[thirdparty/openssl.git] / test / verify_extra_test.c

/*
 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include "testutil.h"

static STACK_OF(X509) *load_certs_from_file(const char *filename)
{
    STACK_OF(X509) *certs;
    BIO *bio;
    X509 *x;

    bio = BIO_new_file(filename, "r");

    if (bio == NULL) {
        return NULL;
    }

    certs = sk_X509_new_null();
    if (certs == NULL) {
        BIO_free(bio);
        return NULL;
    }

    ERR_set_mark();
    do {
        x = PEM_read_bio_X509(bio, NULL, 0, NULL);
        if (x != NULL && !sk_X509_push(certs, x)) {
            sk_X509_pop_free(certs, X509_free);
            BIO_free(bio);
            return NULL;
        } else if (x == NULL) {
            /*
             * We probably just ran out of certs, so ignore any errors
             * generated
             */
            ERR_pop_to_mark();
        }
    } while (x != NULL);

    BIO_free(bio);

    return certs;
}

/*
 * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
 *
 * Chain is as follows:
 *
 * rootCA (self-signed)
 *   |
 * interCA
 *   |
 * subinterCA       subinterCA (self-signed)
 *   |                   |
 * leaf ------------------
 *   |
 * bad
 *
 * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
 * leaf and bad have CA=FALSE
 *
 * subinterCA and subinterCA (ss) have the same subject name and keys
 *
 * interCA (but not rootCA) and subinterCA (ss) are in the trusted store
 * (roots.pem)
 * leaf and subinterCA are in the untrusted list (untrusted.pem)
 * bad is the certificate being verified (bad.pem)
 *
 * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
 * CA=FALSE, and will therefore incorrectly verify bad
 *
 */
static int test_alt_chains_cert_forgery(const char *roots_f,
                                        const char *untrusted_f,
                                        const char *bad_f)
{
    int ret = 0;
    int i;
    X509 *x = NULL;
    STACK_OF(X509) *untrusted = NULL;
    BIO *bio = NULL;
    X509_STORE_CTX *sctx = NULL;
    X509_STORE *store = NULL;
    X509_LOOKUP *lookup = NULL;

    store = X509_STORE_new();
    if (store == NULL)
        goto err;

    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
    if (lookup == NULL)
        goto err;
    if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
        goto err;

    untrusted = load_certs_from_file(untrusted_f);

    if ((bio = BIO_new_file(bad_f, "r")) == NULL)
        goto err;

    if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
        goto err;

    sctx = X509_STORE_CTX_new();
    if (sctx == NULL)
        goto err;

    if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
        goto err;

    i = X509_verify_cert(sctx);

    if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
        /* This is the result we were expecting: Test passed */
        ret = 1;
    }
 err:
    X509_STORE_CTX_free(sctx);
    X509_free(x);
    BIO_free(bio);
    sk_X509_pop_free(untrusted, X509_free);
    X509_STORE_free(store);
    return ret;
}

int test_main(int argc, char **argv)
{
    if (argc != 4) {
        TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
        return EXIT_FAILURE;
    }

    if (!TEST_true(test_alt_chains_cert_forgery(argv[1], argv[2], argv[3])))
        return EXIT_FAILURE;
    return EXIT_SUCCESS;
}
Commit	Line	Data
593e9c63	1	/*
440e5d80	2	* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
593e9c63	3	*
440e5d80 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
593e9c63 MC	8	*/
	9
	10	#include <stdio.h>
	11	#include <openssl/crypto.h>
	12	#include <openssl/bio.h>
	13	#include <openssl/x509.h>
	14	#include <openssl/pem.h>
	15	#include <openssl/err.h>
4afc6060	16	#include "testutil.h"
593e9c63 MC	17
	18	static STACK_OF(X509) load_certs_from_file(const char filename)
	19	{
	20	STACK_OF(X509) *certs;
	21	BIO *bio;
	22	X509 *x;
	23
	24	bio = BIO_new_file(filename, "r");
	25
	26	if (bio == NULL) {
	27	return NULL;
	28	}
	29
	30	certs = sk_X509_new_null();
	31	if (certs == NULL) {
	32	BIO_free(bio);
	33	return NULL;
	34	}
	35
	36	ERR_set_mark();
	37	do {
	38	x = PEM_read_bio_X509(bio, NULL, 0, NULL);
	39	if (x != NULL && !sk_X509_push(certs, x)) {
	40	sk_X509_pop_free(certs, X509_free);
	41	BIO_free(bio);
	42	return NULL;
	43	} else if (x == NULL) {
	44	/*
	45	* We probably just ran out of certs, so ignore any errors
	46	* generated
	47	*/
	48	ERR_pop_to_mark();
	49	}
	50	} while (x != NULL);
	51
	52	BIO_free(bio);
	53
	54	return certs;
	55	}
	56
	57	/*
	58	* Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
	59	*
	60	* Chain is as follows:
	61	*
	62	* rootCA (self-signed)
	63	* \|
	64	* interCA
	65	* \|
	66	* subinterCA subinterCA (self-signed)
	67	* \| \|
	68	* leaf ------------------
	69	* \|
	70	* bad
	71	*
	72	* rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
	73	* leaf and bad have CA=FALSE
	74	*
	75	* subinterCA and subinterCA (ss) have the same subject name and keys
	76	*
	77	* interCA (but not rootCA) and subinterCA (ss) are in the trusted store
	78	* (roots.pem)
	79	* leaf and subinterCA are in the untrusted list (untrusted.pem)
	80	* bad is the certificate being verified (bad.pem)
81	*
82	* Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
83	* CA=FALSE, and will therefore incorrectly verify bad
84	*
85	*/
e9daa815 RL	86	static int test_alt_chains_cert_forgery(const char *roots_f,
	87	const char *untrusted_f,
	88	const char *bad_f)
593e9c63 MC	89	{
	90	int ret = 0;
	91	int i;
	92	X509 *x = NULL;
	93	STACK_OF(X509) *untrusted = NULL;
	94	BIO *bio = NULL;
	95	X509_STORE_CTX *sctx = NULL;
	96	X509_STORE *store = NULL;
	97	X509_LOOKUP *lookup = NULL;
	98
	99	store = X509_STORE_new();
	100	if (store == NULL)
	101	goto err;
	102
	103	lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
	104	if (lookup == NULL)
	105	goto err;
28b86f31	106	if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
593e9c63 MC	107	goto err;
593e9c63 MC	108
e9daa815	109	untrusted = load_certs_from_file(untrusted_f);
593e9c63	110
e9daa815	111	if ((bio = BIO_new_file(bad_f, "r")) == NULL)
593e9c63 MC	112	goto err;
593e9c63 MC	113
28b86f31	114	if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
593e9c63 MC	115	goto err;
	116
	117	sctx = X509_STORE_CTX_new();
	118	if (sctx == NULL)
	119	goto err;
	120
	121	if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
	122	goto err;
	123
	124	i = X509_verify_cert(sctx);
	125
e8aa8b6c	126	if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
593e9c63 MC	127	/* This is the result we were expecting: Test passed */
	128	ret = 1;
	129	}
	130	err:
	131	X509_STORE_CTX_free(sctx);
	132	X509_free(x);
	133	BIO_free(bio);
	134	sk_X509_pop_free(untrusted, X509_free);
	135	X509_STORE_free(store);
593e9c63 MC	136	return ret;
	137	}
	138
4afc6060	139	int test_main(int argc, char **argv)
593e9c63	140	{
e9daa815	141	if (argc != 4) {
4afc6060 RS	142	TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
4afc6060 RS	143	return EXIT_FAILURE;
593e9c63 MC	144	}
593e9c63 MC	145
4afc6060 RS	146	if (!TEST_true(test_alt_chains_cert_forgery(argv[1], argv[2], argv[3])))
	147	return EXIT_FAILURE;
	148	return EXIT_SUCCESS;
593e9c63	149	}