1 /* Copyright (c) 2016, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <algorithm>
16 #include <functional>
17 #include <string>
18 #include <vector>
19
20 #include <gtest/gtest.h>
21
22 #include <openssl/bio.h>
23 #include <openssl/bytestring.h>
24 #include <openssl/crypto.h>
25 #include <openssl/curve25519.h>
26 #include <openssl/digest.h>
27 #include <openssl/err.h>
28 #include <openssl/pem.h>
29 #include <openssl/pool.h>
30 #include <openssl/x509.h>
31 #include <openssl/x509v3.h>
32
33 #include "../internal.h"
34 #include "../test/test_util.h"
35 #include "../x509v3/internal.h"
36
37
38 std::string GetTestData(const char *path);
39
40 static const char kCrossSigningRootPEM[] = R"(
41 -----BEGIN CERTIFICATE-----
42 MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
43 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
44 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE
45 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
46 dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp
47 ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5
48 EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP
49 RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud
50 JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud
51 DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF
52 lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC
53 CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr
54 +3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3
55 YFXvkME=
56 -----END CERTIFICATE-----
57 )";
58
59 static const char kRootCAPEM[] = R"(
60 -----BEGIN CERTIFICATE-----
61 MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE
62 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx
63 MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU
64 RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
65 iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM
66 2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ
67 w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO
68 BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G
69 A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j
70 BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za
71 kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN
72 +9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2
73 kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ==
74 -----END CERTIFICATE-----
75 )";
76
77 static const char kRootCrossSignedPEM[] = R"(
78 -----BEGIN CERTIFICATE-----
79 MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
80 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
81 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE
82 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI
83 hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU
84 8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE
85 bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb
86 SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD
87 AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc
88 flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB
89 CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q
90 9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU
91 90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV
92 -----END CERTIFICATE-----
93 )";
94
95 static const char kIntermediatePEM[] = R"(
96 -----BEGIN CERTIFICATE-----
97 MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV
98 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw
99 MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg
100 VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB
101 AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl
102 blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu
103 CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID
104 AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
105 AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy
106 BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB
107 gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY
108 ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB
109 aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg==
110 -----END CERTIFICATE-----
111 )";
112
113 static const char kIntermediateSelfSignedPEM[] = R"(
114 -----BEGIN CERTIFICATE-----
115 MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
116 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
117 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv
118 cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ
119 KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX
120 jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS
121 JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N
122 WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF
123 BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2
124 211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
125 DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT
126 6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI
127 E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH
128 -----END CERTIFICATE-----
129 )";
130
131 static const char kLeafPEM[] = R"(
132 -----BEGIN CERTIFICATE-----
133 MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE
134 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg
135 Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y
136 aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3
137 DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c
138 oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j
139 5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh
140 TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
141 CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0
142 4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB
143 gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y
144 rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU
145 xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg==
146 -----END CERTIFICATE-----
147 )";
148
149 static const char kLeafNoKeyUsagePEM[] = R"(
150 -----BEGIN CERTIFICATE-----
151 MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
152 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
153 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv
154 cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G
155 CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp
156 ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk
157 j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ
158 YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1
159 27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN
160 AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe
161 6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D
162 uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk=
163 -----END CERTIFICATE-----
164 )";
165
166 static const char kForgeryPEM[] = R"(
167 -----BEGIN CERTIFICATE-----
168 MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE
169 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w
170 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv
171 cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf
172 MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy
173 xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm
174 0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3
175 OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
176 KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM
177 8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG
178 9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf
179 DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4
180 4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg==
181 -----END CERTIFICATE-----
182 )";
183
184 // kExamplePSSCert is an example RSA-PSS self-signed certificate, signed with
185 // the default hash functions.
186 static const char kExamplePSSCert[] = R"(
187 -----BEGIN CERTIFICATE-----
188 MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL
189 MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy
190 bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5
191 NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK
192 DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
193 MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8
194 0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3
195 13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO
196 MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ
197 QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC
198 AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w
199 xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN
200 Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY=
201 -----END CERTIFICATE-----
202 )";
203
204 // kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters.
205 static const char kBadPSSCertPEM[] = R"(
206 -----BEGIN CERTIFICATE-----
207 MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
208 AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
209 VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
210 NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
211 ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
212 qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
213 IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
214 IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
215 dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
216 QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
217 5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
218 4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
219 Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
220 BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
221 xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
222 plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
223 DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
224 NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
225 lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
226 -----END CERTIFICATE-----
227 )";
228
229 static const char kRSAKey[] = R"(
230 -----BEGIN RSA PRIVATE KEY-----
231 MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92
232 kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF
233 KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB
234 AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe
235 i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+
236 WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ
237 m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj
238 QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk
239 aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj
240 LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk
241 104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/
242 tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd
243 moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==
244 -----END RSA PRIVATE KEY-----
245 )";
246
247 static const char kP256Key[] = R"(
248 -----BEGIN PRIVATE KEY-----
249 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ
250 TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N
251 Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB
252 -----END PRIVATE KEY-----
253 )";
254
255 // kCRLTestRoot is a test root certificate. It has private key:
256 //
257 // -----BEGIN RSA PRIVATE KEY-----
258 // MIIEpAIBAAKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3BS/dUBpbrzd1aeFzN
259 // lI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+5R/Du0iCb1tCZIPY
260 // 07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWpuRqO6rctN9qUoMlT
261 // IAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n8H922qmvPNA9idmX
262 // 9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbLP2o9orxGx7aCtnnB
263 // ZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABAoIBAQCJF9MTHfHGkk+/
264 // DwCXlA0Wg0e6hBuHl10iNobYkMWIl/xXjOknhYiqOqb181py76472SVC5ERprC+r
265 // Lf0PXzqKuA117mnkwT2bYLCL9Skf8WEhoFLQNbVlloF6wYjqXcYgKYKh8HgQbZl4
266 // aLg2YQl2NADTNABsUWj/4H2WEelsODVviqfFs725lFg9KHDI8zxAZXLzDt/M9uVL
267 // GxJiX12tr0AwaeAFZ1oPM/y+LznM3N3+Ht3jHHw3jZ/u8Z1RdAmdpu3bZ6tbwGBr
268 // 9edsH5rKkm9aBvMrY7eX5VHqaqyRNFyG152ZOJh4XiiFG7EmgTPCpaHo50Y018Re
269 // grVtk+FBAoGBANY3lY+V8ZOwMxSHes+kTnoimHO5Ob7nxrOC71i27x+4HHsYUeAr
270 // /zOOghiDIn+oNkuiX5CIOWZKx159Bp65CPpCbTb/fh+HYnSgXFgCw7XptycO7LXM
271 // 5GwR5jSfpfzBFdYxjxoUzDMFBwTEYRTm0HkUHkH+s+ajjw5wqqbcGLcfAoGBAMM8
272 // DKW6Tb66xsf708f0jonAjKYTLZ+WOcwsBEWSFHoY8dUjvW5gqx5acHTEsc5ZTeh4
273 // BCFLa+Mn9cuJWVJNs09k7Xb2PNl92HQ4GN2vbdkJhExbkT6oLDHg1hVD0w8KLfz1
274 // lTAW6pS+6CdOHMEJpvqx89EgU/1GgIQ1fXYczE75AoGAKeJoXdDFkUjsU+FBhAPu
275 // TDcjc80Nm2QaF9NMFR5/lsYa236f06MGnQAKM9zADBHJu/Qdl1brUjLg1HrBppsr
276 // RDNkw1IlSOjhuUf5hkPUHGd8Jijm440SRIcjabqla8wdBupdvo2+d2NOQgJbsQiI
277 // ToQ+fkzcxAXK3Nnuo/1436UCgYBjLH7UNOZHS8OsVM0I1r8NVKVdu4JCfeJQR8/H
278 // s2P5ffBir+wLRMnH+nMDreMQiibcPxMCArkERAlE4jlgaJ38Z62E76KLbLTmnJRt
279 // EC9Bv+bXjvAiHvWMRMUbOj/ddPNVez7Uld+FvdBaHwDWQlvzHzBWfBCOKSEhh7Z6
280 // qDhUqQKBgQDPMDx2i5rfmQp3imV9xUcCkIRsyYQVf8Eo7NV07IdUy/otmksgn4Zt
281 // Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM
282 // vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ==
283 // -----END RSA PRIVATE KEY-----
284 static const char kCRLTestRoot[] = R"(
285 -----BEGIN CERTIFICATE-----
286 MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV
287 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
288 aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0
289 MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
290 A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq
291 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B
292 S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+
293 5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp
294 uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n
295 8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL
296 P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw
297 TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3
298 N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
299 AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz
300 EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN
301 XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B
302 3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5
303 24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw
304 amd8GKMZQvP0ufGnUn7D7uartA==
305 -----END CERTIFICATE-----
306 )";
307
308 static const char kCRLTestLeaf[] = R"(
309 -----BEGIN CERTIFICATE-----
310 MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx
311 EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ
312 BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa
313 MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC
314 b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA
315 A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9
316 8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP
317 ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx
318 e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX
319 +saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu
320 OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC
321 MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
322 MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3
323 lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw
324 XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ
325 ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh
326 lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql
327 ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC
328 5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG
329 tjJMFw==
330 -----END CERTIFICATE-----
331 )";
332
333 static const char kBasicCRL[] = R"(
334 -----BEGIN X509 CRL-----
335 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
336 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
337 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
338 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
339 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
340 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
341 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
342 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
343 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
344 -----END X509 CRL-----
345 )";
346
347 static const char kRevokedCRL[] = R"(
348 -----BEGIN X509 CRL-----
349 MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
350 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
351 Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX
352 DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB
353 AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d
354 sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH
355 NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5
356 OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp
357 Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO
358 xzfKY2TzxLiOmctG0hXFkH5J
359 -----END X509 CRL-----
360 )";
361
362 static const char kBadIssuerCRL[] = R"(
363 -----BEGIN X509 CRL-----
364 MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE
365 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN
366 Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC
367 AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF
368 AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP
369 t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB
370 cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL
371 TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q
372 L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g
373 Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==
374 -----END X509 CRL-----
375 )";
376
377 // kKnownCriticalCRL is kBasicCRL but with a critical issuing distribution point
378 // extension.
379 static const char kKnownCriticalCRL[] = R"(
380 -----BEGIN X509 CRL-----
381 MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
382 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
383 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV
384 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq
385 3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs
386 kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs
387 fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN
388 xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h
389 6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP
390 9dMWxqhQlv23osLp
391 -----END X509 CRL-----
392 )";
393
394 // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
395 static const char kUnknownCriticalCRL[] = R"(
396 -----BEGIN X509 CRL-----
397 MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
398 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
399 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV
400 HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA
401 GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib
402 Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC
403 yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ
404 +wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC
405 nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB
406 kwzzU2rL3G65CrZ7H0SZsQ==
407 -----END X509 CRL-----
408 )";
409
410 // kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
411 // point extension followed by an unknown critical extension
412 static const char kUnknownCriticalCRL2[] = R"(
413 -----BEGIN X509 CRL-----
414 MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
415 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
416 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV
417 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G
418 CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO
419 myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq
420 5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4
421 tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN
422 KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne
423 YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi
424 -----END X509 CRL-----
425 )";
426
427 // kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing
428 // distribution point extension.
429 static const char kBadExtensionCRL[] = R"(
430 -----BEGIN X509 CRL-----
431 MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
432 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
433 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV
434 HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3
435 i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q
436 mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ
437 NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A
438 3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+
439 7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp
440 o/1TpfOMSGhMyMoyPrk=
441 -----END X509 CRL-----
442 )";
443
444 // kEd25519Cert is a self-signed Ed25519 certificate.
445 static const char kEd25519Cert[] = R"(
446 -----BEGIN CERTIFICATE-----
447 MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET
448 MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
449 dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE
450 BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
451 ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj
452 Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD
453 VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr
454 ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL
455 r+VHVKUhsrvcdCelnXRrrSD7xWAL
456 -----END CERTIFICATE-----
457 )";
458
459 // kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in
460 // the signature algorithm.
461 static const char kEd25519CertNull[] = R"(
462 -----BEGIN CERTIFICATE-----
463 MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV
464 MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
465 IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD
466 VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg
467 V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa
468 piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf
469 BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG
470 AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr
471 recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw==
472 -----END CERTIFICATE-----
473 )";
474
475 // kX25519 is the example X25519 certificate from
476 // https://tools.ietf.org/html/rfc8410#section-10.2
477 static const char kX25519Cert[] = R"(
478 -----BEGIN CERTIFICATE-----
479 MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
480 N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
481 DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
482 ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
483 BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
484 /BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
485 w1AH9efZBw==
486 -----END CERTIFICATE-----
487 )";
488
489 // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
490 // contains SANS for example.com, test@example.com, 127.0.0.1, and
491 // https://example.com/. (The latter is useless for now since crypto/x509
492 // doesn't deal with URI SANs directly.)
493 static const char kSANTypesLeaf[] = R"(
494 -----BEGIN CERTIFICATE-----
495 MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV
496 BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw
497 MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx
498 FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
499 gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9
500 KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc
501 O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G
502 A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
503 VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS
504 gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0
505 QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG
506 9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf
507 dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk
508 jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw==
509 -----END CERTIFICATE-----
510 )";
511
512 // -----BEGIN RSA PRIVATE KEY-----
513 // MIICWwIBAAKBgQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+
514 // l3mYQPtPbRT9KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB
515 // 1NkrKyQjd1scO711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQAB
516 // AoGACwf7z0i1DxOI2zSwFimLghfyCSp8mgT3fbZ3Wj0SebYu6ZUffjceneM/AVrq
517 // gGYHYLOVHcWJqfkl7X3hPo9SDhzLx0mM545/q21ZWCwjhswH7WiCEqV2/zeDO9WU
518 // NIO1VU0VoLm0AQ7ZvwnyB+fpgF9kkkDtbBJW7XWrfNVtlnECQQD97YENpEJ3X1kj
519 // 3rrkrHWDkKAyoWWY1i8Fm7LnganC9Bv6AVwgn5ZlE/479aWHF8vbOFEA3pFPiNZJ
520 // t9FTCfpJAkEA3RCXjGI0Y6GALFLwEs+nL/XZAfJaIpJEZVLCVosYQOSaMS4SchfC
521 // GGYVquT7ZgKk9uvz89Fg87OtBMWS9lrkHwJADGkGLKeBhBoJ3kHtem2fVK3F1pOi
522 // xoR5SdnhNYVVyaxqjZ5xZTrHe+stOrr3uxGDqhQniVZXXb6/Ul0Egv1y2QJAVg/h
523 // kAujba4wIhFf2VLyOZ+yjil1ocPj0LZ5Zgvcs1bMGJ1hHP3W2HzVrqRaowoggui1
524 // HpTC891dXGA2qKYV7QJAFDmT2A7OVvh3y4AEgzVwHrDmCMwMHKjCIntS7fjxrJnF
525 // YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w==
526 // -----END RSA PRIVATE KEY-----
527
528 static const char kSANTypesRoot[] = R"(
529 -----BEGIN CERTIFICATE-----
530 MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE
531 ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw
532 MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ
533 MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/
534 EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy
535 SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J
536 1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/
537 BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E
538 BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3
539 1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f
540 c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH
541 bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms
542 d5YVX0c90VMnUhF/dlrqS9U=
543 -----END CERTIFICATE-----
544 )";
545
546 // -----BEGIN RSA PRIVATE KEY-----
547 // MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V
548 // Imi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2
549 // m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQAB
550 // AoGALEF5daZqc+aEsp8X1yky3nsoheyPL0kqSBWii33IFemZgKcSaRnAoqjPWWLS
551 // 8dHj0I/4rej2MW8iuezVSpDak9tK5boHORC3w4p/wifkizQkLt1DANxTVbzcKvrt
552 // aZ7LjVaKkhjRJbLddniowFHkkWVbUccjvzcUd7Y2VuLbAhECQQDq4FE88aHio8zg
553 // bxSd0PwjEFwLYQTR19u812SoR8PmR6ofIL+pDwOV+fVs+OGcAAOgkhIukOrksQ4A
554 // 1cKtnyhXAkEA/gRI+u3tZ7UE1twIkBfZ6IvCdRodkPqHAYIxMRLzL+MhyZt4MEGc
555 // Ngb/F6U9/WOBFnoR/PI7IwE3ejutzKcL+QJBAKh+6eilk7QKPETZi1m3/dmNt+p1
556 // 3EZJ65pqjwxmB3Rg/vs7vCMk4TarTdSyKu+F1xRPFfoP/mK3Xctdjj6NyhsCQAYF
557 // 7/0TOzfkUPMPUJyqFB6xgbDpJ55ScnUUsznoqx+NkTWInDb4t02IqO/UmT2y6FKy
558 // Hk8TJ1fTJY+ebqaVp3ECQApx9gQ+n0zIhx97FMUuiRse73xkcW4+pZ8nF+8DmeQL
559 // /JKuuFGmzkG+rUbXFmo/Zg2ozVplw71NnQJ4znPsf7A=
560 // -----END RSA PRIVATE KEY-----
561
562 // The following four certificates were generated with this Go program, varying
563 // |includeNetscapeExtension| and defining rootKeyPEM and rootCertPEM to be
564 // strings containing the kSANTypesRoot, above.
565
566 // package main
567
568 // import (
569 // "crypto/ecdsa"
570 // "crypto/elliptic"
571 // "crypto/rand"
572 // "crypto/x509"
573 // "crypto/x509/pkix"
574 // "encoding/asn1"
575 // "encoding/pem"
576 // "math/big"
577 // "os"
578 // "time"
579 // )
580
581 // const includeNetscapeExtension = true
582
583 // func main() {
584 // block, _ := pem.Decode([]byte(rootKeyPEM))
585 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
586 // block, _ = pem.Decode([]byte(rootCertPEM))
587 // root, _ := x509.ParseCertificate(block.Bytes)
588
589 // interTemplate := &x509.Certificate{
590 // SerialNumber: big.NewInt(2),
591 // Subject: pkix.Name{
592 // CommonName: "No Basic Constraints (Netscape)",
593 // },
594 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
595 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
596 // }
597
598 // if includeNetscapeExtension {
599 // interTemplate.ExtraExtensions = []pkix.Extension{
600 // pkix.Extension{
601 // Id: asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113730, 1, 1}),
602 // Value: []byte{0x03, 0x02, 2, 0x04},
603 // },
604 // }
605 // } else {
606 // interTemplate.KeyUsage = x509.KeyUsageCertSign
607 // }
608
609 // interKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
610
611 // interDER, err := x509.CreateCertificate(rand.Reader, interTemplate, root, &interKey.PublicKey, rootPriv)
612 // if err != nil {
613 // panic(err)
614 // }
615
616 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: interDER})
617
618 // inter, _ := x509.ParseCertificate(interDER)
619
620 // leafTemplate := &x509.Certificate{
621 // SerialNumber: big.NewInt(3),
622 // Subject: pkix.Name{
623 // CommonName: "Leaf from CA with no Basic Constraints",
624 // },
625 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
626 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
627 // BasicConstraintsValid: true,
628 // }
629 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
630
631 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, inter, &leafKey.PublicKey, interKey)
632 // if err != nil {
633 // panic(err)
634 // }
635
636 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
637 // }
638
639 // kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains
640 // certSign in the keyUsage.
641 static const char kNoBasicConstraintsCertSignIntermediate[] = R"(
642 -----BEGIN CERTIFICATE-----
643 MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
644 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
645 MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw
646 WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1
647 OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO
648 BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq
649 hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9
650 ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW
651 xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ==
652 -----END CERTIFICATE-----
653 )";
654
655 static const char kNoBasicConstraintsCertSignLeaf[] = R"(
656 -----BEGIN CERTIFICATE-----
657 MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj
658 IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx
659 MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50
660 czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB
661 w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO
662 MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o
663 eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24
664 Djy3Zw==
665 -----END CERTIFICATE-----
666 )";
667
668 // kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains
669 // a Netscape certificate-type extension that asserts a type of "SSL CA".
670 static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"(
671 -----BEGIN CERTIFICATE-----
672 MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
673 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
674 MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg
675 KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi
676 PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH
677 1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4
678 QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju
679 tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF
680 G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M
681 P9p6HuyLrmn0c/F0
682 -----END CERTIFICATE-----
683 )";
684
685 static const char kNoBasicConstraintsNetscapeCALeaf[] = R"(
686 -----BEGIN CERTIFICATE-----
687 MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp
688 YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw
689 MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp
690 YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2
691 tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q
692 DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh
693 aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj
694 XyPwWPbymSTpzKhB4xB7qQ==
695 -----END CERTIFICATE-----
696 )";
697
698 static const char kSelfSignedMismatchAlgorithms[] = R"(
699 -----BEGIN CERTIFICATE-----
700 MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV
701 BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3
702 MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH
703 DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
704 ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS
705 g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR
706 mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1
707 4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV
708 nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn
709 kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE//
710 i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q
711 H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb
712 8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv
713 gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD
714 THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw
715 UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h
716 upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
717 AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be
718 PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj
719 mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd
720 VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+
721 JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r
722 yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV
723 cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy
724 R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3
725 pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn
726 BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m
727 KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94=
728 -----END CERTIFICATE-----
729 )";
730
731 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
732 // *.host1.test as the common name and a SAN list of *.host2.test and
733 // foo.host3.test.
734 static const char kCommonNameWithSANs[] = R"(
735 -----BEGIN CERTIFICATE-----
736 MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
737 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
738 MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z
739 MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
740 AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07
741 zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
742 jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ
743 KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL
744 4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM
745 enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg=
746 -----END CERTIFICATE-----
747 )";
748
749 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
750 // *.host1.test as the common name and no SAN list.
751 static const char kCommonNameWithoutSANs[] = R"(
752 -----BEGIN CERTIFICATE-----
753 MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
754 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
755 MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT
756 QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB
757 BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE
758 0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+
759 VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5
760 4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2
761 +YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO
762 pFFXI2B5usgI
763 -----END CERTIFICATE-----
764 )";
765
766 // kCommonNameWithEmailSAN is a leaf certificate signed by kSANTypesRoot, with
767 // *.host1.test as the common name and the email address test@host2.test in the
768 // SAN list.
769 static const char kCommonNameWithEmailSAN[] = R"(
770 -----BEGIN CERTIFICATE-----
771 MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
772 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
773 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
774 zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs
775 8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/
776 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl
777 c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2
778 HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv
779 NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ
780 aet/mER21Z/9ZsTUoJQPJw==
781 -----END CERTIFICATE-----
782 )";
783
784 // kCommonNameWithIPSAN is a leaf certificate signed by kSANTypesRoot, with
785 // *.host1.test as the common name and the IP address 127.0.0.1 in the
786 // SAN list.
787 static const char kCommonNameWithIPSAN[] = R"(
788 -----BEGIN CERTIFICATE-----
789 MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
790 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
791 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
792 zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX
793 KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/
794 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A
795 AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO
796 DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju
797 mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU
798 D0+O6KI=
799 -----END CERTIFICATE-----
800 )";
801
802 // kConstrainedIntermediate is an intermediate signed by kSANTypesRoot, with
803 // permitted DNS names of permitted1.test and foo.permitted2.test and an
804 // excluded DNS name of excluded.permitted1.test. Its private key is:
805 //
806 // -----BEGIN PRIVATE KEY-----
807 // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTXUM4tJWM7OzATty
808 // JhNOfIv/d8heWFBeKOfMR+RfaROhRANCAASbbbWYiN6mn+BCpg4XNpibOH0D/DN4
809 // kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzKLY1y
810 // -----END PRIVATE KEY-----
811 static const char kConstrainedIntermediate[] = R"(
812 -----BEGIN CERTIFICATE-----
813 MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
814 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
815 MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl
816 cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X
817 NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK
818 LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc
819 flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv
820 by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw
821 DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI
822 9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6
823 cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz
824 UyM=
825 -----END CERTIFICATE-----
826 )";
827
828 // kCommonNamePermittedLeaf is a leaf certificate signed by
829 // kConstrainedIntermediate. Its common name is permitted by the name
830 // constraints.
831 static const char kCommonNamePermittedLeaf[] = R"(
832 -----BEGIN CERTIFICATE-----
833 MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
834 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
835 MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD
836 VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
837 QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc
838 emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD
839 AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY
840 yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ==
841 -----END CERTIFICATE-----
842 )";
843 static const char kCommonNamePermitted[] = "foo.permitted1.test";
844
845 // kCommonNameNotPermittedLeaf is a leaf certificate signed by
846 // kConstrainedIntermediate. Its common name is not permitted by the name
847 // constraints.
848 static const char kCommonNameNotPermittedLeaf[] = R"(
849 -----BEGIN CERTIFICATE-----
850 MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
851 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
852 MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb
853 MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
854 AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM
855 HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO
856 PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN
857 5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw==
858 -----END CERTIFICATE-----
859 )";
860 static const char kCommonNameNotPermitted[] = "not-permitted.test";
861
862 // kCommonNameNotPermittedWithSANsLeaf is a leaf certificate signed by
863 // kConstrainedIntermediate. Its common name is not permitted by the name
864 // constraints but it has a SAN list.
865 static const char kCommonNameNotPermittedWithSANsLeaf[] = R"(
866 -----BEGIN CERTIFICATE-----
867 MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
868 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
869 MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3
870 aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49
871 AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR
872 93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC
873 MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl
874 ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl
875 4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+
876 -----END CERTIFICATE-----
877 )";
878 static const char kCommonNameNotPermittedWithSANs[] = "not-permitted.test";
879
880 // kCommonNameNotDNSLeaf is a leaf certificate signed by
881 // kConstrainedIntermediate. Its common name is not a DNS name.
882 static const char kCommonNameNotDNSLeaf[] = R"(
883 -----BEGIN CERTIFICATE-----
884 MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
885 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
886 MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE
887 AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc
888 Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ
889 Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC
890 IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH
891 RHNlAkTK2TnUaVn3fGSylaLiFS1r
892 -----END CERTIFICATE-----
893 )";
894 static const char kCommonNameNotDNS[] = "Not a DNS name";
895
896 // The following six certificates are issued by |kSANTypesRoot| and have
897 // different extended key usage values. They were created with the following
898 // Go program:
899 //
900 // func main() {
901 // block, _ := pem.Decode([]byte(rootKeyPEM))
902 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
903 // block, _ = pem.Decode([]byte(rootCertPEM))
904 // root, _ := x509.ParseCertificate(block.Bytes)
905 //
906 // leafTemplate := &x509.Certificate{
907 // SerialNumber: big.NewInt(3),
908 // Subject: pkix.Name{
909 // CommonName: "EKU msSGC",
910 // },
911 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
912 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
913 // BasicConstraintsValid: true,
914 // ExtKeyUsage: []x509.ExtKeyUsage{FILL IN HERE},
915 // }
916 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
917 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, root, &leafKey.PublicKey, rootPriv)
918 // if err != nil {
919 // panic(err)
920 // }
921 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
922 // }
923
924 static const char kMicrosoftSGCCert[] = R"(
925 -----BEGIN CERTIFICATE-----
926 MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
927 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
928 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
929 AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2
930 mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK
931 KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U
932 BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I
933 rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe
934 aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0
935 cC4l0r/6jik=
936 -----END CERTIFICATE-----
937 )";
938
939 static const char kNetscapeSGCCert[] = R"(
940 -----BEGIN CERTIFICATE-----
941 MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
942 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
943 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
944 AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x
945 kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ
946 YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE
947 J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc
948 8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W
949 dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M
950 RQHX6HQJJg==
951 -----END CERTIFICATE-----
952 )";
953
954 static const char kServerEKUCert[] = R"(
955 -----BEGIN CERTIFICATE-----
956 MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
957 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
958 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
959 AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ
960 SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI
961 KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
962 jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL
963 iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I
964 6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP
965 2hoEMdz2
966 -----END CERTIFICATE-----
967 )";
968
969 static const char kServerEKUPlusMicrosoftSGCCert[] = R"(
970 -----BEGIN CERTIFICATE-----
971 MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
972 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
973 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
974 AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z
975 ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI
976 KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA
977 N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS
978 SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa
979 KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H
980 5V9oXd1bodEqVsOZ/mur24Ku
981 -----END CERTIFICATE-----
982 )";
983
984 static const char kAnyEKU[] = R"(
985 -----BEGIN CERTIFICATE-----
986 MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
987 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
988 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
989 AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu
990 1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE
991 VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw
992 DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq
993 uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3
994 /OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz
995 L6A=
996 -----END CERTIFICATE-----
997 )";
998
999 static const char kNoEKU[] = R"(
1000 -----BEGIN CERTIFICATE-----
1001 MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1002 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1003 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1004 AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz
1005 KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw
1006 ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB
1007 AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF
1008 T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3
1009 TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2
1010 -----END CERTIFICATE-----
1011 )";
1012
1013 // CertFromPEM parses the given, NUL-terminated pem block and returns an
1014 // |X509*|.
CertFromPEM(const char * pem)1015 static bssl::UniquePtr<X509> CertFromPEM(const char *pem) {
1016 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1017 return bssl::UniquePtr<X509>(
1018 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1019 }
1020
1021 // CRLFromPEM parses the given, NUL-terminated pem block and returns an
1022 // |X509_CRL*|.
CRLFromPEM(const char * pem)1023 static bssl::UniquePtr<X509_CRL> CRLFromPEM(const char *pem) {
1024 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1025 return bssl::UniquePtr<X509_CRL>(
1026 PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
1027 }
1028
1029 // PrivateKeyFromPEM parses the given, NUL-terminated pem block and returns an
1030 // |EVP_PKEY*|.
PrivateKeyFromPEM(const char * pem)1031 static bssl::UniquePtr<EVP_PKEY> PrivateKeyFromPEM(const char *pem) {
1032 bssl::UniquePtr<BIO> bio(
1033 BIO_new_mem_buf(const_cast<char *>(pem), strlen(pem)));
1034 return bssl::UniquePtr<EVP_PKEY>(
1035 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1036 }
1037
1038 // CertsToStack converts a vector of |X509*| to an OpenSSL STACK_OF(X509),
1039 // bumping the reference counts for each certificate in question.
CertsToStack(const std::vector<X509 * > & certs)1040 static bssl::UniquePtr<STACK_OF(X509)> CertsToStack(
1041 const std::vector<X509 *> &certs) {
1042 bssl::UniquePtr<STACK_OF(X509)> stack(sk_X509_new_null());
1043 if (!stack) {
1044 return nullptr;
1045 }
1046 for (auto cert : certs) {
1047 if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) {
1048 return nullptr;
1049 }
1050 }
1051
1052 return stack;
1053 }
1054
1055 // CRLsToStack converts a vector of |X509_CRL*| to an OpenSSL
1056 // STACK_OF(X509_CRL), bumping the reference counts for each CRL in question.
CRLsToStack(const std::vector<X509_CRL * > & crls)1057 static bssl::UniquePtr<STACK_OF(X509_CRL)> CRLsToStack(
1058 const std::vector<X509_CRL *> &crls) {
1059 bssl::UniquePtr<STACK_OF(X509_CRL)> stack(sk_X509_CRL_new_null());
1060 if (!stack) {
1061 return nullptr;
1062 }
1063 for (auto crl : crls) {
1064 if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) {
1065 return nullptr;
1066 }
1067 }
1068
1069 return stack;
1070 }
1071
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags,bool use_additional_untrusted,std::function<void (X509_VERIFY_PARAM *)> configure_callback,int (* verify_callback)(int,X509_STORE_CTX *)=nullptr)1072 static int Verify(X509 *leaf, const std::vector<X509 *> &roots,
1073 const std::vector<X509 *> &intermediates,
1074 const std::vector<X509_CRL *> &crls, unsigned long flags,
1075 bool use_additional_untrusted,
1076 std::function<void(X509_VERIFY_PARAM *)> configure_callback,
1077 int (*verify_callback)(int, X509_STORE_CTX *) = nullptr) {
1078 bssl::UniquePtr<STACK_OF(X509)> roots_stack(CertsToStack(roots));
1079 bssl::UniquePtr<STACK_OF(X509)> intermediates_stack(
1080 CertsToStack(intermediates));
1081 bssl::UniquePtr<STACK_OF(X509_CRL)> crls_stack(CRLsToStack(crls));
1082
1083 if (!roots_stack ||
1084 !intermediates_stack ||
1085 !crls_stack) {
1086 return X509_V_ERR_UNSPECIFIED;
1087 }
1088
1089 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
1090 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
1091 if (!ctx ||
1092 !store) {
1093 return X509_V_ERR_UNSPECIFIED;
1094 }
1095
1096 if (use_additional_untrusted) {
1097 X509_STORE_set0_additional_untrusted(store.get(),
1098 intermediates_stack.get());
1099 }
1100
1101 if (!X509_STORE_CTX_init(
1102 ctx.get(), store.get(), leaf,
1103 use_additional_untrusted ? nullptr : intermediates_stack.get())) {
1104 return X509_V_ERR_UNSPECIFIED;
1105 }
1106
1107 X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get());
1108 X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());
1109
1110 X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
1111 if (param == nullptr) {
1112 return X509_V_ERR_UNSPECIFIED;
1113 }
1114 X509_VERIFY_PARAM_set_time(param, 1474934400 /* Sep 27th, 2016 */);
1115 X509_VERIFY_PARAM_set_depth(param, 16);
1116 if (configure_callback) {
1117 configure_callback(param);
1118 }
1119 if (flags) {
1120 X509_VERIFY_PARAM_set_flags(param, flags);
1121 }
1122 X509_STORE_CTX_set0_param(ctx.get(), param);
1123
1124 ERR_clear_error();
1125 if (X509_verify_cert(ctx.get()) != 1) {
1126 return X509_STORE_CTX_get_error(ctx.get());
1127 }
1128
1129 return X509_V_OK;
1130 }
1131
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags=0)1132 static int Verify(X509 *leaf, const std::vector<X509 *> &roots,
1133 const std::vector<X509 *> &intermediates,
1134 const std::vector<X509_CRL *> &crls,
1135 unsigned long flags = 0) {
1136 const int r1 =
1137 Verify(leaf, roots, intermediates, crls, flags, false, nullptr);
1138 const int r2 =
1139 Verify(leaf, roots, intermediates, crls, flags, true, nullptr);
1140
1141 if (r1 != r2) {
1142 fprintf(stderr,
1143 "Verify with, and without, use_additional_untrusted gave different "
1144 "results: %d vs %d.\n",
1145 r1, r2);
1146 return false;
1147 }
1148
1149 return r1;
1150 }
1151
TEST(X509Test,TestVerify)1152 TEST(X509Test, TestVerify) {
1153 bssl::UniquePtr<X509> cross_signing_root(CertFromPEM(kCrossSigningRootPEM));
1154 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1155 bssl::UniquePtr<X509> root_cross_signed(CertFromPEM(kRootCrossSignedPEM));
1156 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1157 bssl::UniquePtr<X509> intermediate_self_signed(
1158 CertFromPEM(kIntermediateSelfSignedPEM));
1159 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1160 bssl::UniquePtr<X509> leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM));
1161 bssl::UniquePtr<X509> forgery(CertFromPEM(kForgeryPEM));
1162
1163 ASSERT_TRUE(cross_signing_root);
1164 ASSERT_TRUE(root);
1165 ASSERT_TRUE(root_cross_signed);
1166 ASSERT_TRUE(intermediate);
1167 ASSERT_TRUE(intermediate_self_signed);
1168 ASSERT_TRUE(leaf);
1169 ASSERT_TRUE(forgery);
1170 ASSERT_TRUE(leaf_no_key_usage);
1171
1172 std::vector<X509*> empty;
1173 std::vector<X509_CRL*> empty_crls;
1174 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1175 Verify(leaf.get(), empty, empty, empty_crls));
1176 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1177 Verify(leaf.get(), empty, {intermediate.get()}, empty_crls));
1178
1179 ASSERT_EQ(X509_V_OK,
1180 Verify(leaf.get(), {root.get()}, {intermediate.get()}, empty_crls));
1181 ASSERT_EQ(X509_V_OK,
1182 Verify(leaf.get(), {cross_signing_root.get()},
1183 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1184 ASSERT_EQ(X509_V_OK,
1185 Verify(leaf.get(), {cross_signing_root.get(), root.get()},
1186 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1187
1188 /* This is the “altchains” test – we remove the cross-signing CA but include
1189 * the cross-sign in the intermediates. */
1190 ASSERT_EQ(X509_V_OK,
1191 Verify(leaf.get(), {root.get()},
1192 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1193 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1194 Verify(leaf.get(), {root.get()},
1195 {intermediate.get(), root_cross_signed.get()}, empty_crls,
1196 X509_V_FLAG_NO_ALT_CHAINS));
1197 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1198 Verify(forgery.get(), {intermediate_self_signed.get()},
1199 {leaf_no_key_usage.get()}, empty_crls));
1200
1201 /* Test that one cannot skip Basic Constraints checking with a contorted set
1202 * of roots and intermediates. This is a regression test for CVE-2015-1793. */
1203 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1204 Verify(forgery.get(),
1205 {intermediate_self_signed.get(), root_cross_signed.get()},
1206 {leaf_no_key_usage.get(), intermediate.get()}, empty_crls));
1207 }
1208
1209 static const char kHostname[] = "example.com";
1210 static const char kWrongHostname[] = "example2.com";
1211 static const char kEmail[] = "test@example.com";
1212 static const char kWrongEmail[] = "test2@example.com";
1213 static const uint8_t kIP[4] = {127, 0, 0, 1};
1214 static const uint8_t kWrongIP[4] = {127, 0, 0, 2};
1215 static const char kIPString[] = "127.0.0.1";
1216 static const char kWrongIPString[] = "127.0.0.2";
1217
TEST(X509Test,ZeroLengthsWithX509PARAM)1218 TEST(X509Test, ZeroLengthsWithX509PARAM) {
1219 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1220 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
1221 ASSERT_TRUE(leaf);
1222 ASSERT_TRUE(root);
1223
1224 std::vector<X509_CRL *> empty_crls;
1225
1226 struct X509Test {
1227 const char *correct_value;
1228 size_t correct_value_len;
1229 const char *incorrect_value;
1230 size_t incorrect_value_len;
1231 int (*func)(X509_VERIFY_PARAM *, const char *, size_t);
1232 int mismatch_error;
1233 };
1234 const std::vector<X509Test> kTests = {
1235 {kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
1236 X509_VERIFY_PARAM_set1_host, X509_V_ERR_HOSTNAME_MISMATCH},
1237 {kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
1238 X509_VERIFY_PARAM_set1_email, X509_V_ERR_EMAIL_MISMATCH},
1239 };
1240
1241 for (size_t i = 0; i < kTests.size(); i++) {
1242 SCOPED_TRACE(i);
1243 const X509Test &test = kTests[i];
1244
1245 // The correct value should work.
1246 ASSERT_EQ(X509_V_OK,
1247 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1248 [&test](X509_VERIFY_PARAM *param) {
1249 ASSERT_TRUE(test.func(param, test.correct_value,
1250 test.correct_value_len));
1251 }));
1252
1253 // The wrong value should trigger a verification error.
1254 ASSERT_EQ(test.mismatch_error,
1255 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1256 [&test](X509_VERIFY_PARAM *param) {
1257 ASSERT_TRUE(test.func(param, test.incorrect_value,
1258 test.incorrect_value_len));
1259 }));
1260
1261 // Passing zero as the length, unlike OpenSSL, should trigger an error and
1262 // should cause verification to fail.
1263 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1264 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1265 [&test](X509_VERIFY_PARAM *param) {
1266 ASSERT_FALSE(test.func(param, test.correct_value, 0));
1267 }));
1268
1269 // Passing an empty value should be an error when setting and should cause
1270 // verification to fail.
1271 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1272 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1273 [&test](X509_VERIFY_PARAM *param) {
1274 ASSERT_FALSE(test.func(param, nullptr, 0));
1275 }));
1276
1277 // Passing a value with embedded NULs should also be an error and should
1278 // also cause verification to fail.
1279 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1280 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1281 [&test](X509_VERIFY_PARAM *param) {
1282 ASSERT_FALSE(test.func(param, "a", 2));
1283 }));
1284 }
1285
1286 // IP addresses work slightly differently:
1287
1288 // The correct value should still work.
1289 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1290 false, [](X509_VERIFY_PARAM *param) {
1291 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(
1292 param, kIP, sizeof(kIP)));
1293 }));
1294
1295 // Incorrect values should still fail.
1296 ASSERT_EQ(X509_V_ERR_IP_ADDRESS_MISMATCH,
1297 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1298 [](X509_VERIFY_PARAM *param) {
1299 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(param, kWrongIP,
1300 sizeof(kWrongIP)));
1301 }));
1302
1303 // Zero length values should trigger an error when setting and cause
1304 // verification to always fail.
1305 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1306 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1307 [](X509_VERIFY_PARAM *param) {
1308 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, kIP, 0));
1309 }));
1310
1311 // ... and so should NULL values.
1312 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1313 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1314 [](X509_VERIFY_PARAM *param) {
1315 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, nullptr, 0));
1316 }));
1317
1318 // Zero bytes in an IP address are, of course, fine. This is tested above
1319 // because |kIP| contains zeros.
1320 }
1321
TEST(X509Test,ZeroLengthsWithCheckFunctions)1322 TEST(X509Test, ZeroLengthsWithCheckFunctions) {
1323 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1324
1325 EXPECT_EQ(
1326 1, X509_check_host(leaf.get(), kHostname, strlen(kHostname), 0, nullptr));
1327 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname,
1328 strlen(kWrongHostname), 0, nullptr));
1329
1330 EXPECT_EQ(1, X509_check_email(leaf.get(), kEmail, strlen(kEmail), 0));
1331 EXPECT_NE(1,
1332 X509_check_email(leaf.get(), kWrongEmail, strlen(kWrongEmail), 0));
1333
1334 EXPECT_EQ(1, X509_check_ip(leaf.get(), kIP, sizeof(kIP), 0));
1335 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, sizeof(kWrongIP), 0));
1336
1337 EXPECT_EQ(1, X509_check_ip_asc(leaf.get(), kIPString, 0));
1338 EXPECT_NE(1, X509_check_ip_asc(leaf.get(), kWrongIPString, 0));
1339
1340 // OpenSSL supports passing zero as the length for host and email. We do not
1341 // and it should always fail.
1342 EXPECT_NE(1, X509_check_host(leaf.get(), kHostname, 0, 0, nullptr));
1343 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname, 0, 0, nullptr));
1344
1345 EXPECT_NE(1, X509_check_email(leaf.get(), kEmail, 0, 0));
1346 EXPECT_NE(1, X509_check_email(leaf.get(), kWrongEmail, 0, 0));
1347
1348 EXPECT_NE(1, X509_check_ip(leaf.get(), kIP, 0, 0));
1349 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, 0, 0));
1350
1351 // Unlike all the other functions, |X509_check_ip_asc| doesn't take a length,
1352 // so it cannot be zero.
1353 }
1354
TEST(X509Test,TestCRL)1355 TEST(X509Test, TestCRL) {
1356 bssl::UniquePtr<X509> root(CertFromPEM(kCRLTestRoot));
1357 bssl::UniquePtr<X509> leaf(CertFromPEM(kCRLTestLeaf));
1358 bssl::UniquePtr<X509_CRL> basic_crl(CRLFromPEM(kBasicCRL));
1359 bssl::UniquePtr<X509_CRL> revoked_crl(CRLFromPEM(kRevokedCRL));
1360 bssl::UniquePtr<X509_CRL> bad_issuer_crl(CRLFromPEM(kBadIssuerCRL));
1361 bssl::UniquePtr<X509_CRL> known_critical_crl(CRLFromPEM(kKnownCriticalCRL));
1362 bssl::UniquePtr<X509_CRL> unknown_critical_crl(
1363 CRLFromPEM(kUnknownCriticalCRL));
1364 bssl::UniquePtr<X509_CRL> unknown_critical_crl2(
1365 CRLFromPEM(kUnknownCriticalCRL2));
1366
1367 ASSERT_TRUE(root);
1368 ASSERT_TRUE(leaf);
1369 ASSERT_TRUE(basic_crl);
1370 ASSERT_TRUE(revoked_crl);
1371 ASSERT_TRUE(bad_issuer_crl);
1372 ASSERT_TRUE(known_critical_crl);
1373 ASSERT_TRUE(unknown_critical_crl);
1374 ASSERT_TRUE(unknown_critical_crl2);
1375
1376 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {root.get()},
1377 {basic_crl.get()}, X509_V_FLAG_CRL_CHECK));
1378 ASSERT_EQ(
1379 X509_V_ERR_CERT_REVOKED,
1380 Verify(leaf.get(), {root.get()}, {root.get()},
1381 {basic_crl.get(), revoked_crl.get()}, X509_V_FLAG_CRL_CHECK));
1382
1383 std::vector<X509_CRL *> empty_crls;
1384 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1385 Verify(leaf.get(), {root.get()}, {root.get()}, empty_crls,
1386 X509_V_FLAG_CRL_CHECK));
1387 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1388 Verify(leaf.get(), {root.get()}, {root.get()},
1389 {bad_issuer_crl.get()}, X509_V_FLAG_CRL_CHECK));
1390 ASSERT_EQ(X509_V_OK,
1391 Verify(leaf.get(), {root.get()}, {root.get()},
1392 {known_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1393 ASSERT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1394 Verify(leaf.get(), {root.get()}, {root.get()},
1395 {unknown_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1396 ASSERT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1397 Verify(leaf.get(), {root.get()}, {root.get()},
1398 {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1399
1400 // Parsing kBadExtensionCRL should fail.
1401 EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
1402 }
1403
TEST(X509Test,ManyNamesAndConstraints)1404 TEST(X509Test, ManyNamesAndConstraints) {
1405 bssl::UniquePtr<X509> many_constraints(CertFromPEM(
1406 GetTestData("crypto/x509/test/many_constraints.pem").c_str()));
1407 ASSERT_TRUE(many_constraints);
1408 bssl::UniquePtr<X509> many_names1(
1409 CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str()));
1410 ASSERT_TRUE(many_names1);
1411 bssl::UniquePtr<X509> many_names2(
1412 CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str()));
1413 ASSERT_TRUE(many_names2);
1414 bssl::UniquePtr<X509> many_names3(
1415 CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str()));
1416 ASSERT_TRUE(many_names3);
1417 bssl::UniquePtr<X509> some_names1(
1418 CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str()));
1419 ASSERT_TRUE(some_names1);
1420 bssl::UniquePtr<X509> some_names2(
1421 CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str()));
1422 ASSERT_TRUE(some_names2);
1423 bssl::UniquePtr<X509> some_names3(
1424 CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str()));
1425 ASSERT_TRUE(some_names3);
1426
1427 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1428 Verify(many_names1.get(), {many_constraints.get()},
1429 {many_constraints.get()}, {}));
1430 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1431 Verify(many_names2.get(), {many_constraints.get()},
1432 {many_constraints.get()}, {}));
1433 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1434 Verify(many_names3.get(), {many_constraints.get()},
1435 {many_constraints.get()}, {}));
1436
1437 EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
1438 {many_constraints.get()}, {}));
1439 EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
1440 {many_constraints.get()}, {}));
1441 EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
1442 {many_constraints.get()}, {}));
1443 }
1444
TEST(X509Test,TestPSS)1445 TEST(X509Test, TestPSS) {
1446 bssl::UniquePtr<X509> cert(CertFromPEM(kExamplePSSCert));
1447 ASSERT_TRUE(cert);
1448
1449 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1450 ASSERT_TRUE(pkey);
1451
1452 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1453 }
1454
TEST(X509Test,TestPSSBadParameters)1455 TEST(X509Test, TestPSSBadParameters) {
1456 bssl::UniquePtr<X509> cert(CertFromPEM(kBadPSSCertPEM));
1457 ASSERT_TRUE(cert);
1458
1459 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1460 ASSERT_TRUE(pkey);
1461
1462 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1463 ERR_clear_error();
1464 }
1465
TEST(X509Test,TestEd25519)1466 TEST(X509Test, TestEd25519) {
1467 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519Cert));
1468 ASSERT_TRUE(cert);
1469
1470 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1471 ASSERT_TRUE(pkey);
1472
1473 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1474 }
1475
TEST(X509Test,TestEd25519BadParameters)1476 TEST(X509Test, TestEd25519BadParameters) {
1477 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519CertNull));
1478 ASSERT_TRUE(cert);
1479
1480 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1481 ASSERT_TRUE(pkey);
1482
1483 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1484
1485 uint32_t err = ERR_get_error();
1486 ASSERT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
1487 ASSERT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
1488 ERR_clear_error();
1489 }
1490
TEST(X509Test,TestX25519)1491 TEST(X509Test, TestX25519) {
1492 bssl::UniquePtr<X509> cert(CertFromPEM(kX25519Cert));
1493 ASSERT_TRUE(cert);
1494
1495 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1496 ASSERT_TRUE(pkey);
1497
1498 EXPECT_EQ(EVP_PKEY_id(pkey.get()), EVP_PKEY_X25519);
1499
1500 constexpr uint8_t kExpectedPublicValue[] = {
1501 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
1502 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
1503 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a,
1504 };
1505 uint8_t public_value[sizeof(kExpectedPublicValue)];
1506 size_t public_value_size = sizeof(public_value);
1507 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pkey.get(), public_value,
1508 &public_value_size));
1509 EXPECT_EQ(Bytes(kExpectedPublicValue),
1510 Bytes(public_value, public_value_size));
1511 }
1512
ReencodeCertificate(X509 * cert)1513 static bssl::UniquePtr<X509> ReencodeCertificate(X509 *cert) {
1514 uint8_t *der = nullptr;
1515 int len = i2d_X509(cert, &der);
1516 bssl::UniquePtr<uint8_t> free_der(der);
1517 if (len <= 0) {
1518 return nullptr;
1519 }
1520
1521 const uint8_t *inp = der;
1522 return bssl::UniquePtr<X509>(d2i_X509(nullptr, &inp, len));
1523 }
1524
SignatureRoundTrips(EVP_MD_CTX * md_ctx,EVP_PKEY * pkey)1525 static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) {
1526 // Make a certificate like signed with |md_ctx|'s settings.'
1527 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
1528 if (!cert || !X509_sign_ctx(cert.get(), md_ctx)) {
1529 return false;
1530 }
1531
1532 // Ensure that |pkey| may still be used to verify the resulting signature. All
1533 // settings in |md_ctx| must have been serialized appropriately.
1534 if (!X509_verify(cert.get(), pkey)) {
1535 return false;
1536 }
1537
1538 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
1539 // encoding and |X509_sign_ctx| should have refreshed that cache.
1540 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
1541 return copy && X509_verify(copy.get(), pkey);
1542 }
1543
TEST(X509Test,RSASign)1544 TEST(X509Test, RSASign) {
1545 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1546 ASSERT_TRUE(pkey);
1547 // Test PKCS#1 v1.5.
1548 bssl::ScopedEVP_MD_CTX md_ctx;
1549 ASSERT_TRUE(
1550 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
1551 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1552
1553 // Test RSA-PSS with custom parameters.
1554 md_ctx.Reset();
1555 EVP_PKEY_CTX *pkey_ctx;
1556 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1557 pkey.get()));
1558 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1559 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()));
1560 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1561
1562 // RSA-PSS with salt length matching hash length should work when passing in
1563 // -1 or the value explicitly.
1564 md_ctx.Reset();
1565 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1566 pkey.get()));
1567 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1568 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
1569 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1570
1571 md_ctx.Reset();
1572 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1573 pkey.get()));
1574 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1575 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 32));
1576 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1577 }
1578
1579 // Test the APIs for manually signing a certificate.
TEST(X509Test,RSASignManual)1580 TEST(X509Test, RSASignManual) {
1581 const int kSignatureNID = NID_sha384WithRSAEncryption;
1582 const EVP_MD *kSignatureHash = EVP_sha384();
1583
1584 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1585 ASSERT_TRUE(pkey);
1586 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
1587 ASSERT_TRUE(algor);
1588 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
1589 V_ASN1_NULL, nullptr));
1590
1591 // Test certificates made both from other certificates and |X509_new|, in case
1592 // there are bugs in filling in fields from different states. (Parsed
1593 // certificate contain a TBSCertificate cache, and |X509_new| initializes
1594 // fields based on complex ASN.1 template logic.)
1595 for (bool new_cert : {true, false}) {
1596 SCOPED_TRACE(new_cert);
1597
1598 bssl::UniquePtr<X509> cert;
1599 if (new_cert) {
1600 cert.reset(X509_new());
1601 // Fill in some fields for the certificate arbitrarily.
1602 EXPECT_TRUE(X509_set_version(cert.get(), 2 /* X.509v3 */));
1603 EXPECT_TRUE(ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1));
1604 EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0));
1605 EXPECT_TRUE(
1606 X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24));
1607 X509_NAME *subject = X509_get_subject_name(cert.get());
1608 X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
1609 reinterpret_cast<const uint8_t *>("Test"), -1,
1610 -1, 0);
1611 EXPECT_TRUE(X509_set_issuer_name(cert.get(), subject));
1612 EXPECT_TRUE(X509_set_pubkey(cert.get(), pkey.get()));
1613 } else {
1614 // Extract fields from a parsed certificate.
1615 cert = CertFromPEM(kLeafPEM);
1616 ASSERT_TRUE(cert);
1617
1618 // We should test with a different algorithm from what is already in the
1619 // certificate.
1620 EXPECT_NE(kSignatureNID, X509_get_signature_nid(cert.get()));
1621 }
1622
1623 // Fill in the signature algorithm.
1624 ASSERT_TRUE(X509_set1_signature_algo(cert.get(), algor.get()));
1625
1626 // Extract the TBSCertificiate.
1627 uint8_t *tbs_cert = nullptr;
1628 int tbs_cert_len = i2d_re_X509_tbs(cert.get(), &tbs_cert);
1629 bssl::UniquePtr<uint8_t> free_tbs_cert(tbs_cert);
1630 ASSERT_GT(tbs_cert_len, 0);
1631
1632 // Generate a signature externally and fill it in.
1633 bssl::ScopedEVP_MD_CTX md_ctx;
1634 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
1635 nullptr, pkey.get()));
1636 size_t sig_len;
1637 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs_cert,
1638 tbs_cert_len));
1639 std::vector<uint8_t> sig(sig_len);
1640 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs_cert,
1641 tbs_cert_len));
1642 sig.resize(sig_len);
1643 ASSERT_TRUE(X509_set1_signature_value(cert.get(), sig.data(), sig.size()));
1644
1645 // Check the signature.
1646 EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
1647
1648 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
1649 // encoding and |i2d_re_X509_tbs| should have refreshed that cache.
1650 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
1651 ASSERT_TRUE(copy);
1652 EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
1653 }
1654 }
1655
TEST(X509Test,Ed25519Sign)1656 TEST(X509Test, Ed25519Sign) {
1657 uint8_t pub_bytes[32], priv_bytes[64];
1658 ED25519_keypair(pub_bytes, priv_bytes);
1659
1660 bssl::UniquePtr<EVP_PKEY> pub(
1661 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, pub_bytes, 32));
1662 ASSERT_TRUE(pub);
1663 bssl::UniquePtr<EVP_PKEY> priv(
1664 EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, priv_bytes, 32));
1665 ASSERT_TRUE(priv);
1666
1667 bssl::ScopedEVP_MD_CTX md_ctx;
1668 ASSERT_TRUE(
1669 EVP_DigestSignInit(md_ctx.get(), nullptr, nullptr, nullptr, priv.get()));
1670 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
1671 }
1672
PEMToDER(bssl::UniquePtr<uint8_t> * out,size_t * out_len,const char * pem)1673 static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
1674 const char *pem) {
1675 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1676 if (!bio) {
1677 return false;
1678 }
1679
1680 char *name, *header;
1681 uint8_t *data;
1682 long data_len;
1683 if (!PEM_read_bio(bio.get(), &name, &header, &data, &data_len)) {
1684 fprintf(stderr, "failed to read PEM data.\n");
1685 return false;
1686 }
1687 OPENSSL_free(name);
1688 OPENSSL_free(header);
1689
1690 out->reset(data);
1691 *out_len = data_len;
1692
1693 return true;
1694 }
1695
TEST(X509Test,TestFromBuffer)1696 TEST(X509Test, TestFromBuffer) {
1697 size_t data_len;
1698 bssl::UniquePtr<uint8_t> data;
1699 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1700
1701 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1702 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1703 ASSERT_TRUE(buf);
1704 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
1705 ASSERT_TRUE(root);
1706
1707 const uint8_t *enc_pointer = root->cert_info->enc.enc;
1708 const uint8_t *buf_pointer = CRYPTO_BUFFER_data(buf.get());
1709 ASSERT_GE(enc_pointer, buf_pointer);
1710 ASSERT_LT(enc_pointer, buf_pointer + CRYPTO_BUFFER_len(buf.get()));
1711 buf.reset();
1712
1713 /* This ensures the X509 took a reference to |buf|, otherwise this will be a
1714 * reference to free memory and ASAN should notice. */
1715 ASSERT_EQ(0x30, enc_pointer[0]);
1716 }
1717
TEST(X509Test,TestFromBufferWithTrailingData)1718 TEST(X509Test, TestFromBufferWithTrailingData) {
1719 size_t data_len;
1720 bssl::UniquePtr<uint8_t> data;
1721 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1722
1723 std::unique_ptr<uint8_t[]> trailing_data(new uint8_t[data_len + 1]);
1724 OPENSSL_memcpy(trailing_data.get(), data.get(), data_len);
1725
1726 bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data(
1727 CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr));
1728 ASSERT_TRUE(buf_trailing_data);
1729
1730 bssl::UniquePtr<X509> root_trailing_data(
1731 X509_parse_from_buffer(buf_trailing_data.get()));
1732 ASSERT_FALSE(root_trailing_data);
1733 }
1734
TEST(X509Test,TestFromBufferModified)1735 TEST(X509Test, TestFromBufferModified) {
1736 size_t data_len;
1737 bssl::UniquePtr<uint8_t> data;
1738 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1739
1740 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1741 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1742 ASSERT_TRUE(buf);
1743
1744 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
1745 ASSERT_TRUE(root);
1746
1747 bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
1748 ASN1_INTEGER_set(fourty_two.get(), 42);
1749 X509_set_serialNumber(root.get(), fourty_two.get());
1750
1751 ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
1752
1753 X509_CINF_set_modified(root->cert_info);
1754
1755 ASSERT_NE(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
1756 }
1757
TEST(X509Test,TestFromBufferReused)1758 TEST(X509Test, TestFromBufferReused) {
1759 size_t data_len;
1760 bssl::UniquePtr<uint8_t> data;
1761 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1762
1763 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1764 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1765 ASSERT_TRUE(buf);
1766
1767 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
1768 ASSERT_TRUE(root);
1769
1770 size_t data2_len;
1771 bssl::UniquePtr<uint8_t> data2;
1772 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
1773
1774 X509 *x509p = root.get();
1775 const uint8_t *inp = data2.get();
1776 X509 *ret = d2i_X509(&x509p, &inp, data2_len);
1777 ASSERT_EQ(root.get(), ret);
1778 ASSERT_EQ(nullptr, root->buf);
1779
1780 // Free |data2| and ensure that |root| took its own copy. Otherwise the
1781 // following will trigger a use-after-free.
1782 data2.reset();
1783
1784 uint8_t *i2d = nullptr;
1785 int i2d_len = i2d_X509(root.get(), &i2d);
1786 ASSERT_GE(i2d_len, 0);
1787 bssl::UniquePtr<uint8_t> i2d_storage(i2d);
1788
1789 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
1790
1791 ASSERT_EQ(static_cast<long>(data2_len), i2d_len);
1792 ASSERT_EQ(0, OPENSSL_memcmp(data2.get(), i2d, i2d_len));
1793 ASSERT_EQ(nullptr, root->buf);
1794 }
1795
TEST(X509Test,TestFailedParseFromBuffer)1796 TEST(X509Test, TestFailedParseFromBuffer) {
1797 static const uint8_t kNonsense[] = {1, 2, 3, 4, 5};
1798
1799 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1800 CRYPTO_BUFFER_new(kNonsense, sizeof(kNonsense), nullptr));
1801 ASSERT_TRUE(buf);
1802
1803 bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buf.get()));
1804 ASSERT_FALSE(cert);
1805 ERR_clear_error();
1806
1807 // Test a buffer with trailing data.
1808 size_t data_len;
1809 bssl::UniquePtr<uint8_t> data;
1810 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1811
1812 std::unique_ptr<uint8_t[]> data_with_trailing_byte(new uint8_t[data_len + 1]);
1813 OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len);
1814 data_with_trailing_byte[data_len] = 0;
1815
1816 bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
1817 CRYPTO_BUFFER_new(data_with_trailing_byte.get(), data_len + 1, nullptr));
1818 ASSERT_TRUE(buf_with_trailing_byte);
1819
1820 bssl::UniquePtr<X509> root(
1821 X509_parse_from_buffer(buf_with_trailing_byte.get()));
1822 ASSERT_FALSE(root);
1823 ERR_clear_error();
1824 }
1825
TEST(X509Test,TestPrintUTCTIME)1826 TEST(X509Test, TestPrintUTCTIME) {
1827 static const struct {
1828 const char *val, *want;
1829 } asn1_utctime_tests[] = {
1830 {"", "Bad time value"},
1831
1832 // Correct RFC 5280 form. Test years < 2000 and > 2000.
1833 {"090303125425Z", "Mar 3 12:54:25 2009 GMT"},
1834 {"900303125425Z", "Mar 3 12:54:25 1990 GMT"},
1835 {"000303125425Z", "Mar 3 12:54:25 2000 GMT"},
1836
1837 // Correct form, bad values.
1838 {"000000000000Z", "Bad time value"},
1839 {"999999999999Z", "Bad time value"},
1840
1841 // Missing components. Not legal RFC 5280, but permitted.
1842 {"090303125425", "Mar 3 12:54:25 2009"},
1843 {"9003031254", "Mar 3 12:54:00 1990"},
1844 {"9003031254Z", "Mar 3 12:54:00 1990 GMT"},
1845
1846 // GENERALIZEDTIME confused for UTCTIME.
1847 {"20090303125425Z", "Bad time value"},
1848
1849 // Legal ASN.1, but not legal RFC 5280.
1850 {"9003031254+0800", "Bad time value"},
1851 {"9003031254-0800", "Bad time value"},
1852
1853 // Trailing garbage.
1854 {"9003031254Z ", "Bad time value"},
1855 };
1856
1857 for (auto t : asn1_utctime_tests) {
1858 SCOPED_TRACE(t.val);
1859 bssl::UniquePtr<ASN1_UTCTIME> tm(ASN1_UTCTIME_new());
1860 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
1861
1862 // Use this instead of ASN1_UTCTIME_set() because some callers get
1863 // type-confused and pass ASN1_GENERALIZEDTIME to ASN1_UTCTIME_print().
1864 // ASN1_UTCTIME_set_string() is stricter, and would reject the inputs in
1865 // question.
1866 ASSERT_TRUE(ASN1_STRING_set(tm.get(), t.val, strlen(t.val)));
1867 const int ok = ASN1_UTCTIME_print(bio.get(), tm.get());
1868
1869 const uint8_t *contents;
1870 size_t len;
1871 ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len));
1872 EXPECT_EQ(ok, (strcmp(t.want, "Bad time value") != 0) ? 1 : 0);
1873 EXPECT_EQ(t.want,
1874 std::string(reinterpret_cast<const char *>(contents), len));
1875 }
1876 }
1877
TEST(X509Test,PrettyPrintIntegers)1878 TEST(X509Test, PrettyPrintIntegers) {
1879 static const char *kTests[] = {
1880 // Small numbers are pretty-printed in decimal.
1881 "0",
1882 "-1",
1883 "1",
1884 "42",
1885 "-42",
1886 "256",
1887 "-256",
1888 // Large numbers are pretty-printed in hex to avoid taking quadratic time.
1889 "0x0123456789",
1890 "-0x0123456789",
1891 };
1892 for (const char *in : kTests) {
1893 SCOPED_TRACE(in);
1894 BIGNUM *bn = nullptr;
1895 ASSERT_TRUE(BN_asc2bn(&bn, in));
1896 bssl::UniquePtr<BIGNUM> free_bn(bn);
1897
1898 {
1899 bssl::UniquePtr<ASN1_INTEGER> asn1(BN_to_ASN1_INTEGER(bn, nullptr));
1900 ASSERT_TRUE(asn1);
1901 bssl::UniquePtr<char> out(i2s_ASN1_INTEGER(nullptr, asn1.get()));
1902 ASSERT_TRUE(out.get());
1903 EXPECT_STREQ(in, out.get());
1904 }
1905
1906 {
1907 bssl::UniquePtr<ASN1_ENUMERATED> asn1(BN_to_ASN1_ENUMERATED(bn, nullptr));
1908 ASSERT_TRUE(asn1);
1909 bssl::UniquePtr<char> out(i2s_ASN1_ENUMERATED(nullptr, asn1.get()));
1910 ASSERT_TRUE(out.get());
1911 EXPECT_STREQ(in, out.get());
1912 }
1913 }
1914 }
1915
TEST(X509Test,X509NameSet)1916 TEST(X509Test, X509NameSet) {
1917 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
1918 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
1919 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("US"),
1920 -1, -1, 0));
1921 EXPECT_EQ(X509_NAME_entry_count(name.get()), 1);
1922 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
1923 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("CA"),
1924 -1, -1, 0));
1925 EXPECT_EQ(X509_NAME_entry_count(name.get()), 2);
1926 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
1927 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("UK"),
1928 -1, -1, 0));
1929 EXPECT_EQ(X509_NAME_entry_count(name.get()), 3);
1930 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
1931 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("JP"),
1932 -1, 1, 0));
1933 EXPECT_EQ(X509_NAME_entry_count(name.get()), 4);
1934
1935 // Check that the correct entries get incremented when inserting new entry.
1936 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1);
1937 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2);
1938 }
1939
TEST(X509Test,StringDecoding)1940 TEST(X509Test, StringDecoding) {
1941 static const struct {
1942 std::vector<uint8_t> in;
1943 int type;
1944 const char *expected;
1945 } kTests[] = {
1946 // Non-minimal, two-byte UTF-8.
1947 {{0xc0, 0x81}, V_ASN1_UTF8STRING, nullptr},
1948 // Non-minimal, three-byte UTF-8.
1949 {{0xe0, 0x80, 0x81}, V_ASN1_UTF8STRING, nullptr},
1950 // Non-minimal, four-byte UTF-8.
1951 {{0xf0, 0x80, 0x80, 0x81}, V_ASN1_UTF8STRING, nullptr},
1952 // Truncated, four-byte UTF-8.
1953 {{0xf0, 0x80, 0x80}, V_ASN1_UTF8STRING, nullptr},
1954 // Low-surrogate value.
1955 {{0xed, 0xa0, 0x80}, V_ASN1_UTF8STRING, nullptr},
1956 // High-surrogate value.
1957 {{0xed, 0xb0, 0x81}, V_ASN1_UTF8STRING, nullptr},
1958 // Initial BOMs should be rejected from UCS-2 and UCS-4.
1959 {{0xfe, 0xff, 0, 88}, V_ASN1_BMPSTRING, nullptr},
1960 {{0, 0, 0xfe, 0xff, 0, 0, 0, 88}, V_ASN1_UNIVERSALSTRING, nullptr},
1961 // Otherwise, BOMs should pass through.
1962 {{0, 88, 0xfe, 0xff}, V_ASN1_BMPSTRING, "X\xef\xbb\xbf"},
1963 {{0, 0, 0, 88, 0, 0, 0xfe, 0xff}, V_ASN1_UNIVERSALSTRING,
1964 "X\xef\xbb\xbf"},
1965 // The maximum code-point should pass though.
1966 {{0, 16, 0xff, 0xfd}, V_ASN1_UNIVERSALSTRING, "\xf4\x8f\xbf\xbd"},
1967 // Values outside the Unicode space should not.
1968 {{0, 17, 0, 0}, V_ASN1_UNIVERSALSTRING, nullptr},
1969 // Non-characters should be rejected.
1970 {{0, 1, 0xff, 0xff}, V_ASN1_UNIVERSALSTRING, nullptr},
1971 {{0, 1, 0xff, 0xfe}, V_ASN1_UNIVERSALSTRING, nullptr},
1972 {{0, 0, 0xfd, 0xd5}, V_ASN1_UNIVERSALSTRING, nullptr},
1973 // BMPString is UCS-2, not UTF-16, so surrogate pairs are invalid.
1974 {{0xd8, 0, 0xdc, 1}, V_ASN1_BMPSTRING, nullptr},
1975 };
1976
1977 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTests); i++) {
1978 SCOPED_TRACE(i);
1979 const auto& test = kTests[i];
1980 ASN1_STRING s;
1981 s.type = test.type;
1982 s.data = const_cast<uint8_t*>(test.in.data());
1983 s.length = test.in.size();
1984
1985 uint8_t *utf8;
1986 const int utf8_len = ASN1_STRING_to_UTF8(&utf8, &s);
1987 EXPECT_EQ(utf8_len < 0, test.expected == nullptr);
1988 if (utf8_len >= 0) {
1989 if (test.expected != nullptr) {
1990 EXPECT_EQ(Bytes(test.expected), Bytes(utf8, utf8_len));
1991 }
1992 OPENSSL_free(utf8);
1993 } else {
1994 ERR_clear_error();
1995 }
1996 }
1997 }
1998
TEST(X509Test,NoBasicConstraintsCertSign)1999 TEST(X509Test, NoBasicConstraintsCertSign) {
2000 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2001 bssl::UniquePtr<X509> intermediate(
2002 CertFromPEM(kNoBasicConstraintsCertSignIntermediate));
2003 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf));
2004
2005 ASSERT_TRUE(root);
2006 ASSERT_TRUE(intermediate);
2007 ASSERT_TRUE(leaf);
2008
2009 // The intermediate has keyUsage certSign, but is not marked as a CA in the
2010 // basicConstraints.
2011 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2012 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2013 }
2014
TEST(X509Test,NoBasicConstraintsNetscapeCA)2015 TEST(X509Test, NoBasicConstraintsNetscapeCA) {
2016 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2017 bssl::UniquePtr<X509> intermediate(
2018 CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate));
2019 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf));
2020
2021 ASSERT_TRUE(root);
2022 ASSERT_TRUE(intermediate);
2023 ASSERT_TRUE(leaf);
2024
2025 // The intermediate has a Netscape certificate type of "SSL CA", but is not
2026 // marked as a CA in the basicConstraints.
2027 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2028 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2029 }
2030
TEST(X509Test,MismatchAlgorithms)2031 TEST(X509Test, MismatchAlgorithms) {
2032 bssl::UniquePtr<X509> cert(CertFromPEM(kSelfSignedMismatchAlgorithms));
2033 ASSERT_TRUE(cert);
2034
2035 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2036 ASSERT_TRUE(pkey);
2037
2038 EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
2039 uint32_t err = ERR_get_error();
2040 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
2041 EXPECT_EQ(X509_R_SIGNATURE_ALGORITHM_MISMATCH, ERR_GET_REASON(err));
2042 }
2043
TEST(X509Test,PEMX509Info)2044 TEST(X509Test, PEMX509Info) {
2045 std::string cert = kRootCAPEM;
2046 auto cert_obj = CertFromPEM(kRootCAPEM);
2047 ASSERT_TRUE(cert_obj);
2048
2049 std::string rsa = kRSAKey;
2050 auto rsa_obj = PrivateKeyFromPEM(kRSAKey);
2051 ASSERT_TRUE(rsa_obj);
2052
2053 std::string crl = kBasicCRL;
2054 auto crl_obj = CRLFromPEM(kBasicCRL);
2055 ASSERT_TRUE(crl_obj);
2056
2057 std::string unknown =
2058 "-----BEGIN UNKNOWN-----\n"
2059 "AAAA\n"
2060 "-----END UNKNOWN-----\n";
2061
2062 std::string invalid =
2063 "-----BEGIN CERTIFICATE-----\n"
2064 "AAAA\n"
2065 "-----END CERTIFICATE-----\n";
2066
2067 // Each X509_INFO contains at most one certificate, CRL, etc. The format
2068 // creates a new X509_INFO when a repeated type is seen.
2069 std::string pem =
2070 // The first few entries have one of everything in different orders.
2071 cert + rsa + crl +
2072 rsa + crl + cert +
2073 // Unknown types are ignored.
2074 crl + unknown + cert + rsa +
2075 // Seeing a new certificate starts a new entry, so now we have a bunch of
2076 // certificate-only entries.
2077 cert + cert + cert +
2078 // The key folds into the certificate's entry.
2079 cert + rsa +
2080 // Doubled keys also start new entries.
2081 rsa + rsa + rsa + rsa + crl +
2082 // As do CRLs.
2083 crl + crl;
2084
2085 const struct ExpectedInfo {
2086 const X509 *cert;
2087 const EVP_PKEY *key;
2088 const X509_CRL *crl;
2089 } kExpected[] = {
2090 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2091 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2092 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2093 {cert_obj.get(), nullptr, nullptr},
2094 {cert_obj.get(), nullptr, nullptr},
2095 {cert_obj.get(), nullptr, nullptr},
2096 {cert_obj.get(), rsa_obj.get(), nullptr},
2097 {nullptr, rsa_obj.get(), nullptr},
2098 {nullptr, rsa_obj.get(), nullptr},
2099 {nullptr, rsa_obj.get(), nullptr},
2100 {nullptr, rsa_obj.get(), crl_obj.get()},
2101 {nullptr, nullptr, crl_obj.get()},
2102 {nullptr, nullptr, crl_obj.get()},
2103 };
2104
2105 auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) {
2106 if (expected->cert != nullptr) {
2107 EXPECT_EQ(0, X509_cmp(expected->cert, info->x509));
2108 } else {
2109 EXPECT_EQ(nullptr, info->x509);
2110 }
2111 if (expected->crl != nullptr) {
2112 EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl));
2113 } else {
2114 EXPECT_EQ(nullptr, info->crl);
2115 }
2116 if (expected->key != nullptr) {
2117 ASSERT_NE(nullptr, info->x_pkey);
2118 // EVP_PKEY_cmp returns one if the keys are equal.
2119 EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey));
2120 } else {
2121 EXPECT_EQ(nullptr, info->x_pkey);
2122 }
2123 };
2124
2125 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size()));
2126 ASSERT_TRUE(bio);
2127 bssl::UniquePtr<STACK_OF(X509_INFO)> infos(
2128 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
2129 ASSERT_TRUE(infos);
2130 ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2131 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
2132 SCOPED_TRACE(i);
2133 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
2134 }
2135
2136 // Passing an existing stack appends to it.
2137 bio.reset(BIO_new_mem_buf(pem.data(), pem.size()));
2138 ASSERT_TRUE(bio);
2139 ASSERT_EQ(infos.get(),
2140 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
2141 ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2142 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
2143 SCOPED_TRACE(i);
2144 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
2145 check_info(
2146 &kExpected[i],
2147 sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected)));
2148 }
2149
2150 // Gracefully handle errors in both the append and fresh cases.
2151 std::string bad_pem = cert + cert + invalid;
2152
2153 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
2154 ASSERT_TRUE(bio);
2155 bssl::UniquePtr<STACK_OF(X509_INFO)> infos2(
2156 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
2157 EXPECT_FALSE(infos2);
2158
2159 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
2160 ASSERT_TRUE(bio);
2161 EXPECT_FALSE(
2162 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
2163 EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2164 }
2165
TEST(X509Test,ReadBIOEmpty)2166 TEST(X509Test, ReadBIOEmpty) {
2167 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(nullptr, 0));
2168 ASSERT_TRUE(bio);
2169
2170 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
2171 // certificates.
2172 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
2173 EXPECT_FALSE(x509);
2174 uint32_t err = ERR_get_error();
2175 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
2176 EXPECT_EQ(ASN1_R_HEADER_TOO_LONG, ERR_GET_REASON(err));
2177 }
2178
TEST(X509Test,ReadBIOOneByte)2179 TEST(X509Test, ReadBIOOneByte) {
2180 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf("\x30", 1));
2181 ASSERT_TRUE(bio);
2182
2183 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
2184 // certificates. This EOF appeared after some data, however, so we do not wish
2185 // to signal EOF.
2186 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
2187 EXPECT_FALSE(x509);
2188 uint32_t err = ERR_get_error();
2189 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
2190 EXPECT_EQ(ASN1_R_NOT_ENOUGH_DATA, ERR_GET_REASON(err));
2191 }
2192
TEST(X509Test,PartialBIOReturn)2193 TEST(X509Test, PartialBIOReturn) {
2194 // Create a filter BIO that only reads and writes one byte at a time.
2195 bssl::UniquePtr<BIO_METHOD> method(BIO_meth_new(0, nullptr));
2196 ASSERT_TRUE(method);
2197 ASSERT_TRUE(BIO_meth_set_create(method.get(), [](BIO *b) -> int {
2198 BIO_set_init(b, 1);
2199 return 1;
2200 }));
2201 ASSERT_TRUE(
2202 BIO_meth_set_read(method.get(), [](BIO *b, char *out, int len) -> int {
2203 return BIO_read(BIO_next(b), out, std::min(len, 1));
2204 }));
2205 ASSERT_TRUE(BIO_meth_set_write(
2206 method.get(), [](BIO *b, const char *in, int len) -> int {
2207 return BIO_write(BIO_next(b), in, std::min(len, 1));
2208 }));
2209
2210 bssl::UniquePtr<BIO> bio(BIO_new(method.get()));
2211 ASSERT_TRUE(bio);
2212 BIO *mem_bio = BIO_new(BIO_s_mem());
2213 ASSERT_TRUE(mem_bio);
2214 BIO_push(bio.get(), mem_bio); // BIO_push takes ownership.
2215
2216 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
2217 ASSERT_TRUE(cert);
2218 uint8_t *der = nullptr;
2219 int der_len = i2d_X509(cert.get(), &der);
2220 ASSERT_GT(der_len, 0);
2221 bssl::UniquePtr<uint8_t> free_der(der);
2222
2223 // Write the certificate into the BIO. Though we only write one byte at a
2224 // time, the write should succeed.
2225 ASSERT_EQ(1, i2d_X509_bio(bio.get(), cert.get()));
2226 const uint8_t *der2;
2227 size_t der2_len;
2228 ASSERT_TRUE(BIO_mem_contents(mem_bio, &der2, &der2_len));
2229 EXPECT_EQ(Bytes(der, static_cast<size_t>(der_len)), Bytes(der2, der2_len));
2230
2231 // Read the certificate back out of the BIO. Though we only read one byte at a
2232 // time, the read should succeed.
2233 bssl::UniquePtr<X509> cert2(d2i_X509_bio(bio.get(), nullptr));
2234 ASSERT_TRUE(cert2);
2235 EXPECT_EQ(0, X509_cmp(cert.get(), cert2.get()));
2236 }
2237
TEST(X509Test,CommonNameFallback)2238 TEST(X509Test, CommonNameFallback) {
2239 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2240 ASSERT_TRUE(root);
2241 bssl::UniquePtr<X509> with_sans = CertFromPEM(kCommonNameWithSANs);
2242 ASSERT_TRUE(with_sans);
2243 bssl::UniquePtr<X509> without_sans = CertFromPEM(kCommonNameWithoutSANs);
2244 ASSERT_TRUE(without_sans);
2245 bssl::UniquePtr<X509> with_email = CertFromPEM(kCommonNameWithEmailSAN);
2246 ASSERT_TRUE(with_email);
2247 bssl::UniquePtr<X509> with_ip = CertFromPEM(kCommonNameWithIPSAN);
2248 ASSERT_TRUE(with_ip);
2249
2250 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2251 return Verify(
2252 leaf, {root.get()}, {}, {}, 0, false, [&](X509_VERIFY_PARAM *param) {
2253 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2254 X509_VERIFY_PARAM_set_hostflags(param, flags);
2255 });
2256 };
2257
2258 // By default, the common name is ignored if the SAN list is present but
2259 // otherwise is checked.
2260 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2261 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host1.test"));
2262 EXPECT_EQ(X509_V_OK,
2263 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host2.test"));
2264 EXPECT_EQ(X509_V_OK,
2265 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host3.test"));
2266 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(), 0 /* no flags */,
2267 "foo.host1.test"));
2268 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2269 verify_cert(with_email.get(), 0 /* no flags */, "foo.host1.test"));
2270 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2271 verify_cert(with_ip.get(), 0 /* no flags */, "foo.host1.test"));
2272
2273 // X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT is ignored.
2274 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2275 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2276 "foo.host1.test"));
2277 EXPECT_EQ(X509_V_OK,
2278 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2279 "foo.host2.test"));
2280 EXPECT_EQ(X509_V_OK,
2281 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2282 "foo.host3.test"));
2283 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(),
2284 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2285 "foo.host1.test"));
2286 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2287 verify_cert(with_email.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2288 "foo.host1.test"));
2289 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2290 verify_cert(with_ip.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2291 "foo.host1.test"));
2292
2293 // X509_CHECK_FLAG_NEVER_CHECK_SUBJECT implements the correct behavior: the
2294 // common name is never checked.
2295 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2296 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2297 "foo.host1.test"));
2298 EXPECT_EQ(X509_V_OK,
2299 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2300 "foo.host2.test"));
2301 EXPECT_EQ(X509_V_OK,
2302 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2303 "foo.host3.test"));
2304 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2305 verify_cert(without_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2306 "foo.host1.test"));
2307 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2308 verify_cert(with_email.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2309 "foo.host1.test"));
2310 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2311 verify_cert(with_ip.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2312 "foo.host1.test"));
2313 }
2314
TEST(X509Test,LooksLikeDNSName)2315 TEST(X509Test, LooksLikeDNSName) {
2316 static const char *kValid[] = {
2317 "example.com",
2318 "eXample123-.com",
2319 "*.example.com",
2320 "exa_mple.com",
2321 "example.com.",
2322 "project-dev:us-central1:main",
2323 };
2324 static const char *kInvalid[] = {
2325 "-eXample123-.com",
2326 "",
2327 ".",
2328 "*",
2329 "*.",
2330 "example..com",
2331 ".example.com",
2332 "example.com..",
2333 "*foo.example.com",
2334 "foo.*.example.com",
2335 "foo,bar",
2336 };
2337
2338 for (const char *str : kValid) {
2339 SCOPED_TRACE(str);
2340 EXPECT_TRUE(x509v3_looks_like_dns_name(
2341 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2342 }
2343 for (const char *str : kInvalid) {
2344 SCOPED_TRACE(str);
2345 EXPECT_FALSE(x509v3_looks_like_dns_name(
2346 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2347 }
2348 }
2349
TEST(X509Test,CommonNameAndNameConstraints)2350 TEST(X509Test, CommonNameAndNameConstraints) {
2351 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2352 ASSERT_TRUE(root);
2353 bssl::UniquePtr<X509> intermediate = CertFromPEM(kConstrainedIntermediate);
2354 ASSERT_TRUE(intermediate);
2355 bssl::UniquePtr<X509> permitted = CertFromPEM(kCommonNamePermittedLeaf);
2356 ASSERT_TRUE(permitted);
2357 bssl::UniquePtr<X509> not_permitted =
2358 CertFromPEM(kCommonNameNotPermittedLeaf);
2359 ASSERT_TRUE(not_permitted);
2360 bssl::UniquePtr<X509> not_permitted_with_sans =
2361 CertFromPEM(kCommonNameNotPermittedWithSANsLeaf);
2362 ASSERT_TRUE(not_permitted_with_sans);
2363 bssl::UniquePtr<X509> not_dns = CertFromPEM(kCommonNameNotDNSLeaf);
2364 ASSERT_TRUE(not_dns);
2365
2366 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2367 return Verify(
2368 leaf, {root.get()}, {intermediate.get()}, {}, 0, false,
2369 [&](X509_VERIFY_PARAM *param) {
2370 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2371 X509_VERIFY_PARAM_set_hostflags(param, flags);
2372 });
2373 };
2374
2375 // Certificates which would otherwise trigger the common name fallback are
2376 // rejected whenever there are name constraints. We do this whether or not
2377 // the common name matches the constraints.
2378 EXPECT_EQ(
2379 X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2380 verify_cert(permitted.get(), 0 /* no flags */, kCommonNamePermitted));
2381 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2382 verify_cert(not_permitted.get(), 0 /* no flags */,
2383 kCommonNameNotPermitted));
2384
2385 // This occurs even if the built-in name checks aren't used. The caller may
2386 // separately call |X509_check_host|.
2387 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2388 Verify(not_permitted.get(), {root.get()}, {intermediate.get()}, {},
2389 0 /* no flags */, false, nullptr));
2390
2391 // If the leaf certificate has SANs, the common name fallback is always
2392 // disabled, so the name constraints do not apply.
2393 EXPECT_EQ(X509_V_OK, Verify(not_permitted_with_sans.get(), {root.get()},
2394 {intermediate.get()}, {}, 0, false, nullptr));
2395 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2396 verify_cert(not_permitted_with_sans.get(), 0 /* no flags */,
2397 kCommonNameNotPermittedWithSANs));
2398
2399 // If the common name does not look like a DNS name, we apply neither name
2400 // constraints nor common name fallback.
2401 EXPECT_EQ(X509_V_OK, Verify(not_dns.get(), {root.get()}, {intermediate.get()},
2402 {}, 0, false, nullptr));
2403 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2404 verify_cert(not_dns.get(), 0 /* no flags */, kCommonNameNotDNS));
2405 }
2406
TEST(X509Test,ServerGatedCryptoEKUs)2407 TEST(X509Test, ServerGatedCryptoEKUs) {
2408 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2409 ASSERT_TRUE(root);
2410 bssl::UniquePtr<X509> ms_sgc = CertFromPEM(kMicrosoftSGCCert);
2411 ASSERT_TRUE(ms_sgc);
2412 bssl::UniquePtr<X509> ns_sgc = CertFromPEM(kNetscapeSGCCert);
2413 ASSERT_TRUE(ns_sgc);
2414 bssl::UniquePtr<X509> server_eku = CertFromPEM(kServerEKUCert);
2415 ASSERT_TRUE(server_eku);
2416 bssl::UniquePtr<X509> server_eku_plus_ms_sgc =
2417 CertFromPEM(kServerEKUPlusMicrosoftSGCCert);
2418 ASSERT_TRUE(server_eku_plus_ms_sgc);
2419 bssl::UniquePtr<X509> any_eku = CertFromPEM(kAnyEKU);
2420 ASSERT_TRUE(any_eku);
2421 bssl::UniquePtr<X509> no_eku = CertFromPEM(kNoEKU);
2422 ASSERT_TRUE(no_eku);
2423
2424 auto verify_cert = [&root](X509 *leaf) {
2425 return Verify(leaf, {root.get()}, /*intermediates=*/{}, /*crls=*/{},
2426 /*flags=*/0, /*use_additional_untrusted=*/false,
2427 [&](X509_VERIFY_PARAM *param) {
2428 ASSERT_TRUE(X509_VERIFY_PARAM_set_purpose(
2429 param, X509_PURPOSE_SSL_SERVER));
2430 });
2431 };
2432
2433 // Neither the Microsoft nor Netscape SGC EKU should be sufficient for
2434 // |X509_PURPOSE_SSL_SERVER|. The "any" EKU probably, technically, should be.
2435 // However, we've never accepted it and it's not acceptable in leaf
2436 // certificates by the Baseline, so perhaps we don't need this complexity.
2437 for (X509 *leaf : {ms_sgc.get(), ns_sgc.get(), any_eku.get()}) {
2438 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE, verify_cert(leaf));
2439 }
2440
2441 // The server-auth EKU is sufficient, and it doesn't matter if an SGC EKU is
2442 // also included. Lastly, not specifying an EKU is also valid.
2443 for (X509 *leaf : {server_eku.get(), server_eku_plus_ms_sgc.get(),
2444 no_eku.get()}) {
2445 EXPECT_EQ(X509_V_OK, verify_cert(leaf));
2446 }
2447 }
2448
2449 // Test that invalid extensions are rejected by, if not the parser, at least the
2450 // verifier.
TEST(X509Test,InvalidExtensions)2451 TEST(X509Test, InvalidExtensions) {
2452 bssl::UniquePtr<X509> root = CertFromPEM(
2453 GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str());
2454 ASSERT_TRUE(root);
2455 bssl::UniquePtr<X509> intermediate = CertFromPEM(
2456 GetTestData("crypto/x509/test/invalid_extension_intermediate.pem")
2457 .c_str());
2458 ASSERT_TRUE(intermediate);
2459 bssl::UniquePtr<X509> leaf = CertFromPEM(
2460 GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str());
2461 ASSERT_TRUE(leaf);
2462
2463 // Sanity-check that the baseline chain is accepted.
2464 EXPECT_EQ(X509_V_OK,
2465 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}));
2466
2467 static const char *kExtensions[] = {
2468 "authority_key_identifier",
2469 "basic_constraints",
2470 "ext_key_usage",
2471 "key_usage",
2472 "name_constraints",
2473 "subject_alt_name",
2474 "subject_key_identifier",
2475 };
2476 for (const char *ext : kExtensions) {
2477 SCOPED_TRACE(ext);
2478 bssl::UniquePtr<X509> invalid_root = CertFromPEM(
2479 GetTestData((std::string("crypto/x509/test/invalid_extension_root_") +
2480 ext + ".pem")
2481 .c_str())
2482 .c_str());
2483 ASSERT_TRUE(invalid_root);
2484
2485 bssl::UniquePtr<X509> invalid_intermediate = CertFromPEM(
2486 GetTestData(
2487 (std::string("crypto/x509/test/invalid_extension_intermediate_") +
2488 ext + ".pem")
2489 .c_str())
2490 .c_str());
2491 ASSERT_TRUE(invalid_intermediate);
2492
2493 bssl::UniquePtr<X509> invalid_leaf = CertFromPEM(
2494 GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") +
2495 ext + ".pem")
2496 .c_str())
2497 .c_str());
2498 ASSERT_TRUE(invalid_leaf);
2499
2500 EXPECT_EQ(
2501 X509_V_ERR_INVALID_EXTENSION,
2502 Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {}));
2503
2504 // If the invalid extension is on an intermediate or root,
2505 // |X509_verify_cert| notices by way of being unable to build a path to
2506 // a valid issuer.
2507 EXPECT_EQ(
2508 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
2509 Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {}));
2510 EXPECT_EQ(
2511 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
2512 Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {}));
2513 }
2514 }
2515
2516 // kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number
2517 // encoded explicitly, rather than omitted as required by DER.
2518 static const char kExplicitDefaultVersionPEM[] = R"(
2519 -----BEGIN CERTIFICATE-----
2520 MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2521 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2522 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2523 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2524 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2525 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2526 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2527 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2528 FA==
2529 -----END CERTIFICATE-----
2530 )";
2531
2532 // kNegativeVersionPEM is an X.509 certificate with a negative version number.
2533 static const char kNegativeVersionPEM[] = R"(
2534 -----BEGIN CERTIFICATE-----
2535 MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2536 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2537 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2538 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2539 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2540 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2541 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2542 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2543 FA==
2544 -----END CERTIFICATE-----
2545 )";
2546
2547 // kFutureVersionPEM is an X.509 certificate with a version number value of
2548 // three, which is not defined. (v3 has value two).
2549 static const char kFutureVersionPEM[] = R"(
2550 -----BEGIN CERTIFICATE-----
2551 MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2552 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2553 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2554 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2555 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2556 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2557 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2558 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2559 FA==
2560 -----END CERTIFICATE-----
2561 )";
2562
2563 // kOverflowVersionPEM is an X.509 certificate with a version field which
2564 // overflows |uint64_t|.
2565 static const char kOverflowVersionPEM[] = R"(
2566 -----BEGIN CERTIFICATE-----
2567 MIIBoDCCAUegJgIkAP//////////////////////////////////////////////
2568 AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
2569 U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X
2570 DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR
2571 BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
2572 IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX
2573 a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw
2574 CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd
2575 xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
2576 -----END CERTIFICATE-----
2577 )";
2578
2579 /*
2580
2581 Test cases disabled. TODO re-enable in Jan 2021.
2582 https://crbug.com/boringssl/375
2583
2584 // kV1WithExtensionsPEM is an X.509v1 certificate with extensions.
2585 static const char kV1WithExtensionsPEM[] = R"(
2586 -----BEGIN CERTIFICATE-----
2587 MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2588 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2589 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2590 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2591 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2592 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2593 lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud
2594 IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI
2595 zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe
2596 eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
2597 -----END CERTIFICATE-----
2598 )";
2599
2600 // kV2WithExtensionsPEM is an X.509v2 certificate with extensions.
2601 static const char kV2WithExtensionsPEM[] = R"(
2602 -----BEGIN CERTIFICATE-----
2603 MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2604 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2605 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2606 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2607 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2608 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2609 HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
2610 HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
2611 BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
2612 BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=
2613 -----END CERTIFICATE-----
2614 )";
2615 */
2616
2617 // kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
2618 static const char kV1WithIssuerUniqueIDPEM[] = R"(
2619 -----BEGIN CERTIFICATE-----
2620 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2621 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2622 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2623 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2624 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2625 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2626 lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
2627 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
2628 MlJhXnXJFA==
2629 -----END CERTIFICATE-----
2630 )";
2631
2632 // kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
2633 static const char kV1WithSubjectUniqueIDPEM[] = R"(
2634 -----BEGIN CERTIFICATE-----
2635 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2636 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2637 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2638 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2639 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2640 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2641 lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
2642 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
2643 MlJhXnXJFA==
2644 -----END CERTIFICATE-----
2645 )";
2646
2647 // Test that the X.509 parser enforces versions are valid and match the fields
2648 // present.
TEST(X509Test,InvalidVersion)2649 TEST(X509Test, InvalidVersion) {
2650 // kExplicitDefaultVersionPEM is invalid but, for now, we accept it. See
2651 // https://crbug.com/boringssl/364.
2652 EXPECT_TRUE(CertFromPEM(kExplicitDefaultVersionPEM));
2653
2654 EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM));
2655 EXPECT_FALSE(CertFromPEM(kFutureVersionPEM));
2656 EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM));
2657 // Test cases disabled. TODO re-enable in Jan 2021.
2658 // https://crbug.com/boringssl/375
2659 //EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
2660 //EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
2661 EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM));
2662 EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM));
2663 }
2664
2665 // Unlike upstream OpenSSL, we require a non-null store in
2666 // |X509_STORE_CTX_init|.
TEST(X509Test,NullStore)2667 TEST(X509Test, NullStore) {
2668 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
2669 ASSERT_TRUE(leaf);
2670 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
2671 ASSERT_TRUE(ctx);
2672 EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr));
2673 }
2674
TEST(X509Test,BasicConstraints)2675 TEST(X509Test, BasicConstraints) {
2676 const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID;
2677
2678 static const struct {
2679 const char *file;
2680 uint32_t flags;
2681 int path_len;
2682 } kTests[] = {
2683 {"basic_constraints_none.pem", 0, -1},
2684 {"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1},
2685 {"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0},
2686 {"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1},
2687 {"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10},
2688 {"basic_constraints_leaf.pem", EXFLAG_BCONS, -1},
2689 {"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1},
2690 };
2691
2692 for (const auto &test : kTests) {
2693 SCOPED_TRACE(test.file);
2694
2695 std::string path = "crypto/x509/test/";
2696 path += test.file;
2697
2698 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path.c_str()).c_str());
2699 ASSERT_TRUE(cert);
2700 EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask);
2701 EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get()));
2702 }
2703 }
2704
2705 // The following strings are test certificates signed by kP256Key and kRSAKey,
2706 // with missing, NULL, or invalid algorithm parameters.
2707 static const char kP256NoParam[] = R"(
2708 -----BEGIN CERTIFICATE-----
2709 MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
2710 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
2711 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
2712 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
2713 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy
2714 aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy
2715 gGzFYg==
2716 -----END CERTIFICATE-----
2717 )";
2718 static const char kP256NullParam[] = R"(
2719 -----BEGIN CERTIFICATE-----
2720 MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw
2721 IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl
2722 c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3
2723 qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw
2724 DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX
2725 UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r
2726 t6uPxHrmpUY=
2727 -----END CERTIFICATE-----
2728 )";
2729 static const char kP256InvalidParam[] = R"(
2730 -----BEGIN CERTIFICATE-----
2731 MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD
2732 EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD
2733 VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N
2734 lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L
2735 z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF
2736 AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y
2737 fLULTZnynuQUULQkRcF7S7T2WpIL
2738 -----END CERTIFICATE-----
2739 )";
2740 static const char kRSANoParam[] = R"(
2741 -----BEGIN CERTIFICATE-----
2742 MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg
2743 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
2744 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
2745 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
2746 MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh
2747 brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N
2748 l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY
2749 TWUH2ieFP3l+ecj1SeQR
2750 -----END CERTIFICATE-----
2751 )";
2752 static const char kRSANullParam[] = R"(
2753 -----BEGIN CERTIFICATE-----
2754 MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0
2755 MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU
2756 ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr
2757 t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ
2758 MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL
2759 fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy
2760 seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua
2761 SwmQUz4bRpckRBj+sIyp1We+pg==
2762 -----END CERTIFICATE-----
2763 )";
2764 static const char kRSAInvalidParam[] = R"(
2765 -----BEGIN CERTIFICATE-----
2766 MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE
2767 AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG
2768 A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e
2769 DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt
2770 S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB
2771 AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0
2772 4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8
2773 5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9
2774 -----END CERTIFICATE-----
2775 )";
2776
TEST(X509Test,AlgorithmParameters)2777 TEST(X509Test, AlgorithmParameters) {
2778 // P-256 parameters should be omitted, but we accept NULL ones.
2779 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
2780 ASSERT_TRUE(key);
2781
2782 bssl::UniquePtr<X509> cert = CertFromPEM(kP256NoParam);
2783 ASSERT_TRUE(cert);
2784 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
2785
2786 cert = CertFromPEM(kP256NullParam);
2787 ASSERT_TRUE(cert);
2788 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
2789
2790 cert = CertFromPEM(kP256InvalidParam);
2791 ASSERT_TRUE(cert);
2792 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
2793 uint32_t err = ERR_get_error();
2794 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
2795 EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
2796
2797 // RSA parameters should be NULL, but we accept omitted ones.
2798 key = PrivateKeyFromPEM(kRSAKey);
2799 ASSERT_TRUE(key);
2800
2801 cert = CertFromPEM(kRSANoParam);
2802 ASSERT_TRUE(cert);
2803 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
2804
2805 cert = CertFromPEM(kRSANullParam);
2806 ASSERT_TRUE(cert);
2807 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
2808
2809 cert = CertFromPEM(kRSAInvalidParam);
2810 ASSERT_TRUE(cert);
2811 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
2812 err = ERR_get_error();
2813 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
2814 EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
2815 }
2816
TEST(X509Test,GeneralName)2817 TEST(X509Test, GeneralName) {
2818 const std::vector<uint8_t> kNames[] = {
2819 // [0] {
2820 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2821 // [0] {
2822 // SEQUENCE {}
2823 // }
2824 // }
2825 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2826 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00},
2827 // [0] {
2828 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2829 // [0] {
2830 // [APPLICATION 0] {}
2831 // }
2832 // }
2833 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2834 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00},
2835 // [0] {
2836 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2837 // [0] {
2838 // UTF8String { "a" }
2839 // }
2840 // }
2841 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2842 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61},
2843 // [0] {
2844 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
2845 // [0] {
2846 // UTF8String { "a" }
2847 // }
2848 // }
2849 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2850 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61},
2851 // [0] {
2852 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2853 // [0] {
2854 // UTF8String { "b" }
2855 // }
2856 // }
2857 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2858 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62},
2859 // [0] {
2860 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2861 // [0] {
2862 // BOOLEAN { TRUE }
2863 // }
2864 // }
2865 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2866 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff},
2867 // [0] {
2868 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
2869 // [0] {
2870 // BOOLEAN { FALSE }
2871 // }
2872 // }
2873 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
2874 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00},
2875 // [1 PRIMITIVE] { "a" }
2876 {0x81, 0x01, 0x61},
2877 // [1 PRIMITIVE] { "b" }
2878 {0x81, 0x01, 0x62},
2879 // [2 PRIMITIVE] { "a" }
2880 {0x82, 0x01, 0x61},
2881 // [2 PRIMITIVE] { "b" }
2882 {0x82, 0x01, 0x62},
2883 // [4] {
2884 // SEQUENCE {
2885 // SET {
2886 // SEQUENCE {
2887 // # commonName
2888 // OBJECT_IDENTIFIER { 2.5.4.3 }
2889 // UTF8String { "a" }
2890 // }
2891 // }
2892 // }
2893 // }
2894 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
2895 0x03, 0x0c, 0x01, 0x61},
2896 // [4] {
2897 // SEQUENCE {
2898 // SET {
2899 // SEQUENCE {
2900 // # commonName
2901 // OBJECT_IDENTIFIER { 2.5.4.3 }
2902 // UTF8String { "b" }
2903 // }
2904 // }
2905 // }
2906 // }
2907 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
2908 0x03, 0x0c, 0x01, 0x62},
2909 // [5] {
2910 // [1] {
2911 // UTF8String { "a" }
2912 // }
2913 // }
2914 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61},
2915 // [5] {
2916 // [1] {
2917 // UTF8String { "b" }
2918 // }
2919 // }
2920 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62},
2921 // [5] {
2922 // [0] {
2923 // UTF8String {}
2924 // }
2925 // [1] {
2926 // UTF8String { "a" }
2927 // }
2928 // }
2929 {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61},
2930 // [5] {
2931 // [0] {
2932 // UTF8String { "a" }
2933 // }
2934 // [1] {
2935 // UTF8String { "a" }
2936 // }
2937 // }
2938 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61},
2939 // [5] {
2940 // [0] {
2941 // UTF8String { "b" }
2942 // }
2943 // [1] {
2944 // UTF8String { "a" }
2945 // }
2946 // }
2947 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61},
2948 // [6 PRIMITIVE] { "a" }
2949 {0x86, 0x01, 0x61},
2950 // [6 PRIMITIVE] { "b" }
2951 {0x86, 0x01, 0x62},
2952 // [7 PRIMITIVE] { `11111111` }
2953 {0x87, 0x04, 0x11, 0x11, 0x11, 0x11},
2954 // [7 PRIMITIVE] { `22222222`}
2955 {0x87, 0x04, 0x22, 0x22, 0x22, 0x22},
2956 // [7 PRIMITIVE] { `11111111111111111111111111111111` }
2957 {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
2958 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
2959 // [7 PRIMITIVE] { `22222222222222222222222222222222` }
2960 {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
2961 0x22, 0x22, 0x22, 0x22, 0x22, 0x22},
2962 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 }
2963 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
2964 0x09, 0x02, 0x01},
2965 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 }
2966 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
2967 0x09, 0x02, 0x02},
2968 };
2969
2970 // Every name should be equal to itself and not equal to any others.
2971 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) {
2972 SCOPED_TRACE(Bytes(kNames[i]));
2973
2974 const uint8_t *ptr = kNames[i].data();
2975 bssl::UniquePtr<GENERAL_NAME> a(
2976 d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size()));
2977 ASSERT_TRUE(a);
2978 ASSERT_EQ(ptr, kNames[i].data() + kNames[i].size());
2979
2980 for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) {
2981 SCOPED_TRACE(Bytes(kNames[j]));
2982
2983 ptr = kNames[j].data();
2984 bssl::UniquePtr<GENERAL_NAME> b(
2985 d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size()));
2986 ASSERT_TRUE(b);
2987 ASSERT_EQ(ptr, kNames[j].data() + kNames[j].size());
2988
2989 if (i == j) {
2990 EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0);
2991 } else {
2992 EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0);
2993 }
2994 }
2995 }
2996 }
2997