dir(X509_FILETYPE_PEM);
8504 if (use_dir) {
8505 ASSERT_TRUE(dir.Init());
8506 ASSERT_TRUE(dir.AddCert(ca1.get(), kNewHash));
8507 ASSERT_TRUE(dir.AddCert(ca2.get(), kNewHash));
8508 ASSERT_TRUE(dir.AddCRL(crl1.get(), kNewHash));
8509 ASSERT_TRUE(dir.AddCRL(crl2.get(), kNewHash));
8510 ASSERT_EQ(dir.num_cert_hashes(), 1u);
8511 ASSERT_EQ(dir.num_crl_hashes(), 1u);
8512 ASSERT_TRUE(X509_STORE_load_locations(store.get(), /*file=*/nullptr,
8513 dir.path().c_str()));
8514 } else {
8515 ASSERT_TRUE(X509_STORE_add_cert(store.get(), ca1.get()));
8516 ASSERT_TRUE(X509_STORE_add_cert(store.get(), ca2.get()));
8517 ASSERT_TRUE(X509_STORE_add_crl(store.get(), crl1.get()));
8518 ASSERT_TRUE(X509_STORE_add_crl(store.get(), crl2.get()));
8519 }
8520
8521 // Verify the two certificates. Whichever comes first, we should
8522 // successfully find their CA and CRL.
8523 {
8524 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
8525 ASSERT_TRUE(ctx);
8526 ASSERT_TRUE(
8527 X509_STORE_CTX_init(ctx.get(), store.get(), first_leaf, nullptr));
8528 X509_STORE_CTX_set_flags(ctx.get(), X509_V_FLAG_CRL_CHECK);
8529 X509_STORE_CTX_set_time_posix(ctx.get(), /*flags=*/0, kReferenceTime);
8530 EXPECT_TRUE(X509_verify_cert(ctx.get()))
8531 << X509_verify_cert_error_string(
8532 X509_STORE_CTX_get_error(ctx.get()));
8533 }
8534 {
8535 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
8536 ASSERT_TRUE(ctx);
8537 ASSERT_TRUE(
8538 X509_STORE_CTX_init(ctx.get(), store.get(), second_leaf, nullptr));
8539 X509_STORE_CTX_set_flags(ctx.get(), X509_V_FLAG_CRL_CHECK);
8540 X509_STORE_CTX_set_time_posix(ctx.get(), /*flags=*/0, kReferenceTime);
8541 EXPECT_TRUE(X509_verify_cert(ctx.get()))
8542 << X509_verify_cert_error_string(
8543 X509_STORE_CTX_get_error(ctx.get()));
8544 }
8545 }
8546 }
8547 }
8548
TEST(X509Test,ParseIPAddress)8549 TEST(X509Test, ParseIPAddress) {
8550 const struct {
8551 const char *inp;
8552 // out is the expected output, or an empty vector if the parser is expected
8553 // to fail.
8554 std::vector<uint8_t> out;
8555 } kIPTests[] = {
8556 // Valid IPv4 addresses.
8557 {"127.0.0.1", {127, 0, 0, 1}},
8558 {"1.2.3.4", {1, 2, 3, 4}},
8559 {"1.2.3.255", {1, 2, 3, 255}},
8560 {"255.255.255.255", {255, 255, 255, 255}},
8561
8562 // Valid IPv6 addresses
8563 {"::", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}},
8564 {"::1", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}},
8565 {"::01", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}},
8566 {"::001", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}},
8567 {"::0001", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}},
8568 {"ffff::", {0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}},
8569 {"1::2", {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2}},
8570 {"1:1:1:1:1:1:1:1", {0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1}},
8571 {"2001:db8::ff00:42:8329",
8572 {0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00,
8573 0x00, 0x42, 0x83, 0x29}},
8574 {"1234::1.2.3.4", {0x12, 0x34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4}},
8575 {"::1.2.3.4", {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4}},
8576 {"ffff:ffff:ffff:ffff:ffff:ffff:1.2.3.4",
8577 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
8578 1, 2, 3, 4}},
8579
8580 // Too few IPv4 components.
8581 {"1", {}},
8582 {"1.", {}},
8583 {"1.2", {}},
8584 {"1.2.", {}},
8585 {"1.2.3", {}},
8586 {"1.2.3.", {}},
8587
8588 // Invalid embedded IPv4 address.
8589 {"::1.2.3", {}},
8590
8591 // Too many components.
8592 {"1.2.3.4.5", {}},
8593 {"1:2:3:4:5:6:7:8:9", {}},
8594 {"1:2:3:4:5::6:7:8:9", {}},
8595
8596 // IPv4 literals take the place of two IPv6 components.
8597 {"1:2:3:4:5:6:7:1.2.3.4", {}},
8598
8599 // '::' should have fewer than 16 components or it is redundant.
8600 {"1:2:3:4:5:6:7::8", {}},
8601
8602 // Embedded IPv4 addresses must be at the end.
8603 {"::1.2.3.4:1", {}},
8604
8605 // Stray whitespace or other invalid characters.
8606 {"1.2.3.4 ", {}},
8607 {"1.2.3 .4", {}},
8608 {"1.2.3. 4", {}},
8609 {" 1.2.3.4", {}},
8610 {"1.2.3.4.", {}},
8611 {"1.2.3.+4", {}},
8612 {"1.2.3.-4", {}},
8613 {"1.2.3.4.example.test", {}},
8614 {"::1 ", {}},
8615 {" ::1", {}},
8616 {":: 1", {}},
8617 {": :1", {}},
8618 {"1.2.3.nope", {}},
8619 {"::nope", {}},
8620
8621 // Components too large.
8622 {"1.2.3.256", {}}, // Overflows when adding
8623 {"1.2.3.260", {}}, // Overflows when multiplying by 10
8624 {"1.2.3.999999999999999999999999999999999999999999", {}},
8625 {"::fffff", {}},
8626
8627 // Although not an overflow, more than four hex digits is an error.
8628 {"::00000", {}},
8629
8630 // Too many colons.
8631 {":::", {}},
8632 {"1:::", {}},
8633 {":::2", {}},
8634 {"1:::2", {}},
8635
8636 // Only one group of zeros may be elided.
8637 {"1::2::3", {}},
8638
8639 // We only support decimal.
8640 {"1.2.3.01", {}},
8641 {"1.2.3.0x1", {}},
8642
8643 // Random garbage.
8644 {"example.test", {}},
8645 {"", {}},
8646 };
8647 for (const auto &t : kIPTests) {
8648 SCOPED_TRACE(t.inp);
8649 bssl::UniquePtr<ASN1_OCTET_STRING> oct(a2i_IPADDRESS(t.inp));
8650 if (t.out.empty()) {
8651 EXPECT_FALSE(oct);
8652 } else {
8653 ASSERT_TRUE(oct);
8654 EXPECT_EQ(Bytes(t.out), Bytes(ASN1_STRING_get0_data(oct.get()),
8655 ASN1_STRING_length(oct.get())));
8656 }
8657 }
8658 }
8659