[thirdparty/openssl.git] / test / verify_extra_test.c

/*
 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include "testutil.h"

static const char *roots_f;
static const char *untrusted_f;
static const char *bad_f;
static const char *req_f;

static STACK_OF(X509) *load_certs_from_file(const char *filename)
{
    STACK_OF(X509) *certs;
    BIO *bio;
    X509 *x;

    bio = BIO_new_file(filename, "r");

    if (bio == NULL) {
        return NULL;
    }

    certs = sk_X509_new_null();
    if (certs == NULL) {
        BIO_free(bio);
        return NULL;
    }

    ERR_set_mark();
    do {
        x = PEM_read_bio_X509(bio, NULL, 0, NULL);
        if (x != NULL && !sk_X509_push(certs, x)) {
            sk_X509_pop_free(certs, X509_free);
            BIO_free(bio);
            return NULL;
        } else if (x == NULL) {
            /*
             * We probably just ran out of certs, so ignore any errors
             * generated
             */
            ERR_pop_to_mark();
        }
    } while (x != NULL);

    BIO_free(bio);

    return certs;
}

/*
 * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
 *
 * Chain is as follows:
 *
 * rootCA (self-signed)
 *   |
 * interCA
 *   |
 * subinterCA       subinterCA (self-signed)
 *   |                   |
 * leaf ------------------
 *   |
 * bad
 *
 * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
 * leaf and bad have CA=FALSE
 *
 * subinterCA and subinterCA (ss) have the same subject name and keys
 *
 * interCA (but not rootCA) and subinterCA (ss) are in the trusted store
 * (roots.pem)
 * leaf and subinterCA are in the untrusted list (untrusted.pem)
 * bad is the certificate being verified (bad.pem)
 *
 * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
 * CA=FALSE, and will therefore incorrectly verify bad
 *
 */
static int test_alt_chains_cert_forgery(void)
{
    int ret = 0;
    int i;
    X509 *x = NULL;
    STACK_OF(X509) *untrusted = NULL;
    BIO *bio = NULL;
    X509_STORE_CTX *sctx = NULL;
    X509_STORE *store = NULL;
    X509_LOOKUP *lookup = NULL;

    store = X509_STORE_new();
    if (store == NULL)
        goto err;

    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
    if (lookup == NULL)
        goto err;
    if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
        goto err;

    untrusted = load_certs_from_file(untrusted_f);

    if ((bio = BIO_new_file(bad_f, "r")) == NULL)
        goto err;

    if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
        goto err;

    sctx = X509_STORE_CTX_new();
    if (sctx == NULL)
        goto err;

    if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
        goto err;

    i = X509_verify_cert(sctx);

    if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
        /* This is the result we were expecting: Test passed */
        ret = 1;
    }
 err:
    X509_STORE_CTX_free(sctx);
    X509_free(x);
    BIO_free(bio);
    sk_X509_pop_free(untrusted, X509_free);
    X509_STORE_free(store);
    return ret;
}

static int test_store_ctx(void)
{
    X509_STORE_CTX *sctx = NULL;
    X509 *x = NULL;
    BIO *bio = NULL;
    int testresult = 0, ret;

    bio = BIO_new_file(bad_f, "r");
    if (bio == NULL)
        goto err;

    x = PEM_read_bio_X509(bio, NULL, 0, NULL);
    if (x == NULL)
        goto err;

    sctx = X509_STORE_CTX_new();
    if (sctx == NULL)
        goto err;

    if (!X509_STORE_CTX_init(sctx, NULL, x, NULL))
        goto err;

    /* Verifying a cert where we have no trusted certs should fail */
    ret = X509_verify_cert(sctx);

    if (ret == 0) {
        /* This is the result we were expecting: Test passed */
        testresult = 1;
    }

 err:
    X509_STORE_CTX_free(sctx);
    X509_free(x);
    BIO_free(bio);
    return testresult;
}

OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")

static int test_distinguishing_id(void)
{
    X509 *x = NULL;
    BIO *bio = NULL;
    int ret = 0;
    ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
    char *distid = "this is an ID";

    bio = BIO_new_file(bad_f, "r");
    if (bio == NULL)
        goto err;

    x = PEM_read_bio_X509(bio, NULL, 0, NULL);
    if (x == NULL)
        goto err;

    v = ASN1_OCTET_STRING_new();
    if (v == NULL)
        goto err;

    if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
                               (int)strlen(distid))) {
        ASN1_OCTET_STRING_free(v);
        goto err;
    }

    X509_set0_distinguishing_id(x, v);

    v2 = X509_get0_distinguishing_id(x);
    if (!TEST_ptr(v2)
            || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
        goto err;

    ret = 1;
 err:
    X509_free(x);
    BIO_free(bio);
    return ret;
}

static int test_req_distinguishing_id(void)
{
    X509_REQ *x = NULL;
    BIO *bio = NULL;
    int ret = 0;
    ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
    char *distid = "this is an ID";

    bio = BIO_new_file(req_f, "r");
    if (bio == NULL)
        goto err;

    x = PEM_read_bio_X509_REQ(bio, NULL, 0, NULL);
    if (x == NULL)
        goto err;

    v = ASN1_OCTET_STRING_new();
    if (v == NULL)
        goto err;

    if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
                               (int)strlen(distid))) {
        ASN1_OCTET_STRING_free(v);
        goto err;
    }

    X509_REQ_set0_distinguishing_id(x, v);

    v2 = X509_REQ_get0_distinguishing_id(x);
    if (!TEST_ptr(v2)
            || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
        goto err;

    ret = 1;
 err:
    X509_REQ_free(x);
    BIO_free(bio);
    return ret;
}

int setup_tests(void)
{
    if (!test_skip_common_options()) {
        TEST_error("Error parsing test options\n");
        return 0;
    }

    if (!TEST_ptr(roots_f = test_get_argument(0))
            || !TEST_ptr(untrusted_f = test_get_argument(1))
            || !TEST_ptr(bad_f = test_get_argument(2))
            || !TEST_ptr(req_f = test_get_argument(3)))
        return 0;

    ADD_TEST(test_alt_chains_cert_forgery);
    ADD_TEST(test_store_ctx);
    ADD_TEST(test_distinguishing_id);
    ADD_TEST(test_req_distinguishing_id);
    return 1;
}
Commit	Line	Data
593e9c63	1	/*
6ec5fce2	2	* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
593e9c63	3	*
909f1a2e	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
593e9c63 MC	8	*/
	9
	10	#include <stdio.h>
ccf45361	11	#include <string.h>
593e9c63 MC	12	#include <openssl/crypto.h>
	13	#include <openssl/bio.h>
	14	#include <openssl/x509.h>
	15	#include <openssl/pem.h>
	16	#include <openssl/err.h>
4afc6060	17	#include "testutil.h"
593e9c63	18
ad887416 P	19	static const char *roots_f;
	20	static const char *untrusted_f;
	21	static const char *bad_f;
bc42bd62	22	static const char *req_f;
ad887416	23
593e9c63 MC	24	static STACK_OF(X509) load_certs_from_file(const char filename)
	25	{
	26	STACK_OF(X509) *certs;
	27	BIO *bio;
	28	X509 *x;
	29
	30	bio = BIO_new_file(filename, "r");
	31
	32	if (bio == NULL) {
	33	return NULL;
	34	}
	35
	36	certs = sk_X509_new_null();
	37	if (certs == NULL) {
	38	BIO_free(bio);
	39	return NULL;
	40	}
	41
	42	ERR_set_mark();
	43	do {
	44	x = PEM_read_bio_X509(bio, NULL, 0, NULL);
	45	if (x != NULL && !sk_X509_push(certs, x)) {
	46	sk_X509_pop_free(certs, X509_free);
	47	BIO_free(bio);
	48	return NULL;
	49	} else if (x == NULL) {
	50	/*
	51	* We probably just ran out of certs, so ignore any errors
	52	* generated
	53	*/
	54	ERR_pop_to_mark();
	55	}
	56	} while (x != NULL);
	57
	58	BIO_free(bio);
	59
	60	return certs;
	61	}
	62
	63	/*
	64	* Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
	65	*
	66	* Chain is as follows:
	67	*
	68	* rootCA (self-signed)
	69	* \|
	70	* interCA
	71	* \|
	72	* subinterCA subinterCA (self-signed)
	73	* \| \|
	74	* leaf ------------------
	75	* \|
	76	* bad
	77	*
	78	* rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
	79	* leaf and bad have CA=FALSE
	80	*
	81	* subinterCA and subinterCA (ss) have the same subject name and keys
	82	*
	83	* interCA (but not rootCA) and subinterCA (ss) are in the trusted store
	84	* (roots.pem)
	85	* leaf and subinterCA are in the untrusted list (untrusted.pem)
	86	* bad is the certificate being verified (bad.pem)
	87	*
88	* Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
89	* CA=FALSE, and will therefore incorrectly verify bad
90	*
91	*/
ad887416	92	static int test_alt_chains_cert_forgery(void)
593e9c63 MC	93	{
	94	int ret = 0;
	95	int i;
	96	X509 *x = NULL;
	97	STACK_OF(X509) *untrusted = NULL;
	98	BIO *bio = NULL;
	99	X509_STORE_CTX *sctx = NULL;
	100	X509_STORE *store = NULL;
	101	X509_LOOKUP *lookup = NULL;
	102
	103	store = X509_STORE_new();
	104	if (store == NULL)
	105	goto err;
	106
	107	lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
	108	if (lookup == NULL)
	109	goto err;
28b86f31	110	if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
593e9c63 MC	111	goto err;
593e9c63 MC	112
e9daa815	113	untrusted = load_certs_from_file(untrusted_f);
593e9c63	114
e9daa815	115	if ((bio = BIO_new_file(bad_f, "r")) == NULL)
593e9c63 MC	116	goto err;
593e9c63 MC	117
28b86f31	118	if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
593e9c63 MC	119	goto err;
	120
	121	sctx = X509_STORE_CTX_new();
	122	if (sctx == NULL)
	123	goto err;
	124
	125	if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
	126	goto err;
	127
	128	i = X509_verify_cert(sctx);
	129
e8aa8b6c	130	if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
593e9c63 MC	131	/* This is the result we were expecting: Test passed */
	132	ret = 1;
	133	}
	134	err:
	135	X509_STORE_CTX_free(sctx);
	136	X509_free(x);
	137	BIO_free(bio);
	138	sk_X509_pop_free(untrusted, X509_free);
	139	X509_STORE_free(store);
593e9c63 MC	140	return ret;
	141	}
	142
7f6dfa19 MC	143	static int test_store_ctx(void)
	144	{
	145	X509_STORE_CTX *sctx = NULL;
	146	X509 *x = NULL;
	147	BIO *bio = NULL;
	148	int testresult = 0, ret;
	149
	150	bio = BIO_new_file(bad_f, "r");
	151	if (bio == NULL)
	152	goto err;
	153
	154	x = PEM_read_bio_X509(bio, NULL, 0, NULL);
	155	if (x == NULL)
	156	goto err;
	157
	158	sctx = X509_STORE_CTX_new();
	159	if (sctx == NULL)
	160	goto err;
	161
	162	if (!X509_STORE_CTX_init(sctx, NULL, x, NULL))
	163	goto err;
	164
	165	/* Verifying a cert where we have no trusted certs should fail */
	166	ret = X509_verify_cert(sctx);
	167
	168	if (ret == 0) {
	169	/* This is the result we were expecting: Test passed */
	170	testresult = 1;
	171	}
	172
	173	err:
	174	X509_STORE_CTX_free(sctx);
	175	X509_free(x);
	176	BIO_free(bio);
	177	return testresult;
	178	}
	179
a43ce58f SL	180	OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
a43ce58f SL	181
fda127be	182	static int test_distinguishing_id(void)
ccf45361	183	{
ccf45361 PY	184	X509 *x = NULL;
	185	BIO *bio = NULL;
	186	int ret = 0;
	187	ASN1_OCTET_STRING v = NULL, v2 = NULL;
fda127be	188	char *distid = "this is an ID";
ccf45361 PY	189
	190	bio = BIO_new_file(bad_f, "r");
	191	if (bio == NULL)
	192	goto err;
	193
	194	x = PEM_read_bio_X509(bio, NULL, 0, NULL);
	195	if (x == NULL)
	196	goto err;
	197
	198	v = ASN1_OCTET_STRING_new();
	199	if (v == NULL)
	200	goto err;
	201
fda127be RL	202	if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
fda127be RL	203	(int)strlen(distid))) {
ccf45361 PY	204	ASN1_OCTET_STRING_free(v);
	205	goto err;
	206	}
	207
fda127be	208	X509_set0_distinguishing_id(x, v);
ccf45361	209
fda127be	210	v2 = X509_get0_distinguishing_id(x);
ccf45361 PY	211	if (!TEST_ptr(v2)
	212	\|\| !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
	213	goto err;
	214
	215	ret = 1;
	216	err:
	217	X509_free(x);
	218	BIO_free(bio);
	219	return ret;
	220	}
bc42bd62	221
fda127be	222	static int test_req_distinguishing_id(void)
bc42bd62	223	{
bc42bd62 PY	224	X509_REQ *x = NULL;
	225	BIO *bio = NULL;
	226	int ret = 0;
	227	ASN1_OCTET_STRING v = NULL, v2 = NULL;
fda127be	228	char *distid = "this is an ID";
bc42bd62 PY	229
	230	bio = BIO_new_file(req_f, "r");
	231	if (bio == NULL)
	232	goto err;
	233
	234	x = PEM_read_bio_X509_REQ(bio, NULL, 0, NULL);
	235	if (x == NULL)
	236	goto err;
	237
	238	v = ASN1_OCTET_STRING_new();
	239	if (v == NULL)
	240	goto err;
	241
fda127be RL	242	if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
fda127be RL	243	(int)strlen(distid))) {
bc42bd62 PY	244	ASN1_OCTET_STRING_free(v);
	245	goto err;
	246	}
	247
fda127be	248	X509_REQ_set0_distinguishing_id(x, v);
bc42bd62	249
fda127be	250	v2 = X509_REQ_get0_distinguishing_id(x);
bc42bd62 PY	251	if (!TEST_ptr(v2)
	252	\|\| !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
	253	goto err;
	254
	255	ret = 1;
	256	err:
	257	X509_REQ_free(x);
	258	BIO_free(bio);
	259	return ret;
	260	}
ccf45361	261
ad887416	262	int setup_tests(void)
593e9c63	263	{
8d242823 MC	264	if (!test_skip_common_options()) {
	265	TEST_error("Error parsing test options\n");
	266	return 0;
	267	}
	268
ad887416 P	269	if (!TEST_ptr(roots_f = test_get_argument(0))
ad887416 P	270	\|\| !TEST_ptr(untrusted_f = test_get_argument(1))
bc42bd62 PY	271	\|\| !TEST_ptr(bad_f = test_get_argument(2))
bc42bd62 PY	272	\|\| !TEST_ptr(req_f = test_get_argument(3)))
ad887416	273	return 0;
593e9c63	274
ad887416	275	ADD_TEST(test_alt_chains_cert_forgery);
7f6dfa19	276	ADD_TEST(test_store_ctx);
fda127be RL	277	ADD_TEST(test_distinguishing_id);
fda127be RL	278	ADD_TEST(test_req_distinguishing_id);
ad887416	279	return 1;
593e9c63	280	}