1 /* Copyright (c) 2016, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <algorithm>
16 #include <functional>
17 #include <string>
18 #include <vector>
19
20 #include <gtest/gtest.h>
21
22 #include <openssl/asn1.h>
23 #include <openssl/bio.h>
24 #include <openssl/bytestring.h>
25 #include <openssl/conf.h>
26 #include <openssl/crypto.h>
27 #include <openssl/curve25519.h>
28 #include <openssl/digest.h>
29 #include <openssl/err.h>
30 #include <openssl/nid.h>
31 #include <openssl/pem.h>
32 #include <openssl/pool.h>
33 #include <openssl/x509.h>
34 #include <openssl/x509v3.h>
35
36 #include "internal.h"
37 #include "../internal.h"
38 #include "../test/test_util.h"
39 #include "../x509v3/internal.h"
40
41 #if defined(OPENSSL_THREADS)
42 #include <thread>
43 #endif
44
45
46 std::string GetTestData(const char *path);
47
48 static const char kCrossSigningRootPEM[] = R"(
49 -----BEGIN CERTIFICATE-----
50 MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
51 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
52 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE
53 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
54 dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp
55 ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5
56 EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP
57 RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud
58 JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud
59 DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF
60 lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC
61 CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr
62 +3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3
63 YFXvkME=
64 -----END CERTIFICATE-----
65 )";
66
67 static const char kRootCAPEM[] = R"(
68 -----BEGIN CERTIFICATE-----
69 MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE
70 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx
71 MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU
72 RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
73 iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM
74 2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ
75 w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO
76 BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G
77 A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j
78 BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za
79 kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN
80 +9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2
81 kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ==
82 -----END CERTIFICATE-----
83 )";
84
85 static const char kRootCrossSignedPEM[] = R"(
86 -----BEGIN CERTIFICATE-----
87 MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
88 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
89 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE
90 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI
91 hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU
92 8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE
93 bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb
94 SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD
95 AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc
96 flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB
97 CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q
98 9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU
99 90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV
100 -----END CERTIFICATE-----
101 )";
102
103 static const char kIntermediatePEM[] = R"(
104 -----BEGIN CERTIFICATE-----
105 MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV
106 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw
107 MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg
108 VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB
109 AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl
110 blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu
111 CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID
112 AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
113 AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy
114 BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB
115 gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY
116 ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB
117 aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg==
118 -----END CERTIFICATE-----
119 )";
120
121 static const char kIntermediateSelfSignedPEM[] = R"(
122 -----BEGIN CERTIFICATE-----
123 MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
124 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
125 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv
126 cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ
127 KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX
128 jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS
129 JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N
130 WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF
131 BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2
132 211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
133 DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT
134 6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI
135 E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH
136 -----END CERTIFICATE-----
137 )";
138
139 static const char kLeafPEM[] = R"(
140 -----BEGIN CERTIFICATE-----
141 MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE
142 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg
143 Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y
144 aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3
145 DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c
146 oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j
147 5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh
148 TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
149 CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0
150 4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB
151 gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y
152 rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU
153 xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg==
154 -----END CERTIFICATE-----
155 )";
156
157 static const char kLeafNoKeyUsagePEM[] = R"(
158 -----BEGIN CERTIFICATE-----
159 MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
160 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
161 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv
162 cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G
163 CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp
164 ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk
165 j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ
166 YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1
167 27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN
168 AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe
169 6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D
170 uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk=
171 -----END CERTIFICATE-----
172 )";
173
174 static const char kForgeryPEM[] = R"(
175 -----BEGIN CERTIFICATE-----
176 MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE
177 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w
178 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv
179 cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf
180 MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy
181 xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm
182 0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3
183 OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
184 KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM
185 8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG
186 9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf
187 DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4
188 4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg==
189 -----END CERTIFICATE-----
190 )";
191
192 // kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters.
193 static const char kBadPSSCertPEM[] = R"(
194 -----BEGIN CERTIFICATE-----
195 MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
196 AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
197 VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
198 NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
199 ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
200 qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
201 IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
202 IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
203 dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
204 QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
205 5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
206 4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
207 Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
208 BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
209 xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
210 plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
211 DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
212 NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
213 lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
214 -----END CERTIFICATE-----
215 )";
216
217 static const char kRSAKey[] = R"(
218 -----BEGIN RSA PRIVATE KEY-----
219 MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92
220 kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF
221 KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB
222 AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe
223 i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+
224 WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ
225 m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj
226 QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk
227 aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj
228 LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk
229 104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/
230 tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd
231 moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==
232 -----END RSA PRIVATE KEY-----
233 )";
234
235 static const char kP256Key[] = R"(
236 -----BEGIN PRIVATE KEY-----
237 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ
238 TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N
239 Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB
240 -----END PRIVATE KEY-----
241 )";
242
243 // kCRLTestRoot is a test root certificate. It has private key:
244 //
245 // -----BEGIN RSA PRIVATE KEY-----
246 // MIIEpAIBAAKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3BS/dUBpbrzd1aeFzN
247 // lI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+5R/Du0iCb1tCZIPY
248 // 07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWpuRqO6rctN9qUoMlT
249 // IAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n8H922qmvPNA9idmX
250 // 9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbLP2o9orxGx7aCtnnB
251 // ZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABAoIBAQCJF9MTHfHGkk+/
252 // DwCXlA0Wg0e6hBuHl10iNobYkMWIl/xXjOknhYiqOqb181py76472SVC5ERprC+r
253 // Lf0PXzqKuA117mnkwT2bYLCL9Skf8WEhoFLQNbVlloF6wYjqXcYgKYKh8HgQbZl4
254 // aLg2YQl2NADTNABsUWj/4H2WEelsODVviqfFs725lFg9KHDI8zxAZXLzDt/M9uVL
255 // GxJiX12tr0AwaeAFZ1oPM/y+LznM3N3+Ht3jHHw3jZ/u8Z1RdAmdpu3bZ6tbwGBr
256 // 9edsH5rKkm9aBvMrY7eX5VHqaqyRNFyG152ZOJh4XiiFG7EmgTPCpaHo50Y018Re
257 // grVtk+FBAoGBANY3lY+V8ZOwMxSHes+kTnoimHO5Ob7nxrOC71i27x+4HHsYUeAr
258 // /zOOghiDIn+oNkuiX5CIOWZKx159Bp65CPpCbTb/fh+HYnSgXFgCw7XptycO7LXM
259 // 5GwR5jSfpfzBFdYxjxoUzDMFBwTEYRTm0HkUHkH+s+ajjw5wqqbcGLcfAoGBAMM8
260 // DKW6Tb66xsf708f0jonAjKYTLZ+WOcwsBEWSFHoY8dUjvW5gqx5acHTEsc5ZTeh4
261 // BCFLa+Mn9cuJWVJNs09k7Xb2PNl92HQ4GN2vbdkJhExbkT6oLDHg1hVD0w8KLfz1
262 // lTAW6pS+6CdOHMEJpvqx89EgU/1GgIQ1fXYczE75AoGAKeJoXdDFkUjsU+FBhAPu
263 // TDcjc80Nm2QaF9NMFR5/lsYa236f06MGnQAKM9zADBHJu/Qdl1brUjLg1HrBppsr
264 // RDNkw1IlSOjhuUf5hkPUHGd8Jijm440SRIcjabqla8wdBupdvo2+d2NOQgJbsQiI
265 // ToQ+fkzcxAXK3Nnuo/1436UCgYBjLH7UNOZHS8OsVM0I1r8NVKVdu4JCfeJQR8/H
266 // s2P5ffBir+wLRMnH+nMDreMQiibcPxMCArkERAlE4jlgaJ38Z62E76KLbLTmnJRt
267 // EC9Bv+bXjvAiHvWMRMUbOj/ddPNVez7Uld+FvdBaHwDWQlvzHzBWfBCOKSEhh7Z6
268 // qDhUqQKBgQDPMDx2i5rfmQp3imV9xUcCkIRsyYQVf8Eo7NV07IdUy/otmksgn4Zt
269 // Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM
270 // vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ==
271 // -----END RSA PRIVATE KEY-----
272 static const char kCRLTestRoot[] = R"(
273 -----BEGIN CERTIFICATE-----
274 MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV
275 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
276 aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0
277 MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
278 A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq
279 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B
280 S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+
281 5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp
282 uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n
283 8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL
284 P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw
285 TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3
286 N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
287 AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz
288 EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN
289 XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B
290 3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5
291 24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw
292 amd8GKMZQvP0ufGnUn7D7uartA==
293 -----END CERTIFICATE-----
294 )";
295
296 static const char kCRLTestLeaf[] = R"(
297 -----BEGIN CERTIFICATE-----
298 MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx
299 EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ
300 BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa
301 MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC
302 b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA
303 A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9
304 8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP
305 ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx
306 e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX
307 +saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu
308 OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC
309 MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
310 MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3
311 lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw
312 XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ
313 ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh
314 lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql
315 ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC
316 5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG
317 tjJMFw==
318 -----END CERTIFICATE-----
319 )";
320
321 static const char kBasicCRL[] = R"(
322 -----BEGIN X509 CRL-----
323 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
324 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
325 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
326 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
327 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
328 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
329 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
330 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
331 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
332 -----END X509 CRL-----
333 )";
334
335 static const char kRevokedCRL[] = R"(
336 -----BEGIN X509 CRL-----
337 MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
338 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
339 Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX
340 DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB
341 AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d
342 sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH
343 NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5
344 OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp
345 Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO
346 xzfKY2TzxLiOmctG0hXFkH5J
347 -----END X509 CRL-----
348 )";
349
350 static const char kBadIssuerCRL[] = R"(
351 -----BEGIN X509 CRL-----
352 MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE
353 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN
354 Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC
355 AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF
356 AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP
357 t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB
358 cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL
359 TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q
360 L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g
361 Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==
362 -----END X509 CRL-----
363 )";
364
365 // kKnownCriticalCRL is kBasicCRL but with a critical issuing distribution point
366 // extension.
367 static const char kKnownCriticalCRL[] = R"(
368 -----BEGIN X509 CRL-----
369 MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
370 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
371 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV
372 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq
373 3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs
374 kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs
375 fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN
376 xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h
377 6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP
378 9dMWxqhQlv23osLp
379 -----END X509 CRL-----
380 )";
381
382 // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
383 static const char kUnknownCriticalCRL[] = R"(
384 -----BEGIN X509 CRL-----
385 MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
386 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
387 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV
388 HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA
389 GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib
390 Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC
391 yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ
392 +wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC
393 nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB
394 kwzzU2rL3G65CrZ7H0SZsQ==
395 -----END X509 CRL-----
396 )";
397
398 // kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
399 // point extension followed by an unknown critical extension
400 static const char kUnknownCriticalCRL2[] = R"(
401 -----BEGIN X509 CRL-----
402 MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
403 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
404 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV
405 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G
406 CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO
407 myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq
408 5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4
409 tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN
410 KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne
411 YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi
412 -----END X509 CRL-----
413 )";
414
415 // kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing
416 // distribution point extension.
417 static const char kBadExtensionCRL[] = R"(
418 -----BEGIN X509 CRL-----
419 MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
420 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
421 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV
422 HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3
423 i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q
424 mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ
425 NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A
426 3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+
427 7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp
428 o/1TpfOMSGhMyMoyPrk=
429 -----END X509 CRL-----
430 )";
431
432 // kAlgorithmMismatchCRL is kBasicCRL but with mismatched AlgorithmIdentifiers
433 // in the outer structure and signed portion. The signature reflects the signed
434 // portion.
435 static const char kAlgorithmMismatchCRL[] = R"(
436 -----BEGIN X509 CRL-----
437 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
438 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
439 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
440 HRQEAwIBATANBgkqhkiG9w0BAQwFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
441 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
442 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
443 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
444 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
445 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
446 -----END X509 CRL-----
447 )";
448
449 // kAlgorithmMismatchCRL2 is kBasicCRL but with mismatched AlgorithmIdentifiers
450 // in the outer structure and signed portion. The signature reflects the outer
451 // structure.
452 static const char kAlgorithmMismatchCRL2[] = R"(
453 -----BEGIN X509 CRL-----
454 MIIBpzCBkAIBATANBgkqhkiG9w0BAQwFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
455 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
456 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
457 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAjCWtU7AK8nQ5TCFfzvbU04MWNuLp
458 iZfqapRSRyMta4pyRomK773rEmJmYOc/ZNeIphVOlupMgGC2wyv5Z/SD1mxccJbv
459 SlUWciwjskjgvyyU9KnJ5xPgf3e3Fl3G0u9yJEFd4mg6fRavs5pEDX56b0f+SkG+
460 Vl1FZU94Uylm2kCqk9fRpTxualPGP6dksj3Aitt4x2Vdni4sUfg9vIEEOx2jnisq
461 iLqpT94IdETCWAciE0dgbogdOOsNzMqSASfHM/XPigYLXpYgfaR8fca6OKDwFsVH
462 SrkFz8Se3F6mCHnbDzYElbmA46iKU2J12LTrso3Ewq/qHq0mebfp2z0y6g==
463 -----END X509 CRL-----
464 )";
465
466 // kEd25519Cert is a self-signed Ed25519 certificate.
467 static const char kEd25519Cert[] = R"(
468 -----BEGIN CERTIFICATE-----
469 MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET
470 MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
471 dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE
472 BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
473 ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj
474 Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD
475 VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr
476 ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL
477 r+VHVKUhsrvcdCelnXRrrSD7xWAL
478 -----END CERTIFICATE-----
479 )";
480
481 // kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in
482 // the signature algorithm.
483 static const char kEd25519CertNull[] = R"(
484 -----BEGIN CERTIFICATE-----
485 MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV
486 MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
487 IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD
488 VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg
489 V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa
490 piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf
491 BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG
492 AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr
493 recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw==
494 -----END CERTIFICATE-----
495 )";
496
497 // kX25519 is the example X25519 certificate from
498 // https://tools.ietf.org/html/rfc8410#section-10.2
499 static const char kX25519Cert[] = R"(
500 -----BEGIN CERTIFICATE-----
501 MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
502 N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
503 DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
504 ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
505 BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
506 /BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
507 w1AH9efZBw==
508 -----END CERTIFICATE-----
509 )";
510
511 // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
512 // contains SANS for example.com, test@example.com, 127.0.0.1, and
513 // https://example.com/. (The latter is useless for now since crypto/x509
514 // doesn't deal with URI SANs directly.)
515 static const char kSANTypesLeaf[] = R"(
516 -----BEGIN CERTIFICATE-----
517 MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV
518 BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw
519 MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx
520 FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
521 gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9
522 KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc
523 O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G
524 A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
525 VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS
526 gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0
527 QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG
528 9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf
529 dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk
530 jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw==
531 -----END CERTIFICATE-----
532 )";
533
534 // -----BEGIN RSA PRIVATE KEY-----
535 // MIICWwIBAAKBgQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+
536 // l3mYQPtPbRT9KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB
537 // 1NkrKyQjd1scO711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQAB
538 // AoGACwf7z0i1DxOI2zSwFimLghfyCSp8mgT3fbZ3Wj0SebYu6ZUffjceneM/AVrq
539 // gGYHYLOVHcWJqfkl7X3hPo9SDhzLx0mM545/q21ZWCwjhswH7WiCEqV2/zeDO9WU
540 // NIO1VU0VoLm0AQ7ZvwnyB+fpgF9kkkDtbBJW7XWrfNVtlnECQQD97YENpEJ3X1kj
541 // 3rrkrHWDkKAyoWWY1i8Fm7LnganC9Bv6AVwgn5ZlE/479aWHF8vbOFEA3pFPiNZJ
542 // t9FTCfpJAkEA3RCXjGI0Y6GALFLwEs+nL/XZAfJaIpJEZVLCVosYQOSaMS4SchfC
543 // GGYVquT7ZgKk9uvz89Fg87OtBMWS9lrkHwJADGkGLKeBhBoJ3kHtem2fVK3F1pOi
544 // xoR5SdnhNYVVyaxqjZ5xZTrHe+stOrr3uxGDqhQniVZXXb6/Ul0Egv1y2QJAVg/h
545 // kAujba4wIhFf2VLyOZ+yjil1ocPj0LZ5Zgvcs1bMGJ1hHP3W2HzVrqRaowoggui1
546 // HpTC891dXGA2qKYV7QJAFDmT2A7OVvh3y4AEgzVwHrDmCMwMHKjCIntS7fjxrJnF
547 // YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w==
548 // -----END RSA PRIVATE KEY-----
549
550 static const char kSANTypesRoot[] = R"(
551 -----BEGIN CERTIFICATE-----
552 MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE
553 ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw
554 MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ
555 MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/
556 EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy
557 SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J
558 1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/
559 BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E
560 BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3
561 1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f
562 c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH
563 bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms
564 d5YVX0c90VMnUhF/dlrqS9U=
565 -----END CERTIFICATE-----
566 )";
567
568 // -----BEGIN RSA PRIVATE KEY-----
569 // MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V
570 // Imi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2
571 // m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQAB
572 // AoGALEF5daZqc+aEsp8X1yky3nsoheyPL0kqSBWii33IFemZgKcSaRnAoqjPWWLS
573 // 8dHj0I/4rej2MW8iuezVSpDak9tK5boHORC3w4p/wifkizQkLt1DANxTVbzcKvrt
574 // aZ7LjVaKkhjRJbLddniowFHkkWVbUccjvzcUd7Y2VuLbAhECQQDq4FE88aHio8zg
575 // bxSd0PwjEFwLYQTR19u812SoR8PmR6ofIL+pDwOV+fVs+OGcAAOgkhIukOrksQ4A
576 // 1cKtnyhXAkEA/gRI+u3tZ7UE1twIkBfZ6IvCdRodkPqHAYIxMRLzL+MhyZt4MEGc
577 // Ngb/F6U9/WOBFnoR/PI7IwE3ejutzKcL+QJBAKh+6eilk7QKPETZi1m3/dmNt+p1
578 // 3EZJ65pqjwxmB3Rg/vs7vCMk4TarTdSyKu+F1xRPFfoP/mK3Xctdjj6NyhsCQAYF
579 // 7/0TOzfkUPMPUJyqFB6xgbDpJ55ScnUUsznoqx+NkTWInDb4t02IqO/UmT2y6FKy
580 // Hk8TJ1fTJY+ebqaVp3ECQApx9gQ+n0zIhx97FMUuiRse73xkcW4+pZ8nF+8DmeQL
581 // /JKuuFGmzkG+rUbXFmo/Zg2ozVplw71NnQJ4znPsf7A=
582 // -----END RSA PRIVATE KEY-----
583
584 // The following four certificates were generated with this Go program, varying
585 // |includeNetscapeExtension| and defining rootKeyPEM and rootCertPEM to be
586 // strings containing the kSANTypesRoot, above.
587
588 // package main
589
590 // import (
591 // "crypto/ecdsa"
592 // "crypto/elliptic"
593 // "crypto/rand"
594 // "crypto/x509"
595 // "crypto/x509/pkix"
596 // "encoding/asn1"
597 // "encoding/pem"
598 // "math/big"
599 // "os"
600 // "time"
601 // )
602
603 // const includeNetscapeExtension = true
604
605 // func main() {
606 // block, _ := pem.Decode([]byte(rootKeyPEM))
607 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
608 // block, _ = pem.Decode([]byte(rootCertPEM))
609 // root, _ := x509.ParseCertificate(block.Bytes)
610
611 // interTemplate := &x509.Certificate{
612 // SerialNumber: big.NewInt(2),
613 // Subject: pkix.Name{
614 // CommonName: "No Basic Constraints (Netscape)",
615 // },
616 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
617 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
618 // }
619
620 // if includeNetscapeExtension {
621 // interTemplate.ExtraExtensions = []pkix.Extension{
622 // pkix.Extension{
623 // Id: asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113730, 1, 1}),
624 // Value: []byte{0x03, 0x02, 2, 0x04},
625 // },
626 // }
627 // } else {
628 // interTemplate.KeyUsage = x509.KeyUsageCertSign
629 // }
630
631 // interKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
632
633 // interDER, err := x509.CreateCertificate(rand.Reader, interTemplate, root, &interKey.PublicKey, rootPriv)
634 // if err != nil {
635 // panic(err)
636 // }
637
638 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: interDER})
639
640 // inter, _ := x509.ParseCertificate(interDER)
641
642 // leafTemplate := &x509.Certificate{
643 // SerialNumber: big.NewInt(3),
644 // Subject: pkix.Name{
645 // CommonName: "Leaf from CA with no Basic Constraints",
646 // },
647 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
648 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
649 // BasicConstraintsValid: true,
650 // }
651 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
652
653 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, inter, &leafKey.PublicKey, interKey)
654 // if err != nil {
655 // panic(err)
656 // }
657
658 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
659 // }
660
661 // kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains
662 // certSign in the keyUsage.
663 static const char kNoBasicConstraintsCertSignIntermediate[] = R"(
664 -----BEGIN CERTIFICATE-----
665 MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
666 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
667 MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw
668 WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1
669 OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO
670 BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq
671 hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9
672 ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW
673 xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ==
674 -----END CERTIFICATE-----
675 )";
676
677 static const char kNoBasicConstraintsCertSignLeaf[] = R"(
678 -----BEGIN CERTIFICATE-----
679 MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj
680 IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx
681 MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50
682 czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB
683 w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO
684 MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o
685 eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24
686 Djy3Zw==
687 -----END CERTIFICATE-----
688 )";
689
690 // kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains
691 // a Netscape certificate-type extension that asserts a type of "SSL CA".
692 static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"(
693 -----BEGIN CERTIFICATE-----
694 MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
695 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
696 MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg
697 KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi
698 PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH
699 1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4
700 QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju
701 tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF
702 G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M
703 P9p6HuyLrmn0c/F0
704 -----END CERTIFICATE-----
705 )";
706
707 static const char kNoBasicConstraintsNetscapeCALeaf[] = R"(
708 -----BEGIN CERTIFICATE-----
709 MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp
710 YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw
711 MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp
712 YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2
713 tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q
714 DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh
715 aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj
716 XyPwWPbymSTpzKhB4xB7qQ==
717 -----END CERTIFICATE-----
718 )";
719
720 static const char kSelfSignedMismatchAlgorithms[] = R"(
721 -----BEGIN CERTIFICATE-----
722 MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV
723 BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3
724 MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH
725 DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
726 ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS
727 g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR
728 mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1
729 4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV
730 nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn
731 kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE//
732 i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q
733 H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb
734 8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv
735 gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD
736 THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw
737 UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h
738 upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
739 AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be
740 PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj
741 mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd
742 VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+
743 JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r
744 yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV
745 cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy
746 R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3
747 pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn
748 BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m
749 KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94=
750 -----END CERTIFICATE-----
751 )";
752
753 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
754 // *.host1.test as the common name and a SAN list of *.host2.test and
755 // foo.host3.test.
756 static const char kCommonNameWithSANs[] = R"(
757 -----BEGIN CERTIFICATE-----
758 MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
759 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
760 MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z
761 MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
762 AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07
763 zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
764 jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ
765 KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL
766 4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM
767 enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg=
768 -----END CERTIFICATE-----
769 )";
770
771 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
772 // *.host1.test as the common name and no SAN list.
773 static const char kCommonNameWithoutSANs[] = R"(
774 -----BEGIN CERTIFICATE-----
775 MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
776 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
777 MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT
778 QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB
779 BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE
780 0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+
781 VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5
782 4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2
783 +YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO
784 pFFXI2B5usgI
785 -----END CERTIFICATE-----
786 )";
787
788 // kCommonNameWithEmailSAN is a leaf certificate signed by kSANTypesRoot, with
789 // *.host1.test as the common name and the email address test@host2.test in the
790 // SAN list.
791 static const char kCommonNameWithEmailSAN[] = R"(
792 -----BEGIN CERTIFICATE-----
793 MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
794 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
795 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
796 zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs
797 8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/
798 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl
799 c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2
800 HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv
801 NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ
802 aet/mER21Z/9ZsTUoJQPJw==
803 -----END CERTIFICATE-----
804 )";
805
806 // kCommonNameWithIPSAN is a leaf certificate signed by kSANTypesRoot, with
807 // *.host1.test as the common name and the IP address 127.0.0.1 in the
808 // SAN list.
809 static const char kCommonNameWithIPSAN[] = R"(
810 -----BEGIN CERTIFICATE-----
811 MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
812 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
813 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
814 zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX
815 KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/
816 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A
817 AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO
818 DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju
819 mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU
820 D0+O6KI=
821 -----END CERTIFICATE-----
822 )";
823
824 // kConstrainedIntermediate is an intermediate signed by kSANTypesRoot, with
825 // permitted DNS names of permitted1.test and foo.permitted2.test and an
826 // excluded DNS name of excluded.permitted1.test. Its private key is:
827 //
828 // -----BEGIN PRIVATE KEY-----
829 // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTXUM4tJWM7OzATty
830 // JhNOfIv/d8heWFBeKOfMR+RfaROhRANCAASbbbWYiN6mn+BCpg4XNpibOH0D/DN4
831 // kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzKLY1y
832 // -----END PRIVATE KEY-----
833 static const char kConstrainedIntermediate[] = R"(
834 -----BEGIN CERTIFICATE-----
835 MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
836 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
837 MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl
838 cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X
839 NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK
840 LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc
841 flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv
842 by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw
843 DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI
844 9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6
845 cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz
846 UyM=
847 -----END CERTIFICATE-----
848 )";
849
850 // kCommonNamePermittedLeaf is a leaf certificate signed by
851 // kConstrainedIntermediate. Its common name is permitted by the name
852 // constraints.
853 static const char kCommonNamePermittedLeaf[] = R"(
854 -----BEGIN CERTIFICATE-----
855 MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
856 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
857 MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD
858 VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
859 QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc
860 emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD
861 AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY
862 yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ==
863 -----END CERTIFICATE-----
864 )";
865 static const char kCommonNamePermitted[] = "foo.permitted1.test";
866
867 // kCommonNameNotPermittedLeaf is a leaf certificate signed by
868 // kConstrainedIntermediate. Its common name is not permitted by the name
869 // constraints.
870 static const char kCommonNameNotPermittedLeaf[] = R"(
871 -----BEGIN CERTIFICATE-----
872 MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
873 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
874 MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb
875 MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
876 AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM
877 HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO
878 PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN
879 5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw==
880 -----END CERTIFICATE-----
881 )";
882 static const char kCommonNameNotPermitted[] = "not-permitted.test";
883
884 // kCommonNameNotPermittedWithSANsLeaf is a leaf certificate signed by
885 // kConstrainedIntermediate. Its common name is not permitted by the name
886 // constraints but it has a SAN list.
887 static const char kCommonNameNotPermittedWithSANsLeaf[] = R"(
888 -----BEGIN CERTIFICATE-----
889 MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
890 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
891 MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3
892 aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49
893 AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR
894 93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC
895 MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl
896 ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl
897 4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+
898 -----END CERTIFICATE-----
899 )";
900 static const char kCommonNameNotPermittedWithSANs[] = "not-permitted.test";
901
902 // kCommonNameNotDNSLeaf is a leaf certificate signed by
903 // kConstrainedIntermediate. Its common name is not a DNS name.
904 static const char kCommonNameNotDNSLeaf[] = R"(
905 -----BEGIN CERTIFICATE-----
906 MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
907 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
908 MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE
909 AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc
910 Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ
911 Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC
912 IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH
913 RHNlAkTK2TnUaVn3fGSylaLiFS1r
914 -----END CERTIFICATE-----
915 )";
916 static const char kCommonNameNotDNS[] = "Not a DNS name";
917
918 // The following six certificates are issued by |kSANTypesRoot| and have
919 // different extended key usage values. They were created with the following
920 // Go program:
921 //
922 // func main() {
923 // block, _ := pem.Decode([]byte(rootKeyPEM))
924 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
925 // block, _ = pem.Decode([]byte(rootCertPEM))
926 // root, _ := x509.ParseCertificate(block.Bytes)
927 //
928 // leafTemplate := &x509.Certificate{
929 // SerialNumber: big.NewInt(3),
930 // Subject: pkix.Name{
931 // CommonName: "EKU msSGC",
932 // },
933 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
934 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
935 // BasicConstraintsValid: true,
936 // ExtKeyUsage: []x509.ExtKeyUsage{FILL IN HERE},
937 // }
938 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
939 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, root, &leafKey.PublicKey, rootPriv)
940 // if err != nil {
941 // panic(err)
942 // }
943 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
944 // }
945
946 static const char kMicrosoftSGCCert[] = R"(
947 -----BEGIN CERTIFICATE-----
948 MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
949 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
950 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
951 AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2
952 mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK
953 KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U
954 BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I
955 rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe
956 aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0
957 cC4l0r/6jik=
958 -----END CERTIFICATE-----
959 )";
960
961 static const char kNetscapeSGCCert[] = R"(
962 -----BEGIN CERTIFICATE-----
963 MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
964 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
965 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
966 AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x
967 kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ
968 YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE
969 J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc
970 8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W
971 dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M
972 RQHX6HQJJg==
973 -----END CERTIFICATE-----
974 )";
975
976 static const char kServerEKUCert[] = R"(
977 -----BEGIN CERTIFICATE-----
978 MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
979 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
980 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
981 AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ
982 SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI
983 KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
984 jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL
985 iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I
986 6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP
987 2hoEMdz2
988 -----END CERTIFICATE-----
989 )";
990
991 static const char kServerEKUPlusMicrosoftSGCCert[] = R"(
992 -----BEGIN CERTIFICATE-----
993 MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
994 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
995 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
996 AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z
997 ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI
998 KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA
999 N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS
1000 SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa
1001 KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H
1002 5V9oXd1bodEqVsOZ/mur24Ku
1003 -----END CERTIFICATE-----
1004 )";
1005
1006 static const char kAnyEKU[] = R"(
1007 -----BEGIN CERTIFICATE-----
1008 MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1009 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1010 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1011 AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu
1012 1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE
1013 VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw
1014 DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq
1015 uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3
1016 /OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz
1017 L6A=
1018 -----END CERTIFICATE-----
1019 )";
1020
1021 static const char kNoEKU[] = R"(
1022 -----BEGIN CERTIFICATE-----
1023 MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1024 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1025 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1026 AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz
1027 KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw
1028 ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB
1029 AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF
1030 T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3
1031 TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2
1032 -----END CERTIFICATE-----
1033 )";
1034
1035 // CertFromPEM parses the given, NUL-terminated PEM block and returns an
1036 // |X509*|.
CertFromPEM(const char * pem)1037 static bssl::UniquePtr<X509> CertFromPEM(const char *pem) {
1038 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1039 return bssl::UniquePtr<X509>(
1040 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1041 }
1042
1043 // CRLFromPEM parses the given, NUL-terminated PEM block and returns an
1044 // |X509_CRL*|.
CRLFromPEM(const char * pem)1045 static bssl::UniquePtr<X509_CRL> CRLFromPEM(const char *pem) {
1046 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1047 return bssl::UniquePtr<X509_CRL>(
1048 PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
1049 }
1050
1051 // CSRFromPEM parses the given, NUL-terminated PEM block and returns an
1052 // |X509_REQ*|.
CSRFromPEM(const char * pem)1053 static bssl::UniquePtr<X509_REQ> CSRFromPEM(const char *pem) {
1054 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1055 return bssl::UniquePtr<X509_REQ>(
1056 PEM_read_bio_X509_REQ(bio.get(), nullptr, nullptr, nullptr));
1057 }
1058
1059 // PrivateKeyFromPEM parses the given, NUL-terminated PEM block and returns an
1060 // |EVP_PKEY*|.
PrivateKeyFromPEM(const char * pem)1061 static bssl::UniquePtr<EVP_PKEY> PrivateKeyFromPEM(const char *pem) {
1062 bssl::UniquePtr<BIO> bio(
1063 BIO_new_mem_buf(const_cast<char *>(pem), strlen(pem)));
1064 return bssl::UniquePtr<EVP_PKEY>(
1065 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1066 }
1067
1068 // CertsToStack converts a vector of |X509*| to an OpenSSL STACK_OF(X509),
1069 // bumping the reference counts for each certificate in question.
CertsToStack(const std::vector<X509 * > & certs)1070 static bssl::UniquePtr<STACK_OF(X509)> CertsToStack(
1071 const std::vector<X509 *> &certs) {
1072 bssl::UniquePtr<STACK_OF(X509)> stack(sk_X509_new_null());
1073 if (!stack) {
1074 return nullptr;
1075 }
1076 for (auto cert : certs) {
1077 if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) {
1078 return nullptr;
1079 }
1080 }
1081
1082 return stack;
1083 }
1084
1085 // CRLsToStack converts a vector of |X509_CRL*| to an OpenSSL
1086 // STACK_OF(X509_CRL), bumping the reference counts for each CRL in question.
CRLsToStack(const std::vector<X509_CRL * > & crls)1087 static bssl::UniquePtr<STACK_OF(X509_CRL)> CRLsToStack(
1088 const std::vector<X509_CRL *> &crls) {
1089 bssl::UniquePtr<STACK_OF(X509_CRL)> stack(sk_X509_CRL_new_null());
1090 if (!stack) {
1091 return nullptr;
1092 }
1093 for (auto crl : crls) {
1094 if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) {
1095 return nullptr;
1096 }
1097 }
1098
1099 return stack;
1100 }
1101
1102 static const int64_t kReferenceTime = 1474934400 /* Sep 27th, 2016 */;
1103
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags=0,std::function<void (X509_VERIFY_PARAM *)> configure_callback=nullptr)1104 static int Verify(
1105 X509 *leaf, const std::vector<X509 *> &roots,
1106 const std::vector<X509 *> &intermediates,
1107 const std::vector<X509_CRL *> &crls, unsigned long flags = 0,
1108 std::function<void(X509_VERIFY_PARAM *)> configure_callback = nullptr) {
1109 bssl::UniquePtr<STACK_OF(X509)> roots_stack(CertsToStack(roots));
1110 bssl::UniquePtr<STACK_OF(X509)> intermediates_stack(
1111 CertsToStack(intermediates));
1112 bssl::UniquePtr<STACK_OF(X509_CRL)> crls_stack(CRLsToStack(crls));
1113
1114 if (!roots_stack ||
1115 !intermediates_stack ||
1116 !crls_stack) {
1117 return X509_V_ERR_UNSPECIFIED;
1118 }
1119
1120 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
1121 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
1122 if (!ctx ||
1123 !store) {
1124 return X509_V_ERR_UNSPECIFIED;
1125 }
1126
1127 if (!X509_STORE_CTX_init(ctx.get(), store.get(), leaf,
1128 intermediates_stack.get())) {
1129 return X509_V_ERR_UNSPECIFIED;
1130 }
1131
1132 X509_STORE_CTX_set0_trusted_stack(ctx.get(), roots_stack.get());
1133 X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());
1134
1135 X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx.get());
1136 X509_VERIFY_PARAM_set_time_posix(param, kReferenceTime);
1137 if (configure_callback) {
1138 configure_callback(param);
1139 }
1140 if (flags) {
1141 X509_VERIFY_PARAM_set_flags(param, flags);
1142 }
1143
1144 ERR_clear_error();
1145 if (X509_verify_cert(ctx.get()) != 1) {
1146 return X509_STORE_CTX_get_error(ctx.get());
1147 }
1148
1149 return X509_V_OK;
1150 }
1151
TEST(X509Test,TestVerify)1152 TEST(X509Test, TestVerify) {
1153 // cross_signing_root
1154 // |
1155 // root_cross_signed root
1156 // \ /
1157 // intermediate
1158 // | |
1159 // leaf leaf_no_key_usage
1160 // |
1161 // forgery
1162 bssl::UniquePtr<X509> cross_signing_root(CertFromPEM(kCrossSigningRootPEM));
1163 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1164 bssl::UniquePtr<X509> root_cross_signed(CertFromPEM(kRootCrossSignedPEM));
1165 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1166 bssl::UniquePtr<X509> intermediate_self_signed(
1167 CertFromPEM(kIntermediateSelfSignedPEM));
1168 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1169 bssl::UniquePtr<X509> leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM));
1170 bssl::UniquePtr<X509> forgery(CertFromPEM(kForgeryPEM));
1171
1172 ASSERT_TRUE(cross_signing_root);
1173 ASSERT_TRUE(root);
1174 ASSERT_TRUE(root_cross_signed);
1175 ASSERT_TRUE(intermediate);
1176 ASSERT_TRUE(intermediate_self_signed);
1177 ASSERT_TRUE(leaf);
1178 ASSERT_TRUE(forgery);
1179 ASSERT_TRUE(leaf_no_key_usage);
1180
1181 // Most of these tests work with or without |X509_V_FLAG_TRUSTED_FIRST|,
1182 // though in different ways.
1183 for (bool trusted_first : {true, false}) {
1184 SCOPED_TRACE(trusted_first);
1185 std::function<void(X509_VERIFY_PARAM *)> configure_callback;
1186 if (!trusted_first) {
1187 // Note we need the callback to clear the flag. Setting |flags| to zero
1188 // only skips setting new flags.
1189 configure_callback = [&](X509_VERIFY_PARAM *param) {
1190 X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST);
1191 };
1192 }
1193
1194 // No trust anchors configured.
1195 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1196 Verify(leaf.get(), /*roots=*/{}, /*intermediates=*/{},
1197 /*crls=*/{}, /*flags=*/0, configure_callback));
1198 ASSERT_EQ(
1199 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1200 Verify(leaf.get(), /*roots=*/{}, {intermediate.get()}, /*crls=*/{},
1201 /*flags=*/0, configure_callback));
1202
1203 // Each chain works individually.
1204 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
1205 /*crls=*/{}, /*flags=*/0, configure_callback));
1206 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {cross_signing_root.get()},
1207 {intermediate.get(), root_cross_signed.get()},
1208 /*crls=*/{}, /*flags=*/0, configure_callback));
1209
1210 // When both roots are available, we pick one or the other.
1211 ASSERT_EQ(X509_V_OK,
1212 Verify(leaf.get(), {cross_signing_root.get(), root.get()},
1213 {intermediate.get(), root_cross_signed.get()}, /*crls=*/{},
1214 /*flags=*/0, configure_callback));
1215
1216 // This is the “altchains” test – we remove the cross-signing CA but include
1217 // the cross-sign in the intermediates. With |trusted_first|, we
1218 // preferentially stop path-building at |intermediate|. Without
1219 // |trusted_first|, the "altchains" logic repairs it.
1220 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()},
1221 {intermediate.get(), root_cross_signed.get()},
1222 /*crls=*/{}, /*flags=*/0, configure_callback));
1223
1224 // If |X509_V_FLAG_NO_ALT_CHAINS| is set and |trusted_first| is disabled, we
1225 // get stuck on |root_cross_signed|. If either feature is enabled, we can
1226 // build the path.
1227 //
1228 // This test exists to confirm our current behavior, but these modes are
1229 // just workarounds for not having an actual path-building verifier. If we
1230 // fix it, this test can be removed.
1231 ASSERT_EQ(trusted_first ? X509_V_OK
1232 : X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1233 Verify(leaf.get(), {root.get()},
1234 {intermediate.get(), root_cross_signed.get()}, /*crls=*/{},
1235 /*flags=*/X509_V_FLAG_NO_ALT_CHAINS, configure_callback));
1236
1237 // |forgery| is signed by |leaf_no_key_usage|, but is rejected because the
1238 // leaf is not a CA.
1239 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1240 Verify(forgery.get(), {intermediate_self_signed.get()},
1241 {leaf_no_key_usage.get()}, /*crls=*/{}, /*flags=*/0,
1242 configure_callback));
1243
1244 // Test that one cannot skip Basic Constraints checking with a contorted set
1245 // of roots and intermediates. This is a regression test for CVE-2015-1793.
1246 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1247 Verify(forgery.get(),
1248 {intermediate_self_signed.get(), root_cross_signed.get()},
1249 {leaf_no_key_usage.get(), intermediate.get()}, /*crls=*/{},
1250 /*flags=*/0, configure_callback));
1251 }
1252 }
1253
1254 #if defined(OPENSSL_THREADS)
1255 // Verifying the same |X509| objects on two threads should be safe.
TEST(X509Test,VerifyThreads)1256 TEST(X509Test, VerifyThreads) {
1257 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1258 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1259 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1260 ASSERT_TRUE(root);
1261 ASSERT_TRUE(intermediate);
1262 ASSERT_TRUE(leaf);
1263
1264 const size_t kNumThreads = 10;
1265 std::vector<std::thread> threads;
1266 for (size_t i = 0; i < kNumThreads; i++) {
1267 threads.emplace_back([&] {
1268 EXPECT_EQ(X509_V_OK,
1269 Verify(leaf.get(), {root.get()}, {intermediate.get()},
1270 /*crls=*/{}));
1271 });
1272 }
1273 for (auto &thread : threads) {
1274 thread.join();
1275 }
1276 }
1277 #endif // OPENSSL_THREADS
1278
1279 static const char kHostname[] = "example.com";
1280 static const char kWrongHostname[] = "example2.com";
1281 static const char kEmail[] = "test@example.com";
1282 static const char kWrongEmail[] = "test2@example.com";
1283 static const uint8_t kIP[4] = {127, 0, 0, 1};
1284 static const uint8_t kWrongIP[4] = {127, 0, 0, 2};
1285 static const char kIPString[] = "127.0.0.1";
1286 static const char kWrongIPString[] = "127.0.0.2";
1287
TEST(X509Test,ZeroLengthsWithX509PARAM)1288 TEST(X509Test, ZeroLengthsWithX509PARAM) {
1289 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1290 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
1291 ASSERT_TRUE(leaf);
1292 ASSERT_TRUE(root);
1293
1294 std::vector<X509_CRL *> empty_crls;
1295
1296 struct X509Test {
1297 const char *correct_value;
1298 size_t correct_value_len;
1299 const char *incorrect_value;
1300 size_t incorrect_value_len;
1301 int (*func)(X509_VERIFY_PARAM *, const char *, size_t);
1302 int mismatch_error;
1303 };
1304 const std::vector<X509Test> kTests = {
1305 {kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
1306 X509_VERIFY_PARAM_set1_host, X509_V_ERR_HOSTNAME_MISMATCH},
1307 {kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
1308 X509_VERIFY_PARAM_set1_email, X509_V_ERR_EMAIL_MISMATCH},
1309 };
1310
1311 for (size_t i = 0; i < kTests.size(); i++) {
1312 SCOPED_TRACE(i);
1313 const X509Test &test = kTests[i];
1314
1315 // The correct value should work.
1316 ASSERT_EQ(X509_V_OK,
1317 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1318 [&test](X509_VERIFY_PARAM *param) {
1319 ASSERT_TRUE(test.func(param, test.correct_value,
1320 test.correct_value_len));
1321 }));
1322
1323 // The wrong value should trigger a verification error.
1324 ASSERT_EQ(test.mismatch_error,
1325 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1326 [&test](X509_VERIFY_PARAM *param) {
1327 ASSERT_TRUE(test.func(param, test.incorrect_value,
1328 test.incorrect_value_len));
1329 }));
1330
1331 // Passing zero as the length, unlike OpenSSL, should trigger an error and
1332 // should cause verification to fail.
1333 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1334 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1335 [&test](X509_VERIFY_PARAM *param) {
1336 ASSERT_FALSE(test.func(param, test.correct_value, 0));
1337 }));
1338
1339 // Passing an empty value should be an error when setting and should cause
1340 // verification to fail.
1341 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1342 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1343 [&test](X509_VERIFY_PARAM *param) {
1344 ASSERT_FALSE(test.func(param, nullptr, 0));
1345 }));
1346
1347 // Passing a value with embedded NULs should also be an error and should
1348 // also cause verification to fail.
1349 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1350 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1351 [&test](X509_VERIFY_PARAM *param) {
1352 ASSERT_FALSE(test.func(param, "a", 2));
1353 }));
1354 }
1355
1356 // IP addresses work slightly differently:
1357
1358 // The correct value should still work.
1359 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1360 [](X509_VERIFY_PARAM *param) {
1361 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(
1362 param, kIP, sizeof(kIP)));
1363 }));
1364
1365 // Incorrect values should still fail.
1366 ASSERT_EQ(X509_V_ERR_IP_ADDRESS_MISMATCH,
1367 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1368 [](X509_VERIFY_PARAM *param) {
1369 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(param, kWrongIP,
1370 sizeof(kWrongIP)));
1371 }));
1372
1373 // Zero length values should trigger an error when setting and cause
1374 // verification to always fail.
1375 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1376 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1377 [](X509_VERIFY_PARAM *param) {
1378 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, kIP, 0));
1379 }));
1380
1381 // ... and so should NULL values.
1382 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1383 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1384 [](X509_VERIFY_PARAM *param) {
1385 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, nullptr, 0));
1386 }));
1387
1388 // Zero bytes in an IP address are, of course, fine. This is tested above
1389 // because |kIP| contains zeros.
1390 }
1391
TEST(X509Test,ZeroLengthsWithCheckFunctions)1392 TEST(X509Test, ZeroLengthsWithCheckFunctions) {
1393 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1394 ASSERT_TRUE(leaf);
1395
1396 EXPECT_EQ(
1397 1, X509_check_host(leaf.get(), kHostname, strlen(kHostname), 0, nullptr));
1398 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname,
1399 strlen(kWrongHostname), 0, nullptr));
1400
1401 EXPECT_EQ(1, X509_check_email(leaf.get(), kEmail, strlen(kEmail), 0));
1402 EXPECT_NE(1,
1403 X509_check_email(leaf.get(), kWrongEmail, strlen(kWrongEmail), 0));
1404
1405 EXPECT_EQ(1, X509_check_ip(leaf.get(), kIP, sizeof(kIP), 0));
1406 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, sizeof(kWrongIP), 0));
1407
1408 EXPECT_EQ(1, X509_check_ip_asc(leaf.get(), kIPString, 0));
1409 EXPECT_NE(1, X509_check_ip_asc(leaf.get(), kWrongIPString, 0));
1410
1411 // OpenSSL supports passing zero as the length for host and email. We do not
1412 // and it should always fail.
1413 EXPECT_NE(1, X509_check_host(leaf.get(), kHostname, 0, 0, nullptr));
1414 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname, 0, 0, nullptr));
1415
1416 EXPECT_NE(1, X509_check_email(leaf.get(), kEmail, 0, 0));
1417 EXPECT_NE(1, X509_check_email(leaf.get(), kWrongEmail, 0, 0));
1418
1419 EXPECT_NE(1, X509_check_ip(leaf.get(), kIP, 0, 0));
1420 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, 0, 0));
1421
1422 // Unlike all the other functions, |X509_check_ip_asc| doesn't take a length,
1423 // so it cannot be zero.
1424 }
1425
TEST(X509Test,TestCRL)1426 TEST(X509Test, TestCRL) {
1427 bssl::UniquePtr<X509> root(CertFromPEM(kCRLTestRoot));
1428 bssl::UniquePtr<X509> leaf(CertFromPEM(kCRLTestLeaf));
1429 bssl::UniquePtr<X509_CRL> basic_crl(CRLFromPEM(kBasicCRL));
1430 bssl::UniquePtr<X509_CRL> revoked_crl(CRLFromPEM(kRevokedCRL));
1431 bssl::UniquePtr<X509_CRL> bad_issuer_crl(CRLFromPEM(kBadIssuerCRL));
1432 bssl::UniquePtr<X509_CRL> known_critical_crl(CRLFromPEM(kKnownCriticalCRL));
1433 bssl::UniquePtr<X509_CRL> unknown_critical_crl(
1434 CRLFromPEM(kUnknownCriticalCRL));
1435 bssl::UniquePtr<X509_CRL> unknown_critical_crl2(
1436 CRLFromPEM(kUnknownCriticalCRL2));
1437 bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl(
1438 CRLFromPEM(kAlgorithmMismatchCRL));
1439 bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl2(
1440 CRLFromPEM(kAlgorithmMismatchCRL2));
1441
1442 ASSERT_TRUE(root);
1443 ASSERT_TRUE(leaf);
1444 ASSERT_TRUE(basic_crl);
1445 ASSERT_TRUE(revoked_crl);
1446 ASSERT_TRUE(bad_issuer_crl);
1447 ASSERT_TRUE(known_critical_crl);
1448 ASSERT_TRUE(unknown_critical_crl);
1449 ASSERT_TRUE(unknown_critical_crl2);
1450 ASSERT_TRUE(algorithm_mismatch_crl);
1451 ASSERT_TRUE(algorithm_mismatch_crl2);
1452
1453 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {root.get()},
1454 {basic_crl.get()}, X509_V_FLAG_CRL_CHECK));
1455 EXPECT_EQ(
1456 X509_V_ERR_CERT_REVOKED,
1457 Verify(leaf.get(), {root.get()}, {root.get()},
1458 {basic_crl.get(), revoked_crl.get()}, X509_V_FLAG_CRL_CHECK));
1459
1460 std::vector<X509_CRL *> empty_crls;
1461 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1462 Verify(leaf.get(), {root.get()}, {root.get()}, empty_crls,
1463 X509_V_FLAG_CRL_CHECK));
1464 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1465 Verify(leaf.get(), {root.get()}, {root.get()},
1466 {bad_issuer_crl.get()}, X509_V_FLAG_CRL_CHECK));
1467 EXPECT_EQ(X509_V_OK,
1468 Verify(leaf.get(), {root.get()}, {root.get()},
1469 {known_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1470 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1471 Verify(leaf.get(), {root.get()}, {root.get()},
1472 {unknown_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1473 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1474 Verify(leaf.get(), {root.get()}, {root.get()},
1475 {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1476 EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
1477 Verify(leaf.get(), {root.get()}, {root.get()},
1478 {algorithm_mismatch_crl.get()}, X509_V_FLAG_CRL_CHECK));
1479 EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
1480 Verify(leaf.get(), {root.get()}, {root.get()},
1481 {algorithm_mismatch_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1482
1483 // The CRL is valid for a month.
1484 EXPECT_EQ(X509_V_ERR_CRL_HAS_EXPIRED,
1485 Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
1486 X509_V_FLAG_CRL_CHECK, [](X509_VERIFY_PARAM *param) {
1487 X509_VERIFY_PARAM_set_time_posix(
1488 param, kReferenceTime + 2 * 30 * 24 * 3600);
1489 }));
1490
1491 // X509_V_FLAG_NO_CHECK_TIME suppresses the validity check.
1492 EXPECT_EQ(X509_V_OK,
1493 Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
1494 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_NO_CHECK_TIME,
1495 [](X509_VERIFY_PARAM *param) {
1496 X509_VERIFY_PARAM_set_time_posix(
1497 param, kReferenceTime + 2 * 30 * 24 * 3600);
1498 }));
1499
1500 // Parsing kBadExtensionCRL should fail.
1501 EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
1502 }
1503
TEST(X509Test,ManyNamesAndConstraints)1504 TEST(X509Test, ManyNamesAndConstraints) {
1505 bssl::UniquePtr<X509> many_constraints(CertFromPEM(
1506 GetTestData("crypto/x509/test/many_constraints.pem").c_str()));
1507 ASSERT_TRUE(many_constraints);
1508 bssl::UniquePtr<X509> many_names1(
1509 CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str()));
1510 ASSERT_TRUE(many_names1);
1511 bssl::UniquePtr<X509> many_names2(
1512 CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str()));
1513 ASSERT_TRUE(many_names2);
1514 bssl::UniquePtr<X509> many_names3(
1515 CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str()));
1516 ASSERT_TRUE(many_names3);
1517 bssl::UniquePtr<X509> some_names1(
1518 CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str()));
1519 ASSERT_TRUE(some_names1);
1520 bssl::UniquePtr<X509> some_names2(
1521 CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str()));
1522 ASSERT_TRUE(some_names2);
1523 bssl::UniquePtr<X509> some_names3(
1524 CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str()));
1525 ASSERT_TRUE(some_names3);
1526
1527 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1528 Verify(many_names1.get(), {many_constraints.get()},
1529 {many_constraints.get()}, {}));
1530 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1531 Verify(many_names2.get(), {many_constraints.get()},
1532 {many_constraints.get()}, {}));
1533 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1534 Verify(many_names3.get(), {many_constraints.get()},
1535 {many_constraints.get()}, {}));
1536
1537 EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
1538 {many_constraints.get()}, {}));
1539 EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
1540 {many_constraints.get()}, {}));
1541 EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
1542 {many_constraints.get()}, {}));
1543 }
1544
MakeGeneralName(int type,const std::string & value)1545 static bssl::UniquePtr<GENERAL_NAME> MakeGeneralName(int type,
1546 const std::string &value) {
1547 if (type != GEN_EMAIL && type != GEN_DNS && type != GEN_URI) {
1548 // This function only supports the IA5String types.
1549 return nullptr;
1550 }
1551 bssl::UniquePtr<ASN1_IA5STRING> str(ASN1_IA5STRING_new());
1552 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
1553 if (!str || !name ||
1554 !ASN1_STRING_set(str.get(), value.data(), value.size())) {
1555 return nullptr;
1556 }
1557
1558 name->type = type;
1559 name->d.ia5 = str.release();
1560 return name;
1561 }
1562
MakeTestCert(const char * issuer,const char * subject,EVP_PKEY * key,bool is_ca)1563 static bssl::UniquePtr<X509> MakeTestCert(const char *issuer,
1564 const char *subject, EVP_PKEY *key,
1565 bool is_ca) {
1566 bssl::UniquePtr<X509> cert(X509_new());
1567 if (!cert || //
1568 !X509_set_version(cert.get(), X509_VERSION_3) ||
1569 !X509_NAME_add_entry_by_txt(
1570 X509_get_issuer_name(cert.get()), "CN", MBSTRING_UTF8,
1571 reinterpret_cast<const uint8_t *>(issuer), -1, -1, 0) ||
1572 !X509_NAME_add_entry_by_txt(
1573 X509_get_subject_name(cert.get()), "CN", MBSTRING_UTF8,
1574 reinterpret_cast<const uint8_t *>(subject), -1, -1, 0) ||
1575 !X509_set_pubkey(cert.get(), key) ||
1576 !ASN1_TIME_adj(X509_getm_notBefore(cert.get()), kReferenceTime, -1, 0) ||
1577 !ASN1_TIME_adj(X509_getm_notAfter(cert.get()), kReferenceTime, 1, 0)) {
1578 return nullptr;
1579 }
1580 bssl::UniquePtr<BASIC_CONSTRAINTS> bc(BASIC_CONSTRAINTS_new());
1581 if (!bc) {
1582 return nullptr;
1583 }
1584 bc->ca = is_ca ? 0xff : 0x00;
1585 if (!X509_add1_ext_i2d(cert.get(), NID_basic_constraints, bc.get(),
1586 /*crit=*/1, /*flags=*/0)) {
1587 return nullptr;
1588 }
1589 return cert;
1590 }
1591
TEST(X509Test,NameConstraints)1592 TEST(X509Test, NameConstraints) {
1593 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
1594 ASSERT_TRUE(key);
1595
1596 const struct {
1597 int type;
1598 std::string name;
1599 std::string constraint;
1600 int result;
1601 } kTests[] = {
1602 // Empty string matches everything.
1603 {GEN_DNS, "foo.example.com", "", X509_V_OK},
1604 // Name constraints match the entire subtree.
1605 {GEN_DNS, "foo.example.com", "example.com", X509_V_OK},
1606 {GEN_DNS, "foo.example.com", "EXAMPLE.COM", X509_V_OK},
1607 {GEN_DNS, "foo.example.com", "xample.com",
1608 X509_V_ERR_PERMITTED_VIOLATION},
1609 {GEN_DNS, "foo.example.com", "unrelated.much.longer.name.example",
1610 X509_V_ERR_PERMITTED_VIOLATION},
1611 // A leading dot means at least one component must be added.
1612 {GEN_DNS, "foo.example.com", ".example.com", X509_V_OK},
1613 {GEN_DNS, "foo.example.com", "foo.example.com", X509_V_OK},
1614 {GEN_DNS, "foo.example.com", ".foo.example.com",
1615 X509_V_ERR_PERMITTED_VIOLATION},
1616 {GEN_DNS, "foo.example.com", ".xample.com",
1617 X509_V_ERR_PERMITTED_VIOLATION},
1618 {GEN_DNS, "foo.example.com", ".unrelated.much.longer.name.example",
1619 X509_V_ERR_PERMITTED_VIOLATION},
1620 // NUL bytes, if not rejected, should not confuse the matching logic.
1621 {GEN_DNS, std::string({'a', '\0', 'a'}), std::string({'a', '\0', 'b'}),
1622 X509_V_ERR_PERMITTED_VIOLATION},
1623
1624 // Names must be emails.
1625 {GEN_EMAIL, "not-an-email.example", "not-an-email.example",
1626 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1627 // A leading dot matches all local names and all subdomains
1628 {GEN_EMAIL, "foo@bar.example.com", ".example.com", X509_V_OK},
1629 {GEN_EMAIL, "foo@bar.example.com", ".EXAMPLE.COM", X509_V_OK},
1630 {GEN_EMAIL, "foo@bar.example.com", ".bar.example.com",
1631 X509_V_ERR_PERMITTED_VIOLATION},
1632 // Without a leading dot, the host must match exactly.
1633 {GEN_EMAIL, "foo@example.com", "example.com", X509_V_OK},
1634 {GEN_EMAIL, "foo@example.com", "EXAMPLE.COM", X509_V_OK},
1635 {GEN_EMAIL, "foo@bar.example.com", "example.com",
1636 X509_V_ERR_PERMITTED_VIOLATION},
1637 // If the constraint specifies a mailbox, it specifies the whole thing.
1638 // The halves are compared insensitively.
1639 {GEN_EMAIL, "foo@example.com", "foo@example.com", X509_V_OK},
1640 {GEN_EMAIL, "foo@example.com", "foo@EXAMPLE.COM", X509_V_OK},
1641 {GEN_EMAIL, "foo@example.com", "FOO@example.com",
1642 X509_V_ERR_PERMITTED_VIOLATION},
1643 {GEN_EMAIL, "foo@example.com", "bar@example.com",
1644 X509_V_ERR_PERMITTED_VIOLATION},
1645 // OpenSSL ignores a stray leading @.
1646 {GEN_EMAIL, "foo@example.com", "@example.com", X509_V_OK},
1647 {GEN_EMAIL, "foo@example.com", "@EXAMPLE.COM", X509_V_OK},
1648 {GEN_EMAIL, "foo@bar.example.com", "@example.com",
1649 X509_V_ERR_PERMITTED_VIOLATION},
1650
1651 // Basic syntax check.
1652 {GEN_URI, "not-a-url", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1653 {GEN_URI, "foo:not-a-url", "not-a-url",
1654 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1655 {GEN_URI, "foo:/not-a-url", "not-a-url",
1656 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1657 {GEN_URI, "foo:///not-a-url", "not-a-url",
1658 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1659 {GEN_URI, "foo://:not-a-url", "not-a-url",
1660 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1661 {GEN_URI, "foo://", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1662 // Hosts are an exact match.
1663 {GEN_URI, "foo://example.com", "example.com", X509_V_OK},
1664 {GEN_URI, "foo://example.com:443", "example.com", X509_V_OK},
1665 {GEN_URI, "foo://example.com/whatever", "example.com", X509_V_OK},
1666 {GEN_URI, "foo://bar.example.com", "example.com",
1667 X509_V_ERR_PERMITTED_VIOLATION},
1668 {GEN_URI, "foo://bar.example.com:443", "example.com",
1669 X509_V_ERR_PERMITTED_VIOLATION},
1670 {GEN_URI, "foo://bar.example.com/whatever", "example.com",
1671 X509_V_ERR_PERMITTED_VIOLATION},
1672 {GEN_URI, "foo://bar.example.com", "xample.com",
1673 X509_V_ERR_PERMITTED_VIOLATION},
1674 {GEN_URI, "foo://bar.example.com:443", "xample.com",
1675 X509_V_ERR_PERMITTED_VIOLATION},
1676 {GEN_URI, "foo://bar.example.com/whatever", "xample.com",
1677 X509_V_ERR_PERMITTED_VIOLATION},
1678 {GEN_URI, "foo://example.com", "some-other-name.example",
1679 X509_V_ERR_PERMITTED_VIOLATION},
1680 {GEN_URI, "foo://example.com:443", "some-other-name.example",
1681 X509_V_ERR_PERMITTED_VIOLATION},
1682 {GEN_URI, "foo://example.com/whatever", "some-other-name.example",
1683 X509_V_ERR_PERMITTED_VIOLATION},
1684 // A leading dot allows components to be added.
1685 {GEN_URI, "foo://example.com", ".example.com",
1686 X509_V_ERR_PERMITTED_VIOLATION},
1687 {GEN_URI, "foo://example.com:443", ".example.com",
1688 X509_V_ERR_PERMITTED_VIOLATION},
1689 {GEN_URI, "foo://example.com/whatever", ".example.com",
1690 X509_V_ERR_PERMITTED_VIOLATION},
1691 {GEN_URI, "foo://bar.example.com", ".example.com", X509_V_OK},
1692 {GEN_URI, "foo://bar.example.com:443", ".example.com", X509_V_OK},
1693 {GEN_URI, "foo://bar.example.com/whatever", ".example.com", X509_V_OK},
1694 {GEN_URI, "foo://example.com", ".some-other-name.example",
1695 X509_V_ERR_PERMITTED_VIOLATION},
1696 {GEN_URI, "foo://example.com:443", ".some-other-name.example",
1697 X509_V_ERR_PERMITTED_VIOLATION},
1698 {GEN_URI, "foo://example.com/whatever", ".some-other-name.example",
1699 X509_V_ERR_PERMITTED_VIOLATION},
1700 {GEN_URI, "foo://example.com", ".xample.com",
1701 X509_V_ERR_PERMITTED_VIOLATION},
1702 {GEN_URI, "foo://example.com:443", ".xample.com",
1703 X509_V_ERR_PERMITTED_VIOLATION},
1704 {GEN_URI, "foo://example.com/whatever", ".xample.com",
1705 X509_V_ERR_PERMITTED_VIOLATION},
1706 };
1707 for (const auto &t : kTests) {
1708 SCOPED_TRACE(t.type);
1709 SCOPED_TRACE(t.name);
1710 SCOPED_TRACE(t.constraint);
1711
1712 bssl::UniquePtr<GENERAL_NAME> name = MakeGeneralName(t.type, t.name);
1713 ASSERT_TRUE(name);
1714 bssl::UniquePtr<GENERAL_NAMES> names(GENERAL_NAMES_new());
1715 ASSERT_TRUE(names);
1716 ASSERT_TRUE(bssl::PushToStack(names.get(), std::move(name)));
1717
1718 bssl::UniquePtr<NAME_CONSTRAINTS> nc(NAME_CONSTRAINTS_new());
1719 ASSERT_TRUE(nc);
1720 nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null();
1721 ASSERT_TRUE(nc->permittedSubtrees);
1722 bssl::UniquePtr<GENERAL_SUBTREE> subtree(GENERAL_SUBTREE_new());
1723 ASSERT_TRUE(subtree);
1724 GENERAL_NAME_free(subtree->base);
1725 subtree->base = MakeGeneralName(t.type, t.constraint).release();
1726 ASSERT_TRUE(subtree->base);
1727 ASSERT_TRUE(bssl::PushToStack(nc->permittedSubtrees, std::move(subtree)));
1728
1729 bssl::UniquePtr<X509> root =
1730 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
1731 ASSERT_TRUE(root);
1732 ASSERT_TRUE(X509_add1_ext_i2d(root.get(), NID_name_constraints, nc.get(),
1733 /*crit=*/1, /*flags=*/0));
1734 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
1735
1736 bssl::UniquePtr<X509> leaf =
1737 MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false);
1738 ASSERT_TRUE(leaf);
1739 ASSERT_TRUE(X509_add1_ext_i2d(leaf.get(), NID_subject_alt_name, names.get(),
1740 /*crit=*/0, /*flags=*/0));
1741 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
1742
1743 int ret = Verify(leaf.get(), {root.get()}, {}, {}, 0);
1744 EXPECT_EQ(t.result, ret) << X509_verify_cert_error_string(ret);
1745 }
1746 }
1747
TEST(X509Test,PrintGeneralName)1748 TEST(X509Test, PrintGeneralName) {
1749 // TODO(https://crbug.com/boringssl/430): Add more tests. Also fix the
1750 // external projects that use this to extract the SAN list and unexport.
1751 bssl::UniquePtr<GENERAL_NAME> gen = MakeGeneralName(GEN_DNS, "example.com");
1752 ASSERT_TRUE(gen);
1753 bssl::UniquePtr<STACK_OF(CONF_VALUE)> values(
1754 i2v_GENERAL_NAME(nullptr, gen.get(), nullptr));
1755 ASSERT_TRUE(values);
1756 ASSERT_EQ(1u, sk_CONF_VALUE_num(values.get()));
1757 const CONF_VALUE *value = sk_CONF_VALUE_value(values.get(), 0);
1758 EXPECT_STREQ(value->name, "DNS");
1759 EXPECT_STREQ(value->value, "example.com");
1760 }
1761
TEST(X509Test,TestPSS)1762 TEST(X509Test, TestPSS) {
1763 static const char *kGoodCerts[] = {
1764 "crypto/x509/test/pss_sha256.pem",
1765 "crypto/x509/test/pss_sha384.pem",
1766 "crypto/x509/test/pss_sha512.pem",
1767 // We accept inputs with and without explicit NULLs. See RFC 4055,
1768 // section 2.1.
1769 "crypto/x509/test/pss_sha256_omit_nulls.pem",
1770 // Although invalid, we tolerate an explicit trailerField value. See the
1771 // certificates in cl/362617931.
1772 "crypto/x509/test/pss_sha256_explicit_trailer.pem",
1773 };
1774 for (const char *path : kGoodCerts) {
1775 SCOPED_TRACE(path);
1776 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path).c_str());
1777 ASSERT_TRUE(cert);
1778 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1779 ASSERT_TRUE(pkey);
1780 EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
1781 }
1782
1783 static const char *kBadCerts[] = {
1784 "crypto/x509/test/pss_sha1_explicit.pem",
1785 "crypto/x509/test/pss_sha1_mgf1_syntax_error.pem",
1786 "crypto/x509/test/pss_sha1.pem",
1787 "crypto/x509/test/pss_sha224.pem",
1788 "crypto/x509/test/pss_sha256_mgf1_sha384.pem",
1789 "crypto/x509/test/pss_sha256_mgf1_syntax_error.pem",
1790 "crypto/x509/test/pss_sha256_salt_overflow.pem",
1791 "crypto/x509/test/pss_sha256_salt31.pem",
1792 "crypto/x509/test/pss_sha256_unknown_mgf.pem",
1793 "crypto/x509/test/pss_sha256_wrong_trailer.pem",
1794 };
1795 for (const char *path : kBadCerts) {
1796 SCOPED_TRACE(path);
1797 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path).c_str());
1798 ASSERT_TRUE(cert);
1799 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1800 ASSERT_TRUE(pkey);
1801 EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
1802 }
1803 }
1804
TEST(X509Test,TestPSSBadParameters)1805 TEST(X509Test, TestPSSBadParameters) {
1806 bssl::UniquePtr<X509> cert(CertFromPEM(kBadPSSCertPEM));
1807 ASSERT_TRUE(cert);
1808
1809 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1810 ASSERT_TRUE(pkey);
1811
1812 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1813 ERR_clear_error();
1814 }
1815
TEST(X509Test,TestEd25519)1816 TEST(X509Test, TestEd25519) {
1817 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519Cert));
1818 ASSERT_TRUE(cert);
1819
1820 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1821 ASSERT_TRUE(pkey);
1822
1823 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1824 }
1825
TEST(X509Test,TestEd25519BadParameters)1826 TEST(X509Test, TestEd25519BadParameters) {
1827 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519CertNull));
1828 ASSERT_TRUE(cert);
1829
1830 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1831 ASSERT_TRUE(pkey);
1832
1833 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1834
1835 uint32_t err = ERR_get_error();
1836 ASSERT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
1837 ASSERT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
1838 ERR_clear_error();
1839 }
1840
TEST(X509Test,TestX25519)1841 TEST(X509Test, TestX25519) {
1842 bssl::UniquePtr<X509> cert(CertFromPEM(kX25519Cert));
1843 ASSERT_TRUE(cert);
1844
1845 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1846 ASSERT_TRUE(pkey);
1847
1848 EXPECT_EQ(EVP_PKEY_id(pkey.get()), EVP_PKEY_X25519);
1849
1850 constexpr uint8_t kExpectedPublicValue[] = {
1851 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
1852 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
1853 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a,
1854 };
1855 uint8_t public_value[sizeof(kExpectedPublicValue)];
1856 size_t public_value_size = sizeof(public_value);
1857 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pkey.get(), public_value,
1858 &public_value_size));
1859 EXPECT_EQ(Bytes(kExpectedPublicValue),
1860 Bytes(public_value, public_value_size));
1861 }
1862
ReencodeCertificate(X509 * cert)1863 static bssl::UniquePtr<X509> ReencodeCertificate(X509 *cert) {
1864 uint8_t *der = nullptr;
1865 int len = i2d_X509(cert, &der);
1866 bssl::UniquePtr<uint8_t> free_der(der);
1867 if (len <= 0) {
1868 return nullptr;
1869 }
1870
1871 const uint8_t *inp = der;
1872 return bssl::UniquePtr<X509>(d2i_X509(nullptr, &inp, len));
1873 }
1874
ReencodeCRL(X509_CRL * crl)1875 static bssl::UniquePtr<X509_CRL> ReencodeCRL(X509_CRL *crl) {
1876 uint8_t *der = nullptr;
1877 int len = i2d_X509_CRL(crl, &der);
1878 bssl::UniquePtr<uint8_t> free_der(der);
1879 if (len <= 0) {
1880 return nullptr;
1881 }
1882
1883 const uint8_t *inp = der;
1884 return bssl::UniquePtr<X509_CRL>(d2i_X509_CRL(nullptr, &inp, len));
1885 }
1886
ReencodeCSR(X509_REQ * req)1887 static bssl::UniquePtr<X509_REQ> ReencodeCSR(X509_REQ *req) {
1888 uint8_t *der = nullptr;
1889 int len = i2d_X509_REQ(req, &der);
1890 bssl::UniquePtr<uint8_t> free_der(der);
1891 if (len <= 0) {
1892 return nullptr;
1893 }
1894
1895 const uint8_t *inp = der;
1896 return bssl::UniquePtr<X509_REQ>(d2i_X509_REQ(nullptr, &inp, len));
1897 }
1898
SignatureRoundTrips(EVP_MD_CTX * md_ctx,EVP_PKEY * pkey)1899 static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) {
1900 // Make a certificate like signed with |md_ctx|'s settings.'
1901 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
1902 if (!cert || !X509_sign_ctx(cert.get(), md_ctx)) {
1903 return false;
1904 }
1905
1906 // Ensure that |pkey| may still be used to verify the resulting signature. All
1907 // settings in |md_ctx| must have been serialized appropriately.
1908 if (!X509_verify(cert.get(), pkey)) {
1909 return false;
1910 }
1911
1912 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
1913 // encoding and |X509_sign_ctx| should have dropped that cache.
1914 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
1915 return copy && X509_verify(copy.get(), pkey);
1916 }
1917
TEST(X509Test,RSASign)1918 TEST(X509Test, RSASign) {
1919 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1920 ASSERT_TRUE(pkey);
1921 // Test PKCS#1 v1.5.
1922 bssl::ScopedEVP_MD_CTX md_ctx;
1923 ASSERT_TRUE(
1924 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
1925 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1926
1927 // RSA-PSS with salt length matching hash length should work when passing in
1928 // -1 or the value explicitly.
1929 md_ctx.Reset();
1930 EVP_PKEY_CTX *pkey_ctx;
1931 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1932 pkey.get()));
1933 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1934 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
1935 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1936
1937 md_ctx.Reset();
1938 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1939 pkey.get()));
1940 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1941 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 32));
1942 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1943
1944 // RSA-PSS with SHA-1 is not supported.
1945 md_ctx.Reset();
1946 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha1(), NULL,
1947 pkey.get()));
1948 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1949 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
1950 bssl::UniquePtr<X509> cert = CertFromPEM(kLeafPEM);
1951 ASSERT_TRUE(cert);
1952 EXPECT_FALSE(X509_sign_ctx(cert.get(), md_ctx.get()));
1953
1954 // RSA-PSS with mismatched hashes is not supported.
1955 md_ctx.Reset();
1956 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1957 pkey.get()));
1958 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1959 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
1960 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()));
1961 cert = CertFromPEM(kLeafPEM);
1962 ASSERT_TRUE(cert);
1963 EXPECT_FALSE(X509_sign_ctx(cert.get(), md_ctx.get()));
1964
1965 // RSA-PSS with the wrong salt length is not supported.
1966 md_ctx.Reset();
1967 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1968 pkey.get()));
1969 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1970 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 33));
1971 cert = CertFromPEM(kLeafPEM);
1972 ASSERT_TRUE(cert);
1973 EXPECT_FALSE(X509_sign_ctx(cert.get(), md_ctx.get()));
1974 }
1975
1976 // Test the APIs for signing a certificate, particularly whether they correctly
1977 // handle the TBSCertificate cache.
TEST(X509Test,SignCertificate)1978 TEST(X509Test, SignCertificate) {
1979 const int kSignatureNID = NID_sha384WithRSAEncryption;
1980 const EVP_MD *kSignatureHash = EVP_sha384();
1981
1982 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1983 ASSERT_TRUE(pkey);
1984 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
1985 ASSERT_TRUE(algor);
1986 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
1987 V_ASN1_NULL, nullptr));
1988
1989 // Test both signing with |X509_sign| and constructing a signature manually.
1990 for (bool sign_manual : {true, false}) {
1991 SCOPED_TRACE(sign_manual);
1992
1993 // Test certificates made both from other certificates and |X509_new|, in
1994 // case there are bugs in filling in fields from different states. (Parsed
1995 // certificates contain a TBSCertificate cache, and |X509_new| initializes
1996 // fields based on complex ASN.1 template logic.)
1997 for (bool new_cert : {true, false}) {
1998 SCOPED_TRACE(new_cert);
1999
2000 bssl::UniquePtr<X509> cert;
2001 if (new_cert) {
2002 cert.reset(X509_new());
2003 ASSERT_TRUE(cert);
2004 // Fill in some fields for the certificate arbitrarily.
2005 EXPECT_TRUE(X509_set_version(cert.get(), X509_VERSION_3));
2006 EXPECT_TRUE(
2007 ASN1_INTEGER_set_int64(X509_get_serialNumber(cert.get()), 1));
2008 EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0));
2009 EXPECT_TRUE(
2010 X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24));
2011 X509_NAME *subject = X509_get_subject_name(cert.get());
2012 X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
2013 reinterpret_cast<const uint8_t *>("Test"),
2014 -1, -1, 0);
2015 EXPECT_TRUE(X509_set_issuer_name(cert.get(), subject));
2016 EXPECT_TRUE(X509_set_pubkey(cert.get(), pkey.get()));
2017 } else {
2018 // Extract fields from a parsed certificate.
2019 cert = CertFromPEM(kLeafPEM);
2020 ASSERT_TRUE(cert);
2021
2022 // We should test with a different algorithm from what is already in the
2023 // certificate.
2024 EXPECT_NE(kSignatureNID, X509_get_signature_nid(cert.get()));
2025 }
2026
2027 if (sign_manual) {
2028 // Fill in the signature algorithm.
2029 ASSERT_TRUE(X509_set1_signature_algo(cert.get(), algor.get()));
2030
2031 // Extract the TBSCertificiate.
2032 uint8_t *tbs_cert = nullptr;
2033 int tbs_cert_len = i2d_re_X509_tbs(cert.get(), &tbs_cert);
2034 bssl::UniquePtr<uint8_t> free_tbs_cert(tbs_cert);
2035 ASSERT_GT(tbs_cert_len, 0);
2036
2037 // Generate a signature externally and fill it in.
2038 bssl::ScopedEVP_MD_CTX md_ctx;
2039 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
2040 nullptr, pkey.get()));
2041 size_t sig_len;
2042 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs_cert,
2043 tbs_cert_len));
2044 std::vector<uint8_t> sig(sig_len);
2045 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs_cert,
2046 tbs_cert_len));
2047 sig.resize(sig_len);
2048 ASSERT_TRUE(
2049 X509_set1_signature_value(cert.get(), sig.data(), sig.size()));
2050 } else {
2051 int ret = X509_sign(cert.get(), pkey.get(), EVP_sha384());
2052 ASSERT_GT(ret, 0);
2053 // |X509_sign| returns the length of the signature on success.
2054 const ASN1_BIT_STRING *sig;
2055 X509_get0_signature(&sig, /*out_alg=*/nullptr, cert.get());
2056 EXPECT_EQ(ret, ASN1_STRING_length(sig));
2057 }
2058
2059 // Check the signature.
2060 EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
2061
2062 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
2063 // encoding and re-signing should have dropped that cache.
2064 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
2065 ASSERT_TRUE(copy);
2066 EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
2067 }
2068 }
2069 }
2070
2071 // Test the APIs for signing a CRL, particularly whether they correctly handle
2072 // the TBSCertList cache.
TEST(X509Test,SignCRL)2073 TEST(X509Test, SignCRL) {
2074 const int kSignatureNID = NID_sha384WithRSAEncryption;
2075 const EVP_MD *kSignatureHash = EVP_sha384();
2076
2077 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
2078 ASSERT_TRUE(pkey);
2079 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
2080 ASSERT_TRUE(algor);
2081 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
2082 V_ASN1_NULL, nullptr));
2083
2084 // Test both signing with |X509_CRL_sign| and constructing a signature
2085 // manually.
2086 for (bool sign_manual : {true, false}) {
2087 SCOPED_TRACE(sign_manual);
2088
2089 // Test CRLs made both from other CRLs and |X509_CRL_new|, in case there are
2090 // bugs in filling in fields from different states. (Parsed CRLs contain a
2091 // TBSCertList cache, and |X509_CRL_new| initializes fields based on complex
2092 // ASN.1 template logic.)
2093 for (bool new_crl : {true, false}) {
2094 SCOPED_TRACE(new_crl);
2095
2096 bssl::UniquePtr<X509_CRL> crl;
2097 if (new_crl) {
2098 crl.reset(X509_CRL_new());
2099 ASSERT_TRUE(crl);
2100 // Fill in some fields for the certificate arbitrarily.
2101 ASSERT_TRUE(X509_CRL_set_version(crl.get(), X509_CRL_VERSION_2));
2102 bssl::UniquePtr<ASN1_TIME> last_update(ASN1_TIME_new());
2103 ASSERT_TRUE(last_update);
2104 ASSERT_TRUE(ASN1_TIME_set_posix(last_update.get(), kReferenceTime));
2105 ASSERT_TRUE(X509_CRL_set1_lastUpdate(crl.get(), last_update.get()));
2106 bssl::UniquePtr<X509_NAME> issuer(X509_NAME_new());
2107 ASSERT_TRUE(issuer);
2108 ASSERT_TRUE(X509_NAME_add_entry_by_txt(
2109 issuer.get(), "CN", MBSTRING_ASC,
2110 reinterpret_cast<const uint8_t *>("Test"), -1, -1, 0));
2111 EXPECT_TRUE(X509_CRL_set_issuer_name(crl.get(), issuer.get()));
2112 } else {
2113 // Extract fields from a parsed CRL.
2114 crl = CRLFromPEM(kBasicCRL);
2115 ASSERT_TRUE(crl);
2116
2117 // We should test with a different algorithm from what is already in the
2118 // CRL.
2119 EXPECT_NE(kSignatureNID, X509_CRL_get_signature_nid(crl.get()));
2120 }
2121
2122 if (sign_manual) {
2123 // Fill in the signature algorithm.
2124 ASSERT_TRUE(X509_CRL_set1_signature_algo(crl.get(), algor.get()));
2125
2126 // Extract the TBSCertList.
2127 uint8_t *tbs = nullptr;
2128 int tbs_len = i2d_re_X509_CRL_tbs(crl.get(), &tbs);
2129 bssl::UniquePtr<uint8_t> free_tbs(tbs);
2130 ASSERT_GT(tbs_len, 0);
2131
2132 // Generate a signature externally and fill it in.
2133 bssl::ScopedEVP_MD_CTX md_ctx;
2134 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
2135 nullptr, pkey.get()));
2136 size_t sig_len;
2137 ASSERT_TRUE(
2138 EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
2139 std::vector<uint8_t> sig(sig_len);
2140 ASSERT_TRUE(
2141 EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
2142 sig.resize(sig_len);
2143 ASSERT_TRUE(
2144 X509_CRL_set1_signature_value(crl.get(), sig.data(), sig.size()));
2145 } else {
2146 ASSERT_TRUE(X509_CRL_sign(crl.get(), pkey.get(), EVP_sha384()));
2147 }
2148
2149 // Check the signature.
2150 EXPECT_TRUE(X509_CRL_verify(crl.get(), pkey.get()));
2151
2152 // Re-encode the CRL. X509_CRL objects contain a cached TBSCertList
2153 // encoding and re-signing should have dropped that cache.
2154 bssl::UniquePtr<X509_CRL> copy = ReencodeCRL(crl.get());
2155 ASSERT_TRUE(copy);
2156 EXPECT_TRUE(X509_CRL_verify(copy.get(), pkey.get()));
2157 }
2158 }
2159 }
2160
2161 static const char kTestCSR[] = R"(
2162 -----BEGIN CERTIFICATE REQUEST-----
2163 MIICVDCCATwCAQAwDzENMAsGA1UEAwwEVGVzdDCCASIwDQYJKoZIhvcNAQEBBQAD
2164 ggEPADCCAQoCggEBAK+UkwcNJfRhg5MzIQzxDdrqF9a76jNoK/BwCflKYFX7QEqf
2165 rsLkI0J+m60fUD0v50LnKwbGoMFKZ1R/3cBNXLcdXb7ZP/ZJ7A7QwUrL+W9n3sov
2166 U8/HSU3rHbg+V5L6egSZYuhDHoXKi33HDOL4DVUzMoU1ykmP4QwF1wUXHLqvqjbU
2167 teQBoJWO53/XOGQu8bX04muCFnHZWT2Ubqol70JwPU2PqDU1EBlgUFO79NEmflev
2168 b++H8tu42UCDUZXD9k5weftjneO4cud3IsUX6mDsyf7k1e2mxsS4TSZsJcG0iLBX
2169 HSr1udXazQsjlAKjJkoI3cWshF6LGRWssAtbGiUCAwEAAaAAMA0GCSqGSIb3DQEB
2170 CwUAA4IBAQAniYZL+amXu+wED+AwBZz+zPuxY16bveF27/gxcs/jq6hVpEQvMxfO
2171 jfAGeDRtAU7DMxdJPjvWwwNe2JlTMSRoVDMYaiKqB5yxIYa2cjQvp7swSxuFJwbG
2172 T8h7/d7yqem6NYYzgYsNOE5QJyNu/PsIEdvzrysfDAnREiT2ituOcVpiqUZq3DTj
2173 NaTd1GNG3j4E87ZUmayUJD5nH91UNzKvJbpfo+bLyfy73x4QeU0SRitsZmbSBTAi
2174 s9+zmCErxzMlAdJHGzxPkXmtvBnUzGRIsAD5h/DjYNUmQJkB60yplt84ZgThhx54
2175 rZGEJG3+X9OuhczVKGJyg+3gU7oDbecc
2176 -----END CERTIFICATE REQUEST-----
2177 )";
2178
2179 // Test the APIs for signing a CSR, particularly whether they correctly handle
2180 // the CertificationRequestInfo cache.
TEST(X509Test,SignCSR)2181 TEST(X509Test, SignCSR) {
2182 const int kSignatureNID = NID_sha384WithRSAEncryption;
2183 const EVP_MD *kSignatureHash = EVP_sha384();
2184
2185 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
2186 ASSERT_TRUE(pkey);
2187 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
2188 ASSERT_TRUE(algor);
2189 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
2190 V_ASN1_NULL, nullptr));
2191
2192 // Test both signing with |X509_REQ_sign| and constructing a signature
2193 // manually.
2194 for (bool sign_manual : {true, false}) {
2195 SCOPED_TRACE(sign_manual);
2196
2197 // Test CSRs made both from other CSRs and |X509_REQ_new|, in case there are
2198 // bugs in filling in fields from different states. (Parsed CSRs contain a
2199 // CertificationRequestInfo cache, and |X509_REQ_new| initializes fields
2200 // based on complex ASN.1 template logic.)
2201 for (bool new_csr : {true, false}) {
2202 SCOPED_TRACE(new_csr);
2203
2204 bssl::UniquePtr<X509_REQ> csr;
2205 if (new_csr) {
2206 csr.reset(X509_REQ_new());
2207 ASSERT_TRUE(csr);
2208 bssl::UniquePtr<X509_NAME> subject(X509_NAME_new());
2209 ASSERT_TRUE(subject);
2210 ASSERT_TRUE(X509_NAME_add_entry_by_txt(
2211 subject.get(), "CN", MBSTRING_ASC,
2212 reinterpret_cast<const uint8_t *>("New CSR"), -1, -1, 0));
2213 EXPECT_TRUE(X509_REQ_set_subject_name(csr.get(), subject.get()));
2214 } else {
2215 // Extract fields from a parsed CSR.
2216 csr = CSRFromPEM(kTestCSR);
2217 ASSERT_TRUE(csr);
2218 }
2219
2220 // Override the public key from the CSR unconditionally. Unlike
2221 // certificates and CRLs, CSRs do not contain a signed copy of the
2222 // signature algorithm, so we use a different field to confirm
2223 // |i2d_re_X509_REQ_tbs| clears the cache as expected.
2224 EXPECT_TRUE(X509_REQ_set_pubkey(csr.get(), pkey.get()));
2225
2226 if (sign_manual) {
2227 // Fill in the signature algorithm.
2228 ASSERT_TRUE(X509_REQ_set1_signature_algo(csr.get(), algor.get()));
2229
2230 // Extract the CertificationRequestInfo.
2231 uint8_t *tbs = nullptr;
2232 int tbs_len = i2d_re_X509_REQ_tbs(csr.get(), &tbs);
2233 bssl::UniquePtr<uint8_t> free_tbs(tbs);
2234 ASSERT_GT(tbs_len, 0);
2235
2236 // Generate a signature externally and fill it in.
2237 bssl::ScopedEVP_MD_CTX md_ctx;
2238 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
2239 nullptr, pkey.get()));
2240 size_t sig_len;
2241 ASSERT_TRUE(
2242 EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
2243 std::vector<uint8_t> sig(sig_len);
2244 ASSERT_TRUE(
2245 EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
2246 sig.resize(sig_len);
2247 ASSERT_TRUE(
2248 X509_REQ_set1_signature_value(csr.get(), sig.data(), sig.size()));
2249 } else {
2250 ASSERT_TRUE(X509_REQ_sign(csr.get(), pkey.get(), EVP_sha384()));
2251 }
2252
2253 // Check the signature.
2254 EXPECT_TRUE(X509_REQ_verify(csr.get(), pkey.get()));
2255
2256 // Re-encode the CSR. X509_REQ objects contain a cached
2257 // CertificationRequestInfo encoding and re-signing should have dropped
2258 // that cache.
2259 bssl::UniquePtr<X509_REQ> copy = ReencodeCSR(csr.get());
2260 ASSERT_TRUE(copy);
2261 EXPECT_TRUE(X509_REQ_verify(copy.get(), pkey.get()));
2262
2263 // Check the signature was over the new public key.
2264 bssl::UniquePtr<EVP_PKEY> copy_pubkey(X509_REQ_get_pubkey(copy.get()));
2265 ASSERT_TRUE(copy_pubkey);
2266 EXPECT_EQ(1, EVP_PKEY_cmp(pkey.get(), copy_pubkey.get()));
2267 }
2268 }
2269 }
2270
TEST(X509Test,Ed25519Sign)2271 TEST(X509Test, Ed25519Sign) {
2272 uint8_t pub_bytes[32], priv_bytes[64];
2273 ED25519_keypair(pub_bytes, priv_bytes);
2274
2275 bssl::UniquePtr<EVP_PKEY> pub(
2276 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, pub_bytes, 32));
2277 ASSERT_TRUE(pub);
2278 bssl::UniquePtr<EVP_PKEY> priv(
2279 EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, priv_bytes, 32));
2280 ASSERT_TRUE(priv);
2281
2282 bssl::ScopedEVP_MD_CTX md_ctx;
2283 ASSERT_TRUE(
2284 EVP_DigestSignInit(md_ctx.get(), nullptr, nullptr, nullptr, priv.get()));
2285 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
2286 }
2287
PEMToDER(bssl::UniquePtr<uint8_t> * out,size_t * out_len,const char * pem)2288 static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
2289 const char *pem) {
2290 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
2291 if (!bio) {
2292 return false;
2293 }
2294
2295 char *name, *header;
2296 uint8_t *data;
2297 long data_len;
2298 if (!PEM_read_bio(bio.get(), &name, &header, &data, &data_len)) {
2299 fprintf(stderr, "failed to read PEM data.\n");
2300 return false;
2301 }
2302 OPENSSL_free(name);
2303 OPENSSL_free(header);
2304
2305 out->reset(data);
2306 *out_len = data_len;
2307
2308 return true;
2309 }
2310
TEST(X509Test,TestFromBuffer)2311 TEST(X509Test, TestFromBuffer) {
2312 size_t data_len;
2313 bssl::UniquePtr<uint8_t> data;
2314 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2315
2316 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2317 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2318 ASSERT_TRUE(buf);
2319 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2320 ASSERT_TRUE(root);
2321
2322 const uint8_t *enc_pointer = root->cert_info->enc.enc;
2323 const uint8_t *buf_pointer = CRYPTO_BUFFER_data(buf.get());
2324 ASSERT_GE(enc_pointer, buf_pointer);
2325 ASSERT_LT(enc_pointer, buf_pointer + CRYPTO_BUFFER_len(buf.get()));
2326 buf.reset();
2327
2328 /* This ensures the X509 took a reference to |buf|, otherwise this will be a
2329 * reference to free memory and ASAN should notice. */
2330 ASSERT_EQ(0x30, enc_pointer[0]);
2331 }
2332
TEST(X509Test,TestFromBufferWithTrailingData)2333 TEST(X509Test, TestFromBufferWithTrailingData) {
2334 size_t data_len;
2335 bssl::UniquePtr<uint8_t> data;
2336 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2337
2338 auto trailing_data = std::make_unique<uint8_t[]>(data_len + 1);
2339 OPENSSL_memcpy(trailing_data.get(), data.get(), data_len);
2340
2341 bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data(
2342 CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr));
2343 ASSERT_TRUE(buf_trailing_data);
2344
2345 bssl::UniquePtr<X509> root_trailing_data(
2346 X509_parse_from_buffer(buf_trailing_data.get()));
2347 ASSERT_FALSE(root_trailing_data);
2348 }
2349
TEST(X509Test,TestFromBufferModified)2350 TEST(X509Test, TestFromBufferModified) {
2351 size_t data_len;
2352 bssl::UniquePtr<uint8_t> data;
2353 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2354
2355 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2356 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2357 ASSERT_TRUE(buf);
2358
2359 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2360 ASSERT_TRUE(root);
2361
2362 bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
2363 ASN1_INTEGER_set_int64(fourty_two.get(), 42);
2364 X509_set_serialNumber(root.get(), fourty_two.get());
2365
2366 ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
2367
2368 // Re-encode the TBSCertificate.
2369 i2d_re_X509_tbs(root.get(), nullptr);
2370
2371 ASSERT_NE(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
2372 }
2373
TEST(X509Test,TestFromBufferReused)2374 TEST(X509Test, TestFromBufferReused) {
2375 size_t data_len;
2376 bssl::UniquePtr<uint8_t> data;
2377 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2378
2379 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2380 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2381 ASSERT_TRUE(buf);
2382
2383 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2384 ASSERT_TRUE(root);
2385
2386 size_t data2_len;
2387 bssl::UniquePtr<uint8_t> data2;
2388 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
2389 EXPECT_TRUE(buffers_alias(root->cert_info->enc.enc, root->cert_info->enc.len,
2390 CRYPTO_BUFFER_data(buf.get()),
2391 CRYPTO_BUFFER_len(buf.get())));
2392
2393 // Historically, this function tested the interaction betweeen
2394 // |X509_parse_from_buffer| and object reuse. We no longer support object
2395 // reuse, so |d2i_X509| will replace |raw| with a new object. However, we
2396 // retain this test to verify that releasing objects from |d2i_X509| works
2397 // correctly.
2398 X509 *raw = root.release();
2399 const uint8_t *inp = data2.get();
2400 X509 *ret = d2i_X509(&raw, &inp, data2_len);
2401 root.reset(raw);
2402
2403 ASSERT_EQ(root.get(), ret);
2404 ASSERT_EQ(nullptr, root->cert_info->enc.buf);
2405 EXPECT_FALSE(buffers_alias(root->cert_info->enc.enc, root->cert_info->enc.len,
2406 CRYPTO_BUFFER_data(buf.get()),
2407 CRYPTO_BUFFER_len(buf.get())));
2408
2409 // Free |data2| and ensure that |root| took its own copy. Otherwise the
2410 // following will trigger a use-after-free.
2411 data2.reset();
2412
2413 uint8_t *i2d = nullptr;
2414 int i2d_len = i2d_X509(root.get(), &i2d);
2415 ASSERT_GE(i2d_len, 0);
2416 bssl::UniquePtr<uint8_t> i2d_storage(i2d);
2417
2418 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
2419
2420 ASSERT_EQ(static_cast<long>(data2_len), i2d_len);
2421 ASSERT_EQ(0, OPENSSL_memcmp(data2.get(), i2d, i2d_len));
2422 ASSERT_EQ(nullptr, root->cert_info->enc.buf);
2423 }
2424
TEST(X509Test,TestFailedParseFromBuffer)2425 TEST(X509Test, TestFailedParseFromBuffer) {
2426 static const uint8_t kNonsense[] = {1, 2, 3, 4, 5};
2427
2428 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2429 CRYPTO_BUFFER_new(kNonsense, sizeof(kNonsense), nullptr));
2430 ASSERT_TRUE(buf);
2431
2432 bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buf.get()));
2433 ASSERT_FALSE(cert);
2434 ERR_clear_error();
2435
2436 // Test a buffer with trailing data.
2437 size_t data_len;
2438 bssl::UniquePtr<uint8_t> data;
2439 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2440
2441 auto data_with_trailing_byte = std::make_unique<uint8_t[]>(data_len + 1);
2442 OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len);
2443 data_with_trailing_byte[data_len] = 0;
2444
2445 bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
2446 CRYPTO_BUFFER_new(data_with_trailing_byte.get(), data_len + 1, nullptr));
2447 ASSERT_TRUE(buf_with_trailing_byte);
2448
2449 bssl::UniquePtr<X509> root(
2450 X509_parse_from_buffer(buf_with_trailing_byte.get()));
2451 ASSERT_FALSE(root);
2452 ERR_clear_error();
2453 }
2454
TEST(X509Test,TestPrintUTCTIME)2455 TEST(X509Test, TestPrintUTCTIME) {
2456 static const struct {
2457 const char *val, *want;
2458 } asn1_utctime_tests[] = {
2459 {"", "Bad time value"},
2460
2461 // Correct RFC 5280 form. Test years < 2000 and > 2000.
2462 {"090303125425Z", "Mar 3 12:54:25 2009 GMT"},
2463 {"900303125425Z", "Mar 3 12:54:25 1990 GMT"},
2464 {"000303125425Z", "Mar 3 12:54:25 2000 GMT"},
2465
2466 // Correct form, bad values.
2467 {"000000000000Z", "Bad time value"},
2468 {"999999999999Z", "Bad time value"},
2469
2470 // Missing components.
2471 {"090303125425", "Bad time value"},
2472 {"9003031254", "Bad time value"},
2473 {"9003031254Z", "Bad time value"},
2474
2475 // GENERALIZEDTIME confused for UTCTIME.
2476 {"20090303125425Z", "Bad time value"},
2477
2478 // Legal ASN.1, but not legal RFC 5280.
2479 {"9003031254+0800", "Bad time value"},
2480 {"9003031254-0800", "Bad time value"},
2481
2482 // Trailing garbage.
2483 {"9003031254Z ", "Bad time value"},
2484 };
2485
2486 for (auto t : asn1_utctime_tests) {
2487 SCOPED_TRACE(t.val);
2488 bssl::UniquePtr<ASN1_UTCTIME> tm(ASN1_UTCTIME_new());
2489 ASSERT_TRUE(tm);
2490 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
2491 ASSERT_TRUE(bio);
2492
2493 // Use this instead of ASN1_UTCTIME_set() because some callers get
2494 // type-confused and pass ASN1_GENERALIZEDTIME to ASN1_UTCTIME_print().
2495 // ASN1_UTCTIME_set_string() is stricter, and would reject the inputs in
2496 // question.
2497 ASSERT_TRUE(ASN1_STRING_set(tm.get(), t.val, strlen(t.val)));
2498 const int ok = ASN1_UTCTIME_print(bio.get(), tm.get());
2499
2500 const uint8_t *contents;
2501 size_t len;
2502 ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len));
2503 EXPECT_EQ(ok, (strcmp(t.want, "Bad time value") != 0) ? 1 : 0);
2504 EXPECT_EQ(t.want,
2505 std::string(reinterpret_cast<const char *>(contents), len));
2506 }
2507 }
2508
TEST(X509Test,PrettyPrintIntegers)2509 TEST(X509Test, PrettyPrintIntegers) {
2510 static const char *kTests[] = {
2511 // Small numbers are pretty-printed in decimal.
2512 "0",
2513 "-1",
2514 "1",
2515 "42",
2516 "-42",
2517 "256",
2518 "-256",
2519 // Large numbers are pretty-printed in hex to avoid taking quadratic time.
2520 "0x0123456789",
2521 "-0x0123456789",
2522 };
2523 for (const char *in : kTests) {
2524 SCOPED_TRACE(in);
2525 BIGNUM *bn = nullptr;
2526 ASSERT_TRUE(BN_asc2bn(&bn, in));
2527 bssl::UniquePtr<BIGNUM> free_bn(bn);
2528
2529 {
2530 bssl::UniquePtr<ASN1_INTEGER> asn1(BN_to_ASN1_INTEGER(bn, nullptr));
2531 ASSERT_TRUE(asn1);
2532 bssl::UniquePtr<char> out(i2s_ASN1_INTEGER(nullptr, asn1.get()));
2533 ASSERT_TRUE(out.get());
2534 EXPECT_STREQ(in, out.get());
2535 }
2536
2537 {
2538 bssl::UniquePtr<ASN1_ENUMERATED> asn1(BN_to_ASN1_ENUMERATED(bn, nullptr));
2539 ASSERT_TRUE(asn1);
2540 bssl::UniquePtr<char> out(i2s_ASN1_ENUMERATED(nullptr, asn1.get()));
2541 ASSERT_TRUE(out.get());
2542 EXPECT_STREQ(in, out.get());
2543 }
2544 }
2545 }
2546
TEST(X509Test,X509NameSet)2547 TEST(X509Test, X509NameSet) {
2548 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
2549 ASSERT_TRUE(name);
2550 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2551 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("US"),
2552 -1, -1, 0));
2553 EXPECT_EQ(X509_NAME_entry_count(name.get()), 1);
2554 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2555 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("CA"),
2556 -1, -1, 0));
2557 EXPECT_EQ(X509_NAME_entry_count(name.get()), 2);
2558 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2559 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("UK"),
2560 -1, -1, 0));
2561 EXPECT_EQ(X509_NAME_entry_count(name.get()), 3);
2562 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2563 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("JP"),
2564 -1, 1, 0));
2565 EXPECT_EQ(X509_NAME_entry_count(name.get()), 4);
2566
2567 // Check that the correct entries get incremented when inserting new entry.
2568 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1);
2569 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2);
2570 }
2571
2572 // Tests that |X509_NAME_hash| and |X509_NAME_hash_old|'s values never change.
2573 // These functions figure into |X509_LOOKUP_hash_dir|'s on-disk format, so they
2574 // must remain stable. In particular, if we ever remove name canonicalization,
2575 // we'll need to preserve it for |X509_NAME_hash|.
TEST(X509Test,NameHash)2576 TEST(X509Test, NameHash) {
2577 struct {
2578 std::vector<uint8_t> name_der;
2579 unsigned long hash;
2580 unsigned long hash_old;
2581 } kTests[] = {
2582 // SEQUENCE {
2583 // SET {
2584 // SEQUENCE {
2585 // # commonName
2586 // OBJECT_IDENTIFIER { 2.5.4.3 }
2587 // UTF8String { "Test Name" }
2588 // }
2589 // }
2590 // }
2591 {{0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03,
2592 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x4e, 0x61, 0x6d, 0x65},
2593 0xc90fba01,
2594 0x8c0d4fea},
2595
2596 // This name canonicalizes to the same value, with OpenSSL's algorithm, as
2597 // the above input, so |hash| matches. |hash_old| doesn't use
2598 // canonicalization and does not match.
2599 //
2600 // SEQUENCE {
2601 // SET {
2602 // SEQUENCE {
2603 // # commonName
2604 // OBJECT_IDENTIFIER { 2.5.4.3 }
2605 // BMPString {
2606 // u"\x09\n\x0b\x0c\x0d tEST\x09\n\x0b\x0c\x0d "
2607 // u"\x09\n\x0b\x0c\x0d nAME\x09\n\x0b\x0c\x0d "
2608 // }
2609 // }
2610 // }
2611 // }
2612 {{0x30, 0x4b, 0x31, 0x49, 0x30, 0x47, 0x06, 0x03, 0x55, 0x04, 0x03,
2613 0x1e, 0x40, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00,
2614 0x0d, 0x00, 0x20, 0x00, 0x74, 0x00, 0x45, 0x00, 0x53, 0x00, 0x54,
2615 0x00, 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x0d, 0x00,
2616 0x20, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x0d,
2617 0x00, 0x20, 0x00, 0x6e, 0x00, 0x41, 0x00, 0x4d, 0x00, 0x45, 0x00,
2618 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x0d, 0x00, 0x20},
2619 0xc90fba01,
2620 0xbe2dd8c8},
2621 };
2622 for (const auto &t : kTests) {
2623 SCOPED_TRACE(Bytes(t.name_der));
2624 const uint8_t *der = t.name_der.data();
2625 bssl::UniquePtr<X509_NAME> name(
2626 d2i_X509_NAME(nullptr, &der, t.name_der.size()));
2627 ASSERT_TRUE(name);
2628 EXPECT_EQ(t.hash, X509_NAME_hash(name.get()));
2629 EXPECT_EQ(t.hash_old, X509_NAME_hash_old(name.get()));
2630 }
2631 }
2632
TEST(X509Test,NoBasicConstraintsCertSign)2633 TEST(X509Test, NoBasicConstraintsCertSign) {
2634 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2635 bssl::UniquePtr<X509> intermediate(
2636 CertFromPEM(kNoBasicConstraintsCertSignIntermediate));
2637 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf));
2638
2639 ASSERT_TRUE(root);
2640 ASSERT_TRUE(intermediate);
2641 ASSERT_TRUE(leaf);
2642
2643 // The intermediate has keyUsage certSign, but is not marked as a CA in the
2644 // basicConstraints.
2645 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2646 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2647 }
2648
TEST(X509Test,NoBasicConstraintsNetscapeCA)2649 TEST(X509Test, NoBasicConstraintsNetscapeCA) {
2650 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2651 bssl::UniquePtr<X509> intermediate(
2652 CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate));
2653 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf));
2654
2655 ASSERT_TRUE(root);
2656 ASSERT_TRUE(intermediate);
2657 ASSERT_TRUE(leaf);
2658
2659 // The intermediate has a Netscape certificate type of "SSL CA", but is not
2660 // marked as a CA in the basicConstraints.
2661 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2662 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2663 }
2664
TEST(X509Test,MismatchAlgorithms)2665 TEST(X509Test, MismatchAlgorithms) {
2666 bssl::UniquePtr<X509> cert(CertFromPEM(kSelfSignedMismatchAlgorithms));
2667 ASSERT_TRUE(cert);
2668
2669 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2670 ASSERT_TRUE(pkey);
2671
2672 EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
2673 uint32_t err = ERR_get_error();
2674 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
2675 EXPECT_EQ(X509_R_SIGNATURE_ALGORITHM_MISMATCH, ERR_GET_REASON(err));
2676 }
2677
TEST(X509Test,PEMX509Info)2678 TEST(X509Test, PEMX509Info) {
2679 std::string cert = kRootCAPEM;
2680 auto cert_obj = CertFromPEM(kRootCAPEM);
2681 ASSERT_TRUE(cert_obj);
2682
2683 std::string rsa = kRSAKey;
2684 auto rsa_obj = PrivateKeyFromPEM(kRSAKey);
2685 ASSERT_TRUE(rsa_obj);
2686
2687 std::string crl = kBasicCRL;
2688 auto crl_obj = CRLFromPEM(kBasicCRL);
2689 ASSERT_TRUE(crl_obj);
2690
2691 std::string unknown =
2692 "-----BEGIN UNKNOWN-----\n"
2693 "AAAA\n"
2694 "-----END UNKNOWN-----\n";
2695
2696 std::string invalid =
2697 "-----BEGIN CERTIFICATE-----\n"
2698 "AAAA\n"
2699 "-----END CERTIFICATE-----\n";
2700
2701 // Each X509_INFO contains at most one certificate, CRL, etc. The format
2702 // creates a new X509_INFO when a repeated type is seen.
2703 std::string pem =
2704 // The first few entries have one of everything in different orders.
2705 cert + rsa + crl +
2706 rsa + crl + cert +
2707 // Unknown types are ignored.
2708 crl + unknown + cert + rsa +
2709 // Seeing a new certificate starts a new entry, so now we have a bunch of
2710 // certificate-only entries.
2711 cert + cert + cert +
2712 // The key folds into the certificate's entry.
2713 cert + rsa +
2714 // Doubled keys also start new entries.
2715 rsa + rsa + rsa + rsa + crl +
2716 // As do CRLs.
2717 crl + crl;
2718
2719 const struct ExpectedInfo {
2720 const X509 *cert;
2721 const EVP_PKEY *key;
2722 const X509_CRL *crl;
2723 } kExpected[] = {
2724 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2725 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2726 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2727 {cert_obj.get(), nullptr, nullptr},
2728 {cert_obj.get(), nullptr, nullptr},
2729 {cert_obj.get(), nullptr, nullptr},
2730 {cert_obj.get(), rsa_obj.get(), nullptr},
2731 {nullptr, rsa_obj.get(), nullptr},
2732 {nullptr, rsa_obj.get(), nullptr},
2733 {nullptr, rsa_obj.get(), nullptr},
2734 {nullptr, rsa_obj.get(), crl_obj.get()},
2735 {nullptr, nullptr, crl_obj.get()},
2736 {nullptr, nullptr, crl_obj.get()},
2737 };
2738
2739 auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) {
2740 if (expected->cert != nullptr) {
2741 EXPECT_EQ(0, X509_cmp(expected->cert, info->x509));
2742 } else {
2743 EXPECT_EQ(nullptr, info->x509);
2744 }
2745 if (expected->crl != nullptr) {
2746 EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl));
2747 } else {
2748 EXPECT_EQ(nullptr, info->crl);
2749 }
2750 if (expected->key != nullptr) {
2751 ASSERT_NE(nullptr, info->x_pkey);
2752 // EVP_PKEY_cmp returns one if the keys are equal.
2753 EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey));
2754 } else {
2755 EXPECT_EQ(nullptr, info->x_pkey);
2756 }
2757 };
2758
2759 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size()));
2760 ASSERT_TRUE(bio);
2761 bssl::UniquePtr<STACK_OF(X509_INFO)> infos(
2762 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
2763 ASSERT_TRUE(infos);
2764 ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2765 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
2766 SCOPED_TRACE(i);
2767 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
2768 }
2769
2770 // Passing an existing stack appends to it.
2771 bio.reset(BIO_new_mem_buf(pem.data(), pem.size()));
2772 ASSERT_TRUE(bio);
2773 ASSERT_EQ(infos.get(),
2774 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
2775 ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2776 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
2777 SCOPED_TRACE(i);
2778 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
2779 check_info(
2780 &kExpected[i],
2781 sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected)));
2782 }
2783
2784 // Gracefully handle errors in both the append and fresh cases.
2785 std::string bad_pem = cert + cert + invalid;
2786
2787 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
2788 ASSERT_TRUE(bio);
2789 bssl::UniquePtr<STACK_OF(X509_INFO)> infos2(
2790 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
2791 EXPECT_FALSE(infos2);
2792
2793 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
2794 ASSERT_TRUE(bio);
2795 EXPECT_FALSE(
2796 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
2797 EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2798 }
2799
TEST(X509Test,ReadBIOEmpty)2800 TEST(X509Test, ReadBIOEmpty) {
2801 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(nullptr, 0));
2802 ASSERT_TRUE(bio);
2803
2804 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
2805 // certificates.
2806 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
2807 EXPECT_FALSE(x509);
2808 uint32_t err = ERR_get_error();
2809 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
2810 EXPECT_EQ(ASN1_R_HEADER_TOO_LONG, ERR_GET_REASON(err));
2811 }
2812
TEST(X509Test,ReadBIOOneByte)2813 TEST(X509Test, ReadBIOOneByte) {
2814 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf("\x30", 1));
2815 ASSERT_TRUE(bio);
2816
2817 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
2818 // certificates. This EOF appeared after some data, however, so we do not wish
2819 // to signal EOF.
2820 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
2821 EXPECT_FALSE(x509);
2822 uint32_t err = ERR_get_error();
2823 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
2824 EXPECT_EQ(ASN1_R_NOT_ENOUGH_DATA, ERR_GET_REASON(err));
2825 }
2826
TEST(X509Test,PartialBIOReturn)2827 TEST(X509Test, PartialBIOReturn) {
2828 // Create a filter BIO that only reads and writes one byte at a time.
2829 bssl::UniquePtr<BIO_METHOD> method(BIO_meth_new(0, nullptr));
2830 ASSERT_TRUE(method);
2831 ASSERT_TRUE(BIO_meth_set_create(method.get(), [](BIO *b) -> int {
2832 BIO_set_init(b, 1);
2833 return 1;
2834 }));
2835 ASSERT_TRUE(
2836 BIO_meth_set_read(method.get(), [](BIO *b, char *out, int len) -> int {
2837 return BIO_read(BIO_next(b), out, std::min(len, 1));
2838 }));
2839 ASSERT_TRUE(BIO_meth_set_write(
2840 method.get(), [](BIO *b, const char *in, int len) -> int {
2841 return BIO_write(BIO_next(b), in, std::min(len, 1));
2842 }));
2843
2844 bssl::UniquePtr<BIO> bio(BIO_new(method.get()));
2845 ASSERT_TRUE(bio);
2846 BIO *mem_bio = BIO_new(BIO_s_mem());
2847 ASSERT_TRUE(mem_bio);
2848 BIO_push(bio.get(), mem_bio); // BIO_push takes ownership.
2849
2850 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
2851 ASSERT_TRUE(cert);
2852 uint8_t *der = nullptr;
2853 int der_len = i2d_X509(cert.get(), &der);
2854 ASSERT_GT(der_len, 0);
2855 bssl::UniquePtr<uint8_t> free_der(der);
2856
2857 // Write the certificate into the BIO. Though we only write one byte at a
2858 // time, the write should succeed.
2859 ASSERT_EQ(1, i2d_X509_bio(bio.get(), cert.get()));
2860 const uint8_t *der2;
2861 size_t der2_len;
2862 ASSERT_TRUE(BIO_mem_contents(mem_bio, &der2, &der2_len));
2863 EXPECT_EQ(Bytes(der, static_cast<size_t>(der_len)), Bytes(der2, der2_len));
2864
2865 // Read the certificate back out of the BIO. Though we only read one byte at a
2866 // time, the read should succeed.
2867 bssl::UniquePtr<X509> cert2(d2i_X509_bio(bio.get(), nullptr));
2868 ASSERT_TRUE(cert2);
2869 EXPECT_EQ(0, X509_cmp(cert.get(), cert2.get()));
2870 }
2871
TEST(X509Test,CommonNameFallback)2872 TEST(X509Test, CommonNameFallback) {
2873 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2874 ASSERT_TRUE(root);
2875 bssl::UniquePtr<X509> with_sans = CertFromPEM(kCommonNameWithSANs);
2876 ASSERT_TRUE(with_sans);
2877 bssl::UniquePtr<X509> without_sans = CertFromPEM(kCommonNameWithoutSANs);
2878 ASSERT_TRUE(without_sans);
2879 bssl::UniquePtr<X509> with_email = CertFromPEM(kCommonNameWithEmailSAN);
2880 ASSERT_TRUE(with_email);
2881 bssl::UniquePtr<X509> with_ip = CertFromPEM(kCommonNameWithIPSAN);
2882 ASSERT_TRUE(with_ip);
2883
2884 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2885 return Verify(leaf, {root.get()}, {}, {}, 0, [&](X509_VERIFY_PARAM *param) {
2886 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2887 X509_VERIFY_PARAM_set_hostflags(param, flags);
2888 });
2889 };
2890
2891 // By default, the common name is ignored if the SAN list is present but
2892 // otherwise is checked.
2893 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2894 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host1.test"));
2895 EXPECT_EQ(X509_V_OK,
2896 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host2.test"));
2897 EXPECT_EQ(X509_V_OK,
2898 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host3.test"));
2899 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(), 0 /* no flags */,
2900 "foo.host1.test"));
2901 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2902 verify_cert(with_email.get(), 0 /* no flags */, "foo.host1.test"));
2903 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2904 verify_cert(with_ip.get(), 0 /* no flags */, "foo.host1.test"));
2905
2906 // X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT is ignored.
2907 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2908 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2909 "foo.host1.test"));
2910 EXPECT_EQ(X509_V_OK,
2911 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2912 "foo.host2.test"));
2913 EXPECT_EQ(X509_V_OK,
2914 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2915 "foo.host3.test"));
2916 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(),
2917 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2918 "foo.host1.test"));
2919 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2920 verify_cert(with_email.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2921 "foo.host1.test"));
2922 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2923 verify_cert(with_ip.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2924 "foo.host1.test"));
2925
2926 // X509_CHECK_FLAG_NEVER_CHECK_SUBJECT implements the correct behavior: the
2927 // common name is never checked.
2928 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2929 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2930 "foo.host1.test"));
2931 EXPECT_EQ(X509_V_OK,
2932 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2933 "foo.host2.test"));
2934 EXPECT_EQ(X509_V_OK,
2935 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2936 "foo.host3.test"));
2937 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2938 verify_cert(without_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2939 "foo.host1.test"));
2940 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2941 verify_cert(with_email.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2942 "foo.host1.test"));
2943 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2944 verify_cert(with_ip.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2945 "foo.host1.test"));
2946 }
2947
TEST(X509Test,LooksLikeDNSName)2948 TEST(X509Test, LooksLikeDNSName) {
2949 static const char *kValid[] = {
2950 "example.com",
2951 "eXample123-.com",
2952 "*.example.com",
2953 "exa_mple.com",
2954 "example.com.",
2955 "project-dev:us-central1:main",
2956 };
2957 static const char *kInvalid[] = {
2958 "-eXample123-.com",
2959 "",
2960 ".",
2961 "*",
2962 "*.",
2963 "example..com",
2964 ".example.com",
2965 "example.com..",
2966 "*foo.example.com",
2967 "foo.*.example.com",
2968 "foo,bar",
2969 };
2970
2971 for (const char *str : kValid) {
2972 SCOPED_TRACE(str);
2973 EXPECT_TRUE(x509v3_looks_like_dns_name(
2974 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2975 }
2976 for (const char *str : kInvalid) {
2977 SCOPED_TRACE(str);
2978 EXPECT_FALSE(x509v3_looks_like_dns_name(
2979 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2980 }
2981 }
2982
TEST(X509Test,CommonNameAndNameConstraints)2983 TEST(X509Test, CommonNameAndNameConstraints) {
2984 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2985 ASSERT_TRUE(root);
2986 bssl::UniquePtr<X509> intermediate = CertFromPEM(kConstrainedIntermediate);
2987 ASSERT_TRUE(intermediate);
2988 bssl::UniquePtr<X509> permitted = CertFromPEM(kCommonNamePermittedLeaf);
2989 ASSERT_TRUE(permitted);
2990 bssl::UniquePtr<X509> not_permitted =
2991 CertFromPEM(kCommonNameNotPermittedLeaf);
2992 ASSERT_TRUE(not_permitted);
2993 bssl::UniquePtr<X509> not_permitted_with_sans =
2994 CertFromPEM(kCommonNameNotPermittedWithSANsLeaf);
2995 ASSERT_TRUE(not_permitted_with_sans);
2996 bssl::UniquePtr<X509> not_dns = CertFromPEM(kCommonNameNotDNSLeaf);
2997 ASSERT_TRUE(not_dns);
2998
2999 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
3000 return Verify(
3001 leaf, {root.get()}, {intermediate.get()}, {}, 0,
3002 [&](X509_VERIFY_PARAM *param) {
3003 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
3004 X509_VERIFY_PARAM_set_hostflags(param, flags);
3005 });
3006 };
3007
3008 // Certificates which would otherwise trigger the common name fallback are
3009 // rejected whenever there are name constraints. We do this whether or not
3010 // the common name matches the constraints.
3011 EXPECT_EQ(
3012 X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
3013 verify_cert(permitted.get(), 0 /* no flags */, kCommonNamePermitted));
3014 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
3015 verify_cert(not_permitted.get(), 0 /* no flags */,
3016 kCommonNameNotPermitted));
3017
3018 // This occurs even if the built-in name checks aren't used. The caller may
3019 // separately call |X509_check_host|.
3020 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
3021 Verify(not_permitted.get(), {root.get()}, {intermediate.get()}, {},
3022 0 /* no flags */, nullptr));
3023
3024 // If the leaf certificate has SANs, the common name fallback is always
3025 // disabled, so the name constraints do not apply.
3026 EXPECT_EQ(X509_V_OK, Verify(not_permitted_with_sans.get(), {root.get()},
3027 {intermediate.get()}, {}, 0, nullptr));
3028 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3029 verify_cert(not_permitted_with_sans.get(), 0 /* no flags */,
3030 kCommonNameNotPermittedWithSANs));
3031
3032 // If the common name does not look like a DNS name, we apply neither name
3033 // constraints nor common name fallback.
3034 EXPECT_EQ(X509_V_OK, Verify(not_dns.get(), {root.get()}, {intermediate.get()},
3035 {}, 0, nullptr));
3036 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
3037 verify_cert(not_dns.get(), 0 /* no flags */, kCommonNameNotDNS));
3038 }
3039
TEST(X509Test,ServerGatedCryptoEKUs)3040 TEST(X509Test, ServerGatedCryptoEKUs) {
3041 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
3042 ASSERT_TRUE(root);
3043 bssl::UniquePtr<X509> ms_sgc = CertFromPEM(kMicrosoftSGCCert);
3044 ASSERT_TRUE(ms_sgc);
3045 bssl::UniquePtr<X509> ns_sgc = CertFromPEM(kNetscapeSGCCert);
3046 ASSERT_TRUE(ns_sgc);
3047 bssl::UniquePtr<X509> server_eku = CertFromPEM(kServerEKUCert);
3048 ASSERT_TRUE(server_eku);
3049 bssl::UniquePtr<X509> server_eku_plus_ms_sgc =
3050 CertFromPEM(kServerEKUPlusMicrosoftSGCCert);
3051 ASSERT_TRUE(server_eku_plus_ms_sgc);
3052 bssl::UniquePtr<X509> any_eku = CertFromPEM(kAnyEKU);
3053 ASSERT_TRUE(any_eku);
3054 bssl::UniquePtr<X509> no_eku = CertFromPEM(kNoEKU);
3055 ASSERT_TRUE(no_eku);
3056
3057 auto verify_cert = [&root](X509 *leaf) {
3058 return Verify(leaf, {root.get()}, /*intermediates=*/{}, /*crls=*/{},
3059 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
3060 ASSERT_TRUE(X509_VERIFY_PARAM_set_purpose(
3061 param, X509_PURPOSE_SSL_SERVER));
3062 });
3063 };
3064
3065 // Neither the Microsoft nor Netscape SGC EKU should be sufficient for
3066 // |X509_PURPOSE_SSL_SERVER|. The "any" EKU probably, technically, should be.
3067 // However, we've never accepted it and it's not acceptable in leaf
3068 // certificates by the Baseline, so perhaps we don't need this complexity.
3069 for (X509 *leaf : {ms_sgc.get(), ns_sgc.get(), any_eku.get()}) {
3070 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE, verify_cert(leaf));
3071 }
3072
3073 // The server-auth EKU is sufficient, and it doesn't matter if an SGC EKU is
3074 // also included. Lastly, not specifying an EKU is also valid.
3075 for (X509 *leaf : {server_eku.get(), server_eku_plus_ms_sgc.get(),
3076 no_eku.get()}) {
3077 EXPECT_EQ(X509_V_OK, verify_cert(leaf));
3078 }
3079 }
3080
3081 // Test that invalid extensions are rejected by, if not the parser, at least the
3082 // verifier.
TEST(X509Test,InvalidExtensions)3083 TEST(X509Test, InvalidExtensions) {
3084 bssl::UniquePtr<X509> root = CertFromPEM(
3085 GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str());
3086 ASSERT_TRUE(root);
3087 bssl::UniquePtr<X509> intermediate = CertFromPEM(
3088 GetTestData("crypto/x509/test/invalid_extension_intermediate.pem")
3089 .c_str());
3090 ASSERT_TRUE(intermediate);
3091 bssl::UniquePtr<X509> leaf = CertFromPEM(
3092 GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str());
3093 ASSERT_TRUE(leaf);
3094
3095 // Sanity-check that the baseline chain is accepted.
3096 EXPECT_EQ(X509_V_OK,
3097 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}));
3098
3099 static const char *kExtensions[] = {
3100 "authority_key_identifier",
3101 "basic_constraints",
3102 "ext_key_usage",
3103 "key_usage",
3104 "name_constraints",
3105 "subject_alt_name",
3106 "subject_key_identifier",
3107 };
3108 for (const char *ext : kExtensions) {
3109 SCOPED_TRACE(ext);
3110 bssl::UniquePtr<X509> invalid_root = CertFromPEM(
3111 GetTestData((std::string("crypto/x509/test/invalid_extension_root_") +
3112 ext + ".pem")
3113 .c_str())
3114 .c_str());
3115 ASSERT_TRUE(invalid_root);
3116
3117 bssl::UniquePtr<X509> invalid_intermediate = CertFromPEM(
3118 GetTestData(
3119 (std::string("crypto/x509/test/invalid_extension_intermediate_") +
3120 ext + ".pem")
3121 .c_str())
3122 .c_str());
3123 ASSERT_TRUE(invalid_intermediate);
3124
3125 bssl::UniquePtr<X509> invalid_leaf = CertFromPEM(
3126 GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") +
3127 ext + ".pem")
3128 .c_str())
3129 .c_str());
3130 ASSERT_TRUE(invalid_leaf);
3131
3132 bssl::UniquePtr<X509> trailing_leaf = CertFromPEM(
3133 GetTestData((std::string("crypto/x509/test/trailing_data_leaf_") +
3134 ext + ".pem")
3135 .c_str())
3136 .c_str());
3137 ASSERT_TRUE(trailing_leaf);
3138
3139 EXPECT_EQ(
3140 X509_V_ERR_INVALID_EXTENSION,
3141 Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {}));
3142
3143 EXPECT_EQ(
3144 X509_V_ERR_INVALID_EXTENSION,
3145 Verify(trailing_leaf.get(), {root.get()}, {intermediate.get()}, {}));
3146
3147 // If the invalid extension is on an intermediate or root,
3148 // |X509_verify_cert| notices by way of being unable to build a path to
3149 // a valid issuer.
3150 EXPECT_EQ(
3151 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
3152 Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {}));
3153 EXPECT_EQ(
3154 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
3155 Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {}));
3156 }
3157 }
3158
3159 // kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number
3160 // encoded explicitly, rather than omitted as required by DER.
3161 static const char kExplicitDefaultVersionPEM[] = R"(
3162 -----BEGIN CERTIFICATE-----
3163 MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3164 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3165 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3166 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3167 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3168 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3169 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
3170 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
3171 FA==
3172 -----END CERTIFICATE-----
3173 )";
3174
3175 // kNegativeVersionPEM is an X.509 certificate with a negative version number.
3176 static const char kNegativeVersionPEM[] = R"(
3177 -----BEGIN CERTIFICATE-----
3178 MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3179 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3180 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3181 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3182 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3183 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3184 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
3185 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
3186 FA==
3187 -----END CERTIFICATE-----
3188 )";
3189
3190 // kFutureVersionPEM is an X.509 certificate with a version number value of
3191 // three, which is not defined. (v3 has value two).
3192 static const char kFutureVersionPEM[] = R"(
3193 -----BEGIN CERTIFICATE-----
3194 MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3195 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3196 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3197 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3198 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3199 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3200 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
3201 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
3202 FA==
3203 -----END CERTIFICATE-----
3204 )";
3205
3206 // kOverflowVersionPEM is an X.509 certificate with a version field which
3207 // overflows |uint64_t|.
3208 static const char kOverflowVersionPEM[] = R"(
3209 -----BEGIN CERTIFICATE-----
3210 MIIBoDCCAUegJgIkAP//////////////////////////////////////////////
3211 AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
3212 U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X
3213 DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR
3214 BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
3215 IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX
3216 a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw
3217 CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd
3218 xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
3219 -----END CERTIFICATE-----
3220 )";
3221
3222 // kV1WithExtensionsPEM is an X.509v1 certificate with extensions.
3223 static const char kV1WithExtensionsPEM[] = R"(
3224 -----BEGIN CERTIFICATE-----
3225 MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
3226 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
3227 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
3228 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
3229 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
3230 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
3231 lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud
3232 IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI
3233 zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe
3234 eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
3235 -----END CERTIFICATE-----
3236 )";
3237
3238 // kV2WithExtensionsPEM is an X.509v2 certificate with extensions.
3239 static const char kV2WithExtensionsPEM[] = R"(
3240 -----BEGIN CERTIFICATE-----
3241 MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
3242 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
3243 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
3244 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
3245 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
3246 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
3247 HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
3248 HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
3249 BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
3250 BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=
3251 -----END CERTIFICATE-----
3252 )";
3253
3254 // kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
3255 static const char kV1WithIssuerUniqueIDPEM[] = R"(
3256 -----BEGIN CERTIFICATE-----
3257 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
3258 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
3259 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
3260 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
3261 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
3262 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
3263 lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
3264 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
3265 MlJhXnXJFA==
3266 -----END CERTIFICATE-----
3267 )";
3268
3269 // kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
3270 static const char kV1WithSubjectUniqueIDPEM[] = R"(
3271 -----BEGIN CERTIFICATE-----
3272 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
3273 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
3274 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
3275 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
3276 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
3277 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
3278 lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
3279 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
3280 MlJhXnXJFA==
3281 -----END CERTIFICATE-----
3282 )";
3283
3284 // kV1CRLWithExtensionsPEM is a v1 CRL with extensions.
3285 static const char kV1CRLWithExtensionsPEM[] = R"(
3286 -----BEGIN X509 CRL-----
3287 MIIBpDCBjTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwK
3288 Q2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9y
3289 aW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNVHRQE
3290 AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LNZEAc
3291 +a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWoeOkq
3292 0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4osdsAR
3293 eBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vvdiyu
3294 0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho/vBb
3295 hl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
3296 -----END X509 CRL-----
3297 )";
3298
3299 // kExplicitDefaultVersionCRLPEM is a v1 CRL with an explicitly-encoded version
3300 // field.
3301 static const char kExplicitDefaultVersionCRLPEM[] = R"(
3302 -----BEGIN X509 CRL-----
3303 MIIBlzCBgAIBADANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
3304 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
3305 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaMA0GCSqGSIb3
3306 DQEBCwUAA4IBAQCesEoqC933H3PAr2u1S9V4V4nv4s1kQBz5rmjGk80SwnHqFegC
3307 lgRvNczG5YFCgKzmIQHJxIa51y3bUv4xV/bszfwqtah46SrRrayKpWJBk7YVv9JQ
3308 VHST3NvzGXzpl/rmWA+mUAu6fRtX8dPswlyXThNziix2wBF4GzmepMY0R3kCULWI
3309 oe9BmQz/8wPnUOykqcOmwOJRWLniH0LVKl9mZfwfZW92LK7R9n9s8AzdUAZrBq1/
3310 9LJZ8EzIqmg9cQbf2gDOaOM6Px6fzamyfubjvggZqGj+8FuGXWazmpCItg+ObhgQ
3311 u2ddCgXILva0GNt0V39kT2TgI0oNvEVRcVuT
3312 -----END X509 CRL-----
3313 )";
3314
3315 // kV3CRLPEM is a v3 CRL. CRL versions only go up to v2.
3316 static const char kV3CRLPEM[] = R"(
3317 -----BEGIN X509 CRL-----
3318 MIIBpzCBkAIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
3319 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
3320 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
3321 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
3322 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
3323 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
3324 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
3325 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
3326 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
3327 -----END X509 CRL-----
3328 )";
3329
3330 // kV2CSRPEM is a v2 CSR. CSR versions only go up to v1.
3331 static const char kV2CSRPEM[] = R"(
3332 -----BEGIN CERTIFICATE REQUEST-----
3333 MIHJMHECAQEwDzENMAsGA1UEAwwEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH
3334 A0IABJjsayyAQod1J7UJYNT8AH4WWxLdKV0ozhrIz6hCzBAze7AqXWOSH8G+1EWC
3335 pSfL3oMQNtBdJS0kpXXaUqEAgTSgADAKBggqhkjOPQQDAgNIADBFAiAUXVaEYATg
3336 4Cc917T73KBImxh6xyhsA5pKuYpq1S4m9wIhAK+G93HR4ur7Ghel6+zUTvIAsj9e
3337 rsn4lSYsqI4OI4ei
3338 -----END CERTIFICATE REQUEST-----
3339 )";
3340
3341 // kV3CSRPEM is a v3 CSR. CSR versions only go up to v1.
3342 static const char kV3CSRPEM[] = R"(
3343 -----BEGIN CERTIFICATE REQUEST-----
3344 MIHJMHECAQIwDzENMAsGA1UEAwwEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH
3345 A0IABJjsayyAQod1J7UJYNT8AH4WWxLdKV0ozhrIz6hCzBAze7AqXWOSH8G+1EWC
3346 pSfL3oMQNtBdJS0kpXXaUqEAgTSgADAKBggqhkjOPQQDAgNIADBFAiAUXVaEYATg
3347 4Cc917T73KBImxh6xyhsA5pKuYpq1S4m9wIhAK+G93HR4ur7Ghel6+zUTvIAsj9e
3348 rsn4lSYsqI4OI4ei
3349 -----END CERTIFICATE REQUEST-----
3350 )";
3351
3352 // Test that the library enforces versions are valid and match the fields
3353 // present.
TEST(X509Test,InvalidVersion)3354 TEST(X509Test, InvalidVersion) {
3355 // kExplicitDefaultVersionPEM is invalid but, for now, we accept it. See
3356 // https://crbug.com/boringssl/364.
3357 EXPECT_TRUE(CertFromPEM(kExplicitDefaultVersionPEM));
3358 EXPECT_TRUE(CRLFromPEM(kExplicitDefaultVersionCRLPEM));
3359
3360 EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM));
3361 EXPECT_FALSE(CertFromPEM(kFutureVersionPEM));
3362 EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM));
3363 EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
3364 EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
3365 EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM));
3366 EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM));
3367 EXPECT_FALSE(CRLFromPEM(kV1CRLWithExtensionsPEM));
3368 EXPECT_FALSE(CRLFromPEM(kV3CRLPEM));
3369 EXPECT_FALSE(CSRFromPEM(kV2CSRPEM));
3370
3371 // kV3CSRPEM is invalid but, for now, we accept it. See
3372 // https://github.com/certbot/certbot/pull/9334
3373 EXPECT_TRUE(CSRFromPEM(kV3CSRPEM));
3374
3375 bssl::UniquePtr<X509> x509(X509_new());
3376 ASSERT_TRUE(x509);
3377 EXPECT_FALSE(X509_set_version(x509.get(), -1));
3378 EXPECT_FALSE(X509_set_version(x509.get(), X509_VERSION_3 + 1));
3379 EXPECT_FALSE(X509_set_version(x509.get(), 9999));
3380
3381 bssl::UniquePtr<X509_CRL> crl(X509_CRL_new());
3382 ASSERT_TRUE(crl);
3383 EXPECT_FALSE(X509_CRL_set_version(crl.get(), -1));
3384 EXPECT_FALSE(X509_CRL_set_version(crl.get(), X509_CRL_VERSION_2 + 1));
3385 EXPECT_FALSE(X509_CRL_set_version(crl.get(), 9999));
3386
3387 bssl::UniquePtr<X509_REQ> req(X509_REQ_new());
3388 ASSERT_TRUE(req);
3389 EXPECT_FALSE(X509_REQ_set_version(req.get(), -1));
3390 EXPECT_FALSE(X509_REQ_set_version(req.get(), X509_REQ_VERSION_1 + 1));
3391 EXPECT_FALSE(X509_REQ_set_version(req.get(), 9999));
3392 }
3393
3394 // Unlike upstream OpenSSL, we require a non-null store in
3395 // |X509_STORE_CTX_init|.
TEST(X509Test,NullStore)3396 TEST(X509Test, NullStore) {
3397 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
3398 ASSERT_TRUE(leaf);
3399 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
3400 ASSERT_TRUE(ctx);
3401 EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr));
3402 }
3403
TEST(X509Test,BasicConstraints)3404 TEST(X509Test, BasicConstraints) {
3405 const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID;
3406
3407 static const struct {
3408 const char *file;
3409 uint32_t flags;
3410 int path_len;
3411 } kTests[] = {
3412 {"basic_constraints_none.pem", 0, -1},
3413 {"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1},
3414 {"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0},
3415 {"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1},
3416 {"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10},
3417 {"basic_constraints_leaf.pem", EXFLAG_BCONS, -1},
3418 {"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1},
3419 };
3420
3421 for (const auto &test : kTests) {
3422 SCOPED_TRACE(test.file);
3423
3424 std::string path = "crypto/x509/test/";
3425 path += test.file;
3426
3427 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path.c_str()).c_str());
3428 ASSERT_TRUE(cert);
3429 EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask);
3430 EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get()));
3431 }
3432 }
3433
3434 // The following strings are test certificates signed by kP256Key and kRSAKey,
3435 // with missing, NULL, or invalid algorithm parameters.
3436 static const char kP256NoParam[] = R"(
3437 -----BEGIN CERTIFICATE-----
3438 MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
3439 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
3440 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
3441 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
3442 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy
3443 aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy
3444 gGzFYg==
3445 -----END CERTIFICATE-----
3446 )";
3447 static const char kP256NullParam[] = R"(
3448 -----BEGIN CERTIFICATE-----
3449 MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw
3450 IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl
3451 c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3
3452 qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw
3453 DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX
3454 UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r
3455 t6uPxHrmpUY=
3456 -----END CERTIFICATE-----
3457 )";
3458 static const char kP256InvalidParam[] = R"(
3459 -----BEGIN CERTIFICATE-----
3460 MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD
3461 EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD
3462 VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N
3463 lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L
3464 z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF
3465 AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y
3466 fLULTZnynuQUULQkRcF7S7T2WpIL
3467 -----END CERTIFICATE-----
3468 )";
3469 static const char kRSANoParam[] = R"(
3470 -----BEGIN CERTIFICATE-----
3471 MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg
3472 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
3473 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
3474 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
3475 MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh
3476 brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N
3477 l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY
3478 TWUH2ieFP3l+ecj1SeQR
3479 -----END CERTIFICATE-----
3480 )";
3481 static const char kRSANullParam[] = R"(
3482 -----BEGIN CERTIFICATE-----
3483 MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0
3484 MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU
3485 ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr
3486 t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ
3487 MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL
3488 fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy
3489 seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua
3490 SwmQUz4bRpckRBj+sIyp1We+pg==
3491 -----END CERTIFICATE-----
3492 )";
3493 static const char kRSAInvalidParam[] = R"(
3494 -----BEGIN CERTIFICATE-----
3495 MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE
3496 AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG
3497 A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e
3498 DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt
3499 S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB
3500 AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0
3501 4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8
3502 5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9
3503 -----END CERTIFICATE-----
3504 )";
3505
TEST(X509Test,AlgorithmParameters)3506 TEST(X509Test, AlgorithmParameters) {
3507 // P-256 parameters should be omitted, but we accept NULL ones.
3508 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
3509 ASSERT_TRUE(key);
3510
3511 bssl::UniquePtr<X509> cert = CertFromPEM(kP256NoParam);
3512 ASSERT_TRUE(cert);
3513 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3514
3515 cert = CertFromPEM(kP256NullParam);
3516 ASSERT_TRUE(cert);
3517 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3518
3519 cert = CertFromPEM(kP256InvalidParam);
3520 ASSERT_TRUE(cert);
3521 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
3522 uint32_t err = ERR_get_error();
3523 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
3524 EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
3525
3526 // RSA parameters should be NULL, but we accept omitted ones.
3527 key = PrivateKeyFromPEM(kRSAKey);
3528 ASSERT_TRUE(key);
3529
3530 cert = CertFromPEM(kRSANoParam);
3531 ASSERT_TRUE(cert);
3532 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3533
3534 cert = CertFromPEM(kRSANullParam);
3535 ASSERT_TRUE(cert);
3536 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
3537
3538 cert = CertFromPEM(kRSAInvalidParam);
3539 ASSERT_TRUE(cert);
3540 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
3541 err = ERR_get_error();
3542 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
3543 EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
3544 }
3545
TEST(X509Test,GeneralName)3546 TEST(X509Test, GeneralName) {
3547 const std::vector<uint8_t> kNames[] = {
3548 // [0] {
3549 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3550 // [0] {
3551 // SEQUENCE {}
3552 // }
3553 // }
3554 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3555 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00},
3556 // [0] {
3557 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3558 // [0] {
3559 // [APPLICATION 0] {}
3560 // }
3561 // }
3562 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3563 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00},
3564 // [0] {
3565 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3566 // [0] {
3567 // UTF8String { "a" }
3568 // }
3569 // }
3570 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3571 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61},
3572 // [0] {
3573 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
3574 // [0] {
3575 // UTF8String { "a" }
3576 // }
3577 // }
3578 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3579 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61},
3580 // [0] {
3581 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3582 // [0] {
3583 // UTF8String { "b" }
3584 // }
3585 // }
3586 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3587 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62},
3588 // [0] {
3589 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3590 // [0] {
3591 // BOOLEAN { TRUE }
3592 // }
3593 // }
3594 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3595 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff},
3596 // [0] {
3597 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3598 // [0] {
3599 // BOOLEAN { FALSE }
3600 // }
3601 // }
3602 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3603 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00},
3604 // [1 PRIMITIVE] { "a" }
3605 {0x81, 0x01, 0x61},
3606 // [1 PRIMITIVE] { "b" }
3607 {0x81, 0x01, 0x62},
3608 // [2 PRIMITIVE] { "a" }
3609 {0x82, 0x01, 0x61},
3610 // [2 PRIMITIVE] { "b" }
3611 {0x82, 0x01, 0x62},
3612 // [3] {}
3613 {0xa3, 0x00},
3614 // [4] {
3615 // SEQUENCE {
3616 // SET {
3617 // SEQUENCE {
3618 // # commonName
3619 // OBJECT_IDENTIFIER { 2.5.4.3 }
3620 // UTF8String { "a" }
3621 // }
3622 // }
3623 // }
3624 // }
3625 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
3626 0x03, 0x0c, 0x01, 0x61},
3627 // [4] {
3628 // SEQUENCE {
3629 // SET {
3630 // SEQUENCE {
3631 // # commonName
3632 // OBJECT_IDENTIFIER { 2.5.4.3 }
3633 // UTF8String { "b" }
3634 // }
3635 // }
3636 // }
3637 // }
3638 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
3639 0x03, 0x0c, 0x01, 0x62},
3640 // [5] {
3641 // [1] {
3642 // UTF8String { "a" }
3643 // }
3644 // }
3645 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3646 // [5] {
3647 // [1] {
3648 // UTF8String { "b" }
3649 // }
3650 // }
3651 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62},
3652 // [5] {
3653 // [0] {
3654 // UTF8String {}
3655 // }
3656 // [1] {
3657 // UTF8String { "a" }
3658 // }
3659 // }
3660 {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3661 // [5] {
3662 // [0] {
3663 // UTF8String { "a" }
3664 // }
3665 // [1] {
3666 // UTF8String { "a" }
3667 // }
3668 // }
3669 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3670 // [5] {
3671 // [0] {
3672 // UTF8String { "b" }
3673 // }
3674 // [1] {
3675 // UTF8String { "a" }
3676 // }
3677 // }
3678 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3679 // [6 PRIMITIVE] { "a" }
3680 {0x86, 0x01, 0x61},
3681 // [6 PRIMITIVE] { "b" }
3682 {0x86, 0x01, 0x62},
3683 // [7 PRIMITIVE] { `11111111` }
3684 {0x87, 0x04, 0x11, 0x11, 0x11, 0x11},
3685 // [7 PRIMITIVE] { `22222222`}
3686 {0x87, 0x04, 0x22, 0x22, 0x22, 0x22},
3687 // [7 PRIMITIVE] { `11111111111111111111111111111111` }
3688 {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
3689 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
3690 // [7 PRIMITIVE] { `22222222222222222222222222222222` }
3691 {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
3692 0x22, 0x22, 0x22, 0x22, 0x22, 0x22},
3693 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 }
3694 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3695 0x09, 0x02, 0x01},
3696 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 }
3697 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3698 0x09, 0x02, 0x02},
3699 };
3700
3701 // Every name should be equal to itself and not equal to any others.
3702 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) {
3703 SCOPED_TRACE(Bytes(kNames[i]));
3704
3705 const uint8_t *ptr = kNames[i].data();
3706 bssl::UniquePtr<GENERAL_NAME> a(
3707 d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size()));
3708 ASSERT_TRUE(a);
3709 ASSERT_EQ(ptr, kNames[i].data() + kNames[i].size());
3710
3711 uint8_t *enc = nullptr;
3712 int enc_len = i2d_GENERAL_NAME(a.get(), &enc);
3713 ASSERT_GE(enc_len, 0);
3714 bssl::UniquePtr<uint8_t> free_enc(enc);
3715 EXPECT_EQ(Bytes(enc, enc_len), Bytes(kNames[i]));
3716
3717 for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) {
3718 SCOPED_TRACE(Bytes(kNames[j]));
3719
3720 ptr = kNames[j].data();
3721 bssl::UniquePtr<GENERAL_NAME> b(
3722 d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size()));
3723 ASSERT_TRUE(b);
3724 ASSERT_EQ(ptr, kNames[j].data() + kNames[j].size());
3725
3726 if (i == j) {
3727 EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0);
3728 } else {
3729 EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0);
3730 }
3731 }
3732 }
3733 }
3734
3735 // Test that extracting fields of an |X509_ALGOR| works correctly.
TEST(X509Test,X509AlgorExtract)3736 TEST(X509Test, X509AlgorExtract) {
3737 static const char kTestOID[] = "1.2.840.113554.4.1.72585.2";
3738 const struct {
3739 int param_type;
3740 std::vector<uint8_t> param_der;
3741 } kTests[] = {
3742 // No parameter.
3743 {V_ASN1_UNDEF, {}},
3744 // BOOLEAN { TRUE }
3745 {V_ASN1_BOOLEAN, {0x01, 0x01, 0xff}},
3746 // BOOLEAN { FALSE }
3747 {V_ASN1_BOOLEAN, {0x01, 0x01, 0x00}},
3748 // OCTET_STRING { "a" }
3749 {V_ASN1_OCTET_STRING, {0x04, 0x01, 0x61}},
3750 // BIT_STRING { `01` `00` }
3751 {V_ASN1_BIT_STRING, {0x03, 0x02, 0x01, 0x00}},
3752 // INTEGER { -1 }
3753 {V_ASN1_INTEGER, {0x02, 0x01, 0xff}},
3754 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
3755 {V_ASN1_OBJECT,
3756 {0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3757 0x09, 0x02}},
3758 // NULL {}
3759 {V_ASN1_NULL, {0x05, 0x00}},
3760 // SEQUENCE {}
3761 {V_ASN1_SEQUENCE, {0x30, 0x00}},
3762 // SET {}
3763 {V_ASN1_SET, {0x31, 0x00}},
3764 // [0] { UTF8String { "a" } }
3765 {V_ASN1_OTHER, {0xa0, 0x03, 0x0c, 0x01, 0x61}},
3766 };
3767 for (const auto &t : kTests) {
3768 SCOPED_TRACE(Bytes(t.param_der));
3769
3770 // Assemble an AlgorithmIdentifier with the parameter.
3771 bssl::ScopedCBB cbb;
3772 CBB seq, oid;
3773 ASSERT_TRUE(CBB_init(cbb.get(), 64));
3774 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE));
3775 ASSERT_TRUE(CBB_add_asn1(&seq, &oid, CBS_ASN1_OBJECT));
3776 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&oid, kTestOID, strlen(kTestOID)));
3777 ASSERT_TRUE(CBB_add_bytes(&seq, t.param_der.data(), t.param_der.size()));
3778 ASSERT_TRUE(CBB_flush(cbb.get()));
3779
3780 const uint8_t *ptr = CBB_data(cbb.get());
3781 bssl::UniquePtr<X509_ALGOR> alg(
3782 d2i_X509_ALGOR(nullptr, &ptr, CBB_len(cbb.get())));
3783 ASSERT_TRUE(alg);
3784
3785 const ASN1_OBJECT *obj;
3786 int param_type;
3787 const void *param_value;
3788 X509_ALGOR_get0(&obj, ¶m_type, ¶m_value, alg.get());
3789
3790 EXPECT_EQ(param_type, t.param_type);
3791 char oid_buf[sizeof(kTestOID)];
3792 ASSERT_EQ(int(sizeof(oid_buf) - 1),
3793 OBJ_obj2txt(oid_buf, sizeof(oid_buf), obj,
3794 /*always_return_oid=*/1));
3795 EXPECT_STREQ(oid_buf, kTestOID);
3796
3797 // |param_type| and |param_value| must be consistent with |ASN1_TYPE|.
3798 if (param_type == V_ASN1_UNDEF) {
3799 EXPECT_EQ(nullptr, param_value);
3800 } else {
3801 bssl::UniquePtr<ASN1_TYPE> param(ASN1_TYPE_new());
3802 ASSERT_TRUE(param);
3803 ASSERT_TRUE(ASN1_TYPE_set1(param.get(), param_type, param_value));
3804
3805 uint8_t *param_der = nullptr;
3806 int param_len = i2d_ASN1_TYPE(param.get(), ¶m_der);
3807 ASSERT_GE(param_len, 0);
3808 bssl::UniquePtr<uint8_t> free_param_der(param_der);
3809
3810 EXPECT_EQ(Bytes(param_der, param_len), Bytes(t.param_der));
3811 }
3812 }
3813 }
3814
3815 // Test the various |X509_ATTRIBUTE| creation functions.
TEST(X509Test,Attribute)3816 TEST(X509Test, Attribute) {
3817 // The friendlyName attribute has a BMPString value. See RFC 2985,
3818 // section 5.5.1.
3819 static const uint8_t kTest1[] = {0x26, 0x03}; // U+2603 SNOWMAN
3820 static const uint8_t kTest1UTF8[] = {0xe2, 0x98, 0x83};
3821 static const uint8_t kTest2[] = {0, 't', 0, 'e', 0, 's', 0, 't'};
3822
3823 auto check_attribute = [&](X509_ATTRIBUTE *attr, bool has_test2) {
3824 EXPECT_EQ(NID_friendlyName, OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)));
3825
3826 EXPECT_EQ(has_test2 ? 2 : 1, X509_ATTRIBUTE_count(attr));
3827
3828 // The first attribute should contain |kTest1|.
3829 const ASN1_TYPE *value = X509_ATTRIBUTE_get0_type(attr, 0);
3830 ASSERT_TRUE(value);
3831 EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
3832 EXPECT_EQ(Bytes(kTest1),
3833 Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
3834 ASN1_STRING_length(value->value.bmpstring)));
3835
3836 // |X509_ATTRIBUTE_get0_data| requires the type match.
3837 EXPECT_FALSE(
3838 X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_OCTET_STRING, nullptr));
3839 const ASN1_BMPSTRING *bmpstring = static_cast<const ASN1_BMPSTRING *>(
3840 X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_BMPSTRING, nullptr));
3841 ASSERT_TRUE(bmpstring);
3842 EXPECT_EQ(Bytes(kTest1), Bytes(ASN1_STRING_get0_data(bmpstring),
3843 ASN1_STRING_length(bmpstring)));
3844
3845 if (has_test2) {
3846 value = X509_ATTRIBUTE_get0_type(attr, 1);
3847 ASSERT_TRUE(value);
3848 EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
3849 EXPECT_EQ(Bytes(kTest2),
3850 Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
3851 ASN1_STRING_length(value->value.bmpstring)));
3852 } else {
3853 EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, 1));
3854 }
3855
3856 EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, 2));
3857 };
3858
3859 bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
3860 ASSERT_TRUE(str);
3861 ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
3862
3863 // Test |X509_ATTRIBUTE_create|.
3864 bssl::UniquePtr<X509_ATTRIBUTE> attr(
3865 X509_ATTRIBUTE_create(NID_friendlyName, V_ASN1_BMPSTRING, str.get()));
3866 ASSERT_TRUE(attr);
3867 str.release(); // |X509_ATTRIBUTE_create| takes ownership on success.
3868 check_attribute(attr.get(), /*has_test2=*/false);
3869
3870 // Test the |MBSTRING_*| form of |X509_ATTRIBUTE_set1_data|.
3871 attr.reset(X509_ATTRIBUTE_new());
3872 ASSERT_TRUE(attr);
3873 ASSERT_TRUE(
3874 X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
3875 ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), MBSTRING_UTF8, kTest1UTF8,
3876 sizeof(kTest1UTF8)));
3877 check_attribute(attr.get(), /*has_test2=*/false);
3878
3879 // Test the |ASN1_STRING| form of |X509_ATTRIBUTE_set1_data|.
3880 ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, kTest2,
3881 sizeof(kTest2)));
3882 check_attribute(attr.get(), /*has_test2=*/true);
3883
3884 // Test the |ASN1_TYPE| form of |X509_ATTRIBUTE_set1_data|.
3885 attr.reset(X509_ATTRIBUTE_new());
3886 ASSERT_TRUE(attr);
3887 ASSERT_TRUE(
3888 X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
3889 str.reset(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
3890 ASSERT_TRUE(str);
3891 ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
3892 ASSERT_TRUE(
3893 X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, str.get(), -1));
3894 check_attribute(attr.get(), /*has_test2=*/false);
3895 }
3896
3897 // Test that, by default, |X509_V_FLAG_TRUSTED_FIRST| is set, which means we'll
3898 // skip over server-sent expired intermediates when there is a local trust
3899 // anchor that works better.
TEST(X509Test,TrustedFirst)3900 TEST(X509Test, TrustedFirst) {
3901 // Generate the following certificates:
3902 //
3903 // Root 2 (in store, expired)
3904 // |
3905 // Root 1 (in store) Root 1 (cross-sign)
3906 // \ /
3907 // Intermediate
3908 // |
3909 // Leaf
3910 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
3911 ASSERT_TRUE(key);
3912
3913 bssl::UniquePtr<X509> root2 =
3914 MakeTestCert("Root 2", "Root 2", key.get(), /*is_ca=*/true);
3915 ASSERT_TRUE(root2);
3916 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root2.get()), kReferenceTime,
3917 /*offset_day=*/0,
3918 /*offset_sec=*/-1));
3919 ASSERT_TRUE(X509_sign(root2.get(), key.get(), EVP_sha256()));
3920
3921 bssl::UniquePtr<X509> root1 =
3922 MakeTestCert("Root 1", "Root 1", key.get(), /*is_ca=*/true);
3923 ASSERT_TRUE(root1);
3924 ASSERT_TRUE(X509_sign(root1.get(), key.get(), EVP_sha256()));
3925
3926 bssl::UniquePtr<X509> root1_cross =
3927 MakeTestCert("Root 2", "Root 1", key.get(), /*is_ca=*/true);
3928 ASSERT_TRUE(root1_cross);
3929 ASSERT_TRUE(X509_sign(root1_cross.get(), key.get(), EVP_sha256()));
3930
3931 bssl::UniquePtr<X509> intermediate =
3932 MakeTestCert("Root 1", "Intermediate", key.get(), /*is_ca=*/true);
3933 ASSERT_TRUE(intermediate);
3934 ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
3935
3936 bssl::UniquePtr<X509> leaf =
3937 MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
3938 ASSERT_TRUE(leaf);
3939 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
3940
3941 // As a control, confirm that |leaf| -> |intermediate| -> |root1| is valid,
3942 // but the path through |root1_cross| is expired.
3943 EXPECT_EQ(X509_V_OK,
3944 Verify(leaf.get(), {root1.get()}, {intermediate.get()}, {}));
3945 EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
3946 Verify(leaf.get(), {root2.get()},
3947 {intermediate.get(), root1_cross.get()}, {}));
3948
3949 // By default, we should find the |leaf| -> |intermediate| -> |root2| chain,
3950 // skipping |root1_cross|.
3951 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root1.get(), root2.get()},
3952 {intermediate.get(), root1_cross.get()}, {}));
3953
3954 // When |X509_V_FLAG_TRUSTED_FIRST| is disabled, we get stuck on the expired
3955 // intermediate. Note we need the callback to clear the flag. Setting |flags|
3956 // to zero only skips setting new flags.
3957 //
3958 // This test exists to confirm our current behavior, but these modes are just
3959 // workarounds for not having an actual path-building verifier. If we fix it,
3960 // this test can be removed.
3961 EXPECT_EQ(X509_V_ERR_CERT_HAS_EXPIRED,
3962 Verify(leaf.get(), {root1.get(), root2.get()},
3963 {intermediate.get(), root1_cross.get()}, {}, /*flags=*/0,
3964 [&](X509_VERIFY_PARAM *param) {
3965 X509_VERIFY_PARAM_clear_flags(param,
3966 X509_V_FLAG_TRUSTED_FIRST);
3967 }));
3968
3969 // Even when |X509_V_FLAG_TRUSTED_FIRST| is disabled, if |root2| is not
3970 // trusted, the alt chains logic recovers the path.
3971 EXPECT_EQ(
3972 X509_V_OK,
3973 Verify(leaf.get(), {root1.get()}, {intermediate.get(), root1_cross.get()},
3974 {}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
3975 X509_VERIFY_PARAM_clear_flags(param, X509_V_FLAG_TRUSTED_FIRST);
3976 }));
3977 }
3978
3979 // Test that notBefore and notAfter checks work correctly.
TEST(X509Test,Expiry)3980 TEST(X509Test, Expiry) {
3981 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
3982 ASSERT_TRUE(key);
3983
3984 // The following are measured in seconds relative to kReferenceTime. The
3985 // validity periods are staggered so we can independently test both leaf and
3986 // root time checks.
3987 const int64_t kSecondsInDay = 24 * 3600;
3988 const int64_t kRootStart = -30 * kSecondsInDay;
3989 const int64_t kIntermediateStart = -20 * kSecondsInDay;
3990 const int64_t kLeafStart = -10 * kSecondsInDay;
3991 const int64_t kIntermediateEnd = 10 * kSecondsInDay;
3992 const int64_t kLeafEnd = 20 * kSecondsInDay;
3993 const int64_t kRootEnd = 30 * kSecondsInDay;
3994
3995 bssl::UniquePtr<X509> root =
3996 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
3997 ASSERT_TRUE(root);
3998 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(root.get()), kReferenceTime,
3999 /*offset_day=*/0,
4000 /*offset_sec=*/kRootStart));
4001 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root.get()), kReferenceTime,
4002 /*offset_day=*/0,
4003 /*offset_sec=*/kRootEnd));
4004 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
4005
4006 bssl::UniquePtr<X509> intermediate =
4007 MakeTestCert("Root", "Intermediate", key.get(), /*is_ca=*/true);
4008 ASSERT_TRUE(intermediate);
4009 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(intermediate.get()),
4010 kReferenceTime,
4011 /*offset_day=*/0,
4012 /*offset_sec=*/kIntermediateStart));
4013 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(intermediate.get()),
4014 kReferenceTime,
4015 /*offset_day=*/0,
4016 /*offset_sec=*/kIntermediateEnd));
4017 ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
4018
4019 bssl::UniquePtr<X509> leaf =
4020 MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
4021 ASSERT_TRUE(leaf);
4022 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(leaf.get()), kReferenceTime,
4023 /*offset_day=*/0,
4024 /*offset_sec=*/kLeafStart));
4025 ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(leaf.get()), kReferenceTime,
4026 /*offset_day=*/0,
4027 /*offset_sec=*/kLeafEnd));
4028 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
4029
4030 struct VerifyAt {
4031 int64_t time;
4032 void operator()(X509_VERIFY_PARAM *param) const {
4033 X509_VERIFY_PARAM_set_time_posix(param, time);
4034 }
4035 };
4036
4037 for (bool check_time : {true, false}) {
4038 SCOPED_TRACE(check_time);
4039 unsigned long flags = check_time ? 0 : X509_V_FLAG_NO_CHECK_TIME;
4040 int not_yet_valid = check_time ? X509_V_ERR_CERT_NOT_YET_VALID : X509_V_OK;
4041 int has_expired = check_time ? X509_V_ERR_CERT_HAS_EXPIRED : X509_V_OK;
4042
4043 EXPECT_EQ(not_yet_valid,
4044 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
4045 VerifyAt{kReferenceTime + kRootStart - 1}));
4046 EXPECT_EQ(not_yet_valid,
4047 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
4048 VerifyAt{kReferenceTime + kIntermediateStart - 1}));
4049 EXPECT_EQ(not_yet_valid,
4050 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
4051 VerifyAt{kReferenceTime + kLeafStart - 1}));
4052
4053 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
4054 {}, flags, VerifyAt{kReferenceTime}));
4055
4056 EXPECT_EQ(has_expired,
4057 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
4058 VerifyAt{kReferenceTime + kRootEnd + 1}));
4059 EXPECT_EQ(has_expired,
4060 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
4061 VerifyAt{kReferenceTime + kIntermediateEnd + 1}));
4062 EXPECT_EQ(has_expired,
4063 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
4064 VerifyAt{kReferenceTime + kLeafEnd + 1}));
4065 }
4066 }
4067
4068 // kConstructedBitString is an X.509 certificate where the signature is encoded
4069 // as a BER constructed BIT STRING. Note that, while OpenSSL's parser accepts
4070 // this input, it interprets the value incorrectly.
4071 static const char kConstructedBitString[] = R"(
4072 -----BEGIN CERTIFICATE-----
4073 MIIBJTCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
4074 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
4075 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
4076 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
4077 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAiNOAyQAMEYCIQCp0iIX5s30KXjihR4g
4078 KnJpd3seqGlVRqCVgrD0KGYDJgA1QAIhAKkx0vR82QU0NtHDD11KX/LuQF2T+2nX
4079 oeKp5LKAbMVi
4080 -----END CERTIFICATE-----
4081 )";
4082
4083 // kConstructedOctetString is an X.509 certificate where an extension is encoded
4084 // as a BER constructed OCTET STRING.
4085 static const char kConstructedOctetString[] = R"(
4086 -----BEGIN CERTIFICATE-----
4087 MIIBJDCByqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
4088 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
4089 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
4090 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMUMBIw
4091 EAYDVR0TJAkEAzADAQQCAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKF
4092 HiAqcml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh
4093 4qnksoBsxWI=
4094 -----END CERTIFICATE-----
4095 )";
4096
4097 // kIndefiniteLength is an X.509 certificate where the outermost SEQUENCE uses
4098 // BER indefinite-length encoding.
4099 static const char kIndefiniteLength[] = R"(
4100 -----BEGIN CERTIFICATE-----
4101 MIAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAgFw0w
4102 MDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVzdDBZ
4103 MBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7epHg1G
4104 +92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAOMAwG
4105 A1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAqcml3
4106 ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnksoBs
4107 xWIAAA==
4108 -----END CERTIFICATE-----
4109 )";
4110
4111 // kNonZeroPadding is an X.09 certificate where the BIT STRING signature field
4112 // has non-zero padding values.
4113 static const char kNonZeroPadding[] = R"(
4114 -----BEGIN CERTIFICATE-----
4115 MIIB0DCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
4116 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
4117 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
4118 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
4119 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
4120 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
4121 HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
4122 HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
4123 BgcqhkjOPQQBA0kBMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
4124 BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQB
4125 -----END CERTIFICATE-----
4126 )";
4127
4128 // kHighTagNumber is an X.509 certificate where the outermost SEQUENCE tag uses
4129 // high tag number form.
4130 static const char kHighTagNumber[] = R"(
4131 -----BEGIN CERTIFICATE-----
4132 PxCCASAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg
4133 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
4134 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
4135 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
4136 MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq
4137 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
4138 soBsxWI=
4139 -----END CERTIFICATE-----
4140 )";
4141
4142 // kNonMinimalLengthOuter is an X.509 certificate where the outermost SEQUENCE
4143 // has a non-minimal length.
4144 static const char kNonMinimalLengthOuter[] = R"(
4145 -----BEGIN CERTIFICATE-----
4146 MIMAASAwgcagAwIBAgICBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg
4147 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
4148 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
4149 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
4150 MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq
4151 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
4152 soBsxWI=
4153 -----END CERTIFICATE-----
4154 )";
4155
4156 // kNonMinimalLengthSignature is an X.509 certificate where the signature has a
4157 // non-minimal length.
4158 static const char kNonMinimalLengthSignature[] = R"(
4159 -----BEGIN CERTIFICATE-----
4160 MIIBITCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
4161 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
4162 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
4163 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
4164 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgOBSQAwRgIhAKnSIhfmzfQpeOKFHiAq
4165 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
4166 soBsxWI=
4167 -----END CERTIFICATE-----
4168 )";
4169
4170 // kNonMinimalLengthSerial is an X.509 certificate where the serial number has a
4171 // non-minimal length.
4172 static const char kNonMinimalLengthSerial[] = R"(
4173 -----BEGIN CERTIFICATE-----
4174 MIIBITCBx6ADAgECAoECBNIwCgYIKoZIzj0EAwIwDzENMAsGA1UEAxMEVGVzdDAg
4175 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
4176 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
4177 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
4178 MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKnSIhfmzfQpeOKFHiAq
4179 cml3ex6oaVVGoJWCsPQoZjVAAiEAqTHS9HzZBTQ20cMPXUpf8u5AXZP7adeh4qnk
4180 soBsxWI=
4181 -----END CERTIFICATE-----
4182 )";
4183
TEST(X509Test,BER)4184 TEST(X509Test, BER) {
4185 // Constructed strings are forbidden in DER.
4186 EXPECT_FALSE(CertFromPEM(kConstructedBitString));
4187 EXPECT_FALSE(CertFromPEM(kConstructedOctetString));
4188 // Indefinite lengths are forbidden in DER.
4189 EXPECT_FALSE(CertFromPEM(kIndefiniteLength));
4190 // Padding bits in BIT STRINGs must be zero in BER.
4191 EXPECT_FALSE(CertFromPEM(kNonZeroPadding));
4192 // Tags must be minimal in both BER and DER, though many BER decoders
4193 // incorrectly support non-minimal tags.
4194 EXPECT_FALSE(CertFromPEM(kHighTagNumber));
4195 // Lengths must be minimal in DER.
4196 EXPECT_FALSE(CertFromPEM(kNonMinimalLengthOuter));
4197 EXPECT_FALSE(CertFromPEM(kNonMinimalLengthSerial));
4198 // We, for now, accept a non-minimal length in the signature field. See
4199 // b/18228011.
4200 EXPECT_TRUE(CertFromPEM(kNonMinimalLengthSignature));
4201 }
4202
TEST(X509Test,Names)4203 TEST(X509Test, Names) {
4204 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
4205 ASSERT_TRUE(key);
4206 bssl::UniquePtr<X509> root =
4207 MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
4208 ASSERT_TRUE(root);
4209 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
4210
4211 struct {
4212 std::vector<std::pair<int, std::string>> cert_subject;
4213 std::vector<std::string> cert_dns_names;
4214 std::vector<std::string> cert_emails;
4215 std::vector<std::string> valid_dns_names;
4216 std::vector<std::string> invalid_dns_names;
4217 std::vector<std::string> valid_emails;
4218 std::vector<std::string> invalid_emails;
4219 unsigned flags;
4220 } kTests[] = {
4221 // DNS names only match DNS names and do so case-insensitively.
4222 {
4223 /*cert_subject=*/{},
4224 /*cert_dns_names=*/{"example.com", "WWW.EXAMPLE.COM"},
4225 /*cert_emails=*/{},
4226 /*valid_dns_names=*/
4227 {"example.com", "EXAMPLE.COM", "www.example.com", "WWW.EXAMPLE.COM"},
4228 /*invalid_dns_names=*/{"test.example.com", "example.org"},
4229 /*valid_emails=*/{},
4230 /*invalid_emails=*/{"test@example.com", "example.com"},
4231 /*flags=*/0,
4232 },
4233
4234 // DNS wildcards match exactly one component.
4235 {
4236 /*cert_subject=*/{},
4237 /*cert_dns_names=*/{"*.example.com", "*.EXAMPLE.ORG"},
4238 /*cert_emails=*/{},
4239 /*valid_dns_names=*/
4240 {"www.example.com", "WWW.EXAMPLE.COM", "www.example.org",
4241 "WWW.EXAMPLE.ORG"},
4242 /*invalid_dns_names=*/{"example.com", "test.www.example.com"},
4243 /*valid_emails=*/{},
4244 /*invalid_emails=*/{"test@example.com", "www.example.com"},
4245 /*flags=*/0,
4246 },
4247
4248 // DNS wildcards can be disabled.
4249 // TODO(davidben): Can we remove this feature? Does anyone use it?
4250 {
4251 /*cert_subject=*/{},
4252 /*cert_dns_names=*/{"example.com", "*.example.com"},
4253 /*cert_emails=*/{},
4254 /*valid_dns_names=*/{"example.com"},
4255 /*invalid_dns_names=*/{"www.example.com"},
4256 /*valid_emails=*/{},
4257 /*invalid_emails=*/{},
4258 /*flags=*/X509_CHECK_FLAG_NO_WILDCARDS,
4259 },
4260
4261 // Invalid DNS wildcards do not match.
4262 {
4263 /*cert_subject=*/{},
4264 /*cert_dns_names=*/
4265 {"a.*", "**.b.example", "*c.example", "d*.example", "e*e.example",
4266 "*", ".", "..", "*."},
4267 /*cert_emails=*/{},
4268 /*valid_dns_names=*/{},
4269 /*invalid_dns_names=*/
4270 {"a.example", "test.b.example", "cc.example", "dd.example",
4271 "eee.example", "f", "g."},
4272 /*valid_emails=*/{},
4273 /*invalid_emails=*/{},
4274 /*flags=*/0,
4275 },
4276
4277 // IDNs match like any other DNS labels.
4278 {
4279 /*cert_subject=*/{},
4280 /*cert_dns_names=*/
4281 {"xn--rger-koa.a.example", "*.xn--rger-koa.b.example",
4282 "www.xn--rger-koa.c.example"},
4283 /*cert_emails=*/{},
4284 /*valid_dns_names=*/
4285 {"xn--rger-koa.a.example", "www.xn--rger-koa.b.example",
4286 "www.xn--rger-koa.c.example"},
4287 /*invalid_dns_names=*/
4288 {"www.xn--rger-koa.a.example", "xn--rger-koa.b.example",
4289 "www.xn--rger-koa.d.example"},
4290 /*valid_emails=*/{},
4291 /*invalid_emails=*/{},
4292 /*flags=*/0,
4293 },
4294
4295 // For now, DNS names are also extracted out of the common name, but only
4296 // there is no SAN list.
4297 // TODO(https://crbug.com/boringssl/464): Remove this.
4298 {
4299 /*cert_subject=*/{{NID_commonName, "a.example"},
4300 {NID_commonName, "*.b.example"}},
4301 /*cert_dns_names=*/{},
4302 /*cert_emails=*/{},
4303 /*valid_dns_names=*/
4304 {"a.example", "A.EXAMPLE", "test.b.example", "TEST.B.EXAMPLE"},
4305 /*invalid_dns_names=*/{},
4306 /*valid_emails=*/{},
4307 /*invalid_emails=*/{},
4308 /*flags=*/0,
4309 },
4310 {
4311 /*cert_subject=*/{{NID_commonName, "a.example"},
4312 {NID_commonName, "*.b.example"}},
4313 /*cert_dns_names=*/{"example.com"},
4314 /*cert_emails=*/{},
4315 /*valid_dns_names=*/{},
4316 /*invalid_dns_names=*/
4317 {"a.example", "A.EXAMPLE", "test.b.example", "TEST.B.EXAMPLE"},
4318 /*valid_emails=*/{},
4319 /*invalid_emails=*/{},
4320 /*flags=*/0,
4321 },
4322
4323 // Other subject RDNs do not provide DNS names.
4324 {
4325 /*cert_subject=*/{{NID_organizationName, "example.com"}},
4326 /*cert_dns_names=*/{},
4327 /*cert_emails=*/{},
4328 /*valid_dns_names=*/{},
4329 /*invalid_dns_names=*/{"example.com"},
4330 /*valid_emails=*/{},
4331 /*invalid_emails=*/{},
4332 /*flags=*/0,
4333 },
4334
4335 // Input DNS names cannot have wildcards.
4336 {
4337 /*cert_subject=*/{},
4338 /*cert_dns_names=*/{"www.example.com"},
4339 /*cert_emails=*/{},
4340 /*valid_dns_names=*/{},
4341 /*invalid_dns_names=*/{"*.example.com"},
4342 /*valid_emails=*/{},
4343 /*invalid_emails=*/{},
4344 /*flags=*/0,
4345 },
4346
4347 // OpenSSL has some non-standard wildcard syntax for input DNS names. We
4348 // do not support this.
4349 {
4350 /*cert_subject=*/{},
4351 /*cert_dns_names=*/{"www.a.example", "*.b.test"},
4352 /*cert_emails=*/{},
4353 /*valid_dns_names=*/{},
4354 /*invalid_dns_names=*/
4355 {".www.a.example", ".www.b.test", ".a.example", ".b.test", ".example",
4356 ".test"},
4357 /*valid_emails=*/{},
4358 /*invalid_emails=*/{},
4359 /*flags=*/0,
4360 },
4361
4362 // Emails match case-sensitively before the '@' and case-insensitively
4363 // after. They do not match DNS names.
4364 {
4365 /*cert_subject=*/{},
4366 /*cert_dns_names=*/{},
4367 /*cert_emails=*/{"test@a.example", "TEST@B.EXAMPLE"},
4368 /*valid_dns_names=*/{},
4369 /*invalid_dns_names=*/{"a.example", "b.example"},
4370 /*valid_emails=*/
4371 {"test@a.example", "test@A.EXAMPLE", "TEST@b.example",
4372 "TEST@B.EXAMPLE"},
4373 /*invalid_emails=*/
4374 {"TEST@a.example", "test@B.EXAMPLE", "another-test@a.example",
4375 "est@a.example"},
4376 /*flags=*/0,
4377 },
4378
4379 // Emails may also be found in the subject.
4380 {
4381 /*cert_subject=*/{{NID_pkcs9_emailAddress, "test@a.example"},
4382 {NID_pkcs9_emailAddress, "TEST@B.EXAMPLE"}},
4383 /*cert_dns_names=*/{},
4384 /*cert_emails=*/{},
4385 /*valid_dns_names=*/{},
4386 /*invalid_dns_names=*/{"a.example", "b.example"},
4387 /*valid_emails=*/
4388 {"test@a.example", "test@A.EXAMPLE", "TEST@b.example",
4389 "TEST@B.EXAMPLE"},
4390 /*invalid_emails=*/
4391 {"TEST@a.example", "test@B.EXAMPLE", "another-test@a.example",
4392 "est@a.example"},
4393 /*flags=*/0,
4394 },
4395
4396 // There are no email wildcard names.
4397 {
4398 /*cert_subject=*/{},
4399 /*cert_dns_names=*/{},
4400 /*cert_emails=*/{"test@*.a.example", "@b.example", "*@c.example"},
4401 /*valid_dns_names=*/{},
4402 /*invalid_dns_names=*/{},
4403 /*valid_emails=*/{},
4404 /*invalid_emails=*/
4405 {"test@test.a.example", "test@b.example", "test@c.example"},
4406 /*flags=*/0,
4407 },
4408
4409 // Unrelated RDNs can be skipped when looking in the subject.
4410 {
4411 /*cert_subject=*/{{NID_organizationName, "Acme Corporation"},
4412 {NID_commonName, "a.example"},
4413 {NID_pkcs9_emailAddress, "test@b.example"},
4414 {NID_countryName, "US"}},
4415 /*cert_dns_names=*/{},
4416 /*cert_emails=*/{},
4417 /*valid_dns_names=*/{"a.example"},
4418 /*invalid_dns_names=*/{},
4419 /*valid_emails=*/{"test@b.example"},
4420 /*invalid_emails=*/{},
4421 /*flags=*/0,
4422 },
4423 };
4424
4425 size_t i = 0;
4426 for (const auto &t : kTests) {
4427 SCOPED_TRACE(i++);
4428
4429 // Issue a test certificate.
4430 bssl::UniquePtr<X509> cert =
4431 MakeTestCert("Root", "Leaf", key.get(), /*is_ca=*/false);
4432 ASSERT_TRUE(cert);
4433 if (!t.cert_subject.empty()) {
4434 bssl::UniquePtr<X509_NAME> subject(X509_NAME_new());
4435 ASSERT_TRUE(subject);
4436 for (const auto &entry : t.cert_subject) {
4437 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
4438 subject.get(), entry.first, MBSTRING_ASC,
4439 reinterpret_cast<const unsigned char *>(entry.second.data()),
4440 entry.second.size(), /*loc=*/-1, /*set=*/0));
4441 }
4442 ASSERT_TRUE(X509_set_subject_name(cert.get(), subject.get()));
4443 }
4444 bssl::UniquePtr<GENERAL_NAMES> sans(sk_GENERAL_NAME_new_null());
4445 ASSERT_TRUE(sans);
4446 for (const auto &dns : t.cert_dns_names) {
4447 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
4448 ASSERT_TRUE(name);
4449 name->type = GEN_DNS;
4450 name->d.dNSName = ASN1_IA5STRING_new();
4451 ASSERT_TRUE(name->d.dNSName);
4452 ASSERT_TRUE(ASN1_STRING_set(name->d.dNSName, dns.data(), dns.size()));
4453 ASSERT_TRUE(bssl::PushToStack(sans.get(), std::move(name)));
4454 }
4455 for (const auto &email : t.cert_emails) {
4456 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
4457 ASSERT_TRUE(name);
4458 name->type = GEN_EMAIL;
4459 name->d.rfc822Name = ASN1_IA5STRING_new();
4460 ASSERT_TRUE(name->d.rfc822Name);
4461 ASSERT_TRUE(
4462 ASN1_STRING_set(name->d.rfc822Name, email.data(), email.size()));
4463 ASSERT_TRUE(bssl::PushToStack(sans.get(), std::move(name)));
4464 }
4465 if (sk_GENERAL_NAME_num(sans.get()) != 0) {
4466 ASSERT_TRUE(X509_add1_ext_i2d(cert.get(), NID_subject_alt_name,
4467 sans.get(), /*crit=*/0, /*flags=*/0));
4468 }
4469 ASSERT_TRUE(X509_sign(cert.get(), key.get(), EVP_sha256()));
4470
4471 for (const auto &dns : t.valid_dns_names) {
4472 SCOPED_TRACE(dns);
4473 EXPECT_EQ(1, X509_check_host(cert.get(), dns.data(), dns.size(), t.flags,
4474 /*peername=*/nullptr));
4475 EXPECT_EQ(X509_V_OK,
4476 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
4477 /*crls=*/{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
4478 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(
4479 param, dns.data(), dns.size()));
4480 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
4481 }));
4482 }
4483
4484 for (const auto &dns : t.invalid_dns_names) {
4485 SCOPED_TRACE(dns);
4486 EXPECT_EQ(0, X509_check_host(cert.get(), dns.data(), dns.size(), t.flags,
4487 /*peername=*/nullptr));
4488 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
4489 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
4490 /*crls=*/{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
4491 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(
4492 param, dns.data(), dns.size()));
4493 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
4494 }));
4495 }
4496
4497 for (const auto &email : t.valid_emails) {
4498 SCOPED_TRACE(email);
4499 EXPECT_EQ(
4500 1, X509_check_email(cert.get(), email.data(), email.size(), t.flags));
4501 EXPECT_EQ(X509_V_OK,
4502 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
4503 /*crls=*/{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
4504 ASSERT_TRUE(X509_VERIFY_PARAM_set1_email(
4505 param, email.data(), email.size()));
4506 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
4507 }));
4508 }
4509
4510 for (const auto &email : t.invalid_emails) {
4511 SCOPED_TRACE(email);
4512 EXPECT_EQ(
4513 0, X509_check_email(cert.get(), email.data(), email.size(), t.flags));
4514 EXPECT_EQ(X509_V_ERR_EMAIL_MISMATCH,
4515 Verify(cert.get(), {root.get()}, /*intermediates=*/{},
4516 /*crls=*/{}, /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
4517 ASSERT_TRUE(X509_VERIFY_PARAM_set1_email(
4518 param, email.data(), email.size()));
4519 X509_VERIFY_PARAM_set_hostflags(param, t.flags);
4520 }));
4521 }
4522 }
4523 }
4524
TEST(X509Test,AddDuplicates)4525 TEST(X509Test, AddDuplicates) {
4526 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
4527 bssl::UniquePtr<X509> a(CertFromPEM(kCrossSigningRootPEM));
4528 bssl::UniquePtr<X509> b(CertFromPEM(kRootCAPEM));
4529
4530 ASSERT_TRUE(store);
4531 ASSERT_TRUE(a);
4532 ASSERT_TRUE(b);
4533
4534 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
4535 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
4536 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
4537 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
4538 EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
4539 EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
4540
4541 EXPECT_EQ(sk_X509_OBJECT_num(X509_STORE_get0_objects(store.get())), 2u);
4542 }
4543
TEST(X509Test,BytesToHex)4544 TEST(X509Test, BytesToHex) {
4545 struct {
4546 std::vector<uint8_t> bytes;
4547 const char *hex;
4548 } kTests[] = {
4549 {{}, ""},
4550 {{0x00}, "00"},
4551 {{0x00, 0x11, 0x22}, "00:11:22"},
4552 {{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
4553 "01:23:45:67:89:AB:CD:EF"},
4554 };
4555 for (const auto &t : kTests) {
4556 SCOPED_TRACE(Bytes(t.bytes));
4557 bssl::UniquePtr<char> hex(
4558 x509v3_bytes_to_hex(t.bytes.data(), t.bytes.size()));
4559 ASSERT_TRUE(hex);
4560 EXPECT_STREQ(hex.get(), t.hex);
4561 }
4562 }
4563
TEST(X509Test,NamePrint)4564 TEST(X509Test, NamePrint) {
4565 // kTestName is a DER-encoded X.509 that covers many cases.
4566 //
4567 // SEQUENCE {
4568 // SET {
4569 // SEQUENCE {
4570 // # countryName
4571 // OBJECT_IDENTIFIER { 2.5.4.6 }
4572 // PrintableString { "US" }
4573 // }
4574 // }
4575 // # Sets may be multi-valued, with different attributes. Try to keep this
4576 // # in DER set order, in case we ever enforce this in the parser.
4577 // SET {
4578 // SEQUENCE {
4579 // # stateOrProvinceName
4580 // OBJECT_IDENTIFIER { 2.5.4.8 }
4581 // PrintableString { "Some State" }
4582 // }
4583 // SEQUENCE {
4584 // # stateOrProvinceName
4585 // OBJECT_IDENTIFIER { 2.5.4.8 }
4586 // UTF8String { "Some Other State \xe2\x98\x83" }
4587 // }
4588 // SEQUENCE {
4589 // # stateOrProvinceName
4590 // OBJECT_IDENTIFIER { 2.5.4.8 }
4591 // BMPString { u"Another State \u2603" }
4592 // }
4593 // SEQUENCE {
4594 // # A custom OID
4595 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
4596 // UniversalString { U"\u2603" }
4597 // }
4598 // }
4599 // # Custom OIDs may have non-string values.
4600 // SET {
4601 // SEQUENCE {
4602 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.3 }
4603 // SEQUENCE { INTEGER { 1 } INTEGER { 2 } }
4604 // }
4605 // }
4606 // SET {
4607 // SEQUENCE {
4608 // # organizationName
4609 // OBJECT_IDENTIFIER { 2.5.4.10 }
4610 // PrintableString { "Org Name" }
4611 // }
4612 // }
4613 // SET {
4614 // SEQUENCE {
4615 // # commonName
4616 // OBJECT_IDENTIFIER { 2.5.4.3 }
4617 // # Embed common delimiter forms to test how well they get escaped.
4618 // UTF8String { "Common
4619 // Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\nCN=A\n" }
4620 // }
4621 // }
4622 // SET {
4623 // SEQUENCE {
4624 // # commonName
4625 // OBJECT_IDENTIFIER { 2.5.4.3 }
4626 // # Test escaping of leading and trailing spaces.
4627 // UTF8String { " spaces " }
4628 // }
4629 // }
4630 static const uint8_t kTestName[] = {
4631 0x30, 0x82, 0x01, 0x00, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
4632 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x6d, 0x30, 0x11, 0x06, 0x03, 0x55,
4633 0x04, 0x08, 0x13, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x20, 0x53, 0x74, 0x61,
4634 0x74, 0x65, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x14, 0x53,
4635 0x6f, 0x6d, 0x65, 0x20, 0x4f, 0x74, 0x68, 0x65, 0x72, 0x20, 0x53, 0x74,
4636 0x61, 0x74, 0x65, 0x20, 0xe2, 0x98, 0x83, 0x30, 0x25, 0x06, 0x03, 0x55,
4637 0x04, 0x08, 0x1e, 0x1e, 0x00, 0x41, 0x00, 0x6e, 0x00, 0x6f, 0x00, 0x74,
4638 0x00, 0x68, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, 0x53, 0x00, 0x74,
4639 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x26, 0x03, 0x30, 0x14,
4640 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
4641 0x09, 0x02, 0x1c, 0x04, 0x00, 0x00, 0x26, 0x03, 0x31, 0x18, 0x30, 0x16,
4642 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
4643 0x09, 0x03, 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x02, 0x31, 0x11,
4644 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x4f, 0x72, 0x67,
4645 0x20, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x42, 0x30, 0x40, 0x06, 0x03, 0x55,
4646 0x04, 0x03, 0x0c, 0x39, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x20, 0x4e,
4647 0x61, 0x6d, 0x65, 0x2f, 0x43, 0x4e, 0x3d, 0x41, 0x2f, 0x43, 0x4e, 0x3d,
4648 0x42, 0x2c, 0x43, 0x4e, 0x3d, 0x41, 0x2c, 0x43, 0x4e, 0x3d, 0x42, 0x2b,
4649 0x43, 0x4e, 0x3d, 0x41, 0x2b, 0x43, 0x4e, 0x3d, 0x42, 0x3b, 0x43, 0x4e,
4650 0x3d, 0x41, 0x3b, 0x43, 0x4e, 0x3d, 0x42, 0x0a, 0x43, 0x4e, 0x3d, 0x41,
4651 0x0a, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08,
4652 0x20, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x20};
4653
4654 const uint8_t *ptr = kTestName;
4655 bssl::UniquePtr<X509_NAME> name(
4656 d2i_X509_NAME(nullptr, &ptr, sizeof(kTestName)));
4657 ASSERT_TRUE(name);
4658 EXPECT_EQ(ptr, kTestName + sizeof(kTestName));
4659
4660 struct {
4661 int indent;
4662 unsigned long flags;
4663 std::string printed;
4664 } kTests[] = {
4665 // RFC 2253 uses , and + separators and encodes the RDNs in reverse.
4666 // OpenSSL's implementation additionally happens to reverse the values
4667 // within each RDN. RFC 2253 says any order is permissible.
4668 {/*indent=*/0,
4669 /*flags=*/XN_FLAG_RFC2253,
4670 "CN=\\ spaces\\ ,"
4671 "CN=Common "
4672 "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A,"
4673 "O=Org Name,"
4674 "1.2.840.113554.4.1.72585.3=#3006020101020102,"
4675 "1.2.840.113554.4.1.72585.2=#1C0400002603+"
4676 "ST=Another State \\E2\\98\\83+"
4677 "ST=Some Other State \\E2\\98\\83+"
4678 "ST=Some State,"
4679 "C=US"},
4680 {/*indent=*/2,
4681 /*flags=*/XN_FLAG_RFC2253,
4682 " "
4683 "CN=\\ spaces\\ ,"
4684 "CN=Common "
4685 "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A,"
4686 "O=Org Name,"
4687 "1.2.840.113554.4.1.72585.3=#3006020101020102,"
4688 "1.2.840.113554.4.1.72585.2=#1C0400002603+"
4689 "ST=Another State \\E2\\98\\83+"
4690 "ST=Some Other State \\E2\\98\\83+"
4691 "ST=Some State,"
4692 "C=US"},
4693 // |XN_FLAG_ONELINE| is an OpenSSL-specific single-line format. It also
4694 // omits |XN_FLAG_DUMP_UNKNOWN_FIELDS|, so unknown OIDs that use known
4695 // string types will still be decoded. (This may drop important
4696 // information if the unknown OID distinguishes between string types.) It
4697 // also passes |ASN1_STRFLGS_ESC_QUOTE|.
4698 {/*indent=*/0,
4699 /*flags=*/XN_FLAG_ONELINE,
4700 "C = US, "
4701 "ST = Some State + "
4702 "ST = Some Other State \\E2\\98\\83 + "
4703 "ST = Another State \\E2\\98\\83 + "
4704 "1.2.840.113554.4.1.72585.2 = \\E2\\98\\83, "
4705 "1.2.840.113554.4.1.72585.3 = #3006020101020102, "
4706 "O = Org Name, "
4707 "CN = \"Common "
4708 "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\", "
4709 "CN = \" spaces \""},
4710 // Callers can also customize the output, with both |XN_FLAG_*| and
4711 // |ASN1_STRFLGS_*|. |XN_FLAG_SEP_SPLUS_SPC| uses semicolon separators.
4712 {/*indent=*/0,
4713 /*flags=*/XN_FLAG_SEP_SPLUS_SPC | ASN1_STRFLGS_RFC2253 |
4714 ASN1_STRFLGS_ESC_QUOTE,
4715 "C=US; "
4716 "ST=Some State + "
4717 "ST=Some Other State \\E2\\98\\83 + "
4718 "ST=Another State \\E2\\98\\83 + "
4719 "1.2.840.113554.4.1.72585.2=\\E2\\98\\83; "
4720 "1.2.840.113554.4.1.72585.3=#3006020101020102; "
4721 "O=Org Name; "
4722 "CN=\"Common "
4723 "Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\0ACN=A\\0A\"; "
4724 "CN=\" spaces \""},
4725 // Node uses these parameters.
4726 {/*indent=*/0,
4727 /*flags=*/ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL |
4728 ASN1_STRFLGS_UTF8_CONVERT | XN_FLAG_SEP_MULTILINE | XN_FLAG_FN_SN,
4729 "C=US\n"
4730 "ST=Some State + "
4731 "ST=Some Other State \xE2\x98\x83 + "
4732 "ST=Another State \xE2\x98\x83 + "
4733 "1.2.840.113554.4.1.72585.2=\xE2\x98\x83\n"
4734 "1.2.840.113554.4.1.72585.3=0\\06\\02\\01\\01\\02\\01\\02\n"
4735 "O=Org Name\n"
4736 "CN=Common "
4737 "Name/CN=A/CN=B\\,CN=A\\,CN=B\\+CN=A\\+CN=B\\;CN=A\\;CN=B\\0ACN=A\\0A\n"
4738 "CN=\\ spaces\\ "},
4739 // |XN_FLAG_COMPAT| matches |X509_NAME_print|, rather than
4740 // |X509_NAME_print_ex|.
4741 //
4742 // TODO(davidben): This works by post-processing the output of
4743 // |X509_NAME_oneline|, which uses "/"" separators, and replacing with
4744 // ", ". The escaping is ambiguous and the post-processing is buggy, so
4745 // some of the trailing slashes are still present and some internal
4746 // slashes are mis-converted.
4747 {/*indent=*/0,
4748 /*flags=*/XN_FLAG_COMPAT,
4749 "C=US, "
4750 "ST=Some State, "
4751 "ST=Some Other State \\xE2\\x98\\x83, "
4752 "ST=\\x00A\\x00n\\x00o\\x00t\\x00h\\x00e\\x00r\\x00 "
4753 "\\x00S\\x00t\\x00a\\x00t\\x00e\\x00 &\\x03/"
4754 "1.2.840.113554.4.1.72585.2=\\x00\\x00&\\x03/"
4755 "1.2.840.113554.4.1.72585.3=0\\x06\\x02\\x01\\x01\\x02\\x01\\x02, "
4756 "O=Org Name, "
4757 "CN=Common Name, "
4758 "CN=A, CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\x0ACN=A\\x0A, "
4759 "CN= spaces "},
4760 };
4761 for (const auto &t : kTests) {
4762 SCOPED_TRACE(t.printed);
4763 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
4764 ASSERT_TRUE(bio);
4765 int len = X509_NAME_print_ex(bio.get(), name.get(), t.indent, t.flags);
4766 ASSERT_GT(len, 0);
4767
4768 const uint8_t *printed;
4769 size_t printed_len;
4770 ASSERT_TRUE(BIO_mem_contents(bio.get(), &printed, &printed_len));
4771 EXPECT_EQ(std::string(printed, printed + printed_len), t.printed);
4772 if (t.flags != XN_FLAG_COMPAT) {
4773 // TODO(davidben): |XN_FLAG_COMPAT| does not return the length.
4774 EXPECT_EQ(static_cast<size_t>(len), printed_len);
4775
4776 // Passing a null |BIO| measures the output instead.
4777 len = X509_NAME_print_ex(nullptr, name.get(), t.indent, t.flags);
4778 EXPECT_GT(len, 0);
4779 EXPECT_EQ(static_cast<size_t>(len), printed_len);
4780 }
4781 }
4782
4783 // TODO(davidben): This escapes the underlying bytes in the string, but that
4784 // is ambiguous without capturing the type. Should this escape like
4785 // |ASN1_STRFLGS_UTF8_CONVERT| instead?
4786 static const char *kOnelineComponents[] = {
4787 "/C=US",
4788 "/ST=Some State",
4789 "/ST=Some Other State \\xE2\\x98\\x83",
4790 ("/ST=\\x00A\\x00n\\x00o\\x00t\\x00h\\x00e\\x00r\\x00 "
4791 "\\x00S\\x00t\\x00a\\x00t\\x00e\\x00 &\\x03"),
4792 "/1.2.840.113554.4.1.72585.2=\\x00\\x00&\\x03",
4793 "/1.2.840.113554.4.1.72585.3=0\\x06\\x02\\x01\\x01\\x02\\x01\\x02",
4794 "/O=Org Name",
4795 "/CN=Common Name/CN=A/CN=B,CN=A,CN=B+CN=A+CN=B;CN=A;CN=B\\x0ACN=A\\x0A",
4796 "/CN= spaces ",
4797 };
4798 std::string oneline_expected;
4799 for (const auto& component : kOnelineComponents) {
4800 oneline_expected += component;
4801 }
4802
4803 // Given null buffer, |X509_NAME_oneline| allocates a new output.
4804 bssl::UniquePtr<char> oneline(X509_NAME_oneline(name.get(), nullptr, 0));
4805 ASSERT_TRUE(oneline);
4806 EXPECT_EQ(oneline.get(), oneline_expected);
4807
4808 // Otherwise it writes to the specified buffer. Note one extra byte is needed
4809 // for the trailing NUL.
4810 char buf[1024];
4811 ASSERT_GE(sizeof(buf), oneline_expected.size() + 2);
4812 ASSERT_EQ(buf,
4813 X509_NAME_oneline(name.get(), buf, oneline_expected.size() + 1));
4814 EXPECT_EQ(buf, oneline_expected);
4815
4816 memset(buf, 'a', sizeof(buf));
4817 ASSERT_EQ(buf,
4818 X509_NAME_oneline(name.get(), buf, oneline_expected.size() + 2));
4819 EXPECT_EQ(buf, oneline_expected);
4820
4821 // If the length is too small, |X509_NAME_oneline| truncates at name
4822 // entry boundaries.
4823 EXPECT_EQ(nullptr, X509_NAME_oneline(name.get(), buf, 0));
4824 for (size_t len = 1; len < oneline_expected.size(); len++) {
4825 SCOPED_TRACE(len);
4826 memset(buf, 'a', sizeof(buf));
4827 EXPECT_EQ(buf, X509_NAME_oneline(name.get(), buf, len));
4828
4829 std::string truncated;
4830 for (const auto& component : kOnelineComponents) {
4831 if (truncated.size() + strlen(component) + 1 > len) {
4832 break;
4833 }
4834 truncated += component;
4835 }
4836 EXPECT_EQ(buf, truncated);
4837 }
4838 }
4839
4840 // kLargeSerialPEM is a certificate with a large serial number.
4841 static const char kLargeSerialPEM[] = R"(
4842 -----BEGIN CERTIFICATE-----
4843 MIICZjCCAc+gAwIBAgIQASNFZ4mrze8BI0VniavN7zANBgkqhkiG9w0BAQsFADA2
4844 MRowGAYDVQQKExFCb3JpbmdTU0wgVEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRp
4845 YXRlIENBMCAXDTE1MDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAyMRowGAYD
4846 VQQKExFCb3JpbmdTU0wgVEVTVElORzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wgZ8w
4847 DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMPRTRliCpKEnug6OzI0rJVcQep5p+aT
4848 9sCg+pj+HVyg/DYTwqZ6qJRKhM+MbkhdJuU7FyqlsBeCeM/OjwMjcY0yEB/xJg1i
4849 ygfuBztTLuPnHxtSuKwae5MeqSofp3j97sRMnuLcKlHxu8rXoOCAS9BO50uKnPwU
4850 Ee1iEVqR92FPAgMBAAGjdzB1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
4851 BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAZBgNVHQ4EEgQQo3mm9u6v
4852 uaVeN4wRgDTidTAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
4853 DQEBCwUAA4GBAGP+n4kKGn/8uddYLWTXbUsz+KLuEXNDMyu3vRufLjTpIbP2MCNo
4854 85fhLeC3fzKuGOk+6QGVLOBBcWDrrLqrmqnWdBMPULDo2QoF71a4GVjeJh+ax/tZ
4855 PyeGVPUK21TE0LDIxf2a11d1CJw582MgZQIPk4tXk+AcU9EqIceKgECG
4856 -----END CERTIFICATE-----
4857 )";
4858
TEST(X509Test,Print)4859 TEST(X509Test, Print) {
4860 bssl::UniquePtr<X509> cert(CertFromPEM(kLargeSerialPEM));
4861 ASSERT_TRUE(cert);
4862
4863 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
4864 ASSERT_TRUE(bio);
4865 EXPECT_TRUE(X509_print_ex(bio.get(), cert.get(), 0, 0));
4866 // Nothing should be left in the error queue.
4867 EXPECT_EQ(0u, ERR_peek_error());
4868
4869 // This output is not guaranteed to be stable, but we assert on it to make
4870 // sure something is printed.
4871 const uint8_t *data;
4872 size_t data_len;
4873 ASSERT_TRUE(BIO_mem_contents(bio.get(), &data, &data_len));
4874 std::string print(reinterpret_cast<const char*>(data), data_len);
4875 EXPECT_EQ(print, R"(Certificate:
4876 Data:
4877 Version: 3 (0x2)
4878 Serial Number:
4879 01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef
4880 Signature Algorithm: sha256WithRSAEncryption
4881 Issuer: O=BoringSSL TESTING, CN=Intermediate CA
4882 Validity
4883 Not Before: Jan 1 00:00:00 2015 GMT
4884 Not After : Jan 1 00:00:00 2100 GMT
4885 Subject: O=BoringSSL TESTING, CN=example.com
4886 Subject Public Key Info:
4887 Public Key Algorithm: rsaEncryption
4888 Public-Key: (1024 bit)
4889 Modulus:
4890 00:c3:d1:4d:19:62:0a:92:84:9e:e8:3a:3b:32:34:
4891 ac:95:5c:41:ea:79:a7:e6:93:f6:c0:a0:fa:98:fe:
4892 1d:5c:a0:fc:36:13:c2:a6:7a:a8:94:4a:84:cf:8c:
4893 6e:48:5d:26:e5:3b:17:2a:a5:b0:17:82:78:cf:ce:
4894 8f:03:23:71:8d:32:10:1f:f1:26:0d:62:ca:07:ee:
4895 07:3b:53:2e:e3:e7:1f:1b:52:b8:ac:1a:7b:93:1e:
4896 a9:2a:1f:a7:78:fd:ee:c4:4c:9e:e2:dc:2a:51:f1:
4897 bb:ca:d7:a0:e0:80:4b:d0:4e:e7:4b:8a:9c:fc:14:
4898 11:ed:62:11:5a:91:f7:61:4f
4899 Exponent: 65537 (0x10001)
4900 X509v3 extensions:
4901 X509v3 Key Usage: critical
4902 Digital Signature, Key Encipherment
4903 X509v3 Extended Key Usage:
4904 TLS Web Server Authentication, TLS Web Client Authentication
4905 X509v3 Basic Constraints: critical
4906 CA:FALSE
4907 X509v3 Subject Key Identifier:
4908 A3:79:A6:F6:EE:AF:B9:A5:5E:37:8C:11:80:34:E2:75
4909 X509v3 Authority Key Identifier:
4910 keyid:8C:1A:68:A8:B5:76:DB:5D:57:7B:1F:8D:14:B2:06:A3
4911
4912 Signature Algorithm: sha256WithRSAEncryption
4913 63:fe:9f:89:0a:1a:7f:fc:b9:d7:58:2d:64:d7:6d:4b:33:f8:
4914 a2:ee:11:73:43:33:2b:b7:bd:1b:9f:2e:34:e9:21:b3:f6:30:
4915 23:68:f3:97:e1:2d:e0:b7:7f:32:ae:18:e9:3e:e9:01:95:2c:
4916 e0:41:71:60:eb:ac:ba:ab:9a:a9:d6:74:13:0f:50:b0:e8:d9:
4917 0a:05:ef:56:b8:19:58:de:26:1f:9a:c7:fb:59:3f:27:86:54:
4918 f5:0a:db:54:c4:d0:b0:c8:c5:fd:9a:d7:57:75:08:9c:39:f3:
4919 63:20:65:02:0f:93:8b:57:93:e0:1c:53:d1:2a:21:c7:8a:80:
4920 40:86
4921 )");
4922 }
4923
TEST(X509Test,AddExt)4924 TEST(X509Test, AddExt) {
4925 bssl::UniquePtr<X509> x509(X509_new());
4926 ASSERT_TRUE(x509);
4927
4928 struct Extension {
4929 int nid;
4930 bool critical;
4931 std::vector<uint8_t> data;
4932 };
4933 auto expect_extensions = [&](const std::vector<Extension> &exts) {
4934 ASSERT_EQ(static_cast<size_t>(X509_get_ext_count(x509.get())), exts.size());
4935 for (size_t i = 0; i < exts.size(); i++) {
4936 SCOPED_TRACE(i);
4937 const X509_EXTENSION *ext = X509_get_ext(x509.get(), static_cast<int>(i));
4938 EXPECT_EQ(OBJ_obj2nid(X509_EXTENSION_get_object(ext)), exts[i].nid);
4939 EXPECT_EQ(X509_EXTENSION_get_critical(ext), exts[i].critical ? 1 : 0);
4940 const ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(ext);
4941 EXPECT_EQ(Bytes(ASN1_STRING_get0_data(data), ASN1_STRING_length(data)),
4942 Bytes(exts[i].data));
4943 }
4944 };
4945
4946 // Make a few sample extensions.
4947
4948 // SEQUENCE {}
4949 std::vector<uint8_t> basic1_der = {0x30, 0x00};
4950 const uint8_t *inp = basic1_der.data();
4951 bssl::UniquePtr<BASIC_CONSTRAINTS> basic1_obj(
4952 d2i_BASIC_CONSTRAINTS(nullptr, &inp, basic1_der.size()));
4953 EXPECT_EQ(inp, basic1_der.data() + basic1_der.size());
4954
4955 // SEQUENCE { BOOLEAN { TRUE } }
4956 std::vector<uint8_t> basic2_der = {0x30, 0x03, 0x01, 0x01, 0xff};
4957 inp = basic2_der.data();
4958 bssl::UniquePtr<BASIC_CONSTRAINTS> basic2_obj(
4959 d2i_BASIC_CONSTRAINTS(nullptr, &inp, basic2_der.size()));
4960 EXPECT_EQ(inp, basic2_der.data() + basic2_der.size());
4961
4962 // OCTET_STRING {}
4963 std::vector<uint8_t> skid1_der = {0x04, 0x00};
4964 inp = skid1_der.data();
4965 bssl::UniquePtr<ASN1_OCTET_STRING> skid1_obj(
4966 d2i_ASN1_OCTET_STRING(nullptr, &inp, skid1_der.size()));
4967 EXPECT_EQ(inp, skid1_der.data() + skid1_der.size());
4968
4969 // OCTET_STRING { "a" }
4970 std::vector<uint8_t> skid2_der = {0x04, 0x01, 0x61};
4971 inp = skid2_der.data();
4972 bssl::UniquePtr<ASN1_OCTET_STRING> skid2_obj(
4973 d2i_ASN1_OCTET_STRING(nullptr, &inp, skid2_der.size()));
4974 EXPECT_EQ(inp, skid2_der.data() + skid2_der.size());
4975
4976 // Initially, the extension list is empty.
4977 expect_extensions({});
4978
4979 // Adding extensions works with the default settings.
4980 EXPECT_EQ(
4981 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
4982 /*crit=*/1, X509V3_ADD_DEFAULT));
4983 expect_extensions({{NID_basic_constraints, true, basic1_der}});
4984 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_subject_key_identifier,
4985 skid1_obj.get(),
4986 /*crit=*/0, X509V3_ADD_DEFAULT));
4987 expect_extensions({{NID_basic_constraints, true, basic1_der},
4988 {NID_subject_key_identifier, false, skid1_der}});
4989
4990 // By default, we cannot add duplicates.
4991 EXPECT_EQ(
4992 0, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic2_obj.get(),
4993 /*crit=*/0, X509V3_ADD_DEFAULT));
4994 expect_extensions({{NID_basic_constraints, true, basic1_der},
4995 {NID_subject_key_identifier, false, skid1_der}});
4996
4997 // |X509V3_ADD_KEEP_EXISTING| silently keeps the existing extension if already
4998 // present.
4999 EXPECT_EQ(
5000 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic2_obj.get(),
5001 /*crit=*/0, X509V3_ADD_KEEP_EXISTING));
5002 expect_extensions({{NID_basic_constraints, true, basic1_der},
5003 {NID_subject_key_identifier, false, skid1_der}});
5004
5005 // |X509V3_ADD_REPLACE| replaces it.
5006 EXPECT_EQ(
5007 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic2_obj.get(),
5008 /*crit=*/0, X509V3_ADD_REPLACE));
5009 expect_extensions({{NID_basic_constraints, false, basic2_der},
5010 {NID_subject_key_identifier, false, skid1_der}});
5011
5012 // |X509V3_ADD_REPLACE_EXISTING| also replaces matches.
5013 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_subject_key_identifier,
5014 skid2_obj.get(),
5015 /*crit=*/1, X509V3_ADD_REPLACE_EXISTING));
5016 expect_extensions({{NID_basic_constraints, false, basic2_der},
5017 {NID_subject_key_identifier, true, skid2_der}});
5018
5019 // |X509V3_ADD_DELETE| ignores the value and deletes the extension.
5020 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5021 X509V3_ADD_DELETE));
5022 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5023
5024 // Not finding an extension to delete is an error.
5025 EXPECT_EQ(0, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5026 X509V3_ADD_DELETE));
5027 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5028
5029 // |X509V3_ADD_REPLACE_EXISTING| fails if it cannot find a match.
5030 EXPECT_EQ(
5031 0, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5032 /*crit=*/1, X509V3_ADD_REPLACE_EXISTING));
5033 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5034
5035 // |X509V3_ADD_REPLACE| adds a new extension if not preseent.
5036 EXPECT_EQ(
5037 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5038 /*crit=*/1, X509V3_ADD_REPLACE));
5039 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5040 {NID_basic_constraints, true, basic1_der}});
5041
5042 // Delete the extension again.
5043 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5044 X509V3_ADD_DELETE));
5045 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5046
5047 // |X509V3_ADD_KEEP_EXISTING| adds a new extension if not preseent.
5048 EXPECT_EQ(
5049 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5050 /*crit=*/1, X509V3_ADD_KEEP_EXISTING));
5051 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5052 {NID_basic_constraints, true, basic1_der}});
5053
5054 // Delete the extension again.
5055 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5056 X509V3_ADD_DELETE));
5057 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5058
5059 // |X509V3_ADD_APPEND| adds a new extension if not present.
5060 EXPECT_EQ(
5061 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic1_obj.get(),
5062 /*crit=*/1, X509V3_ADD_APPEND));
5063 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5064 {NID_basic_constraints, true, basic1_der}});
5065
5066 // |X509V3_ADD_APPEND| keeps adding duplicates (invalid) even if present.
5067 EXPECT_EQ(
5068 1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, basic2_obj.get(),
5069 /*crit=*/0, X509V3_ADD_APPEND));
5070 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5071 {NID_basic_constraints, true, basic1_der},
5072 {NID_basic_constraints, false, basic2_der}});
5073
5074 // |X509V3_ADD_DELETE| only deletes one extension at a time.
5075 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5076 X509V3_ADD_DELETE));
5077 expect_extensions({{NID_subject_key_identifier, true, skid2_der},
5078 {NID_basic_constraints, false, basic2_der}});
5079 EXPECT_EQ(1, X509_add1_ext_i2d(x509.get(), NID_basic_constraints, nullptr, 0,
5080 X509V3_ADD_DELETE));
5081 expect_extensions({{NID_subject_key_identifier, true, skid2_der}});
5082 }
5083
TEST(X509Test,NameEntry)5084 TEST(X509Test, NameEntry) {
5085 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
5086 ASSERT_TRUE(name);
5087
5088 auto check_name = [&](const char *expected_rfc2253) {
5089 // Check RDN indices are self-consistent.
5090 int num = X509_NAME_entry_count(name.get());
5091 if (num > 0) {
5092 // RDN indices must start at zero.
5093 EXPECT_EQ(0, X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 0)));
5094 }
5095 for (int i = 1; i < num; i++) {
5096 int prev = X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), i - 1));
5097 int current = X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), i));
5098 // RDN indices must increase consecutively.
5099 EXPECT_TRUE(prev == current || prev + 1 == current)
5100 << "Entry " << i << " has RDN index " << current
5101 << " which is inconsistent with previous index " << prev;
5102 }
5103
5104 // Check the name based on the RFC 2253 serialization. Note the RFC 2253
5105 // serialization is in reverse.
5106 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
5107 ASSERT_TRUE(bio);
5108 EXPECT_GE(X509_NAME_print_ex(bio.get(), name.get(), 0, XN_FLAG_RFC2253), 0);
5109 const uint8_t *data;
5110 size_t len;
5111 ASSERT_TRUE(BIO_mem_contents(bio.get(), &data, &len));
5112 EXPECT_EQ(expected_rfc2253, std::string(data, data + len));
5113 };
5114
5115 check_name("");
5116
5117 // |loc| = -1, |set| = 0 appends as new RDNs.
5118 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5119 name.get(), NID_organizationName, MBSTRING_UTF8,
5120 reinterpret_cast<const unsigned char *>("Org"), /*len=*/-1, /*loc=*/-1,
5121 /*set=*/0));
5122 check_name("O=Org");
5123
5124 // |loc| = -1, |set| = 0 appends as new RDNs.
5125 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5126 name.get(), NID_commonName, MBSTRING_UTF8,
5127 reinterpret_cast<const unsigned char *>("Name"), /*len=*/-1, /*loc=*/-1,
5128 /*set=*/0));
5129 check_name("CN=Name,O=Org");
5130
5131 // Inserting in the middle of the set, but with |set| = 0 inserts a new RDN
5132 // and fixes the "set" values as needed.
5133 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5134 name.get(), NID_organizationalUnitName, MBSTRING_UTF8,
5135 reinterpret_cast<const unsigned char *>("Unit"), /*len=*/-1, /*loc=*/1,
5136 /*set=*/0));
5137 check_name("CN=Name,OU=Unit,O=Org");
5138
5139 // |set = -1| adds to the previous entry's RDN. (Although putting O and OU at
5140 // the same level makes little sense, the test is written this way to check
5141 // the function isn't using attribute types to order things.)
5142 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5143 name.get(), NID_organizationName, MBSTRING_UTF8,
5144 reinterpret_cast<const unsigned char *>("Org2"), /*len=*/-1, /*loc=*/2,
5145 /*set=*/-1));
5146 check_name("CN=Name,O=Org2+OU=Unit,O=Org");
5147
5148 // |set| = 1 adds to the next entry's RDN.
5149 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5150 name.get(), NID_commonName, MBSTRING_UTF8,
5151 reinterpret_cast<const unsigned char *>("Name2"), /*len=*/-1, /*loc=*/2,
5152 /*set=*/-1));
5153 check_name("CN=Name,O=Org2+CN=Name2+OU=Unit,O=Org");
5154
5155 // If there is no previous RDN, |set| = -1 makes a new RDN.
5156 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5157 name.get(), NID_countryName, MBSTRING_UTF8,
5158 reinterpret_cast<const unsigned char *>("US"), /*len=*/-1, /*loc=*/0,
5159 /*set=*/-1));
5160 check_name("CN=Name,O=Org2+CN=Name2+OU=Unit,O=Org,C=US");
5161
5162 // Likewise if there is no next RDN.
5163 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5164 name.get(), NID_commonName, MBSTRING_UTF8,
5165 reinterpret_cast<const unsigned char *>("Name3"), /*len=*/-1, /*loc=*/-1,
5166 /*set=*/1));
5167 check_name("CN=Name3,CN=Name,O=Org2+CN=Name2+OU=Unit,O=Org,C=US");
5168
5169 // If |set| = 0 and we insert in the middle of an existing RDN, it adds an
5170 // RDN boundary after the entry but not before. This is a quirk of how the
5171 // function is implemented and hopefully not something any caller depends on.
5172 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
5173 name.get(), NID_commonName, MBSTRING_UTF8,
5174 reinterpret_cast<const unsigned char *>("Name4"), /*len=*/-1, /*loc=*/3,
5175 /*set=*/0));
5176 check_name("CN=Name3,CN=Name,O=Org2+CN=Name2,CN=Name4+OU=Unit,O=Org,C=US");
5177
5178 // Entries may be deleted.
5179 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 7));
5180 check_name("CN=Name,O=Org2+CN=Name2,CN=Name4+OU=Unit,O=Org,C=US");
5181
5182 // When deleting the only attribute in an RDN, index invariants should still
5183 // hold.
5184 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 0));
5185 check_name("CN=Name,O=Org2+CN=Name2,CN=Name4+OU=Unit,O=Org");
5186
5187 // Index invariants also hold when deleting attributes from non-singular RDNs.
5188 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 1));
5189 check_name("CN=Name,O=Org2+CN=Name2,CN=Name4,O=Org");
5190 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 1));
5191 check_name("CN=Name,O=Org2+CN=Name2,O=Org");
5192
5193 // Same as above, but delete the second attribute first.
5194 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 2));
5195 check_name("CN=Name,CN=Name2,O=Org");
5196 X509_NAME_ENTRY_free(X509_NAME_delete_entry(name.get(), 1));
5197 check_name("CN=Name,O=Org");
5198 }
5199
5200 // Tests that non-integer types are rejected when passed as an argument to
5201 // X509_set_serialNumber().
TEST(X509Test,SetSerialNumberChecksASN1StringType)5202 TEST(X509Test, SetSerialNumberChecksASN1StringType) {
5203 bssl::UniquePtr<X509> root = CertFromPEM(kRootCAPEM);
5204 ASSERT_TRUE(root);
5205
5206 // Passing an IA5String to X509_set_serialNumber() should fail.
5207 bssl::UniquePtr<ASN1_IA5STRING> str(ASN1_IA5STRING_new());
5208 ASSERT_TRUE(str);
5209 EXPECT_FALSE(X509_set_serialNumber(root.get(), str.get()));
5210
5211 // Passing a negative serial number is allowed. While invalid, we do accept
5212 // them and some callers rely in this for tests.
5213 bssl::UniquePtr<ASN1_INTEGER> serial(ASN1_INTEGER_new());
5214 ASSERT_TRUE(serial);
5215 ASSERT_TRUE(ASN1_INTEGER_set_int64(serial.get(), -1));
5216 ASSERT_TRUE(X509_set_serialNumber(root.get(), serial.get()));
5217 int64_t val;
5218 ASSERT_TRUE(ASN1_INTEGER_get_int64(&val, X509_get0_serialNumber(root.get())));
5219 EXPECT_EQ(-1, val);
5220 }
5221
TEST(X509Test,Policy)5222 TEST(X509Test, Policy) {
5223 bssl::UniquePtr<ASN1_OBJECT> oid1(
5224 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.1", /*dont_search_names=*/1));
5225 ASSERT_TRUE(oid1);
5226 bssl::UniquePtr<ASN1_OBJECT> oid2(
5227 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.2", /*dont_search_names=*/1));
5228 ASSERT_TRUE(oid2);
5229 bssl::UniquePtr<ASN1_OBJECT> oid3(
5230 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.3", /*dont_search_names=*/1));
5231 ASSERT_TRUE(oid3);
5232 bssl::UniquePtr<ASN1_OBJECT> oid4(
5233 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.4", /*dont_search_names=*/1));
5234 ASSERT_TRUE(oid4);
5235 bssl::UniquePtr<ASN1_OBJECT> oid5(
5236 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.5", /*dont_search_names=*/1));
5237 ASSERT_TRUE(oid5);
5238
5239 bssl::UniquePtr<X509> root(
5240 CertFromPEM(GetTestData("crypto/x509/test/policy_root.pem").c_str()));
5241 ASSERT_TRUE(root);
5242 bssl::UniquePtr<X509> root_cross_inhibit_mapping(CertFromPEM(
5243 GetTestData("crypto/x509/test/policy_root_cross_inhibit_mapping.pem")
5244 .c_str()));
5245 ASSERT_TRUE(root_cross_inhibit_mapping);
5246 bssl::UniquePtr<X509> root2(
5247 CertFromPEM(GetTestData("crypto/x509/test/policy_root2.pem").c_str()));
5248 ASSERT_TRUE(root2);
5249 bssl::UniquePtr<X509> intermediate(CertFromPEM(
5250 GetTestData("crypto/x509/test/policy_intermediate.pem").c_str()));
5251 ASSERT_TRUE(intermediate);
5252 bssl::UniquePtr<X509> intermediate_any(CertFromPEM(
5253 GetTestData("crypto/x509/test/policy_intermediate_any.pem").c_str()));
5254 ASSERT_TRUE(intermediate_any);
5255 bssl::UniquePtr<X509> intermediate_duplicate(CertFromPEM(
5256 GetTestData("crypto/x509/test/policy_intermediate_duplicate.pem")
5257 .c_str()));
5258 ASSERT_TRUE(intermediate_duplicate);
5259 bssl::UniquePtr<X509> intermediate_invalid(CertFromPEM(
5260 GetTestData("crypto/x509/test/policy_intermediate_invalid.pem").c_str()));
5261 ASSERT_TRUE(intermediate_invalid);
5262 bssl::UniquePtr<X509> intermediate_mapped(CertFromPEM(
5263 GetTestData("crypto/x509/test/policy_intermediate_mapped.pem")
5264 .c_str()));
5265 ASSERT_TRUE(intermediate_mapped);
5266 bssl::UniquePtr<X509> intermediate_mapped_any(CertFromPEM(
5267 GetTestData("crypto/x509/test/policy_intermediate_mapped_any.pem")
5268 .c_str()));
5269 ASSERT_TRUE(intermediate_mapped_any);
5270 bssl::UniquePtr<X509> intermediate_mapped_oid3(CertFromPEM(
5271 GetTestData("crypto/x509/test/policy_intermediate_mapped_oid3.pem")
5272 .c_str()));
5273 ASSERT_TRUE(intermediate_mapped_oid3);
5274 bssl::UniquePtr<X509> intermediate_require(CertFromPEM(
5275 GetTestData("crypto/x509/test/policy_intermediate_require.pem").c_str()));
5276 ASSERT_TRUE(intermediate_require);
5277 bssl::UniquePtr<X509> intermediate_require1(CertFromPEM(
5278 GetTestData("crypto/x509/test/policy_intermediate_require1.pem")
5279 .c_str()));
5280 ASSERT_TRUE(intermediate_require1);
5281 bssl::UniquePtr<X509> intermediate_require2(CertFromPEM(
5282 GetTestData("crypto/x509/test/policy_intermediate_require2.pem")
5283 .c_str()));
5284 ASSERT_TRUE(intermediate_require2);
5285 bssl::UniquePtr<X509> intermediate_require_duplicate(CertFromPEM(
5286 GetTestData("crypto/x509/test/policy_intermediate_require_duplicate.pem")
5287 .c_str()));
5288 ASSERT_TRUE(intermediate_require_duplicate);
5289 bssl::UniquePtr<X509> intermediate_require_no_policies(CertFromPEM(
5290 GetTestData(
5291 "crypto/x509/test/policy_intermediate_require_no_policies.pem")
5292 .c_str()));
5293 ASSERT_TRUE(intermediate_require_no_policies);
5294 bssl::UniquePtr<X509> leaf(
5295 CertFromPEM(GetTestData("crypto/x509/test/policy_leaf.pem").c_str()));
5296 ASSERT_TRUE(leaf);
5297 bssl::UniquePtr<X509> leaf_any(
5298 CertFromPEM(GetTestData("crypto/x509/test/policy_leaf_any.pem").c_str()));
5299 ASSERT_TRUE(leaf_any);
5300 bssl::UniquePtr<X509> leaf_duplicate(CertFromPEM(
5301 GetTestData("crypto/x509/test/policy_leaf_duplicate.pem").c_str()));
5302 ASSERT_TRUE(leaf_duplicate);
5303 bssl::UniquePtr<X509> leaf_invalid(CertFromPEM(
5304 GetTestData("crypto/x509/test/policy_leaf_invalid.pem").c_str()));
5305 ASSERT_TRUE(leaf_invalid);
5306 bssl::UniquePtr<X509> leaf_none(CertFromPEM(
5307 GetTestData("crypto/x509/test/policy_leaf_none.pem").c_str()));
5308 ASSERT_TRUE(leaf_none);
5309 bssl::UniquePtr<X509> leaf_oid1(CertFromPEM(
5310 GetTestData("crypto/x509/test/policy_leaf_oid1.pem").c_str()));
5311 ASSERT_TRUE(leaf_oid1);
5312 bssl::UniquePtr<X509> leaf_oid2(CertFromPEM(
5313 GetTestData("crypto/x509/test/policy_leaf_oid2.pem").c_str()));
5314 ASSERT_TRUE(leaf_oid2);
5315 bssl::UniquePtr<X509> leaf_oid3(CertFromPEM(
5316 GetTestData("crypto/x509/test/policy_leaf_oid3.pem").c_str()));
5317 ASSERT_TRUE(leaf_oid3);
5318 bssl::UniquePtr<X509> leaf_oid4(CertFromPEM(
5319 GetTestData("crypto/x509/test/policy_leaf_oid4.pem").c_str()));
5320 ASSERT_TRUE(leaf_oid4);
5321 bssl::UniquePtr<X509> leaf_oid5(CertFromPEM(
5322 GetTestData("crypto/x509/test/policy_leaf_oid5.pem").c_str()));
5323 ASSERT_TRUE(leaf_oid5);
5324 bssl::UniquePtr<X509> leaf_require(CertFromPEM(
5325 GetTestData("crypto/x509/test/policy_leaf_require.pem").c_str()));
5326 ASSERT_TRUE(leaf_require);
5327 bssl::UniquePtr<X509> leaf_require1(CertFromPEM(
5328 GetTestData("crypto/x509/test/policy_leaf_require1.pem").c_str()));
5329 ASSERT_TRUE(leaf_require1);
5330
5331 auto set_policies = [](X509_VERIFY_PARAM *param,
5332 std::vector<const ASN1_OBJECT *> oids) {
5333 for (const ASN1_OBJECT *oid : oids) {
5334 bssl::UniquePtr<ASN1_OBJECT> copy(OBJ_dup(oid));
5335 ASSERT_TRUE(copy);
5336 ASSERT_TRUE(X509_VERIFY_PARAM_add0_policy(param, copy.get()));
5337 copy.release(); // |X509_VERIFY_PARAM_add0_policy| takes ownership on
5338 // success.
5339 }
5340 };
5341
5342 // The chain is good for |oid1| and |oid2|, but not |oid3|.
5343 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
5344 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY));
5345 EXPECT_EQ(X509_V_OK,
5346 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5347 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5348 set_policies(param, {oid1.get()});
5349 }));
5350 EXPECT_EQ(X509_V_OK,
5351 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5352 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5353 set_policies(param, {oid2.get()});
5354 }));
5355 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
5356 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5357 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5358 set_policies(param, {oid3.get()});
5359 }));
5360 EXPECT_EQ(X509_V_OK,
5361 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5362 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5363 set_policies(param, {oid1.get(), oid2.get()});
5364 }));
5365 EXPECT_EQ(X509_V_OK,
5366 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5367 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5368 set_policies(param, {oid1.get(), oid3.get()});
5369 }));
5370
5371 // The policy extension cannot be parsed.
5372 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5373 Verify(leaf.get(), {root.get()}, {intermediate_invalid.get()},
5374 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5375 [&](X509_VERIFY_PARAM *param) {
5376 set_policies(param, {oid1.get()});
5377 }));
5378 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5379 Verify(leaf_invalid.get(), {root.get()}, {intermediate.get()},
5380 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5381 [&](X509_VERIFY_PARAM *param) {
5382 set_policies(param, {oid1.get()});
5383 }));
5384 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5385 Verify(leaf_invalid.get(), {root.get()}, {intermediate.get()},
5386 /*crls=*/{}));
5387
5388 // There is a duplicate policy in the policy extension.
5389 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5390 Verify(leaf.get(), {root.get()}, {intermediate_duplicate.get()},
5391 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5392 [&](X509_VERIFY_PARAM *param) {
5393 set_policies(param, {oid1.get()});
5394 }));
5395
5396 // The policy extension in the leaf cannot be parsed.
5397 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5398 Verify(leaf_duplicate.get(), {root.get()}, {intermediate.get()},
5399 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5400 [&](X509_VERIFY_PARAM *param) {
5401 set_policies(param, {oid1.get()});
5402 }));
5403
5404 // Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and
5405 // intersected with user-specified policies, but it is not required to result
5406 // in any valid policies.
5407 EXPECT_EQ(X509_V_OK,
5408 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5409 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5410 set_policies(param, {oid1.get()});
5411 }));
5412 EXPECT_EQ(X509_V_OK,
5413 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5414 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5415 set_policies(param, {oid3.get()});
5416 }));
5417
5418 // However, a CA with policy constraints can require an explicit policy.
5419 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()},
5420 {intermediate_require.get()}, /*crls=*/{},
5421 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5422 set_policies(param, {oid1.get()});
5423 }));
5424 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
5425 Verify(leaf.get(), {root.get()}, {intermediate_require.get()},
5426 /*crls=*/{},
5427 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5428 set_policies(param, {oid3.get()});
5429 }));
5430
5431 // requireExplicitPolicy applies even if the application does not configure a
5432 // user-initial-policy-set. If the validation results in no policies, the
5433 // chain is invalid.
5434 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
5435 Verify(leaf_none.get(), {root.get()}, {intermediate_require.get()},
5436 /*crls=*/{}));
5437
5438 // A leaf can also set requireExplicitPolicy.
5439 EXPECT_EQ(X509_V_OK,
5440 Verify(leaf_require.get(), {root.get()}, {intermediate.get()},
5441 /*crls=*/{}, /*flags=*/0));
5442 EXPECT_EQ(X509_V_OK, Verify(leaf_require.get(), {root.get()},
5443 {intermediate.get()}, /*crls=*/{},
5444 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5445 set_policies(param, {oid1.get()});
5446 }));
5447 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
5448 Verify(leaf_require.get(), {root.get()}, {intermediate.get()},
5449 /*crls=*/{},
5450 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5451 set_policies(param, {oid3.get()});
5452 }));
5453
5454 // requireExplicitPolicy is a count of certificates to skip. If the value is
5455 // not zero by the end of the chain, it doesn't count.
5456 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
5457 Verify(leaf.get(), {root.get()}, {intermediate_require1.get()},
5458 /*crls=*/{},
5459 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5460 set_policies(param, {oid3.get()});
5461 }));
5462 EXPECT_EQ(X509_V_OK,
5463 Verify(leaf.get(), {root.get()}, {intermediate_require2.get()},
5464 /*crls=*/{},
5465 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5466 set_policies(param, {oid3.get()});
5467 }));
5468 EXPECT_EQ(X509_V_OK,
5469 Verify(leaf_require1.get(), {root.get()}, {intermediate.get()},
5470 /*crls=*/{},
5471 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5472 set_policies(param, {oid3.get()});
5473 }));
5474
5475 // If multiple certificates specify the constraint, the more constrained value
5476 // wins.
5477 EXPECT_EQ(
5478 X509_V_ERR_NO_EXPLICIT_POLICY,
5479 Verify(leaf_require1.get(), {root.get()}, {intermediate_require1.get()},
5480 /*crls=*/{},
5481 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5482 set_policies(param, {oid3.get()});
5483 }));
5484 EXPECT_EQ(
5485 X509_V_ERR_NO_EXPLICIT_POLICY,
5486 Verify(leaf_require.get(), {root.get()}, {intermediate_require2.get()},
5487 /*crls=*/{},
5488 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5489 set_policies(param, {oid3.get()});
5490 }));
5491
5492 // An intermediate that requires an explicit policy, but then specifies no
5493 // policies should fail verification as a result.
5494 EXPECT_EQ(X509_V_ERR_NO_EXPLICIT_POLICY,
5495 Verify(leaf.get(), {root.get()},
5496 {intermediate_require_no_policies.get()}, /*crls=*/{},
5497 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5498 set_policies(param, {oid1.get()});
5499 }));
5500
5501 // A constrained intermediate's policy extension has a duplicate policy, which
5502 // is invalid. Historically this, and the above case, leaked memory.
5503 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5504 Verify(leaf.get(), {root.get()},
5505 {intermediate_require_duplicate.get()}, /*crls=*/{},
5506 /*flags=*/0, [&](X509_VERIFY_PARAM *param) {
5507 set_policies(param, {oid1.get()});
5508 }));
5509
5510 // The leaf asserts anyPolicy, but the intermediate does not. The resulting
5511 // valid policies are the intersection.
5512 EXPECT_EQ(
5513 X509_V_OK,
5514 Verify(leaf_any.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5515 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5516 set_policies(param, {oid1.get()});
5517 }));
5518 EXPECT_EQ(
5519 X509_V_ERR_NO_EXPLICIT_POLICY,
5520 Verify(leaf_any.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5521 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5522 set_policies(param, {oid3.get()});
5523 }));
5524
5525 // The intermediate asserts anyPolicy, but the leaf does not. The resulting
5526 // valid policies are the intersection.
5527 EXPECT_EQ(
5528 X509_V_OK,
5529 Verify(leaf.get(), {root.get()}, {intermediate_any.get()}, /*crls=*/{},
5530 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5531 set_policies(param, {oid1.get()});
5532 }));
5533 EXPECT_EQ(
5534 X509_V_ERR_NO_EXPLICIT_POLICY,
5535 Verify(leaf.get(), {root.get()}, {intermediate_any.get()}, /*crls=*/{},
5536 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5537 set_policies(param, {oid3.get()});
5538 }));
5539
5540 // Both assert anyPolicy. All policies are valid.
5541 EXPECT_EQ(X509_V_OK,
5542 Verify(leaf_any.get(), {root.get()}, {intermediate_any.get()},
5543 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5544 [&](X509_VERIFY_PARAM *param) {
5545 set_policies(param, {oid1.get()});
5546 }));
5547 EXPECT_EQ(X509_V_OK,
5548 Verify(leaf_any.get(), {root.get()}, {intermediate_any.get()},
5549 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5550 [&](X509_VERIFY_PARAM *param) {
5551 set_policies(param, {oid3.get()});
5552 }));
5553
5554 // With just a trust anchor, policy checking silently succeeds.
5555 EXPECT_EQ(X509_V_OK, Verify(root.get(), {root.get()}, {},
5556 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5557 [&](X509_VERIFY_PARAM *param) {
5558 set_policies(param, {oid1.get()});
5559 }));
5560
5561 for (bool use_any : {false, true}) {
5562 SCOPED_TRACE(use_any);
5563 X509 *cert =
5564 use_any ? intermediate_mapped_any.get() : intermediate_mapped.get();
5565 // OID3 is mapped to {OID1, OID2}, which means OID1 and OID2 (or both) are
5566 // acceptable for OID3.
5567 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {cert},
5568 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5569 [&](X509_VERIFY_PARAM *param) {
5570 set_policies(param, {oid3.get()});
5571 }));
5572 EXPECT_EQ(X509_V_OK, Verify(leaf_oid1.get(), {root.get()}, {cert},
5573 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5574 [&](X509_VERIFY_PARAM *param) {
5575 set_policies(param, {oid3.get()});
5576 }));
5577 EXPECT_EQ(X509_V_OK, Verify(leaf_oid2.get(), {root.get()}, {cert},
5578 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5579 [&](X509_VERIFY_PARAM *param) {
5580 set_policies(param, {oid3.get()});
5581 }));
5582
5583 // If the intermediate's policies were anyPolicy, OID3 at the leaf, despite
5584 // being mapped, is still acceptable as OID3 at the root. Despite the OID3
5585 // having expected_policy_set = {OID1, OID2}, it can match the anyPolicy
5586 // node instead.
5587 //
5588 // If the intermediate's policies listed OIDs explicitly, OID3 at the leaf
5589 // is not acceptable as OID3 at the root. OID3 has expected_polciy_set =
5590 // {OID1, OID2} and no other node allows OID3.
5591 EXPECT_EQ(use_any ? X509_V_OK : X509_V_ERR_NO_EXPLICIT_POLICY,
5592 Verify(leaf_oid3.get(), {root.get()}, {cert},
5593 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5594 [&](X509_VERIFY_PARAM *param) {
5595 set_policies(param, {oid3.get()});
5596 }));
5597
5598 // If the intermediate's policies were anyPolicy, OID1 at the leaf is no
5599 // longer acceptable as OID1 at the root because policies only match
5600 // anyPolicy when they match no other policy.
5601 //
5602 // If the intermediate's policies listed OIDs explicitly, OID1 at the leaf
5603 // is acceptable as OID1 at the root because it will match both OID1 and
5604 // OID3 (mapped) policies.
5605 EXPECT_EQ(use_any ? X509_V_ERR_NO_EXPLICIT_POLICY : X509_V_OK,
5606 Verify(leaf_oid1.get(), {root.get()}, {cert},
5607 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5608 [&](X509_VERIFY_PARAM *param) {
5609 set_policies(param, {oid1.get()});
5610 }));
5611
5612 // All pairs of OID4 and OID5 are mapped together, so either can stand for
5613 // the other.
5614 EXPECT_EQ(X509_V_OK, Verify(leaf_oid4.get(), {root.get()}, {cert},
5615 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5616 [&](X509_VERIFY_PARAM *param) {
5617 set_policies(param, {oid4.get()});
5618 }));
5619 EXPECT_EQ(X509_V_OK, Verify(leaf_oid4.get(), {root.get()}, {cert},
5620 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5621 [&](X509_VERIFY_PARAM *param) {
5622 set_policies(param, {oid5.get()});
5623 }));
5624 EXPECT_EQ(X509_V_OK, Verify(leaf_oid5.get(), {root.get()}, {cert},
5625 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5626 [&](X509_VERIFY_PARAM *param) {
5627 set_policies(param, {oid4.get()});
5628 }));
5629 EXPECT_EQ(X509_V_OK, Verify(leaf_oid5.get(), {root.get()}, {cert},
5630 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5631 [&](X509_VERIFY_PARAM *param) {
5632 set_policies(param, {oid5.get()});
5633 }));
5634
5635 EXPECT_EQ(X509_V_OK, Verify(leaf_oid4.get(), {root.get()}, {cert},
5636 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5637 [&](X509_VERIFY_PARAM *param) {
5638 set_policies(param, {oid4.get(), oid5.get()});
5639 }));
5640 }
5641
5642 // Although |intermediate_mapped_oid3| contains many mappings, it only accepts
5643 // OID3. Nodes should not be created for the other mappings.
5644 EXPECT_EQ(X509_V_OK, Verify(leaf_oid1.get(), {root.get()},
5645 {intermediate_mapped_oid3.get()},
5646 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5647 [&](X509_VERIFY_PARAM *param) {
5648 set_policies(param, {oid3.get()});
5649 }));
5650 EXPECT_EQ(
5651 X509_V_ERR_NO_EXPLICIT_POLICY,
5652 Verify(leaf_oid4.get(), {root.get()}, {intermediate_mapped_oid3.get()},
5653 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5654 [&](X509_VERIFY_PARAM *param) {
5655 set_policies(param, {oid4.get()});
5656 }));
5657
5658 // Policy mapping can be inhibited, either by the caller or a certificate in
5659 // the chain, in which case mapped policies are unassertable (apart from some
5660 // anyPolicy edge cases).
5661 EXPECT_EQ(
5662 X509_V_ERR_NO_EXPLICIT_POLICY,
5663 Verify(leaf_oid1.get(), {root.get()}, {intermediate_mapped_oid3.get()},
5664 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY | X509_V_FLAG_INHIBIT_MAP,
5665 [&](X509_VERIFY_PARAM *param) {
5666 set_policies(param, {oid3.get()});
5667 }));
5668 EXPECT_EQ(
5669 X509_V_ERR_NO_EXPLICIT_POLICY,
5670 Verify(leaf_oid1.get(), {root2.get()},
5671 {intermediate_mapped_oid3.get(), root_cross_inhibit_mapping.get()},
5672 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5673 [&](X509_VERIFY_PARAM *param) {
5674 set_policies(param, {oid3.get()});
5675 }));
5676 }
5677
5678 #if defined(OPENSSL_THREADS)
5679 // A similar test to the above, but ensures the various bits of intermediate
5680 // state are computed safely.
TEST(X509Test,PolicyThreads)5681 TEST(X509Test, PolicyThreads) {
5682 const size_t kNumThreads = 10;
5683
5684 bssl::UniquePtr<ASN1_OBJECT> oid1(
5685 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.1", /*dont_search_names=*/1));
5686 ASSERT_TRUE(oid1);
5687 bssl::UniquePtr<ASN1_OBJECT> oid2(
5688 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.2", /*dont_search_names=*/1));
5689 ASSERT_TRUE(oid2);
5690 bssl::UniquePtr<ASN1_OBJECT> oid3(
5691 OBJ_txt2obj("1.2.840.113554.4.1.72585.2.3", /*dont_search_names=*/1));
5692 ASSERT_TRUE(oid3);
5693
5694 auto set_policies = [](X509_VERIFY_PARAM *param,
5695 std::vector<const ASN1_OBJECT *> oids) {
5696 for (const ASN1_OBJECT *oid : oids) {
5697 bssl::UniquePtr<ASN1_OBJECT> copy(OBJ_dup(oid));
5698 ASSERT_TRUE(copy);
5699 ASSERT_TRUE(X509_VERIFY_PARAM_add0_policy(param, copy.get()));
5700 copy.release(); // |X509_VERIFY_PARAM_add0_policy| takes ownership on
5701 // success.
5702 }
5703 };
5704
5705 {
5706 bssl::UniquePtr<X509> root(
5707 CertFromPEM(GetTestData("crypto/x509/test/policy_root.pem").c_str()));
5708 ASSERT_TRUE(root);
5709 bssl::UniquePtr<X509> intermediate(CertFromPEM(
5710 GetTestData("crypto/x509/test/policy_intermediate.pem").c_str()));
5711 ASSERT_TRUE(intermediate);
5712 bssl::UniquePtr<X509> leaf(
5713 CertFromPEM(GetTestData("crypto/x509/test/policy_leaf.pem").c_str()));
5714 ASSERT_TRUE(leaf);
5715
5716 std::vector<std::thread> threads;
5717 for (size_t i = 0; i < kNumThreads; i++) {
5718 threads.emplace_back([&] {
5719 EXPECT_EQ(
5720 X509_V_OK,
5721 Verify(leaf.get(), {root.get()}, {intermediate.get()}, /*crls=*/{},
5722 X509_V_FLAG_EXPLICIT_POLICY, [&](X509_VERIFY_PARAM *param) {
5723 set_policies(param, {oid1.get()});
5724 }));
5725 });
5726 }
5727 for (auto &thread : threads) {
5728 thread.join();
5729 }
5730 }
5731
5732 {
5733 bssl::UniquePtr<X509> root(
5734 CertFromPEM(GetTestData("crypto/x509/test/policy_root.pem").c_str()));
5735 ASSERT_TRUE(root);
5736 bssl::UniquePtr<X509> intermediate(CertFromPEM(
5737 GetTestData("crypto/x509/test/policy_intermediate.pem").c_str()));
5738 ASSERT_TRUE(intermediate);
5739 bssl::UniquePtr<X509> leaf_invalid(CertFromPEM(
5740 GetTestData("crypto/x509/test/policy_leaf_invalid.pem").c_str()));
5741 ASSERT_TRUE(leaf_invalid);
5742
5743
5744 std::vector<std::thread> threads;
5745 for (size_t i = 0; i < kNumThreads; i++) {
5746 threads.emplace_back([&] {
5747 EXPECT_EQ(X509_V_ERR_INVALID_POLICY_EXTENSION,
5748 Verify(leaf_invalid.get(), {root.get()}, {intermediate.get()},
5749 /*crls=*/{}, X509_V_FLAG_EXPLICIT_POLICY,
5750 [&](X509_VERIFY_PARAM *param) {
5751 set_policies(param, {oid1.get()});
5752 }));
5753 });
5754 }
5755 for (auto &thread : threads) {
5756 thread.join();
5757 }
5758 }
5759 }
5760 #endif // OPENSSL_THREADS
5761
TEST(X509Test,ExtensionFromConf)5762 TEST(X509Test, ExtensionFromConf) {
5763 static const char kTestOID[] = "1.2.840.113554.4.1.72585.2";
5764 const struct {
5765 const char *name;
5766 std::string value;
5767 // conf is the serialized confdb, or nullptr if none is to be provided.
5768 const char *conf;
5769 // expected is the resulting extension, encoded in DER, or the empty string
5770 // if an error is expected.
5771 std::vector<uint8_t> expected;
5772 } kTests[] = {
5773 // Many extensions have built-in syntax.
5774 {"basicConstraints",
5775 "critical,CA:true",
5776 nullptr,
5777 {0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
5778 0x30, 0x03, 0x01, 0x01, 0xff}},
5779
5780 {"basicConstraints",
5781 "critical,CA:true,pathlen:1",
5782 nullptr,
5783 {0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
5784 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01}},
5785
5786 // key:value tuples can be repeated and just override the previous value.
5787 {"basicConstraints",
5788 "critical,CA:true,pathlen:100,pathlen:1",
5789 nullptr,
5790 {0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
5791 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01}},
5792
5793 // Extension contents may be referenced from a config section.
5794 {"basicConstraints",
5795 "critical,@section",
5796 "[section]\nCA = true\n",
5797 {0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
5798 0x30, 0x03, 0x01, 0x01, 0xff}},
5799
5800 // If no config is provided, this should fail.
5801 {"basicConstraints", "critical,@section", nullptr, {}},
5802
5803 // issuingDistributionPoint takes a list of name:value pairs. Omitting the
5804 // value is not allowed.
5805 {"issuingDistributionPoint", "fullname", nullptr, {}},
5806
5807 {"issuingDistributionPoint",
5808 "relativename:name",
5809 "[name]\nCN=Hello\n",
5810 {0x30, 0x1b, 0x06, 0x03, 0x55, 0x1d, 0x1c, 0x04, 0x14, 0x30,
5811 0x12, 0xa0, 0x10, 0xa1, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55,
5812 0x04, 0x03, 0x0c, 0x05, 0x48, 0x65, 0x6c, 0x6c, 0x6f}},
5813
5814 // relativename referencing a section which doesn't exist.
5815 {"issuingDistributionPoint",
5816 "relativename:wrong_section_name",
5817 "[name]\nCN=Hello\n",
5818 {}},
5819
5820 // relativename must be a single RDN. By default, the section-based name
5821 // syntax puts each attribute into its own RDN.
5822 {"issuingDistributionPoint",
5823 "relativename:name",
5824 "[name]\nCN=Hello\nC=US\n",
5825 {}},
5826
5827 // A single RDN with multiple attributes is allowed.
5828 {"issuingDistributionPoint",
5829 "relativename:name",
5830 "[name]\nCN=Hello\n+C=US\n",
5831 {0x30, 0x26, 0x06, 0x03, 0x55, 0x1d, 0x1c, 0x04, 0x1f, 0x30,
5832 0x1d, 0xa0, 0x1b, 0xa1, 0x19, 0x30, 0x09, 0x06, 0x03, 0x55,
5833 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x30, 0x0c, 0x06, 0x03,
5834 0x55, 0x04, 0x03, 0x0c, 0x05, 0x48, 0x65, 0x6c, 0x6c, 0x6f}},
5835
5836 // Duplicate reason keys are an error. Reaching this case is interesting.
5837 // The value can a string like "key:value,key:value", or it can be
5838 // "@section" and reference a config section. If using a string, duplicate
5839 // keys are possible, but then it is impossible to put commas in the
5840 // value, as onlysomereasons expects. If using a section reference, it is
5841 // impossible to have a duplicate key because the config file parser
5842 // overrides the old value.
5843 {"issuingDistributionPoint",
5844 "onlysomereasons:keyCompromise",
5845 nullptr,
5846 {0x30, 0x0d, 0x06, 0x03, 0x55, 0x1d, 0x1c, 0x04, 0x06, 0x30, 0x04, 0x83,
5847 0x02, 0x06, 0x40}},
5848 {"issuingDistributionPoint",
5849 "onlysomereasons:keyCompromise,onlysomereasons:CACompromise\n",
5850 nullptr,
5851 {}},
5852
5853 // subjectAltName has a series of string-based inputs for each name type.
5854 {"subjectAltName",
5855 "email:foo@example.com, URI:https://example.com, DNS:example.com, "
5856 "RID:1.2.3.4, IP:127.0.0.1, IP:::1, dirName:section, "
5857 "otherName:1.2.3.4;BOOLEAN:TRUE",
5858 "[section]\nCN=Test\n",
5859 {0x30, 0x78, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x71, 0x30, 0x6f, 0x81,
5860 0x0f, 0x66, 0x6f, 0x6f, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
5861 0x2e, 0x63, 0x6f, 0x6d, 0x86, 0x13, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a,
5862 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
5863 0x6d, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63,
5864 0x6f, 0x6d, 0x88, 0x03, 0x2a, 0x03, 0x04, 0x87, 0x04, 0x7f, 0x00, 0x00,
5865 0x01, 0x87, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5866 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xa4, 0x11, 0x30, 0x0f, 0x31,
5867 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x04, 0x54, 0x65,
5868 0x73, 0x74, 0xa0, 0x0a, 0x06, 0x03, 0x2a, 0x03, 0x04, 0xa0, 0x03, 0x01,
5869 0x01, 0xff}},
5870
5871 // Syntax errors in each case, where they exist. (The string types just
5872 // copy the string in as-is.)
5873 {"subjectAltName", "RID:not_an_oid", nullptr, {}},
5874 {"subjectAltName", "IP:not_an_ip", nullptr, {}},
5875 {"subjectAltName", "dirName:no_conf_db", nullptr, {}},
5876 {"subjectAltName", "dirName:missing_section", "[section]\nCN=Test\n", {}},
5877 {"subjectAltName", "otherName:missing_semicolon", nullptr, {}},
5878 {"subjectAltName", "otherName:1.2.3.4", nullptr, {}},
5879 {"subjectAltName", "otherName:invalid_oid;BOOLEAN:TRUE", nullptr, {}},
5880 {"subjectAltName", "otherName:1.2.3.4;invalid_value", nullptr, {}},
5881
5882 {"policyMappings",
5883 "1.1.1.1:2.2.2.2",
5884 nullptr,
5885 {0x30, 0x15, 0x06, 0x03, 0x55, 0x1d, 0x21, 0x04, 0x0e, 0x30, 0x0c, 0x30,
5886 0x0a, 0x06, 0x03, 0x29, 0x01, 0x01, 0x06, 0x03, 0x52, 0x02, 0x02}},
5887 {"policyMappings", "invalid_oid:2.2.2.2", nullptr, {}},
5888 {"policyMappings", "1.1.1.1:invalid_oid", nullptr, {}},
5889
5890 // The "DER:" prefix just specifies an arbitrary byte string. Colons
5891 // separators are ignored.
5892 {kTestOID, "DER:0001020304", nullptr, {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86,
5893 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5894 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05,
5895 0x00, 0x01, 0x02, 0x03, 0x04}},
5896 {kTestOID,
5897 "DER:00:01:02:03:04",
5898 nullptr,
5899 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5900 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x00, 0x01, 0x02, 0x03, 0x04}},
5901 {kTestOID, "DER:invalid hex", nullptr, {}},
5902
5903 // The "ASN1:" prefix implements a complex language for describing ASN.1
5904 // structures. See
5905 // https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html
5906 {kTestOID, "ASN1:invalid", nullptr, {}},
5907 {kTestOID,
5908 "ASN1:BOOLEAN:TRUE",
5909 nullptr,
5910 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
5911 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x01, 0x01, 0xff}},
5912 {kTestOID, "ASN1:BOOL:yes", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
5913 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5914 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
5915 0x01, 0x01, 0xff}},
5916 {kTestOID,
5917 "ASN1:BOOLEAN:NO",
5918 nullptr,
5919 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
5920 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x01, 0x01, 0x00}},
5921 {kTestOID,
5922 "ASN1:BOOLEAN", // Missing value
5923 nullptr,
5924 {}},
5925 {kTestOID, "ASN1:BOOLEAN:invalid", nullptr, {}},
5926 {kTestOID, "ASN1:BOOLEAN:TRUE,invalid", nullptr, {}},
5927
5928 {kTestOID, "ASN1:NULL", nullptr, {0x30, 0x12, 0x06, 0x0c, 0x2a,
5929 0x86, 0x48, 0x86, 0xf7, 0x12,
5930 0x04, 0x01, 0x84, 0xb7, 0x09,
5931 0x02, 0x04, 0x02, 0x05, 0x00}},
5932 {kTestOID, "ASN1:NULL,invalid", nullptr, {}},
5933 {kTestOID, "ASN1:NULL:invalid", nullptr, {}},
5934
5935 // Missing value.
5936 {kTestOID, "ASN1:INTEGER", nullptr, {}},
5937 {kTestOID, "ASN1:INTEGER:", nullptr, {}},
5938 {kTestOID, "ASN1:INTEGER,invalid", nullptr, {}},
5939
5940 // INTEGER may be decimal or hexadecimal.
5941 {kTestOID, "ASN1:INT:-0x10", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
5942 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5943 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
5944 0x02, 0x01, 0xf0}},
5945 {kTestOID, "ASN1:INT:-10", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
5946 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5947 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
5948 0x02, 0x01, 0xf6}},
5949 {kTestOID, "ASN1:INT:0", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
5950 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5951 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
5952 0x02, 0x01, 0x00}},
5953 {kTestOID,
5954 "ASN1:INTEGER:10",
5955 nullptr,
5956 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
5957 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x02, 0x01, 0x0a}},
5958 {kTestOID,
5959 "ASN1:INTEGER:0x10",
5960 nullptr,
5961 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
5962 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x02, 0x01, 0x10}},
5963
5964 {kTestOID, "ASN1:ENUM:0", nullptr, {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86,
5965 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5966 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03,
5967 0x0a, 0x01, 0x00}},
5968 {kTestOID,
5969 "ASN1:ENUMERATED:0",
5970 nullptr,
5971 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
5972 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x0a, 0x01, 0x00}},
5973
5974 // OIDs may be spelled out or specified by name.
5975 {kTestOID, "ASN1:OBJECT:invalid", nullptr, {}},
5976 {kTestOID,
5977 "ASN1:OBJECT:basicConstraints",
5978 nullptr,
5979 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5980 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x06, 0x03, 0x55, 0x1d, 0x13}},
5981 {kTestOID,
5982 "ASN1:OBJECT:2.5.29.19",
5983 nullptr,
5984 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5985 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x06, 0x03, 0x55, 0x1d, 0x13}},
5986 {kTestOID,
5987 "ASN1:OID:2.5.29.19",
5988 nullptr,
5989 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
5990 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x06, 0x03, 0x55, 0x1d, 0x13}},
5991
5992 {kTestOID, "ASN1:UTC:invalid", nullptr, {}},
5993 {kTestOID, "ASN1:UTC:20001231235959Z", nullptr, {}},
5994 {kTestOID, "ASN1:UTCTIME:invalid", nullptr, {}},
5995 {kTestOID,
5996 "ASN1:UTC:001231235959Z",
5997 nullptr,
5998 {0x30, 0x1f, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
5999 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0f, 0x17, 0x0d, 0x30, 0x30,
6000 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a}},
6001 {kTestOID,
6002 "ASN1:UTCTIME:001231235959Z",
6003 nullptr,
6004 {0x30, 0x1f, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6005 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0f, 0x17, 0x0d, 0x30, 0x30,
6006 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a}},
6007
6008 {kTestOID, "ASN1:GENTIME:invalid", nullptr, {}},
6009 {kTestOID, "ASN1:GENTIME:001231235959Z", nullptr, {}},
6010 {kTestOID, "ASN1:GENERALIZEDTIME:invalid", nullptr, {}},
6011 {kTestOID,
6012 "ASN1:GENTIME:20001231235959Z",
6013 nullptr,
6014 {0x30, 0x21, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6015 0x84, 0xb7, 0x09, 0x02, 0x04, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x30, 0x30,
6016 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a}},
6017 {kTestOID,
6018 "ASN1:GENERALIZEDTIME:20001231235959Z",
6019 nullptr,
6020 {0x30, 0x21, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6021 0x84, 0xb7, 0x09, 0x02, 0x04, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x30, 0x30,
6022 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a}},
6023
6024 // The default input format for string types is ASCII, which is then
6025 // converted into the target string type.
6026 {kTestOID, "ASN1:UTF8:hello", nullptr, {0x30, 0x17, 0x06, 0x0c, 0x2a,
6027 0x86, 0x48, 0x86, 0xf7, 0x12,
6028 0x04, 0x01, 0x84, 0xb7, 0x09,
6029 0x02, 0x04, 0x07, 0x0c, 0x05,
6030 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6031 {kTestOID,
6032 "ASN1:UTF8String:hello",
6033 nullptr,
6034 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6035 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6036 0x0c, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6037 {kTestOID,
6038 "ASN1:UNIV:hello",
6039 nullptr,
6040 {0x30, 0x26, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6041 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x16, 0x1c, 0x14,
6042 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x65, 0x00, 0x00,
6043 0x00, 0x6c, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x6f}},
6044 {kTestOID,
6045 "ASN1:UNIVERSALSTRING:hello",
6046 nullptr,
6047 {0x30, 0x26, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6048 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x16, 0x1c, 0x14,
6049 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x65, 0x00, 0x00,
6050 0x00, 0x6c, 0x00, 0x00, 0x00, 0x6c, 0x00, 0x00, 0x00, 0x6f}},
6051 {kTestOID,
6052 "ASN1:BMP:hello",
6053 nullptr,
6054 {0x30, 0x1c, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6055 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0c, 0x1e, 0x0a,
6056 0x00, 0x68, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x6f}},
6057 {kTestOID,
6058 "ASN1:BMPSTRING:hello",
6059 nullptr,
6060 {0x30, 0x1c, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6061 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0c, 0x1e, 0x0a,
6062 0x00, 0x68, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x6c, 0x00, 0x6f}},
6063 {kTestOID, "ASN1:IA5:hello", nullptr, {0x30, 0x17, 0x06, 0x0c, 0x2a,
6064 0x86, 0x48, 0x86, 0xf7, 0x12,
6065 0x04, 0x01, 0x84, 0xb7, 0x09,
6066 0x02, 0x04, 0x07, 0x16, 0x05,
6067 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6068 {kTestOID,
6069 "ASN1:IA5STRING:hello",
6070 nullptr,
6071 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6072 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6073 0x16, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6074 {kTestOID,
6075 "ASN1:PRINTABLE:hello",
6076 nullptr,
6077 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6078 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6079 0x13, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6080 {kTestOID,
6081 "ASN1:PRINTABLESTRING:hello",
6082 nullptr,
6083 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6084 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6085 0x13, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6086 {kTestOID, "ASN1:T61:hello", nullptr, {0x30, 0x17, 0x06, 0x0c, 0x2a,
6087 0x86, 0x48, 0x86, 0xf7, 0x12,
6088 0x04, 0x01, 0x84, 0xb7, 0x09,
6089 0x02, 0x04, 0x07, 0x14, 0x05,
6090 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6091 {kTestOID,
6092 "ASN1:T61STRING:hello",
6093 nullptr,
6094 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6095 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6096 0x14, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6097 {kTestOID,
6098 "ASN1:TELETEXSTRING:hello",
6099 nullptr,
6100 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6101 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6102 0x14, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6103
6104 // FORMAT:UTF8 switches the input format to UTF-8. This should be
6105 // converted to the destination string, or rejected if invalid.
6106 {kTestOID,
6107 "ASN1:FORMAT:UTF8,UTF8:\xe2\x98\x83",
6108 nullptr,
6109 {0x30, 0x15, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6110 0x84, 0xb7, 0x09, 0x02, 0x04, 0x05, 0x0c, 0x03, 0xe2, 0x98, 0x83}},
6111 {kTestOID,
6112 "ASN1:FORMAT:UTF8,UNIV:\xe2\x98\x83",
6113 nullptr,
6114 {0x30, 0x16, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86,
6115 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02,
6116 0x04, 0x06, 0x1c, 0x04, 0x00, 0x00, 0x26, 0x03}},
6117 {kTestOID,
6118 "ASN1:FORMAT:UTF8,BMP:\xe2\x98\x83",
6119 nullptr,
6120 {0x30, 0x14, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6121 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x04, 0x1e, 0x02, 0x26, 0x03}},
6122 {kTestOID, "ASN1:FORMAT:UTF8,IA5:\xe2\x98\x83", nullptr, {}},
6123 {kTestOID,
6124 "ASN1:FORMAT:UTF8,IA5:hello",
6125 nullptr,
6126 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6127 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6128 0x16, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6129 {kTestOID, "ASN1:FORMAT:UTF8,PRINTABLE:\xe2\x98\x83", nullptr, {}},
6130 {kTestOID,
6131 "ASN1:FORMAT:UTF8,PRINTABLE:hello",
6132 nullptr,
6133 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6134 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6135 0x13, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6136 {kTestOID, "ASN1:FORMAT:UTF8,T61:\xe2\x98\x83", nullptr, {}},
6137 {kTestOID,
6138 "ASN1:FORMAT:UTF8,T61:\xc3\xb7",
6139 nullptr,
6140 {0x30, 0x13, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6141 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x03, 0x14, 0x01, 0xf7}},
6142
6143 // Invalid UTF-8.
6144 {kTestOID, "ASN1:FORMAT:UTF8,UTF8:\xff", nullptr, {}},
6145
6146 // We don't support these string types.
6147 {kTestOID, "ASN1:NUMERIC:0", nullptr, {}},
6148 {kTestOID, "ASN1:NUMERICSTRING:0", nullptr, {}},
6149 {kTestOID, "ASN1:VISIBLE:hello", nullptr, {}},
6150 {kTestOID, "ASN1:VISIBLESTRING:hello", nullptr, {}},
6151 {kTestOID, "ASN1:GeneralString:hello", nullptr, {}},
6152
6153 // OCTET STRING and BIT STRING also default to ASCII, but also accept HEX.
6154 // BIT STRING interprets OCTET STRING formats by having zero unused bits.
6155 {kTestOID, "ASN1:OCT:hello", nullptr, {0x30, 0x17, 0x06, 0x0c, 0x2a,
6156 0x86, 0x48, 0x86, 0xf7, 0x12,
6157 0x04, 0x01, 0x84, 0xb7, 0x09,
6158 0x02, 0x04, 0x07, 0x04, 0x05,
6159 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6160 {kTestOID,
6161 "ASN1:OCTETSTRING:hello",
6162 nullptr,
6163 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6164 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6165 0x04, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6166 {kTestOID,
6167 "ASN1:FORMAT:HEX,OCT:0123abcd",
6168 nullptr,
6169 {0x30, 0x16, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86,
6170 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02,
6171 0x04, 0x06, 0x04, 0x04, 0x01, 0x23, 0xab, 0xcd}},
6172 {kTestOID,
6173 "ASN1:BITSTR:hello",
6174 nullptr,
6175 {0x30, 0x18, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6176 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x08,
6177 0x03, 0x06, 0x00, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6178 {kTestOID,
6179 "ASN1:BITSTRING:hello",
6180 nullptr,
6181 {0x30, 0x18, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6182 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x08,
6183 0x03, 0x06, 0x00, 0x68, 0x65, 0x6c, 0x6c, 0x6f}},
6184 {kTestOID,
6185 "ASN1:FORMAT:HEX,BITSTR:0123abcd",
6186 nullptr,
6187 {0x30, 0x17, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6188 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x07,
6189 0x03, 0x05, 0x00, 0x01, 0x23, 0xab, 0xcd}},
6190
6191 {kTestOID, "ASN1:FORMAT:HEX,OCT:invalid hex", nullptr, {}},
6192
6193 // BIT STRING additionally supports a BITLIST type, which specifies a
6194 // list of bits to set.
6195 {kTestOID,
6196 "ASN1:FORMAT:BITLIST,BITSTR:1,5",
6197 nullptr,
6198 {0x30, 0x14, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6199 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x04, 0x03, 0x02, 0x02, 0x44}},
6200
6201 {kTestOID, "ASN1:FORMAT:BITLIST,BITSTR:1,invalid,5", nullptr, {}},
6202 // Negative bit inidices are not allowed.
6203 {kTestOID, "ASN1:FORMAT:BITLIST,BITSTR:-1", nullptr, {}},
6204 // We cap bit indices at 256.
6205 {kTestOID, "ASN1:FORMAT:BITLIST,BITSTR:257", nullptr, {}},
6206 {kTestOID,
6207 "ASN1:FORMAT:BITLIST,BITSTR:256",
6208 nullptr,
6209 {0x30, 0x34, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6210 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x24, 0x03, 0x22, 0x07, 0x00,
6211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6213 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}},
6214
6215 // Unsupported formats for string types.
6216 {kTestOID, "ASN1:FORMAT:BITLIST,IA5:abcd", nullptr, {}},
6217 {kTestOID, "ASN1:FORMAT:BITLIST,UTF8:abcd", nullptr, {}},
6218 {kTestOID, "ASN1:FORMAT:BITLIST,OCT:abcd", nullptr, {}},
6219 {kTestOID, "ASN1:FORMAT:BITLIST,UTC:abcd", nullptr, {}},
6220 {kTestOID, "ASN1:FORMAT:HEX,IA5:abcd", nullptr, {}},
6221 {kTestOID, "ASN1:FORMAT:HEX,UTF8:abcd", nullptr, {}},
6222 {kTestOID, "ASN1:FORMAT:HEX,UTC:abcd", nullptr, {}},
6223 {kTestOID, "ASN1:FORMAT:UTF8,OCT:abcd", nullptr, {}},
6224 {kTestOID, "ASN1:FORMAT:UTF8,UTC:abcd", nullptr, {}},
6225
6226 // Invalid format type.
6227 {kTestOID, "ASN1:FORMAT:invalid,IA5:abcd", nullptr, {}},
6228
6229 // SEQUENCE and SET encode empty values when there is no value.
6230 {kTestOID, "ASN1:SEQ", nullptr, {0x30, 0x12, 0x06, 0x0c, 0x2a, 0x86, 0x48,
6231 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
6232 0x09, 0x02, 0x04, 0x02, 0x30, 0x00}},
6233 {kTestOID, "ASN1:SET", nullptr, {0x30, 0x12, 0x06, 0x0c, 0x2a, 0x86, 0x48,
6234 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
6235 0x09, 0x02, 0x04, 0x02, 0x31, 0x00}},
6236 {kTestOID, "ASN1:SEQUENCE", nullptr, {0x30, 0x12, 0x06, 0x0c, 0x2a,
6237 0x86, 0x48, 0x86, 0xf7, 0x12,
6238 0x04, 0x01, 0x84, 0xb7, 0x09,
6239 0x02, 0x04, 0x02, 0x30, 0x00}},
6240
6241 // Otherwise, they require a corresponding section in the config database
6242 // to encode values. This can be nested recursively.
6243 {kTestOID, "ASN1:SEQ:missing_confdb", nullptr, {}},
6244 {kTestOID, "ASN1:SET:missing_confdb", nullptr, {}},
6245 {kTestOID,
6246 "ASN1:SEQ:seq",
6247 R"(
6248 [seq]
6249 val1 = NULL
6250 val2 = IA5:a
6251 val3 = SET:set
6252 [set]
6253 # Config names do not matter, only the order.
6254 val4 = INT:1
6255 val3 = INT:2
6256 val2 = SEQ:empty
6257 val1 = INT:3
6258 [empty]
6259 )",
6260 {0x30, 0x24, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6261 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x14, 0x30, 0x12,
6262 0x05, 0x00, 0x16, 0x01, 0x61, 0x31, 0x0b, 0x02, 0x01, 0x01,
6263 0x02, 0x01, 0x02, 0x02, 0x01, 0x03, 0x30, 0x00}},
6264
6265 // There is a recursion limit to stop infinite recursion.
6266 {kTestOID,
6267 "ASN1:SEQ:seq1",
6268 R"(
6269 [seq1]
6270 val = SEQ:seq2
6271 [seq2]
6272 val = SEQ:seq1
6273 )",
6274 {}},
6275
6276 // Various modifiers wrap with explicit tagging or universal types.
6277 {kTestOID,
6278 "ASN1:EXP:0,EXP:16U,EXP:100A,EXP:1000C,OCTWRAP,SEQWRAP,SETWRAP,BITWRAP,"
6279 "NULL",
6280 nullptr,
6281 {0x30, 0x26, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6282 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x16, 0xa0, 0x14,
6283 0x30, 0x12, 0x7f, 0x64, 0x0f, 0xbf, 0x87, 0x68, 0x0b, 0x04,
6284 0x09, 0x30, 0x07, 0x31, 0x05, 0x03, 0x03, 0x00, 0x05, 0x00}},
6285
6286 // Invalid tag numbers.
6287 {kTestOID, "ASN1:EXP:-1,NULL", nullptr, {}},
6288 {kTestOID, "ASN1:EXP:1?,NULL", nullptr, {}},
6289 // Fits in |uint32_t| but exceeds |CBS_ASN1_TAG_NUMBER_MASK|, the largest
6290 // tag number we support.
6291 {kTestOID, "ASN1:EXP:536870912,NULL", nullptr, {}},
6292
6293 // Implicit tagging may also be applied to the underlying type, or the
6294 // wrapping modifiers.
6295 {kTestOID,
6296 "ASN1:IMP:1A,OCTWRAP,IMP:10,SEQWRAP,IMP:100,SETWRAP,IMP:1000,BITWRAP,"
6297 "IMP:10000,NULL",
6298 nullptr,
6299 {0x30, 0x20, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01,
6300 0x84, 0xb7, 0x09, 0x02, 0x04, 0x10, 0x41, 0x0e, 0xaa, 0x0c, 0xbf, 0x64,
6301 0x09, 0x9f, 0x87, 0x68, 0x05, 0x00, 0x9f, 0xce, 0x10, 0x00}},
6302
6303 // Implicit tagging may not be applied to explicit tagging or itself.
6304 // There's no rule against this in ASN.1, but OpenSSL does not allow it
6305 // here.
6306 {kTestOID, "ASN1:IMP:1,EXP:1,NULL", nullptr, {}},
6307 {kTestOID, "ASN1:IMP:1,IMP:1,NULL", nullptr, {}},
6308
6309 // [UNIVERSAL 0] is reserved.
6310 {kTestOID, "ASN1:0U,NULL", nullptr, {}},
6311
6312 // Leading and trailing spaces on name:value pairs are removed. However,
6313 // while these pairs are delimited by commas, a type will consumes
6314 // everything after it, including commas, and spaces. So this is the
6315 // string " a, b ".
6316 {kTestOID,
6317 "ASN1: EXP:0 , IA5: a, b ",
6318 nullptr,
6319 {0x30, 0x1a, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6320 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x0a, 0xa0, 0x08,
6321 0x16, 0x06, 0x20, 0x61, 0x2c, 0x20, 0x62, 0x20}},
6322
6323 // Modifiers without a final type.
6324 {kTestOID, "ASN1:EXP:1", nullptr, {}},
6325
6326 // Put it all together to describe a test Ed25519 key (wrapped inside an
6327 // X.509 extension).
6328 {kTestOID,
6329 "ASN1:SEQUENCE:pkcs8",
6330 R"(
6331 [pkcs8]
6332 vers = INT:0
6333 alg = SEQWRAP,OID:1.3.101.112
6334 key = FORMAT:HEX,OCTWRAP,OCT:9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60
6335 )",
6336 {0x30, 0x40, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
6337 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x30, 0x30, 0x2e, 0x02, 0x01,
6338 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04,
6339 0x20, 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
6340 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69, 0x7b,
6341 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae, 0x7f, 0x60}},
6342
6343 // Sections can be referenced multiple times.
6344 {kTestOID,
6345 "ASN1:SEQUENCE:seq1",
6346 R"(
6347 [seq1]
6348 val1 = SEQUENCE:seq2
6349 val2 = SEQUENCE:seq2
6350 [seq2]
6351 val1 = INT:1
6352 val2 = INT:2
6353 )",
6354 {0x30, 0x22, 0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6355 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02, 0x04, 0x12,
6356 0x30, 0x10, 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01,
6357 0x02, 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x02}},
6358
6359 // But we cap this before it blows up exponentially.
6360 {kTestOID,
6361 "ASN1:SEQ:seq1",
6362 R"(
6363 [seq1]
6364 val1 = SEQ:seq2
6365 val2 = SEQ:seq2
6366 [seq2]
6367 val1 = SEQ:seq3
6368 val2 = SEQ:seq3
6369 [seq3]
6370 val1 = SEQ:seq4
6371 val2 = SEQ:seq4
6372 [seq4]
6373 val1 = SEQ:seq5
6374 val2 = SEQ:seq5
6375 [seq5]
6376 val1 = SEQ:seq6
6377 val2 = SEQ:seq6
6378 [seq6]
6379 val1 = SEQ:seq7
6380 val2 = SEQ:seq7
6381 [seq7]
6382 val1 = SEQ:seq8
6383 val2 = SEQ:seq8
6384 [seq8]
6385 val1 = SEQ:seq9
6386 val2 = SEQ:seq9
6387 [seq9]
6388 val1 = SEQ:seq10
6389 val2 = SEQ:seq10
6390 [seq10]
6391 val1 = SEQ:seq11
6392 val2 = SEQ:seq11
6393 [seq11]
6394 val1 = SEQ:seq12
6395 val2 = SEQ:seq12
6396 [seq12]
6397 val1 = IA5:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
6398 val2 = IA5:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
6399 )",
6400 {}},
6401
6402 // Integer sizes are capped to mitigate quadratic behavior.
6403 {kTestOID, "ASN1:INT:" + std::string(16384, '9'), nullptr, {}},
6404 };
6405 for (const auto &t : kTests) {
6406 SCOPED_TRACE(t.name);
6407 SCOPED_TRACE(t.value);
6408 SCOPED_TRACE(t.conf);
6409
6410 bssl::UniquePtr<CONF> conf;
6411 if (t.conf != nullptr) {
6412 conf.reset(NCONF_new(nullptr));
6413 ASSERT_TRUE(conf);
6414 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(t.conf, strlen(t.conf)));
6415 ASSERT_TRUE(bio);
6416 long error_line;
6417 ASSERT_TRUE(NCONF_load_bio(conf.get(), bio.get(), &error_line))
6418 << "Failed to load config at line " << error_line;
6419 }
6420
6421 bssl::UniquePtr<X509_EXTENSION> ext(
6422 X509V3_EXT_nconf(conf.get(), nullptr, t.name, t.value.c_str()));
6423 if (t.expected.empty()) {
6424 EXPECT_FALSE(ext);
6425 } else {
6426 ASSERT_TRUE(ext);
6427 uint8_t *der = nullptr;
6428 int len = i2d_X509_EXTENSION(ext.get(), &der);
6429 ASSERT_GE(len, 0);
6430 bssl::UniquePtr<uint8_t> free_der(der);
6431 EXPECT_EQ(Bytes(t.expected), Bytes(der, len));
6432 }
6433
6434 // Repeat the test with an explicit |X509V3_CTX|.
6435 X509V3_CTX ctx;
6436 X509V3_set_ctx(&ctx, nullptr, nullptr, nullptr, nullptr, 0);
6437 X509V3_set_nconf(&ctx, conf.get());
6438 ext.reset(X509V3_EXT_nconf(conf.get(), &ctx, t.name, t.value.c_str()));
6439 if (t.expected.empty()) {
6440 EXPECT_FALSE(ext);
6441 } else {
6442 ASSERT_TRUE(ext);
6443 uint8_t *der = nullptr;
6444 int len = i2d_X509_EXTENSION(ext.get(), &der);
6445 ASSERT_GE(len, 0);
6446 bssl::UniquePtr<uint8_t> free_der(der);
6447 EXPECT_EQ(Bytes(t.expected), Bytes(der, len));
6448 }
6449 }
6450 }
6451
TEST(X509Test,AddUnserializableExtension)6452 TEST(X509Test, AddUnserializableExtension) {
6453 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
6454 ASSERT_TRUE(key);
6455 bssl::UniquePtr<X509> x509 =
6456 MakeTestCert("Issuer", "Subject", key.get(), /*is_ca=*/true);
6457 ASSERT_TRUE(x509);
6458 bssl::UniquePtr<X509_EXTENSION> ext(X509_EXTENSION_new());
6459 ASSERT_TRUE(X509_EXTENSION_set_object(ext.get(), OBJ_get_undef()));
6460 EXPECT_FALSE(X509_add_ext(x509.get(), ext.get(), /*loc=*/-1));
6461 }
6462
6463 // Test that, when constructing an |X509_NAME|, names are sorted by DER order.
TEST(X509Test,SortRDN)6464 TEST(X509Test, SortRDN) {
6465 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
6466 ASSERT_TRUE(name);
6467
6468 auto append_entry_new_rdn = [&](const char *str) {
6469 return X509_NAME_add_entry_by_NID(name.get(), NID_commonName, MBSTRING_ASC,
6470 reinterpret_cast<const uint8_t *>(str),
6471 strlen(str), /*loc=*/-1, /*set=*/0);
6472 };
6473 auto append_entry_prev_rdn = [&](const char *str) {
6474 return X509_NAME_add_entry_by_NID(name.get(), NID_commonName, MBSTRING_ASC,
6475 reinterpret_cast<const uint8_t *>(str),
6476 strlen(str), /*loc=*/-1, /*set=*/-1);
6477 };
6478
6479 // This is the sort order to expect.
6480 ASSERT_TRUE(append_entry_new_rdn("A"));
6481 ASSERT_TRUE(append_entry_prev_rdn("B"));
6482 ASSERT_TRUE(append_entry_prev_rdn("AA"));
6483 ASSERT_TRUE(append_entry_prev_rdn("AB"));
6484
6485 // The same RDN, with entries added in a different order.
6486 ASSERT_TRUE(append_entry_new_rdn("AB"));
6487 ASSERT_TRUE(append_entry_prev_rdn("AA"));
6488 ASSERT_TRUE(append_entry_prev_rdn("B"));
6489 ASSERT_TRUE(append_entry_prev_rdn("A"));
6490
6491 // The same RDN, with entries added in a different order.
6492 ASSERT_TRUE(append_entry_new_rdn("A"));
6493 ASSERT_TRUE(append_entry_prev_rdn("AA"));
6494 ASSERT_TRUE(append_entry_prev_rdn("B"));
6495 ASSERT_TRUE(append_entry_prev_rdn("AB"));
6496
6497 uint8_t *der = nullptr;
6498 int der_len = i2d_X509_NAME(name.get(), &der);
6499 ASSERT_GT(der_len, 0);
6500 bssl::UniquePtr<uint8_t> free_der(der);
6501
6502 // SEQUENCE {
6503 // SET {
6504 // SEQUENCE {
6505 // # commonName
6506 // OBJECT_IDENTIFIER { 2.5.4.3 }
6507 // UTF8String { "A" }
6508 // }
6509 // SEQUENCE {
6510 // # commonName
6511 // OBJECT_IDENTIFIER { 2.5.4.3 }
6512 // UTF8String { "B" }
6513 // }
6514 // SEQUENCE {
6515 // # commonName
6516 // OBJECT_IDENTIFIER { 2.5.4.3 }
6517 // UTF8String { "AA" }
6518 // }
6519 // SEQUENCE {
6520 // # commonName
6521 // OBJECT_IDENTIFIER { 2.5.4.3 }
6522 // UTF8String { "AB" }
6523 // }
6524 // }
6525 // ...two more copies of the above SET...
6526 // }
6527 static uint8_t kExpected[] = {
6528 0x30, 0x81, 0x84, 0x31, 0x2a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03,
6529 0x0c, 0x01, 0x41, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x01,
6530 0x42, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x41, 0x41,
6531 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x41, 0x42, 0x31,
6532 0x2a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x01, 0x41, 0x30,
6533 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x01, 0x42, 0x30, 0x09, 0x06,
6534 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x41, 0x41, 0x30, 0x09, 0x06, 0x03,
6535 0x55, 0x04, 0x03, 0x0c, 0x02, 0x41, 0x42, 0x31, 0x2a, 0x30, 0x08, 0x06,
6536 0x03, 0x55, 0x04, 0x03, 0x0c, 0x01, 0x41, 0x30, 0x08, 0x06, 0x03, 0x55,
6537 0x04, 0x03, 0x0c, 0x01, 0x42, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03,
6538 0x0c, 0x02, 0x41, 0x41, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
6539 0x02, 0x41, 0x42};
6540 EXPECT_EQ(Bytes(kExpected), Bytes(der, der_len));
6541 }
6542
TEST(X509Test,NameAttributeValues)6543 TEST(X509Test, NameAttributeValues) {
6544 // 1.2.840.113554.4.1.72585.0. We use an unrecognized OID because using an
6545 // arbitrary ASN.1 type as the value for commonName is invalid. Our parser
6546 // does not check this, but best to avoid unrelated errors in tests, in case
6547 // we decide to later.
6548 static const uint8_t kOID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12,
6549 0x04, 0x01, 0x84, 0xb7, 0x09, 0x00};
6550 static const char kOIDText[] = "1.2.840.113554.4.1.72585.0";
6551
6552 auto encode_single_attribute_name =
6553 [](CBS_ASN1_TAG tag,
6554 const std::string &contents) -> std::vector<uint8_t> {
6555 bssl::ScopedCBB cbb;
6556 CBB seq, rdn, attr, attr_type, attr_value;
6557 if (!CBB_init(cbb.get(), 128) ||
6558 !CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE) ||
6559 !CBB_add_asn1(&seq, &rdn, CBS_ASN1_SET) ||
6560 !CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE) ||
6561 !CBB_add_asn1(&attr, &attr_type, CBS_ASN1_OBJECT) ||
6562 !CBB_add_bytes(&attr_type, kOID, sizeof(kOID)) ||
6563 !CBB_add_asn1(&attr, &attr_value, tag) ||
6564 !CBB_add_bytes(&attr_value,
6565 reinterpret_cast<const uint8_t *>(contents.data()),
6566 contents.size()) ||
6567 !CBB_flush(cbb.get())) {
6568 ADD_FAILURE() << "Could not encode name";
6569 return {};
6570 };
6571 return std::vector<uint8_t>(CBB_data(cbb.get()),
6572 CBB_data(cbb.get()) + CBB_len(cbb.get()));
6573 };
6574
6575 const struct {
6576 CBS_ASN1_TAG der_tag;
6577 std::string der_contents;
6578 int str_type;
6579 std::string str_contents;
6580 } kTests[] = {
6581 // String types are parsed as string types.
6582 {CBS_ASN1_BITSTRING, std::string("\0", 1), V_ASN1_BIT_STRING, ""},
6583 {CBS_ASN1_UTF8STRING, "abc", V_ASN1_UTF8STRING, "abc"},
6584 {CBS_ASN1_NUMERICSTRING, "123", V_ASN1_NUMERICSTRING, "123"},
6585 {CBS_ASN1_PRINTABLESTRING, "abc", V_ASN1_PRINTABLESTRING, "abc"},
6586 {CBS_ASN1_T61STRING, "abc", V_ASN1_T61STRING, "abc"},
6587 {CBS_ASN1_IA5STRING, "abc", V_ASN1_IA5STRING, "abc"},
6588 {CBS_ASN1_UNIVERSALSTRING, std::string("\0\0\0a", 4),
6589 V_ASN1_UNIVERSALSTRING, std::string("\0\0\0a", 4)},
6590 {CBS_ASN1_BMPSTRING, std::string("\0a", 2), V_ASN1_BMPSTRING,
6591 std::string("\0a", 2)},
6592
6593 // ENUMERATED is supported but, currently, INTEGER is not.
6594 {CBS_ASN1_ENUMERATED, "\x01", V_ASN1_ENUMERATED, "\x01"},
6595
6596 // Test negative values. These are interesting because, when encoding, the
6597 // ASN.1 type must be determined from the string type, but the string type
6598 // has an extra |V_ASN1_NEG| bit.
6599 {CBS_ASN1_ENUMERATED, "\xff", V_ASN1_NEG_ENUMERATED, "\x01"},
6600
6601 // SEQUENCE is supported but, currently, SET is not. Note the
6602 // |ASN1_STRING| representation will include the tag and length.
6603 {CBS_ASN1_SEQUENCE, "", V_ASN1_SEQUENCE, std::string("\x30\x00", 2)},
6604
6605 // These types are not actually supported by the library but,
6606 // historically, we would parse them, and not other unsupported types, due
6607 // to quirks of |ASN1_tag2bit|.
6608 {7, "", V_ASN1_OBJECT_DESCRIPTOR, ""},
6609 {8, "", V_ASN1_EXTERNAL, ""},
6610 {9, "", V_ASN1_REAL, ""},
6611 {11, "", 11 /* EMBEDDED PDV */, ""},
6612 {13, "", 13 /* RELATIVE-OID */, ""},
6613 {14, "", 14 /* TIME */, ""},
6614 {15, "", 15 /* not a type; reserved value */, ""},
6615 {29, "", 29 /* CHARACTER STRING */, ""},
6616
6617 // TODO(crbug.com/boringssl/412): Attribute values are an ANY DEFINED BY
6618 // type, so we actually shoudl be accepting all ASN.1 types. We currently
6619 // do not and only accept the above types. Extend this test when we fix
6620 // this.
6621 };
6622 for (const auto &t : kTests) {
6623 SCOPED_TRACE(t.der_tag);
6624 SCOPED_TRACE(Bytes(t.der_contents));
6625
6626 // Construct an X.509 name containing a single RDN with a single attribute:
6627 // kOID with the specified value.
6628 auto encoded = encode_single_attribute_name(t.der_tag, t.der_contents);
6629 ASSERT_FALSE(encoded.empty());
6630 SCOPED_TRACE(Bytes(encoded));
6631
6632 // The input should parse.
6633 const uint8_t *inp = encoded.data();
6634 bssl::UniquePtr<X509_NAME> name(
6635 d2i_X509_NAME(nullptr, &inp, encoded.size()));
6636 ASSERT_TRUE(name);
6637 EXPECT_EQ(inp, encoded.data() + encoded.size())
6638 << "input was not fully consumed";
6639
6640 // Check there is a single attribute with the expected in-memory
6641 // representation.
6642 ASSERT_EQ(1, X509_NAME_entry_count(name.get()));
6643 const X509_NAME_ENTRY *entry = X509_NAME_get_entry(name.get(), 0);
6644 const ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
6645 EXPECT_EQ(Bytes(OBJ_get0_data(obj), OBJ_length(obj)), Bytes(kOID));
6646 const ASN1_STRING *value = X509_NAME_ENTRY_get_data(entry);
6647 EXPECT_EQ(ASN1_STRING_type(value), t.str_type);
6648 EXPECT_EQ(Bytes(ASN1_STRING_get0_data(value), ASN1_STRING_length(value)),
6649 Bytes(t.str_contents));
6650
6651 // The name should re-encode with the same input.
6652 uint8_t *der = nullptr;
6653 int der_len = i2d_X509_NAME(name.get(), &der);
6654 ASSERT_GE(der_len, 0);
6655 bssl::UniquePtr<uint8_t> free_der(der);
6656 EXPECT_EQ(Bytes(der, der_len), Bytes(encoded));
6657
6658 // X509_NAME internally caches its encoding, which means the check above
6659 // does not fully test re-encoding. Repeat the test by constructing an
6660 // |X509_NAME| from the string representation.
6661 name.reset(X509_NAME_new());
6662 ASSERT_TRUE(name);
6663 ASSERT_TRUE(X509_NAME_add_entry_by_txt(
6664 name.get(), kOIDText, t.str_type,
6665 reinterpret_cast<const uint8_t *>(t.str_contents.data()),
6666 t.str_contents.size(), /*loc=*/-1, /*set=*/0));
6667
6668 // The name should re-encode with the same input.
6669 der = nullptr;
6670 der_len = i2d_X509_NAME(name.get(), &der);
6671 ASSERT_GE(der_len, 0);
6672 free_der.reset(der);
6673 EXPECT_EQ(Bytes(der, der_len), Bytes(encoded));
6674 }
6675
6676 const struct {
6677 CBS_ASN1_TAG der_tag;
6678 std::string der_contents;
6679 } kInvalidTests[] = {
6680 // Errors in supported universal types should be handled.
6681 {CBS_ASN1_NULL, "not null"},
6682 {CBS_ASN1_BOOLEAN, "not bool"},
6683 {CBS_ASN1_OBJECT, ""},
6684 {CBS_ASN1_INTEGER, std::string("\0\0", 2)},
6685 {CBS_ASN1_ENUMERATED, std::string("\0\0", 2)},
6686 {CBS_ASN1_BITSTRING, ""},
6687 {CBS_ASN1_UTF8STRING, "not utf-8 \xff"},
6688 {CBS_ASN1_BMPSTRING, "not utf-16 "},
6689 {CBS_ASN1_UNIVERSALSTRING, "not utf-32"},
6690 {CBS_ASN1_UTCTIME, "not utctime"},
6691 {CBS_ASN1_GENERALIZEDTIME, "not generalizedtime"},
6692 {CBS_ASN1_UTF8STRING | CBS_ASN1_CONSTRUCTED, ""},
6693 {CBS_ASN1_SEQUENCE & ~CBS_ASN1_CONSTRUCTED, ""},
6694
6695 // TODO(crbug.com/boringssl/412): The following inputs should parse, but
6696 // are currently rejected because they cannot be represented in
6697 // |ASN1_PRINTABLE|, either because they don't fit in |ASN1_STRING| or
6698 // simply in the |B_ASN1_PRINTABLE| bitmask.
6699 {CBS_ASN1_NULL, ""},
6700 {CBS_ASN1_BOOLEAN, std::string("\x00", 1)},
6701 {CBS_ASN1_BOOLEAN, "\xff"},
6702 {CBS_ASN1_OBJECT, "\x01\x02\x03\x04"},
6703 {CBS_ASN1_INTEGER, "\x01"},
6704 {CBS_ASN1_INTEGER, "\xff"},
6705 {CBS_ASN1_OCTETSTRING, ""},
6706 {CBS_ASN1_UTCTIME, "700101000000Z"},
6707 {CBS_ASN1_GENERALIZEDTIME, "19700101000000Z"},
6708 {CBS_ASN1_SET, ""},
6709 {CBS_ASN1_APPLICATION | CBS_ASN1_CONSTRUCTED | 42, ""},
6710 {CBS_ASN1_APPLICATION | 42, ""},
6711 };
6712 for (const auto &t : kInvalidTests) {
6713 SCOPED_TRACE(t.der_tag);
6714 SCOPED_TRACE(Bytes(t.der_contents));
6715
6716 // Construct an X.509 name containing a single RDN with a single attribute:
6717 // kOID with the specified value.
6718 auto encoded = encode_single_attribute_name(t.der_tag, t.der_contents);
6719 ASSERT_FALSE(encoded.empty());
6720 SCOPED_TRACE(Bytes(encoded));
6721
6722 // The input should not parse.
6723 const uint8_t *inp = encoded.data();
6724 bssl::UniquePtr<X509_NAME> name(
6725 d2i_X509_NAME(nullptr, &inp, encoded.size()));
6726 EXPECT_FALSE(name);
6727 }
6728 }
6729
TEST(X509Test,GetTextByOBJ)6730 TEST(X509Test, GetTextByOBJ) {
6731 struct OBJTestCase {
6732 const char *content;
6733 int content_type;
6734 int len;
6735 int expected_result;
6736 const char *expected_string;
6737 } kTests[] = {
6738 {"", V_ASN1_UTF8STRING, 0, 0, ""},
6739 {"derp", V_ASN1_UTF8STRING, 4, 4, "derp"},
6740 {"\x30\x00", // Empty sequence can not be converted to UTF-8
6741 V_ASN1_SEQUENCE, 2, -1, ""},
6742 {
6743 "der\0p",
6744 V_ASN1_TELETEXSTRING,
6745 5,
6746 -1,
6747 "",
6748 },
6749 {
6750 "0123456789ABCDEF",
6751 V_ASN1_IA5STRING,
6752 16,
6753 16,
6754 "0123456789ABCDEF",
6755 },
6756 {
6757 "\x07\xff",
6758 V_ASN1_BMPSTRING,
6759 2,
6760 2,
6761 "\xdf\xbf",
6762 },
6763 {
6764 "\x00\xc3\x00\xaf",
6765 V_ASN1_BMPSTRING,
6766 4,
6767 4,
6768 "\xc3\x83\xc2\xaf",
6769 },
6770 };
6771 for (const auto &test : kTests) {
6772 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
6773 ASSERT_TRUE(name);
6774 ASSERT_TRUE(X509_NAME_add_entry_by_NID(
6775 name.get(), NID_commonName, test.content_type,
6776 reinterpret_cast<const uint8_t *>(test.content), test.len, /*loc=*/-1,
6777 /*set=*/0));
6778 char text[256] = {};
6779 EXPECT_EQ(test.expected_result,
6780 X509_NAME_get_text_by_NID(name.get(), NID_commonName, text,
6781 sizeof(text)));
6782 EXPECT_STREQ(text, test.expected_string);
6783 if (test.expected_result > 0) {
6784 // Test truncation. The function writes a trailing NUL byte so the
6785 // buffer needs to be one bigger than the expected result.
6786 char small[2] = "a";
6787 EXPECT_EQ(
6788 -1, X509_NAME_get_text_by_NID(name.get(), NID_commonName, small, 1));
6789 // The buffer should be unmodified by truncation failure.
6790 EXPECT_STREQ(small, "a");
6791 }
6792 }
6793 }
6794