[thirdparty/openssl.git] / test / verify_extra_test.c

/*
 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include "testutil.h"

static const char *roots_f;
static const char *untrusted_f;
static const char *bad_f;

static STACK_OF(X509) *load_certs_from_file(const char *filename)
{
    STACK_OF(X509) *certs;
    BIO *bio;
    X509 *x;

    bio = BIO_new_file(filename, "r");

    if (bio == NULL) {
        return NULL;
    }

    certs = sk_X509_new_null();
    if (certs == NULL) {
        BIO_free(bio);
        return NULL;
    }

    ERR_set_mark();
    do {
        x = PEM_read_bio_X509(bio, NULL, 0, NULL);
        if (x != NULL && !sk_X509_push(certs, x)) {
            sk_X509_pop_free(certs, X509_free);
            BIO_free(bio);
            return NULL;
        } else if (x == NULL) {
            /*
             * We probably just ran out of certs, so ignore any errors
             * generated
             */
            ERR_pop_to_mark();
        }
    } while (x != NULL);

    BIO_free(bio);

    return certs;
}

/*
 * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
 *
 * Chain is as follows:
 *
 * rootCA (self-signed)
 *   |
 * interCA
 *   |
 * subinterCA       subinterCA (self-signed)
 *   |                   |
 * leaf ------------------
 *   |
 * bad
 *
 * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
 * leaf and bad have CA=FALSE
 *
 * subinterCA and subinterCA (ss) have the same subject name and keys
 *
 * interCA (but not rootCA) and subinterCA (ss) are in the trusted store
 * (roots.pem)
 * leaf and subinterCA are in the untrusted list (untrusted.pem)
 * bad is the certificate being verified (bad.pem)
 *
 * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
 * CA=FALSE, and will therefore incorrectly verify bad
 *
 */
static int test_alt_chains_cert_forgery(void)
{
    int ret = 0;
    int i;
    X509 *x = NULL;
    STACK_OF(X509) *untrusted = NULL;
    BIO *bio = NULL;
    X509_STORE_CTX *sctx = NULL;
    X509_STORE *store = NULL;
    X509_LOOKUP *lookup = NULL;

    store = X509_STORE_new();
    if (store == NULL)
        goto err;

    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
    if (lookup == NULL)
        goto err;
    if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
        goto err;

    untrusted = load_certs_from_file(untrusted_f);

    if ((bio = BIO_new_file(bad_f, "r")) == NULL)
        goto err;

    if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
        goto err;

    sctx = X509_STORE_CTX_new();
    if (sctx == NULL)
        goto err;

    if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
        goto err;

    i = X509_verify_cert(sctx);

    if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
        /* This is the result we were expecting: Test passed */
        ret = 1;
    }
 err:
    X509_STORE_CTX_free(sctx);
    X509_free(x);
    BIO_free(bio);
    sk_X509_pop_free(untrusted, X509_free);
    X509_STORE_free(store);
    return ret;
}

static int test_store_ctx(void)
{
    X509_STORE_CTX *sctx = NULL;
    X509 *x = NULL;
    BIO *bio = NULL;
    int testresult = 0, ret;

    bio = BIO_new_file(bad_f, "r");
    if (bio == NULL)
        goto err;

    x = PEM_read_bio_X509(bio, NULL, 0, NULL);
    if (x == NULL)
        goto err;

    sctx = X509_STORE_CTX_new();
    if (sctx == NULL)
        goto err;

    if (!X509_STORE_CTX_init(sctx, NULL, x, NULL))
        goto err;

    /* Verifying a cert where we have no trusted certs should fail */
    ret = X509_verify_cert(sctx);

    if (ret == 0) {
        /* This is the result we were expecting: Test passed */
        testresult = 1;
    }

 err:
    X509_STORE_CTX_free(sctx);
    X509_free(x);
    BIO_free(bio);
    return testresult;
}

OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")

#ifndef OPENSSL_NO_SM2
static int test_sm2_id(void)
{
    /* we only need an X509 structure, no matter if it's a real SM2 cert */
    X509 *x = NULL;
    BIO *bio = NULL;
    int ret = 0;
    ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
    char *sm2id = "this is an ID";

    bio = BIO_new_file(bad_f, "r");
    if (bio == NULL)
        goto err;

    x = PEM_read_bio_X509(bio, NULL, 0, NULL);
    if (x == NULL)
        goto err;

    v = ASN1_OCTET_STRING_new();
    if (v == NULL)
        goto err;

    if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) {
        ASN1_OCTET_STRING_free(v);
        goto err;
    }

    X509_set0_sm2_id(x, v);

    v2 = X509_get0_sm2_id(x);
    if (!TEST_ptr(v2)
            || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
        goto err;

    ret = 1;
 err:
    X509_free(x);
    BIO_free(bio);
    return ret;
}
#endif

int setup_tests(void)
{
    if (!TEST_ptr(roots_f = test_get_argument(0))
            || !TEST_ptr(untrusted_f = test_get_argument(1))
            || !TEST_ptr(bad_f = test_get_argument(2)))
        return 0;

    ADD_TEST(test_alt_chains_cert_forgery);
    ADD_TEST(test_store_ctx);
#ifndef OPENSSL_NO_SM2
    ADD_TEST(test_sm2_id);
#endif
    return 1;
}
Commit	Line	Data
593e9c63	1	/*
6ec5fce2	2	* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
593e9c63	3	*
909f1a2e	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
593e9c63 MC	8	*/
	9
	10	#include <stdio.h>
ccf45361	11	#include <string.h>
593e9c63 MC	12	#include <openssl/crypto.h>
	13	#include <openssl/bio.h>
	14	#include <openssl/x509.h>
	15	#include <openssl/pem.h>
	16	#include <openssl/err.h>
4afc6060	17	#include "testutil.h"
593e9c63	18
ad887416 P	19	static const char *roots_f;
	20	static const char *untrusted_f;
	21	static const char *bad_f;
	22
593e9c63 MC	23	static STACK_OF(X509) load_certs_from_file(const char filename)
	24	{
	25	STACK_OF(X509) *certs;
	26	BIO *bio;
	27	X509 *x;
	28
	29	bio = BIO_new_file(filename, "r");
	30
	31	if (bio == NULL) {
	32	return NULL;
	33	}
	34
	35	certs = sk_X509_new_null();
	36	if (certs == NULL) {
	37	BIO_free(bio);
	38	return NULL;
	39	}
	40
	41	ERR_set_mark();
	42	do {
	43	x = PEM_read_bio_X509(bio, NULL, 0, NULL);
	44	if (x != NULL && !sk_X509_push(certs, x)) {
	45	sk_X509_pop_free(certs, X509_free);
	46	BIO_free(bio);
	47	return NULL;
	48	} else if (x == NULL) {
	49	/*
	50	* We probably just ran out of certs, so ignore any errors
	51	* generated
	52	*/
	53	ERR_pop_to_mark();
	54	}
	55	} while (x != NULL);
	56
	57	BIO_free(bio);
	58
	59	return certs;
	60	}
	61
	62	/*
	63	* Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
	64	*
	65	* Chain is as follows:
	66	*
	67	* rootCA (self-signed)
	68	* \|
	69	* interCA
	70	* \|
	71	* subinterCA subinterCA (self-signed)
	72	* \| \|
	73	* leaf ------------------
	74	* \|
	75	* bad
	76	*
	77	* rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
	78	* leaf and bad have CA=FALSE
	79	*
	80	* subinterCA and subinterCA (ss) have the same subject name and keys
	81	*
	82	* interCA (but not rootCA) and subinterCA (ss) are in the trusted store
	83	* (roots.pem)
	84	* leaf and subinterCA are in the untrusted list (untrusted.pem)
	85	* bad is the certificate being verified (bad.pem)
	86	*
87	* Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
88	* CA=FALSE, and will therefore incorrectly verify bad
89	*
90	*/
ad887416	91	static int test_alt_chains_cert_forgery(void)
593e9c63 MC	92	{
	93	int ret = 0;
	94	int i;
	95	X509 *x = NULL;
	96	STACK_OF(X509) *untrusted = NULL;
	97	BIO *bio = NULL;
	98	X509_STORE_CTX *sctx = NULL;
	99	X509_STORE *store = NULL;
	100	X509_LOOKUP *lookup = NULL;
	101
	102	store = X509_STORE_new();
	103	if (store == NULL)
	104	goto err;
	105
	106	lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
	107	if (lookup == NULL)
	108	goto err;
28b86f31	109	if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
593e9c63 MC	110	goto err;
593e9c63 MC	111
e9daa815	112	untrusted = load_certs_from_file(untrusted_f);
593e9c63	113
e9daa815	114	if ((bio = BIO_new_file(bad_f, "r")) == NULL)
593e9c63 MC	115	goto err;
593e9c63 MC	116
28b86f31	117	if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
593e9c63 MC	118	goto err;
	119
	120	sctx = X509_STORE_CTX_new();
	121	if (sctx == NULL)
	122	goto err;
	123
	124	if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
	125	goto err;
	126
	127	i = X509_verify_cert(sctx);
	128
e8aa8b6c	129	if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
593e9c63 MC	130	/* This is the result we were expecting: Test passed */
	131	ret = 1;
	132	}
	133	err:
	134	X509_STORE_CTX_free(sctx);
	135	X509_free(x);
	136	BIO_free(bio);
	137	sk_X509_pop_free(untrusted, X509_free);
	138	X509_STORE_free(store);
593e9c63 MC	139	return ret;
	140	}
	141
7f6dfa19 MC	142	static int test_store_ctx(void)
	143	{
	144	X509_STORE_CTX *sctx = NULL;
	145	X509 *x = NULL;
	146	BIO *bio = NULL;
	147	int testresult = 0, ret;
	148
	149	bio = BIO_new_file(bad_f, "r");
	150	if (bio == NULL)
	151	goto err;
	152
	153	x = PEM_read_bio_X509(bio, NULL, 0, NULL);
	154	if (x == NULL)
	155	goto err;
	156
	157	sctx = X509_STORE_CTX_new();
	158	if (sctx == NULL)
	159	goto err;
	160
	161	if (!X509_STORE_CTX_init(sctx, NULL, x, NULL))
	162	goto err;
	163
	164	/* Verifying a cert where we have no trusted certs should fail */
	165	ret = X509_verify_cert(sctx);
	166
	167	if (ret == 0) {
	168	/* This is the result we were expecting: Test passed */
	169	testresult = 1;
	170	}
	171
	172	err:
	173	X509_STORE_CTX_free(sctx);
	174	X509_free(x);
	175	BIO_free(bio);
	176	return testresult;
	177	}
	178
a43ce58f SL	179	OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
a43ce58f SL	180
ccf45361 PY	181	#ifndef OPENSSL_NO_SM2
	182	static int test_sm2_id(void)
	183	{
	184	/* we only need an X509 structure, no matter if it's a real SM2 cert */
	185	X509 *x = NULL;
	186	BIO *bio = NULL;
	187	int ret = 0;
	188	ASN1_OCTET_STRING v = NULL, v2 = NULL;
	189	char *sm2id = "this is an ID";
	190
	191	bio = BIO_new_file(bad_f, "r");
	192	if (bio == NULL)
	193	goto err;
	194
	195	x = PEM_read_bio_X509(bio, NULL, 0, NULL);
	196	if (x == NULL)
	197	goto err;
	198
	199	v = ASN1_OCTET_STRING_new();
	200	if (v == NULL)
	201	goto err;
	202
	203	if (!ASN1_OCTET_STRING_set(v, (unsigned char *)sm2id, (int)strlen(sm2id))) {
	204	ASN1_OCTET_STRING_free(v);
	205	goto err;
	206	}
	207
	208	X509_set0_sm2_id(x, v);
	209
	210	v2 = X509_get0_sm2_id(x);
	211	if (!TEST_ptr(v2)
	212	\|\| !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
	213	goto err;
	214
	215	ret = 1;
	216	err:
	217	X509_free(x);
	218	BIO_free(bio);
	219	return ret;
	220	}
	221	#endif
	222
ad887416	223	int setup_tests(void)
593e9c63	224	{
ad887416 P	225	if (!TEST_ptr(roots_f = test_get_argument(0))
ad887416 P	226	\|\| !TEST_ptr(untrusted_f = test_get_argument(1))
a43ce58f	227	\|\| !TEST_ptr(bad_f = test_get_argument(2)))
ad887416	228	return 0;
593e9c63	229
ad887416	230	ADD_TEST(test_alt_chains_cert_forgery);
7f6dfa19	231	ADD_TEST(test_store_ctx);
ccf45361 PY	232	#ifndef OPENSSL_NO_SM2
	233	ADD_TEST(test_sm2_id);
	234	#endif
ad887416	235	return 1;
593e9c63	236	}