1 /* Copyright (c) 2016, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <algorithm>
16 #include <functional>
17 #include <string>
18 #include <vector>
19
20 #include <gtest/gtest.h>
21
22 #include <openssl/asn1.h>
23 #include <openssl/bio.h>
24 #include <openssl/bytestring.h>
25 #include <openssl/crypto.h>
26 #include <openssl/curve25519.h>
27 #include <openssl/digest.h>
28 #include <openssl/err.h>
29 #include <openssl/nid.h>
30 #include <openssl/pem.h>
31 #include <openssl/pool.h>
32 #include <openssl/x509.h>
33 #include <openssl/x509v3.h>
34
35 #include "internal.h"
36 #include "../internal.h"
37 #include "../test/test_util.h"
38 #include "../x509v3/internal.h"
39
40
41 std::string GetTestData(const char *path);
42
43 static const char kCrossSigningRootPEM[] = R"(
44 -----BEGIN CERTIFICATE-----
45 MIICcTCCAdqgAwIBAgIIagJHiPvE0MowDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
46 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
47 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowPDEaMBgGA1UE
48 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
49 dCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwo3qFvSB9Zmlbpzn9wJp
50 ikI75Rxkatez8VkLqyxbOhPYl2Haz8F5p1gDG96dCI6jcLGgu3AKT9uhEQyyUko5
51 EKYasazSeA9CQrdyhPg0mkTYVETnPM1W/ebid1YtqQbq1CMWlq2aTDoSGAReGFKP
52 RTdXAbuAXzpCfi/d8LqV13UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgIEMB0GA1Ud
53 JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAQH/MBkGA1Ud
54 DgQSBBBHKHC7V3Z/3oLvEZx0RZRwMBsGA1UdIwQUMBKAEEcocLtXdn/egu8RnHRF
55 lHAwDQYJKoZIhvcNAQELBQADgYEAnglibsy6mGtpIXivtlcz4zIEnHw/lNW+r/eC
56 CY7evZTmOoOuC/x9SS3MF9vawt1HFUummWM6ZgErqVBOXIB4//ykrcCgf5ZbF5Hr
57 +3EFprKhBqYiXdD8hpBkrBoXwn85LPYWNd2TceCrx0YtLIprE2R5MB2RIq8y4Jk3
58 YFXvkME=
59 -----END CERTIFICATE-----
60 )";
61
62 static const char kRootCAPEM[] = R"(
63 -----BEGIN CERTIFICATE-----
64 MIICVTCCAb6gAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwLjEaMBgGA1UE
65 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwIBcNMTUwMTAx
66 MDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMC4xGjAYBgNVBAoTEUJvcmluZ1NTTCBU
67 RVNUSU5HMRAwDgYDVQQDEwdSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
68 iQKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/VImi2XeJM
69 2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2m8PX+plZ
70 w7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQABo3oweDAO
71 BgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8G
72 A1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEEA31wH7QC+4HH5UBCeMWQEwGwYDVR0j
73 BBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOBgQDXylEK77Za
74 kKeY6ZerrScWyZhrjIGtHFu09qVpdJEzrk87k2G7iHHR9CAvSofCgEExKtWNS9dN
75 +9WiZp/U48iHLk7qaYXdEuO07No4BYtXn+lkOykE+FUxmA4wvOF1cTd2tdj3MzX2
76 kfGIBAYhzGZWhY3JbhIfTEfY1PNM1pWChQ==
77 -----END CERTIFICATE-----
78 )";
79
80 static const char kRootCrossSignedPEM[] = R"(
81 -----BEGIN CERTIFICATE-----
82 MIICYzCCAcygAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwPDEaMBgGA1UE
83 ChMRQm9yaW5nU1NMIFRFU1RJTkcxHjAcBgNVBAMTFUNyb3NzLXNpZ25pbmcgUm9v
84 dCBDQTAgFw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowLjEaMBgGA1UE
85 ChMRQm9yaW5nU1NMIFRFU1RJTkcxEDAOBgNVBAMTB1Jvb3QgQ0EwgZ8wDQYJKoZI
86 hvcNAQEBBQADgY0AMIGJAoGBAOkOfxEM5lrmhoNw9lEHLgJ4EfWyJJI47iZiAseU
87 8T6hd2rAj9UiaLZd4kza4IURNcKSckmNgbSIl2u3/LJEW9lNBnD5DMaP6bPfo2qE
88 bENZvp2y0Habw9f6mVnDuOXzUwO9SdazzKJD/q3CC7kBuFYplAMkpw0oISmprpRb
89 SvmfAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD
90 AQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQQDfXAftAL7gc
91 flQEJ4xZATAbBgNVHSMEFDASgBBHKHC7V3Z/3oLvEZx0RZRwMA0GCSqGSIb3DQEB
92 CwUAA4GBAErTxYJ0en9HVRHAAr5OO5wuk5Iq3VMc79TMyQLCXVL8YH8Uk7KEwv+q
93 9MEKZv2eR/Vfm4HlXlUuIqfgUXbwrAYC/YVVX86Wnbpy/jc73NYVCq8FEZeO+0XU
94 90SWAPDdp+iL7aZdimnMtG1qlM1edmz8AKbrhN/R3IbA2CL0nCWV
95 -----END CERTIFICATE-----
96 )";
97
98 static const char kIntermediatePEM[] = R"(
99 -----BEGIN CERTIFICATE-----
100 MIICXjCCAcegAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMC4xGjAYBgNV
101 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRAwDgYDVQQDEwdSb290IENBMCAXDTE1MDEw
102 MTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjA2MRowGAYDVQQKExFCb3JpbmdTU0wg
103 VEVTVElORzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMIGfMA0GCSqGSIb3DQEB
104 AQUAA4GNADCBiQKBgQC7YtI0l8ocTYJ0gKyXTtPL4iMJCNY4OcxXl48jkncVG1Hl
105 blicgNUa1r9m9YFtVkxvBinb8dXiUpEGhVg4awRPDcatlsBSEBuJkiZGYbRcAmSu
106 CmZYnf6u3aYQ18SU8WqVERPpE4cwVVs+6kwlzRw0+XDoZAczu8ZezVhCUc6NbQID
107 AQABo3oweDAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
108 AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEEIwaaKi1dttdV3sfjRSy
109 BqMwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkqhkiG9w0BAQsFAAOB
110 gQCvnolNWEHuQS8PFVVyuLR+FKBeUUdrVbSfHSzTqNAqQGp0C9fk5oCzDq6ZgTfY
111 ESXM4cJhb3IAnW0UM0NFsYSKQJ50JZL2L3z5ZLQhHdbs4RmODGoC40BVdnJ4/qgB
112 aGSh09eQRvAVmbVCviDK2ipkWNegdyI19jFfNP5uIkGlYg==
113 -----END CERTIFICATE-----
114 )";
115
116 static const char kIntermediateSelfSignedPEM[] = R"(
117 -----BEGIN CERTIFICATE-----
118 MIICZjCCAc+gAwIBAgIJAKJMH+7rscPcMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
119 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
120 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDYxGjAYBgNVBAoTEUJv
121 cmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwgZ8wDQYJ
122 KoZIhvcNAQEBBQADgY0AMIGJAoGBALti0jSXyhxNgnSArJdO08viIwkI1jg5zFeX
123 jyOSdxUbUeVuWJyA1RrWv2b1gW1WTG8GKdvx1eJSkQaFWDhrBE8Nxq2WwFIQG4mS
124 JkZhtFwCZK4KZlid/q7dphDXxJTxapURE+kThzBVWz7qTCXNHDT5cOhkBzO7xl7N
125 WEJRzo1tAgMBAAGjejB4MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEF
126 BQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAZBgNVHQ4EEgQQjBpoqLV2
127 211Xex+NFLIGozAbBgNVHSMEFDASgBCMGmiotXbbXVd7H40UsgajMA0GCSqGSIb3
128 DQEBCwUAA4GBALcccSrAQ0/EqQBsx0ZDTUydHXXNP2DrUkpUKmAXIe8McqIVSlkT
129 6H4xz7z8VRKBo9j+drjjtCw2i0CQc8aOLxRb5WJ8eVLnaW2XRlUqAzhF0CrulfVI
130 E4Vs6ZLU+fra1WAuIj6qFiigRja+3YkZArG8tMA9vtlhTX/g7YBZIkqH
131 -----END CERTIFICATE-----
132 )";
133
134 static const char kLeafPEM[] = R"(
135 -----BEGIN CERTIFICATE-----
136 MIICXjCCAcegAwIBAgIIWjO48ufpunYwDQYJKoZIhvcNAQELBQAwNjEaMBgGA1UE
137 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAg
138 Fw0xNTAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowMjEaMBgGA1UEChMRQm9y
139 aW5nU1NMIFRFU1RJTkcxFDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3
140 DQEBAQUAA4GNADCBiQKBgQDD0U0ZYgqShJ7oOjsyNKyVXEHqeafmk/bAoPqY/h1c
141 oPw2E8KmeqiUSoTPjG5IXSblOxcqpbAXgnjPzo8DI3GNMhAf8SYNYsoH7gc7Uy7j
142 5x8bUrisGnuTHqkqH6d4/e7ETJ7i3CpR8bvK16DggEvQTudLipz8FBHtYhFakfdh
143 TwIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
144 CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEKN5pvbur7mlXjeMEYA0
145 4nUwGwYDVR0jBBQwEoAQjBpoqLV2211Xex+NFLIGozANBgkqhkiG9w0BAQsFAAOB
146 gQBj/p+JChp//LnXWC1k121LM/ii7hFzQzMrt70bny406SGz9jAjaPOX4S3gt38y
147 rhjpPukBlSzgQXFg66y6q5qp1nQTD1Cw6NkKBe9WuBlY3iYfmsf7WT8nhlT1CttU
148 xNCwyMX9mtdXdQicOfNjIGUCD5OLV5PgHFPRKiHHioBAhg==
149 -----END CERTIFICATE-----
150 )";
151
152 static const char kLeafNoKeyUsagePEM[] = R"(
153 -----BEGIN CERTIFICATE-----
154 MIICNTCCAZ6gAwIBAgIJAIFQGaLQ0G2mMA0GCSqGSIb3DQEBCwUAMDYxGjAYBgNV
155 BAoTEUJvcmluZ1NTTCBURVNUSU5HMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew
156 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDcxGjAYBgNVBAoTEUJv
157 cmluZ1NTTCBURVNUSU5HMRkwFwYDVQQDExBldmlsLmV4YW1wbGUuY29tMIGfMA0G
158 CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOKoZe75NPz77EOaMMl4/0s3PyQw++zJvp
159 ejHAxZiTPCJgMbEHLrSzNoHdopg+CLUH5bE4wTXM8w9Inv5P8OAFJt7gJuPUunmk
160 j+NoU3QfzOR6BroePcz1vXX9jyVHRs087M/sLqWRHu9IR+/A+UTcBaWaFiDVUxtJ
161 YOwFMwjNPQIDAQABo0gwRjAMBgNVHRMBAf8EAjAAMBkGA1UdDgQSBBBJfLEUWHq1
162 27rZ1AVx2J5GMBsGA1UdIwQUMBKAEIwaaKi1dttdV3sfjRSyBqMwDQYJKoZIhvcN
163 AQELBQADgYEALVKN2Y3LZJOtu6SxFIYKxbLaXhTGTdIjxipZhmbBRDFjbZjZZOTe
164 6Oo+VDNPYco4rBexK7umYXJyfTqoY0E8dbiImhTcGTEj7OAB3DbBomgU1AYe+t2D
165 uwBqh4Y3Eto+Zn4pMVsxGEfUpjzjZDel7bN1/oU/9KWPpDfywfUmjgk=
166 -----END CERTIFICATE-----
167 )";
168
169 static const char kForgeryPEM[] = R"(
170 -----BEGIN CERTIFICATE-----
171 MIICZzCCAdCgAwIBAgIIdTlMzQoKkeMwDQYJKoZIhvcNAQELBQAwNzEaMBgGA1UE
172 ChMRQm9yaW5nU1NMIFRFU1RJTkcxGTAXBgNVBAMTEGV2aWwuZXhhbXBsZS5jb20w
173 IBcNMTUwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMDoxGjAYBgNVBAoTEUJv
174 cmluZ1NTTCBURVNUSU5HMRwwGgYDVQQDExNmb3JnZXJ5LmV4YW1wbGUuY29tMIGf
175 MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDADTwruBQZGb7Ay6s9HiYv5d1lwtEy
176 xQdA2Sy8Rn8uA20Q4KgqwVY7wzIZ+z5Butrsmwb70gdG1XU+yRaDeE7XVoW6jSpm
177 0sw35/5vJbTcL4THEFbnX0OPZnvpuZDFUkvVtq5kxpDWsVyM24G8EEq7kPih3Sa3
178 OMhXVXF8kso6UQIDAQABo3cwdTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
179 KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwGQYDVR0OBBIEEEYJ/WHM
180 8p64erPWIg4/liwwGwYDVR0jBBQwEoAQSXyxFFh6tdu62dQFcdieRjANBgkqhkiG
181 9w0BAQsFAAOBgQA+zH7bHPElWRWJvjxDqRexmYLn+D3Aivs8XgXQJsM94W0EzSUf
182 DSLfRgaQwcb2gg2xpDFoG+W0vc6O651uF23WGt5JaFFJJxqjII05IexfCNhuPmp4
183 4UZAXPttuJXpn74IY1tuouaM06B3vXKZR+/ityKmfJvSwxacmFcK+2ziAg==
184 -----END CERTIFICATE-----
185 )";
186
187 // kExamplePSSCert is an example RSA-PSS self-signed certificate, signed with
188 // the default hash functions.
189 static const char kExamplePSSCert[] = R"(
190 -----BEGIN CERTIFICATE-----
191 MIICYjCCAcagAwIBAgIJAI3qUyT6SIfzMBIGCSqGSIb3DQEBCjAFogMCAWowRTEL
192 MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy
193 bmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDEwMDkxOTA5NTVaFw0xNTEwMDkxOTA5
194 NTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK
195 DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
196 MIGJAoGBAPi4bIO0vNmoV8CltFl2jFQdeesiUgR+0zfrQf2D+fCmhRU0dXFahKg8
197 0u9aTtPel4rd/7vPCqqGkr64UOTNb4AzMHYTj8p73OxaymPHAyXvqIqDWHYg+hZ3
198 13mSYwFIGth7Z/FSVUlO1m5KXNd6NzYM3t2PROjCpywrta9kS2EHAgMBAAGjUDBO
199 MB0GA1UdDgQWBBTQQfuJQR6nrVrsNF1JEflVgXgfEzAfBgNVHSMEGDAWgBTQQfuJ
200 QR6nrVrsNF1JEflVgXgfEzAMBgNVHRMEBTADAQH/MBIGCSqGSIb3DQEBCjAFogMC
201 AWoDgYEASUy2RZcgNbNQZA0/7F+V1YTLEXwD16bm+iSVnzGwtexmQVEYIZG74K/w
202 xbdZQdTbpNJkp1QPjPfh0zsatw6dmt5QoZ8K8No0DjR9dgf+Wvv5WJvJUIQBoAVN
203 Z0IL+OQFz6+LcTHxD27JJCebrATXZA0wThGTQDm7crL+a+SujBY=
204 -----END CERTIFICATE-----
205 )";
206
207 // kBadPSSCertPEM is a self-signed RSA-PSS certificate with bad parameters.
208 static const char kBadPSSCertPEM[] = R"(
209 -----BEGIN CERTIFICATE-----
210 MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
211 AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
212 VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
213 NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
214 ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
215 qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
216 IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
217 IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
218 dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
219 QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
220 5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
221 4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
222 Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
223 BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
224 xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
225 plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
226 DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
227 NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
228 lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
229 -----END CERTIFICATE-----
230 )";
231
232 static const char kRSAKey[] = R"(
233 -----BEGIN RSA PRIVATE KEY-----
234 MIICXgIBAAKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92
235 kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiF
236 KKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQAB
237 AoGBAIBy09Fd4DOq/Ijp8HeKuCMKTHqTW1xGHshLQ6jwVV2vWZIn9aIgmDsvkjCe
238 i6ssZvnbjVcwzSoByhjN8ZCf/i15HECWDFFh6gt0P5z0MnChwzZmvatV/FXCT0j+
239 WmGNB/gkehKjGXLLcjTb6dRYVJSCZhVuOLLcbWIV10gggJQBAkEA8S8sGe4ezyyZ
240 m4e9r95g6s43kPqtj5rewTsUxt+2n4eVodD+ZUlCULWVNAFLkYRTBCASlSrm9Xhj
241 QpmWAHJUkQJBAOVzQdFUaewLtdOJoPCtpYoY1zd22eae8TQEmpGOR11L6kbxLQsk
242 aMly/DOnOaa82tqAGTdqDEZgSNmCeKKknmECQAvpnY8GUOVAubGR6c+W90iBuQLj
243 LtFp/9ihd2w/PoDwrHZaoUYVcT4VSfJQog/k7kjE4MYXYWL8eEKg3WTWQNECQQDk
244 104Wi91Umd1PzF0ijd2jXOERJU1wEKe6XLkYYNHWQAe5l4J4MWj9OdxFXAxIuuR/
245 tfDwbqkta4xcux67//khAkEAvvRXLHTaa6VFzTaiiO8SaFsHV3lQyXOtMrBpB5jd
246 moZWgjHvB2W9Ckn7sDqsPB+U2tyX0joDdQEyuiMECDY8oQ==
247 -----END RSA PRIVATE KEY-----
248 )";
249
250 static const char kP256Key[] = R"(
251 -----BEGIN PRIVATE KEY-----
252 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBw8IcnrUoEqc3VnJ
253 TYlodwi1b8ldMHcO6NHJzgqLtGqhRANCAATmK2niv2Wfl74vHg2UikzVl2u3qR4N
254 Rvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLB
255 -----END PRIVATE KEY-----
256 )";
257
258 // kCRLTestRoot is a test root certificate. It has private key:
259 //
260 // -----BEGIN RSA PRIVATE KEY-----
261 // MIIEpAIBAAKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3BS/dUBpbrzd1aeFzN
262 // lI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+5R/Du0iCb1tCZIPY
263 // 07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWpuRqO6rctN9qUoMlT
264 // IAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n8H922qmvPNA9idmX
265 // 9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbLP2o9orxGx7aCtnnB
266 // ZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABAoIBAQCJF9MTHfHGkk+/
267 // DwCXlA0Wg0e6hBuHl10iNobYkMWIl/xXjOknhYiqOqb181py76472SVC5ERprC+r
268 // Lf0PXzqKuA117mnkwT2bYLCL9Skf8WEhoFLQNbVlloF6wYjqXcYgKYKh8HgQbZl4
269 // aLg2YQl2NADTNABsUWj/4H2WEelsODVviqfFs725lFg9KHDI8zxAZXLzDt/M9uVL
270 // GxJiX12tr0AwaeAFZ1oPM/y+LznM3N3+Ht3jHHw3jZ/u8Z1RdAmdpu3bZ6tbwGBr
271 // 9edsH5rKkm9aBvMrY7eX5VHqaqyRNFyG152ZOJh4XiiFG7EmgTPCpaHo50Y018Re
272 // grVtk+FBAoGBANY3lY+V8ZOwMxSHes+kTnoimHO5Ob7nxrOC71i27x+4HHsYUeAr
273 // /zOOghiDIn+oNkuiX5CIOWZKx159Bp65CPpCbTb/fh+HYnSgXFgCw7XptycO7LXM
274 // 5GwR5jSfpfzBFdYxjxoUzDMFBwTEYRTm0HkUHkH+s+ajjw5wqqbcGLcfAoGBAMM8
275 // DKW6Tb66xsf708f0jonAjKYTLZ+WOcwsBEWSFHoY8dUjvW5gqx5acHTEsc5ZTeh4
276 // BCFLa+Mn9cuJWVJNs09k7Xb2PNl92HQ4GN2vbdkJhExbkT6oLDHg1hVD0w8KLfz1
277 // lTAW6pS+6CdOHMEJpvqx89EgU/1GgIQ1fXYczE75AoGAKeJoXdDFkUjsU+FBhAPu
278 // TDcjc80Nm2QaF9NMFR5/lsYa236f06MGnQAKM9zADBHJu/Qdl1brUjLg1HrBppsr
279 // RDNkw1IlSOjhuUf5hkPUHGd8Jijm440SRIcjabqla8wdBupdvo2+d2NOQgJbsQiI
280 // ToQ+fkzcxAXK3Nnuo/1436UCgYBjLH7UNOZHS8OsVM0I1r8NVKVdu4JCfeJQR8/H
281 // s2P5ffBir+wLRMnH+nMDreMQiibcPxMCArkERAlE4jlgaJ38Z62E76KLbLTmnJRt
282 // EC9Bv+bXjvAiHvWMRMUbOj/ddPNVez7Uld+FvdBaHwDWQlvzHzBWfBCOKSEhh7Z6
283 // qDhUqQKBgQDPMDx2i5rfmQp3imV9xUcCkIRsyYQVf8Eo7NV07IdUy/otmksgn4Zt
284 // Lbf3v2dvxOpTNTONWjp2c+iUQo8QxJCZr5Sfb21oQ9Ktcrmc/CY7LeBVDibXwxdM
285 // vRG8kBzvslFWh7REzC3u06GSVhyKDfW93kN2cKVwGoahRlhj7oHuZQ==
286 // -----END RSA PRIVATE KEY-----
287 static const char kCRLTestRoot[] = R"(
288 -----BEGIN CERTIFICATE-----
289 MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV
290 BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
291 aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0
292 MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
293 A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq
294 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B
295 S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+
296 5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp
297 uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n
298 8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL
299 P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw
300 TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3
301 N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
302 AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz
303 EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN
304 XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B
305 3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5
306 24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw
307 amd8GKMZQvP0ufGnUn7D7uartA==
308 -----END CERTIFICATE-----
309 )";
310
311 static const char kCRLTestLeaf[] = R"(
312 -----BEGIN CERTIFICATE-----
313 MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx
314 EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ
315 BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa
316 MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC
317 b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA
318 A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9
319 8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP
320 ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx
321 e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX
322 +saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu
323 OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC
324 MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
325 MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3
326 lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw
327 XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ
328 ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh
329 lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql
330 ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC
331 5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG
332 tjJMFw==
333 -----END CERTIFICATE-----
334 )";
335
336 static const char kBasicCRL[] = R"(
337 -----BEGIN X509 CRL-----
338 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
339 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
340 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
341 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
342 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
343 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
344 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
345 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
346 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
347 -----END X509 CRL-----
348 )";
349
350 static const char kRevokedCRL[] = R"(
351 -----BEGIN X509 CRL-----
352 MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
353 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
354 Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX
355 DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB
356 AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d
357 sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH
358 NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5
359 OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp
360 Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO
361 xzfKY2TzxLiOmctG0hXFkH5J
362 -----END X509 CRL-----
363 )";
364
365 static const char kBadIssuerCRL[] = R"(
366 -----BEGIN X509 CRL-----
367 MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE
368 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN
369 Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC
370 AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF
371 AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP
372 t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB
373 cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL
374 TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q
375 L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g
376 Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==
377 -----END X509 CRL-----
378 )";
379
380 // kKnownCriticalCRL is kBasicCRL but with a critical issuing distribution point
381 // extension.
382 static const char kKnownCriticalCRL[] = R"(
383 -----BEGIN X509 CRL-----
384 MIIBuDCBoQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
385 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
386 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoB8wHTAKBgNV
387 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAs37Jq
388 3Htcehm6C2PKXOHekwTqTLOPWsYHfF68kYhdzcopDZBeoKE7jLRkRRGFDaR/tfUs
389 kwLSDNSQ8EwPb9PT1X8kmFn9QmJgWD6f6BzaH5ZZ9iBUwOcvrydlb/jnjdIZHQxs
390 fKOAceW5XX3f7DANC3qwYLsQZR/APkfV8nXjPYVUz1kKj04uq/BbQviInjyUYixN
391 xDx+GDWVVXccehcwAu983kAqP+JDaVQPBVksLuBXz2adrEWwvbLCnZeL3zH1IY9h
392 6MFO6echpvGbU/H+dRX9UkhdJ7gdwKVD3RjfJl+DRVox9lz8Pbo5H699Tkv9/DQP
393 9dMWxqhQlv23osLp
394 -----END X509 CRL-----
395 )";
396
397 // kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
398 static const char kUnknownCriticalCRL[] = R"(
399 -----BEGIN X509 CRL-----
400 MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
401 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
402 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV
403 HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA
404 GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib
405 Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC
406 yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ
407 +wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC
408 nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB
409 kwzzU2rL3G65CrZ7H0SZsQ==
410 -----END X509 CRL-----
411 )";
412
413 // kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
414 // point extension followed by an unknown critical extension
415 static const char kUnknownCriticalCRL2[] = R"(
416 -----BEGIN X509 CRL-----
417 MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
418 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
419 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDQwMjAKBgNV
420 HRQEAwIBATAPBgNVHRwBAf8EBTADgQH/MBMGDCqGSIb3EgQBhLcJAAEB/wQAMA0G
421 CSqGSIb3DQEBCwUAA4IBAQBgSogsC5kf2wzr+0hmZtmLXYd0itAiYO0Gh9AyaEOO
422 myJFuqICHBSLXXUgwNkTUa2x2I/ivyReVFV756VOlWoaV2wJUs0zeCeVBgC9ZFsq
423 5a+8OGgXwgoYESFV5Y3QRF2a1Ytzfbw/o6xLXzTngvMsLOs12D4B5SkopyEZibF4
424 tXlRZyvEudTg3CCrjNP+p/GV07nZ3wcMmKJwQeilgzFUV7NaVCCo9jvPBGp0RxAN
425 KNif7jmjK4hD5mswo/Eq5kxQIc+mTfuUFdgHuAu1hfLYe0YK+Hr4RFf6Qy4hl7Ne
426 YjqkkSVIcr87u+8AznwdstnQzsyD27Jt7SjVORkYRywi
427 -----END X509 CRL-----
428 )";
429
430 // kBadExtensionCRL is kBasicCRL but with an incorrectly-encoded issuing
431 // distribution point extension.
432 static const char kBadExtensionCRL[] = R"(
433 -----BEGIN X509 CRL-----
434 MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
435 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
436 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV
437 HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3
438 i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q
439 mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ
440 NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A
441 3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+
442 7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp
443 o/1TpfOMSGhMyMoyPrk=
444 -----END X509 CRL-----
445 )";
446
447 // kAlgorithmMismatchCRL is kBasicCRL but with mismatched AlgorithmIdentifiers
448 // in the outer structure and signed portion. The signature reflects the signed
449 // portion.
450 static const char kAlgorithmMismatchCRL[] = R"(
451 -----BEGIN X509 CRL-----
452 MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
453 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
454 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
455 HRQEAwIBATANBgkqhkiG9w0BAQwFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN
456 ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo
457 eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os
458 dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv
459 diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho
460 /vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==
461 -----END X509 CRL-----
462 )";
463
464 // kAlgorithmMismatchCRL2 is kBasicCRL but with mismatched AlgorithmIdentifiers
465 // in the outer structure and signed portion. The signature reflects the outer
466 // structure.
467 static const char kAlgorithmMismatchCRL2[] = R"(
468 -----BEGIN X509 CRL-----
469 MIIBpzCBkAIBATANBgkqhkiG9w0BAQwFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE
470 CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ
471 Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV
472 HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAjCWtU7AK8nQ5TCFfzvbU04MWNuLp
473 iZfqapRSRyMta4pyRomK773rEmJmYOc/ZNeIphVOlupMgGC2wyv5Z/SD1mxccJbv
474 SlUWciwjskjgvyyU9KnJ5xPgf3e3Fl3G0u9yJEFd4mg6fRavs5pEDX56b0f+SkG+
475 Vl1FZU94Uylm2kCqk9fRpTxualPGP6dksj3Aitt4x2Vdni4sUfg9vIEEOx2jnisq
476 iLqpT94IdETCWAciE0dgbogdOOsNzMqSASfHM/XPigYLXpYgfaR8fca6OKDwFsVH
477 SrkFz8Se3F6mCHnbDzYElbmA46iKU2J12LTrso3Ewq/qHq0mebfp2z0y6g==
478 -----END X509 CRL-----
479 )";
480
481 // kEd25519Cert is a self-signed Ed25519 certificate.
482 static const char kEd25519Cert[] = R"(
483 -----BEGIN CERTIFICATE-----
484 MIIBkTCCAUOgAwIBAgIJAJwooam0UCDmMAUGAytlcDBFMQswCQYDVQQGEwJBVTET
485 MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
486 dHkgTHRkMB4XDTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UE
487 BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
488 ZGdpdHMgUHR5IEx0ZDAqMAUGAytlcAMhANdamAGCsQq31Uv+08lkBzoO4XLz2qYj
489 Ja8CGmj3B1Eao1AwTjAdBgNVHQ4EFgQUoux7eV+fJK2v3ah6QPU/lj1/+7UwHwYD
490 VR0jBBgwFoAUoux7eV+fJK2v3ah6QPU/lj1/+7UwDAYDVR0TBAUwAwEB/zAFBgMr
491 ZXADQQBuCzqji8VP9xU8mHEMjXGChX7YP5J664UyVKHKH9Z1u4wEbB8dJ3ScaWSL
492 r+VHVKUhsrvcdCelnXRrrSD7xWAL
493 -----END CERTIFICATE-----
494 )";
495
496 // kEd25519CertNull is an invalid self-signed Ed25519 with an explicit NULL in
497 // the signature algorithm.
498 static const char kEd25519CertNull[] = R"(
499 -----BEGIN CERTIFICATE-----
500 MIIBlTCCAUWgAwIBAgIJAJwooam0UCDmMAcGAytlcAUAMEUxCzAJBgNVBAYTAkFV
501 MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
502 IFB0eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYD
503 VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg
504 V2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPa
505 piMlrwIaaPcHURqjUDBOMB0GA1UdDgQWBBSi7Ht5X58kra/dqHpA9T+WPX/7tTAf
506 BgNVHSMEGDAWgBSi7Ht5X58kra/dqHpA9T+WPX/7tTAMBgNVHRMEBTADAQH/MAcG
507 AytlcAUAA0EA70uefNocdJohkKPNROKVyBuBD3LXMyvmdTklsaxSRY3PcZdOohlr
508 recgVPpVS7B+d9g4EwtZXIh4lodTBDHBBw==
509 -----END CERTIFICATE-----
510 )";
511
512 // kX25519 is the example X25519 certificate from
513 // https://tools.ietf.org/html/rfc8410#section-10.2
514 static const char kX25519Cert[] = R"(
515 -----BEGIN CERTIFICATE-----
516 MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
517 N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
518 DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
519 ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
520 BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
521 /BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
522 w1AH9efZBw==
523 -----END CERTIFICATE-----
524 )";
525
526 // kSANTypesLeaf is a leaf certificate (signed by |kSANTypesRoot|) which
527 // contains SANS for example.com, test@example.com, 127.0.0.1, and
528 // https://example.com/. (The latter is useless for now since crypto/x509
529 // doesn't deal with URI SANs directly.)
530 static const char kSANTypesLeaf[] = R"(
531 -----BEGIN CERTIFICATE-----
532 MIIClzCCAgCgAwIBAgIJAOjwnT/iW+qmMA0GCSqGSIb3DQEBCwUAMCsxFzAVBgNV
533 BAoTDkJvcmluZ1NTTCBUZXN0MRAwDgYDVQQDEwdSb290IENBMB4XDTE1MDEwMTAw
534 MDAwMFoXDTI1MDEwMTAwMDAwMFowLzEXMBUGA1UEChMOQm9yaW5nU1NMIFRlc3Qx
535 FDASBgNVBAMTC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
536 gQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+l3mYQPtPbRT9
537 KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB1NkrKyQjd1sc
538 O711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQABo4G+MIG7MA4G
539 A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
540 VR0TAQH/BAIwADAZBgNVHQ4EEgQQn5EWH0NDPkmm3m22gNefYDAbBgNVHSMEFDAS
541 gBBAN9cB+0AvuBx+VAQnjFkBMEQGA1UdEQQ9MDuCC2V4YW1wbGUuY29tgRB0ZXN0
542 QGV4YW1wbGUuY29thwR/AAABhhRodHRwczovL2V4YW1wbGUuY29tLzANBgkqhkiG
543 9w0BAQsFAAOBgQBtwJvY6+Tk6D6DOtDVaNoJ5y8E25CCuE/Ga4OuIcYJas+yLckf
544 dZwUV3GUG2oBXl2MrpUFxXd4hKBO1CmlBY+hZEeIx0Yp6QWK9P/vnZeydOTP26mk
545 jusJ2PqSmtKNU1Zcaba4d29oFejmOAfeguhR8AHpsc/zHEaS5Q9cJsuJcw==
546 -----END CERTIFICATE-----
547 )";
548
549 // -----BEGIN RSA PRIVATE KEY-----
550 // MIICWwIBAAKBgQDbRn2TLhInBki8Bighq37EtqJd/h5SRYh6NkelCA2SQlvCgcC+
551 // l3mYQPtPbRT9KxOLwqUuZ9jUCZ7WIji3Sgt0cyvCNPHRk+WW2XR781ifbGE8wLBB
552 // 1NkrKyQjd1scO711Xc4gVM+hY4cdHiTE8x0aUIuqthRD7ZendWL0FMhS1wIDAQAB
553 // AoGACwf7z0i1DxOI2zSwFimLghfyCSp8mgT3fbZ3Wj0SebYu6ZUffjceneM/AVrq
554 // gGYHYLOVHcWJqfkl7X3hPo9SDhzLx0mM545/q21ZWCwjhswH7WiCEqV2/zeDO9WU
555 // NIO1VU0VoLm0AQ7ZvwnyB+fpgF9kkkDtbBJW7XWrfNVtlnECQQD97YENpEJ3X1kj
556 // 3rrkrHWDkKAyoWWY1i8Fm7LnganC9Bv6AVwgn5ZlE/479aWHF8vbOFEA3pFPiNZJ
557 // t9FTCfpJAkEA3RCXjGI0Y6GALFLwEs+nL/XZAfJaIpJEZVLCVosYQOSaMS4SchfC
558 // GGYVquT7ZgKk9uvz89Fg87OtBMWS9lrkHwJADGkGLKeBhBoJ3kHtem2fVK3F1pOi
559 // xoR5SdnhNYVVyaxqjZ5xZTrHe+stOrr3uxGDqhQniVZXXb6/Ul0Egv1y2QJAVg/h
560 // kAujba4wIhFf2VLyOZ+yjil1ocPj0LZ5Zgvcs1bMGJ1hHP3W2HzVrqRaowoggui1
561 // HpTC891dXGA2qKYV7QJAFDmT2A7OVvh3y4AEgzVwHrDmCMwMHKjCIntS7fjxrJnF
562 // YvJUG1zoHwUVrxxbR3DbpTODlktLcl/0b97D0IkH3w==
563 // -----END RSA PRIVATE KEY-----
564
565 static const char kSANTypesRoot[] = R"(
566 -----BEGIN CERTIFICATE-----
567 MIICTTCCAbagAwIBAgIIAj5CwoHlWuYwDQYJKoZIhvcNAQELBQAwKzEXMBUGA1UE
568 ChMOQm9yaW5nU1NMIFRlc3QxEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTUwMTAxMDAw
569 MDAwWhcNMjUwMTAxMDAwMDAwWjArMRcwFQYDVQQKEw5Cb3JpbmdTU0wgVGVzdDEQ
570 MA4GA1UEAxMHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6Q5/
571 EQzmWuaGg3D2UQcuAngR9bIkkjjuJmICx5TxPqF3asCP1SJotl3iTNrghRE1wpJy
572 SY2BtIiXa7f8skRb2U0GcPkMxo/ps9+jaoRsQ1m+nbLQdpvD1/qZWcO45fNTA71J
573 1rPMokP+rcILuQG4VimUAySnDSghKamulFtK+Z8CAwEAAaN6MHgwDgYDVR0PAQH/
574 BAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E
575 BTADAQH/MBkGA1UdDgQSBBBAN9cB+0AvuBx+VAQnjFkBMBsGA1UdIwQUMBKAEEA3
576 1wH7QC+4HH5UBCeMWQEwDQYJKoZIhvcNAQELBQADgYEAc4N6hTE62/3gwg+kyc2f
577 c/Jj1mHrOt+0NRaBnmvbmNpsEjHS96Ef4Wt/ZlPXPkkv1C1VosJnOIMF3Q522wRH
578 bqaxARldS12VAa3gcWisDWD+SqSyDxjyojz0XDiJkTrFuCTCUiZO+1GLB7SO10Ms
579 d5YVX0c90VMnUhF/dlrqS9U=
580 -----END CERTIFICATE-----
581 )";
582
583 // -----BEGIN RSA PRIVATE KEY-----
584 // MIICXAIBAAKBgQDpDn8RDOZa5oaDcPZRBy4CeBH1siSSOO4mYgLHlPE+oXdqwI/V
585 // Imi2XeJM2uCFETXCknJJjYG0iJdrt/yyRFvZTQZw+QzGj+mz36NqhGxDWb6dstB2
586 // m8PX+plZw7jl81MDvUnWs8yiQ/6twgu5AbhWKZQDJKcNKCEpqa6UW0r5nwIDAQAB
587 // AoGALEF5daZqc+aEsp8X1yky3nsoheyPL0kqSBWii33IFemZgKcSaRnAoqjPWWLS
588 // 8dHj0I/4rej2MW8iuezVSpDak9tK5boHORC3w4p/wifkizQkLt1DANxTVbzcKvrt
589 // aZ7LjVaKkhjRJbLddniowFHkkWVbUccjvzcUd7Y2VuLbAhECQQDq4FE88aHio8zg
590 // bxSd0PwjEFwLYQTR19u812SoR8PmR6ofIL+pDwOV+fVs+OGcAAOgkhIukOrksQ4A
591 // 1cKtnyhXAkEA/gRI+u3tZ7UE1twIkBfZ6IvCdRodkPqHAYIxMRLzL+MhyZt4MEGc
592 // Ngb/F6U9/WOBFnoR/PI7IwE3ejutzKcL+QJBAKh+6eilk7QKPETZi1m3/dmNt+p1
593 // 3EZJ65pqjwxmB3Rg/vs7vCMk4TarTdSyKu+F1xRPFfoP/mK3Xctdjj6NyhsCQAYF
594 // 7/0TOzfkUPMPUJyqFB6xgbDpJ55ScnUUsznoqx+NkTWInDb4t02IqO/UmT2y6FKy
595 // Hk8TJ1fTJY+ebqaVp3ECQApx9gQ+n0zIhx97FMUuiRse73xkcW4+pZ8nF+8DmeQL
596 // /JKuuFGmzkG+rUbXFmo/Zg2ozVplw71NnQJ4znPsf7A=
597 // -----END RSA PRIVATE KEY-----
598
599 // The following four certificates were generated with this Go program, varying
600 // |includeNetscapeExtension| and defining rootKeyPEM and rootCertPEM to be
601 // strings containing the kSANTypesRoot, above.
602
603 // package main
604
605 // import (
606 // "crypto/ecdsa"
607 // "crypto/elliptic"
608 // "crypto/rand"
609 // "crypto/x509"
610 // "crypto/x509/pkix"
611 // "encoding/asn1"
612 // "encoding/pem"
613 // "math/big"
614 // "os"
615 // "time"
616 // )
617
618 // const includeNetscapeExtension = true
619
620 // func main() {
621 // block, _ := pem.Decode([]byte(rootKeyPEM))
622 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
623 // block, _ = pem.Decode([]byte(rootCertPEM))
624 // root, _ := x509.ParseCertificate(block.Bytes)
625
626 // interTemplate := &x509.Certificate{
627 // SerialNumber: big.NewInt(2),
628 // Subject: pkix.Name{
629 // CommonName: "No Basic Constraints (Netscape)",
630 // },
631 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
632 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
633 // }
634
635 // if includeNetscapeExtension {
636 // interTemplate.ExtraExtensions = []pkix.Extension{
637 // pkix.Extension{
638 // Id: asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113730, 1, 1}),
639 // Value: []byte{0x03, 0x02, 2, 0x04},
640 // },
641 // }
642 // } else {
643 // interTemplate.KeyUsage = x509.KeyUsageCertSign
644 // }
645
646 // interKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
647
648 // interDER, err := x509.CreateCertificate(rand.Reader, interTemplate, root, &interKey.PublicKey, rootPriv)
649 // if err != nil {
650 // panic(err)
651 // }
652
653 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: interDER})
654
655 // inter, _ := x509.ParseCertificate(interDER)
656
657 // leafTemplate := &x509.Certificate{
658 // SerialNumber: big.NewInt(3),
659 // Subject: pkix.Name{
660 // CommonName: "Leaf from CA with no Basic Constraints",
661 // },
662 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
663 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
664 // BasicConstraintsValid: true,
665 // }
666 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
667
668 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, inter, &leafKey.PublicKey, interKey)
669 // if err != nil {
670 // panic(err)
671 // }
672
673 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
674 // }
675
676 // kNoBasicConstraintsCertSignIntermediate doesn't have isCA set, but contains
677 // certSign in the keyUsage.
678 static const char kNoBasicConstraintsCertSignIntermediate[] = R"(
679 -----BEGIN CERTIFICATE-----
680 MIIBqjCCAROgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
681 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
682 MDk5MDEwMTAwMDAwMFowHzEdMBsGA1UEAxMUTm8gQmFzaWMgQ29uc3RyYWludHMw
683 WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASEFMblfxIEDO8My7wHtHWTuDzNyID1
684 OsPkMGkn32O/pSyXxXuAqDeFoMVffUMTyfm8JcYugSEbrv2qEXXM4bZRoy8wLTAO
685 BgNVHQ8BAf8EBAMCAgQwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQEJ4xZATANBgkq
686 hkiG9w0BAQsFAAOBgQC1Lh6hIAm3K5kRh5iIydU0YAEm7eV6ZSskERDUq3DLJyl9
687 ZUZCHUzvb464dkwZjeNzaUVS1pdElJslwX3DtGgeJLJGCnk8zUjBjaNrrDm0kzPW
688 xKt/6oif1ci/KCKqKNXJAIFbc4e+IiBpenwpxHk3If4NM+Ek0nKoO8Uj0NkgTQ==
689 -----END CERTIFICATE-----
690 )";
691
692 static const char kNoBasicConstraintsCertSignLeaf[] = R"(
693 -----BEGIN CERTIFICATE-----
694 MIIBUDCB96ADAgECAgEDMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMTFE5vIEJhc2lj
695 IENvbnN0cmFpbnRzMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkwMTAxMDAwMDAwWjAx
696 MS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNpYyBDb25zdHJhaW50
697 czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEsYPMwzdJKjB+2gpC90ib2ilHoB
698 w/arQ6ikUX0CNUDDaKaOu/jF39ogzVlg4lDFrjCKShSfCCcrwgONv70IZGijEDAO
699 MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgbV7R99yM+okXSIs6Fp3o
700 eCOXiDL60IBxaTOcLS44ywcCIQDbn87Gj5cFgHBYAkzdHqDsyGXkxQTHDq9jmX24
701 Djy3Zw==
702 -----END CERTIFICATE-----
703 )";
704
705 // kNoBasicConstraintsNetscapeCAIntermediate doesn't have isCA set, but contains
706 // a Netscape certificate-type extension that asserts a type of "SSL CA".
707 static const char kNoBasicConstraintsNetscapeCAIntermediate[] = R"(
708 -----BEGIN CERTIFICATE-----
709 MIIBuDCCASGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
710 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
711 MDk5MDEwMTAwMDAwMFowKjEoMCYGA1UEAxMfTm8gQmFzaWMgQ29uc3RyYWludHMg
712 KE5ldHNjYXBlKTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCeMbmCaOtMzXBqi
713 PrCdNOH23CkaawUA+pAezitAN4RXS1O2CGK5sJjGPVVeogROU8G7/b+mU+ciZIzH
714 1PP8FJKjMjAwMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEwEQYJYIZIAYb4
715 QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GBAAgNWjh7cfBTClTAk+Ml//5xb9Ju
716 tkBhG6Rm+kkMD+qiSMO6t7xS7CsA0+jIBjkdEYaLZ3oxtQCBdZsVNxUvRxZ0AUfF
717 G3DtRFTsrI1f7IQhpMuqEMF4shPW+5x54hrq0Fo6xMs6XoinJZcTUaaB8EeXRF6M
718 P9p6HuyLrmn0c/F0
719 -----END CERTIFICATE-----
720 )";
721
722 static const char kNoBasicConstraintsNetscapeCALeaf[] = R"(
723 -----BEGIN CERTIFICATE-----
724 MIIBXDCCAQKgAwIBAgIBAzAKBggqhkjOPQQDAjAqMSgwJgYDVQQDEx9ObyBCYXNp
725 YyBDb25zdHJhaW50cyAoTmV0c2NhcGUpMCAXDTAwMDEwMTAwMDAwMFoYDzIwOTkw
726 MTAxMDAwMDAwWjAxMS8wLQYDVQQDEyZMZWFmIGZyb20gQ0Egd2l0aCBubyBCYXNp
727 YyBDb25zdHJhaW50czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDlJKolDu3R2
728 tPqSDycr0QJcWhxdBv76V0EEVflcHRxED6vAioTEcnQszt1OfKtBZvjlo0yp6i6Q
729 DaYit0ZInmWjEDAOMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAJsh
730 aZL6BHeEfoUBj1oZ2Ln91qzj3UCVMJ+vrmwAFdYyAiA3wp2JphgchvmoUFuzPXwj
731 XyPwWPbymSTpzKhB4xB7qQ==
732 -----END CERTIFICATE-----
733 )";
734
735 static const char kSelfSignedMismatchAlgorithms[] = R"(
736 -----BEGIN CERTIFICATE-----
737 MIIFMjCCAxqgAwIBAgIJAL0mG5fOeJ7xMA0GCSqGSIb3DQEBDQUAMC0xCzAJBgNV
738 BAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFRlc3QwIBcNMTgwOTE3
739 MTIxNzU3WhgPMjExODA4MjQxMjE3NTdaMC0xCzAJBgNVBAYTAkdCMQ8wDQYDVQQH
740 DAZMb25kb24xDTALBgNVBAoMBFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
741 ggIKAoICAQDCMhBrRAGGw+n2GdctBr/cEK4FZA6ajiHjihgpCHoSBdyL4R2jGKLS
742 g0WgaMXa1HpkKN7LcIySosEBPlmcRkr1RqbEvQStOSvoFCXYvtx3alM6HTbXMcDR
743 mqoKoABP6LXsPSoMWIgqMtP2X9EOppzHVIK1yFYFfbIlvYUV2Ka+MuMe0Vh5wvD1
744 4GanPb+cWSKgdRSVQovCCMY3yWtZKVEaxRpCsk/mYYIFWz0tcgMjIKwDx1XXgiAV
745 nU6NK43xbaw3XhtnaD/pv9lhTTbNrlcln9LjTD097BaK4R+1AEPHnpfxA9Ui3upn
746 kbsNUdGdOB0ksZi/vd7lh833YgquQUIAhYrbfvq/HFCpVV1gljzlS3sqULYpLE//
747 i3OsuL2mE+CYIJGpIi2GeJJWXciNMTJDOqTn+fRDtVb4RPp4Y70DJirp7XzaBi3q
748 H0edANCzPSRCDbZsOhzIXhXshldiXVRX666DDlbMQgLTEnNKrkwv6DmU8o15XQsb
749 8k1Os2YwXmkEOxUQ7AJZXVTZSf6UK9Znmdq1ZrHjybMfRUkHVxJcnKvrxfryralv
750 gzfvu+D6HuxrCo3Ojqa+nDgIbxKEBtdrcsMhq1jWPFhjwo1fSadAkKOfdCAuXJRD
751 THg3b4Sf+W7Cpc570YHrIpBf7WFl2XsPcEM0mJZ5+yATASCubNozQwIDAQABo1Mw
752 UTAdBgNVHQ4EFgQUES0hupZSqY21JOba10QyZuxm91EwHwYDVR0jBBgwFoAUES0h
753 upZSqY21JOba10QyZuxm91EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsF
754 AAOCAgEABTN5S30ng/RMpBweDm2N561PdpaCdiRXtAFCRVWR2mkDYC/Xj9Vqe6be
755 PyM7L/5OKYVjzF1yJu67z/dx+ja5o+41g17jdqla7hyPx+9B4uRyDh+1KJTa+duj
756 mw/aA1LCr6O6W4WizDOsChJ6FaB2Y1+GlFnKWb5nUdhVJqXQE1WOX9dZnw8Y4Npd
757 VmAsjWot0BZorJrt3fwfcv3QfA896twkbo7Llv/8qzg4sXZXZ4ZtgAOqnPngiSn+
758 JT/vYCXZ406VvAFpFqMcVz2dO/VGuL8lGIMHRKNyafrsV81EzH1W/XmRWOgvgj6r
759 yQI63ln/AMY72HQ97xLkE1xKunGz6bK5Ug5+O43Uftc4Mb6MUgzo+ZqEQ3Ob+cAV
760 cvjmtwDaPO/O39O5Xq0tLTlkn2/cKf4OQ6S++GDxzyRVHh5JXgP4j9+jfZY57Woy
761 R1bE7N50JjY4cDermBJKdlBIjL7UPhqmLyaG7V0hBitFlgGBUCcJtJOV0xYd5aF3
762 pxNkvMXhBmh95fjxJ0cJjpO7tN1RAwtMMNgsl7OUbuVRQCHOPW5DgP5qY21jDeRn
763 BY82382l+9QzykmJLI5MZnmj4BA9uIDCwMtoTTvP++SsvhUAbuvh7MOOUQL0EY4m
764 KStYq7X9PKseN+PvmfeoffIKc5R/Ha39oi7cGMVHCr8aiEhsf94=
765 -----END CERTIFICATE-----
766 )";
767
768 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
769 // *.host1.test as the common name and a SAN list of *.host2.test and
770 // foo.host3.test.
771 static const char kCommonNameWithSANs[] = R"(
772 -----BEGIN CERTIFICATE-----
773 MIIB2zCCAUSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
774 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
775 MDk5MDEwMTAwMDAwMFowNzEeMBwGA1UEChMVQ29tbW9uIG5hbWUgd2l0aCBTQU5z
776 MRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
777 AASgWzfnFnpQrokSLIC+LhCKJDUAY/2usfIDpOnafYoYCasbYetkmOslgyY4Nn07
778 zjvjNROprA/0bdULXAkdL9bNo0gwRjAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
779 jFkBMCcGA1UdEQQgMB6CDCouaG9zdDIudGVzdIIOZm9vLmhvc3QzLnRlc3QwDQYJ
780 KoZIhvcNAQELBQADgYEAtv2e3hBhsslXB1HTxgusjoschWOVtvGZUaYlhkKzKTCL
781 4YpDn50BccnucBU/b9phYvaEZtyzOv4ZXhxTGyLnLrIVB9x5ikfCcfl+LNYNjDwM
782 enm/h1zOfJ7wXLyscD4kU29Wc/zxBd70thIgLYn16CC1S9NtXKsXXDXv5VVH/bg=
783 -----END CERTIFICATE-----
784 )";
785
786 // kCommonNameWithSANs is a leaf certificate signed by kSANTypesRoot, with
787 // *.host1.test as the common name and no SAN list.
788 static const char kCommonNameWithoutSANs[] = R"(
789 -----BEGIN CERTIFICATE-----
790 MIIBtTCCAR6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
791 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
792 MDk5MDEwMTAwMDAwMFowOjEhMB8GA1UEChMYQ29tbW9uIG5hbWUgd2l0aG91dCBT
793 QU5zMRUwEwYDVQQDDAwqLmhvc3QxLnRlc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB
794 BwNCAARt2vjlIrPE+kr11VS1rRP/AYQu4fvf1bNw/K9rwYlVBhmLMPYasEmpCtKE
795 0bDIFydtDYC3wZDpSS+YiaG40sdAox8wHTAbBgNVHSMEFDASgBBAN9cB+0AvuBx+
796 VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHRbIeaCEytOpJpw9O2dlB656AHe1+t5
797 4JiS5mvtzoVOLn7fFk5EFQtZS7sG1Uc2XjlSw+iyvFoTFEqfKyU/mIdc2vBuPwA2
798 +YXT8aE4S+UZ9oz5j0gDpikGnkSCW0cyHD8L8fntNjaQRSaM482JpmtdmuxClmWO
799 pFFXI2B5usgI
800 -----END CERTIFICATE-----
801 )";
802
803 // kCommonNameWithEmailSAN is a leaf certificate signed by kSANTypesRoot, with
804 // *.host1.test as the common name and the email address test@host2.test in the
805 // SAN list.
806 static const char kCommonNameWithEmailSAN[] = R"(
807 -----BEGIN CERTIFICATE-----
808 MIIBvDCCASWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
809 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
810 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
811 zj0CAQYIKoZIzj0DAQcDQgAEtevOxcTjpPzlNGoUMFfZyr1k03/Hiuh+EsnuScDs
812 8XLKi6fDkvSaDClI99ycabQZRPIrvyT+dglDC6ugQd+CYqNJMEcwDAYDVR0TAQH/
813 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMBoGA1UdEQQTMBGBD3Rl
814 c3RAaG9zdDIudGVzdDANBgkqhkiG9w0BAQsFAAOBgQCGbqb78OWJWl4zb+qw0Dz2
815 HJgZZJt6/+nNG/XJKdaYeS4eofsbwsJI4fuuOF6ZvYCJxVNtGqdfZDgycvFA9hjv
816 NGosBF1/spP17cmzTahLjxs71jDvHV/EQJbKGl/Zpta1Em1VrzSrwoOFabPXzZTJ
817 aet/mER21Z/9ZsTUoJQPJw==
818 -----END CERTIFICATE-----
819 )";
820
821 // kCommonNameWithIPSAN is a leaf certificate signed by kSANTypesRoot, with
822 // *.host1.test as the common name and the IP address 127.0.0.1 in the
823 // SAN list.
824 static const char kCommonNameWithIPSAN[] = R"(
825 -----BEGIN CERTIFICATE-----
826 MIIBsTCCARqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
827 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
828 MDk5MDEwMTAwMDAwMFowFzEVMBMGA1UEAwwMKi5ob3N0MS50ZXN0MFkwEwYHKoZI
829 zj0CAQYIKoZIzj0DAQcDQgAEFKrgkxm8PysXbwnHQeTD3p8YY0+sY4ssnZgmj8wX
830 KTyn893fdBHWlz71GO6t82wMTF5d+ZYwI2XU52pfl4SB2aM+MDwwDAYDVR0TAQH/
831 BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA8GA1UdEQQIMAaHBH8A
832 AAEwDQYJKoZIhvcNAQELBQADgYEAQWZ8Oj059ZjS109V/ijMYT28xuAN5n6HHxCO
833 DopTP56Zu9+gme5wTETWEfocspZvgecoUOcedTFoKSQ7JafO09NcVLA+D6ddYpju
834 mgfuiLy9dDhqvX/NHaLBMxOBWWbOLwWE+ibyX+pOzjWRCw1L7eUXOr6PhZAOQsmU
835 D0+O6KI=
836 -----END CERTIFICATE-----
837 )";
838
839 // kConstrainedIntermediate is an intermediate signed by kSANTypesRoot, with
840 // permitted DNS names of permitted1.test and foo.permitted2.test and an
841 // excluded DNS name of excluded.permitted1.test. Its private key is:
842 //
843 // -----BEGIN PRIVATE KEY-----
844 // MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTXUM4tJWM7OzATty
845 // JhNOfIv/d8heWFBeKOfMR+RfaROhRANCAASbbbWYiN6mn+BCpg4XNpibOH0D/DN4
846 // kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzKLY1y
847 // -----END PRIVATE KEY-----
848 static const char kConstrainedIntermediate[] = R"(
849 -----BEGIN CERTIFICATE-----
850 MIICDjCCAXegAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
851 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
852 MDk5MDEwMTAwMDAwMFowKDEmMCQGA1UEAxMdTmFtZSBDb25zdHJhaW50cyBJbnRl
853 cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASbbbWYiN6mn+BCpg4X
854 NpibOH0D/DN4kZ5C/Ml2YVomC9T83OKk2CzB8fPAabPb4P4Vv+fIabpEfjWS5nzK
855 LY1yo4GJMIGGMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0jBBQwEoAQQDfXAftAL7gc
856 flQEJ4xZATBWBgNVHR4BAf8ETDBKoCowEYIPcGVybWl0dGVkMS50ZXN0MBWCE2Zv
857 by5wZXJtaXR0ZWQyLnRlc3ShHDAaghhleGNsdWRlZC5wZXJtaXR0ZWQxLnRlc3Qw
858 DQYJKoZIhvcNAQELBQADgYEAFq1Ka05hiKREwRpSceQPzIIH4B5a5IVBg5/EvmQI
859 9V0fXyAE1GmahPt70sIBxIgzNTEaY8P/IoOuCdlZWe0msmyEO3S6YSAzOWR5Van6
860 cXmFM1uMd95TlkxUMRdV+jKJTvG6R/BM2zltaV7Xt662k5HtzT5Svw0rZlFaggZz
861 UyM=
862 -----END CERTIFICATE-----
863 )";
864
865 // kCommonNamePermittedLeaf is a leaf certificate signed by
866 // kConstrainedIntermediate. Its common name is permitted by the name
867 // constraints.
868 static const char kCommonNamePermittedLeaf[] = R"(
869 -----BEGIN CERTIFICATE-----
870 MIIBaDCCAQ2gAwIBAgIBAzAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
871 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
872 MTAwMDAwMFowPjEeMBwGA1UEChMVQ29tbW9uIG5hbWUgcGVybWl0dGVkMRwwGgYD
873 VQQDExNmb28ucGVybWl0dGVkMS50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
874 QgAENX5Ycs8q8MRzPYUz6DqLHhJR3wcmniFRgkiEa7MxE/mRe00y0VGwH7xi7Aoc
875 emXPrtD4JwN5bssbcxWGAKYYzaMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD
876 AgNJADBGAiEAtsnWuRQXtw2xbieC78Y8SVEtTjcZUx8uZyQe1GPLfGICIQDR4fNY
877 yg3PC94ydPNQZVsFxAne32CbonWWsokalTFpUQ==
878 -----END CERTIFICATE-----
879 )";
880 static const char kCommonNamePermitted[] = "foo.permitted1.test";
881
882 // kCommonNameNotPermittedLeaf is a leaf certificate signed by
883 // kConstrainedIntermediate. Its common name is not permitted by the name
884 // constraints.
885 static const char kCommonNameNotPermittedLeaf[] = R"(
886 -----BEGIN CERTIFICATE-----
887 MIIBazCCARCgAwIBAgIBBDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
888 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
889 MTAwMDAwMFowQTEiMCAGA1UEChMZQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZDEb
890 MBkGA1UEAxMSbm90LXBlcm1pdHRlZC50ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
891 AQcDQgAEzfghKuWf0JoXb0Drp09C3yXMSQQ1byt+AUaymvsHOWsxQ9v1Q+vkF/IM
892 HRqGTk2TyxrB2iClVEn/Uu+YtYox1KMQMA4wDAYDVR0TAQH/BAIwADAKBggqhkjO
893 PQQDAgNJADBGAiEAxaUslxmoWL1tIvnDz7gDkto/HcmdU0jHVuUQLXcCG8wCIQCN
894 5xZjitlCQU8UB5qSu9wH4B+0JcVO3Ss4Az76HEJWMw==
895 -----END CERTIFICATE-----
896 )";
897 static const char kCommonNameNotPermitted[] = "not-permitted.test";
898
899 // kCommonNameNotPermittedWithSANsLeaf is a leaf certificate signed by
900 // kConstrainedIntermediate. Its common name is not permitted by the name
901 // constraints but it has a SAN list.
902 static const char kCommonNameNotPermittedWithSANsLeaf[] = R"(
903 -----BEGIN CERTIFICATE-----
904 MIIBqTCCAU+gAwIBAgIBBjAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
905 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
906 MTAwMDAwMFowSzEsMCoGA1UEChMjQ29tbW9uIG5hbWUgbm90IHBlcm1pdHRlZCB3
907 aXRoIFNBTlMxGzAZBgNVBAMTEm5vdC1wZXJtaXR0ZWQudGVzdDBZMBMGByqGSM49
908 AgEGCCqGSM49AwEHA0IABKsn9wOApXFHrqhLdQgbFSeaSoAIbxgO0zVSRZUb5naR
909 93zoL3MFOvZEF8xiEqh7le+l3XuUig0fwqpcsZzRNJajRTBDMAwGA1UdEwEB/wQC
910 MAAwMwYDVR0RBCwwKoITZm9vLnBlcm1pdHRlZDEudGVzdIITZm9vLnBlcm1pdHRl
911 ZDIudGVzdDAKBggqhkjOPQQDAgNIADBFAiACk+1f184KkKAXuntmrz+Ygcq8MiZl
912 4delx44FtcNaegIhAIA5nYfzxNcTXxDo3U+x1vSLH6Y7faLvHiFySp7O//q+
913 -----END CERTIFICATE-----
914 )";
915 static const char kCommonNameNotPermittedWithSANs[] = "not-permitted.test";
916
917 // kCommonNameNotDNSLeaf is a leaf certificate signed by
918 // kConstrainedIntermediate. Its common name is not a DNS name.
919 static const char kCommonNameNotDNSLeaf[] = R"(
920 -----BEGIN CERTIFICATE-----
921 MIIBYTCCAQagAwIBAgIBCDAKBggqhkjOPQQDAjAoMSYwJAYDVQQDEx1OYW1lIENv
922 bnN0cmFpbnRzIEludGVybWVkaWF0ZTAgFw0wMDAxMDEwMDAwMDBaGA8yMDk5MDEw
923 MTAwMDAwMFowNzEcMBoGA1UEChMTQ29tbW9uIG5hbWUgbm90IEROUzEXMBUGA1UE
924 AxMOTm90IGEgRE5TIG5hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASnueyc
925 Zxtnw5ke2J2T0/LwAK37auQP/RSFd9mem+BJVbgviawtAlignJmafp7Zw4/GdYEJ
926 Vm8qlriOJtluvXGcoxAwDjAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYC
927 IQChUAmVNI39VHe0zemRE09VDcSEgOxr1nTvjLcg/Q8pVQIhAJYZnJI0YZAi05QH
928 RHNlAkTK2TnUaVn3fGSylaLiFS1r
929 -----END CERTIFICATE-----
930 )";
931 static const char kCommonNameNotDNS[] = "Not a DNS name";
932
933 // The following six certificates are issued by |kSANTypesRoot| and have
934 // different extended key usage values. They were created with the following
935 // Go program:
936 //
937 // func main() {
938 // block, _ := pem.Decode([]byte(rootKeyPEM))
939 // rootPriv, _ := x509.ParsePKCS1PrivateKey(block.Bytes)
940 // block, _ = pem.Decode([]byte(rootCertPEM))
941 // root, _ := x509.ParseCertificate(block.Bytes)
942 //
943 // leafTemplate := &x509.Certificate{
944 // SerialNumber: big.NewInt(3),
945 // Subject: pkix.Name{
946 // CommonName: "EKU msSGC",
947 // },
948 // NotBefore: time.Date(2000, time.January, 1, 0, 0, 0, 0, time.UTC),
949 // NotAfter: time.Date(2099, time.January, 1, 0, 0, 0, 0, time.UTC),
950 // BasicConstraintsValid: true,
951 // ExtKeyUsage: []x509.ExtKeyUsage{FILL IN HERE},
952 // }
953 // leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
954 // leafDER, err := x509.CreateCertificate(rand.Reader, leafTemplate, root, &leafKey.PublicKey, rootPriv)
955 // if err != nil {
956 // panic(err)
957 // }
958 // pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: leafDER})
959 // }
960
961 static const char kMicrosoftSGCCert[] = R"(
962 -----BEGIN CERTIFICATE-----
963 MIIBtDCCAR2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
964 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
965 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
966 AQYIKoZIzj0DAQcDQgAEEn61v3Vs+q6bTyyRnrJvuKBE8PTNVLbXGB52jig4Qse2
967 mGygNEysS0uzZ0luz+rn2hDRUFL6sHLUs1d8UMbI/6NEMEIwFQYDVR0lBA4wDAYK
968 KwYBBAGCNwoDAzAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5U
969 BCeMWQEwDQYJKoZIhvcNAQELBQADgYEAgDQI9RSo3E3ZVnU71TV/LjG9xwHtfk6I
970 rlNnlJJ0lsTHAuMc1mwCbzhtsmasetwYlIa9G8GFWB9Gh/QqHA7G649iGGmXShqe
971 aVDuWgeSEJxBPE2jILoMm4pEYF7jfonTn7XXX6O78yuSlP+NPIU0gUKHkWZ1sWk0
972 cC4l0r/6jik=
973 -----END CERTIFICATE-----
974 )";
975
976 static const char kNetscapeSGCCert[] = R"(
977 -----BEGIN CERTIFICATE-----
978 MIIBszCCARygAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
979 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
980 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
981 AQYIKoZIzj0DAQcDQgAE3NbT+TnBfq1DWJCezjaUL52YhDU7cOkI2S2PoWgJ1v7x
982 kKLwBonUFZjppZs69SyBHeJdti+KoJ3qTW+hCG08EaNDMEEwFAYDVR0lBA0wCwYJ
983 YIZIAYb4QgQBMAwGA1UdEwEB/wQCMAAwGwYDVR0jBBQwEoAQQDfXAftAL7gcflQE
984 J4xZATANBgkqhkiG9w0BAQsFAAOBgQBuiyVcfazekHkCWksxdFmjPmMtWCxFjkzc
985 8VBxFE0CfSHQAfZ8J7tXd1FbAq/eXdZvvo8v0JB4sOM4Ex1ob1fuvDFHdSAHAD7W
986 dhKIjJyzVojoxjCjyue0XMeEPl7RiqbdxoS/R5HFAqAF0T2OeQAqP9gTpOXoau1M
987 RQHX6HQJJg==
988 -----END CERTIFICATE-----
989 )";
990
991 static const char kServerEKUCert[] = R"(
992 -----BEGIN CERTIFICATE-----
993 MIIBsjCCARugAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
994 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
995 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
996 AQYIKoZIzj0DAQcDQgAEDd35i+VWPwIOKLrLWTuP5cqD+yJDB5nujEzPgkXP5LKJ
997 SZRbHTqTdpYZB2jy6y90RY2Bsjx7FfZ7nN5G2g1GOKNCMEAwEwYDVR0lBAwwCgYI
998 KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQn
999 jFkBMA0GCSqGSIb3DQEBCwUAA4GBAIKmbMBjuivL/rxDu7u7Vr3o3cdmEggBJxwL
1000 iatNW3x1wg0645aNYOktW/iQ7mAAiziTY73GFyfiJDWqnY+CwA94ZWyQidjHdN/I
1001 6BR52sN/dkYEoInYEbmDNMc/if+T0yqeBQLP4BeKLiT8p0qqaimae6LgibS19hDP
1002 2hoEMdz2
1003 -----END CERTIFICATE-----
1004 )";
1005
1006 static const char kServerEKUPlusMicrosoftSGCCert[] = R"(
1007 -----BEGIN CERTIFICATE-----
1008 MIIBvjCCASegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1009 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1010 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1011 AQYIKoZIzj0DAQcDQgAEDO1MYPxq+U4oXMIK8UnsS4C696wpcu4UOmcMJJ5CUd5Z
1012 ZpJShN6kYKnrb3GK/6xEgbUGntmrzSRG5FYqk6QgD6NOMEwwHwYDVR0lBBgwFgYI
1013 KwYBBQUHAwEGCisGAQQBgjcKAwMwDAYDVR0TAQH/BAIwADAbBgNVHSMEFDASgBBA
1014 N9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GBAHOu2IBa4lHzVGS36HxS
1015 SejUE87Ji1ysM6BgkYbfxfS9MuV+J3UnqH57JjbH/3CFl4ZDWceF6SGBSCn8LqKa
1016 KHpwoNFU3zA99iQzVJgbUyN0PbKwHEanLyKDJZyFk71R39ToxhSNQgaQYjZYCy1H
1017 5V9oXd1bodEqVsOZ/mur24Ku
1018 -----END CERTIFICATE-----
1019 )";
1020
1021 static const char kAnyEKU[] = R"(
1022 -----BEGIN CERTIFICATE-----
1023 MIIBrjCCARegAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1024 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1025 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1026 AQYIKoZIzj0DAQcDQgAE9nsLABDporlTvx1OBUc4Hd5vxfX+8nS/OhbHmKtFLYNu
1027 1CLLrImbwMQYD2G+PgLO6sQHmASq2jmJKp6ZWsRkTqM+MDwwDwYDVR0lBAgwBgYE
1028 VR0lADAMBgNVHRMBAf8EAjAAMBsGA1UdIwQUMBKAEEA31wH7QC+4HH5UBCeMWQEw
1029 DQYJKoZIhvcNAQELBQADgYEAxgjgn1SAzQ+2GeCicZ5ndvVhKIeFelGCQ989XTVq
1030 uUbAYBW6v8GXNuVzoXYxDgNSanF6U+w+INrJ6daKVrIxAxdk9QFgBXqJoupuRAA3
1031 /OqnmYux0EqOTLbTK1P8DhaiaD0KV6dWGUwzqsgBmPkZ0lgNaPjvb1mKV3jhBkjz
1032 L6A=
1033 -----END CERTIFICATE-----
1034 )";
1035
1036 static const char kNoEKU[] = R"(
1037 -----BEGIN CERTIFICATE-----
1038 MIIBnTCCAQagAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKEw5Cb3Jp
1039 bmdTU0wgVGVzdDEQMA4GA1UEAxMHUm9vdCBDQTAgFw0wMDAxMDEwMDAwMDBaGA8y
1040 MDk5MDEwMTAwMDAwMFowFDESMBAGA1UEAxMJRUtVIG1zU0dDMFkwEwYHKoZIzj0C
1041 AQYIKoZIzj0DAQcDQgAEpSFSqbYY86ZcMamE606dqdyjWlwhSHKOLUFsUUIzkMPz
1042 KHRu/x3Yzi8+Hm8eFK/TnCbkpYsYw4hIw00176dYzaMtMCswDAYDVR0TAQH/BAIw
1043 ADAbBgNVHSMEFDASgBBAN9cB+0AvuBx+VAQnjFkBMA0GCSqGSIb3DQEBCwUAA4GB
1044 AHvYzynIkjLThExHRS+385hfv4vgrQSMmCM1SAnEIjSBGsU7RPgiGAstN06XivuF
1045 T1fNugRmTu4OtOIbfdYkcjavJufw9hR9zWTt77CNMTy9XmOZLgdS5boFTtLCztr3
1046 TXHOSQQD8Dl4BK0wOet+TP6LBEjHlRFjAqK4bu9xpxV2
1047 -----END CERTIFICATE-----
1048 )";
1049
1050 // CertFromPEM parses the given, NUL-terminated pem block and returns an
1051 // |X509*|.
CertFromPEM(const char * pem)1052 static bssl::UniquePtr<X509> CertFromPEM(const char *pem) {
1053 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1054 return bssl::UniquePtr<X509>(
1055 PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
1056 }
1057
1058 // CRLFromPEM parses the given, NUL-terminated pem block and returns an
1059 // |X509_CRL*|.
CRLFromPEM(const char * pem)1060 static bssl::UniquePtr<X509_CRL> CRLFromPEM(const char *pem) {
1061 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1062 return bssl::UniquePtr<X509_CRL>(
1063 PEM_read_bio_X509_CRL(bio.get(), nullptr, nullptr, nullptr));
1064 }
1065
1066 // PrivateKeyFromPEM parses the given, NUL-terminated pem block and returns an
1067 // |EVP_PKEY*|.
PrivateKeyFromPEM(const char * pem)1068 static bssl::UniquePtr<EVP_PKEY> PrivateKeyFromPEM(const char *pem) {
1069 bssl::UniquePtr<BIO> bio(
1070 BIO_new_mem_buf(const_cast<char *>(pem), strlen(pem)));
1071 return bssl::UniquePtr<EVP_PKEY>(
1072 PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
1073 }
1074
1075 // CertsToStack converts a vector of |X509*| to an OpenSSL STACK_OF(X509),
1076 // bumping the reference counts for each certificate in question.
CertsToStack(const std::vector<X509 * > & certs)1077 static bssl::UniquePtr<STACK_OF(X509)> CertsToStack(
1078 const std::vector<X509 *> &certs) {
1079 bssl::UniquePtr<STACK_OF(X509)> stack(sk_X509_new_null());
1080 if (!stack) {
1081 return nullptr;
1082 }
1083 for (auto cert : certs) {
1084 if (!bssl::PushToStack(stack.get(), bssl::UpRef(cert))) {
1085 return nullptr;
1086 }
1087 }
1088
1089 return stack;
1090 }
1091
1092 // CRLsToStack converts a vector of |X509_CRL*| to an OpenSSL
1093 // STACK_OF(X509_CRL), bumping the reference counts for each CRL in question.
CRLsToStack(const std::vector<X509_CRL * > & crls)1094 static bssl::UniquePtr<STACK_OF(X509_CRL)> CRLsToStack(
1095 const std::vector<X509_CRL *> &crls) {
1096 bssl::UniquePtr<STACK_OF(X509_CRL)> stack(sk_X509_CRL_new_null());
1097 if (!stack) {
1098 return nullptr;
1099 }
1100 for (auto crl : crls) {
1101 if (!bssl::PushToStack(stack.get(), bssl::UpRef(crl))) {
1102 return nullptr;
1103 }
1104 }
1105
1106 return stack;
1107 }
1108
1109 static const time_t kReferenceTime = 1474934400 /* Sep 27th, 2016 */;
1110
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags,bool use_additional_untrusted,std::function<void (X509_VERIFY_PARAM *)> configure_callback,int (* verify_callback)(int,X509_STORE_CTX *)=nullptr)1111 static int Verify(X509 *leaf, const std::vector<X509 *> &roots,
1112 const std::vector<X509 *> &intermediates,
1113 const std::vector<X509_CRL *> &crls, unsigned long flags,
1114 bool use_additional_untrusted,
1115 std::function<void(X509_VERIFY_PARAM *)> configure_callback,
1116 int (*verify_callback)(int, X509_STORE_CTX *) = nullptr) {
1117 bssl::UniquePtr<STACK_OF(X509)> roots_stack(CertsToStack(roots));
1118 bssl::UniquePtr<STACK_OF(X509)> intermediates_stack(
1119 CertsToStack(intermediates));
1120 bssl::UniquePtr<STACK_OF(X509_CRL)> crls_stack(CRLsToStack(crls));
1121
1122 if (!roots_stack ||
1123 !intermediates_stack ||
1124 !crls_stack) {
1125 return X509_V_ERR_UNSPECIFIED;
1126 }
1127
1128 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
1129 bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
1130 if (!ctx ||
1131 !store) {
1132 return X509_V_ERR_UNSPECIFIED;
1133 }
1134
1135 if (use_additional_untrusted) {
1136 X509_STORE_set0_additional_untrusted(store.get(),
1137 intermediates_stack.get());
1138 }
1139
1140 if (!X509_STORE_CTX_init(
1141 ctx.get(), store.get(), leaf,
1142 use_additional_untrusted ? nullptr : intermediates_stack.get())) {
1143 return X509_V_ERR_UNSPECIFIED;
1144 }
1145
1146 X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get());
1147 X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());
1148
1149 X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
1150 if (param == nullptr) {
1151 return X509_V_ERR_UNSPECIFIED;
1152 }
1153 X509_VERIFY_PARAM_set_time(param, kReferenceTime);
1154 X509_VERIFY_PARAM_set_depth(param, 16);
1155 if (configure_callback) {
1156 configure_callback(param);
1157 }
1158 if (flags) {
1159 X509_VERIFY_PARAM_set_flags(param, flags);
1160 }
1161 X509_STORE_CTX_set0_param(ctx.get(), param);
1162
1163 ERR_clear_error();
1164 if (X509_verify_cert(ctx.get()) != 1) {
1165 return X509_STORE_CTX_get_error(ctx.get());
1166 }
1167
1168 return X509_V_OK;
1169 }
1170
Verify(X509 * leaf,const std::vector<X509 * > & roots,const std::vector<X509 * > & intermediates,const std::vector<X509_CRL * > & crls,unsigned long flags=0)1171 static int Verify(X509 *leaf, const std::vector<X509 *> &roots,
1172 const std::vector<X509 *> &intermediates,
1173 const std::vector<X509_CRL *> &crls,
1174 unsigned long flags = 0) {
1175 const int r1 =
1176 Verify(leaf, roots, intermediates, crls, flags, false, nullptr);
1177 const int r2 =
1178 Verify(leaf, roots, intermediates, crls, flags, true, nullptr);
1179
1180 if (r1 != r2) {
1181 fprintf(stderr,
1182 "Verify with, and without, use_additional_untrusted gave different "
1183 "results: %d vs %d.\n",
1184 r1, r2);
1185 return false;
1186 }
1187
1188 return r1;
1189 }
1190
TEST(X509Test,TestVerify)1191 TEST(X509Test, TestVerify) {
1192 bssl::UniquePtr<X509> cross_signing_root(CertFromPEM(kCrossSigningRootPEM));
1193 bssl::UniquePtr<X509> root(CertFromPEM(kRootCAPEM));
1194 bssl::UniquePtr<X509> root_cross_signed(CertFromPEM(kRootCrossSignedPEM));
1195 bssl::UniquePtr<X509> intermediate(CertFromPEM(kIntermediatePEM));
1196 bssl::UniquePtr<X509> intermediate_self_signed(
1197 CertFromPEM(kIntermediateSelfSignedPEM));
1198 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
1199 bssl::UniquePtr<X509> leaf_no_key_usage(CertFromPEM(kLeafNoKeyUsagePEM));
1200 bssl::UniquePtr<X509> forgery(CertFromPEM(kForgeryPEM));
1201
1202 ASSERT_TRUE(cross_signing_root);
1203 ASSERT_TRUE(root);
1204 ASSERT_TRUE(root_cross_signed);
1205 ASSERT_TRUE(intermediate);
1206 ASSERT_TRUE(intermediate_self_signed);
1207 ASSERT_TRUE(leaf);
1208 ASSERT_TRUE(forgery);
1209 ASSERT_TRUE(leaf_no_key_usage);
1210
1211 std::vector<X509*> empty;
1212 std::vector<X509_CRL*> empty_crls;
1213 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1214 Verify(leaf.get(), empty, empty, empty_crls));
1215 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1216 Verify(leaf.get(), empty, {intermediate.get()}, empty_crls));
1217
1218 ASSERT_EQ(X509_V_OK,
1219 Verify(leaf.get(), {root.get()}, {intermediate.get()}, empty_crls));
1220 ASSERT_EQ(X509_V_OK,
1221 Verify(leaf.get(), {cross_signing_root.get()},
1222 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1223 ASSERT_EQ(X509_V_OK,
1224 Verify(leaf.get(), {cross_signing_root.get(), root.get()},
1225 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1226
1227 /* This is the “altchains” test – we remove the cross-signing CA but include
1228 * the cross-sign in the intermediates. */
1229 ASSERT_EQ(X509_V_OK,
1230 Verify(leaf.get(), {root.get()},
1231 {intermediate.get(), root_cross_signed.get()}, empty_crls));
1232 ASSERT_EQ(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
1233 Verify(leaf.get(), {root.get()},
1234 {intermediate.get(), root_cross_signed.get()}, empty_crls,
1235 X509_V_FLAG_NO_ALT_CHAINS));
1236 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1237 Verify(forgery.get(), {intermediate_self_signed.get()},
1238 {leaf_no_key_usage.get()}, empty_crls));
1239
1240 /* Test that one cannot skip Basic Constraints checking with a contorted set
1241 * of roots and intermediates. This is a regression test for CVE-2015-1793. */
1242 ASSERT_EQ(X509_V_ERR_INVALID_CA,
1243 Verify(forgery.get(),
1244 {intermediate_self_signed.get(), root_cross_signed.get()},
1245 {leaf_no_key_usage.get(), intermediate.get()}, empty_crls));
1246 }
1247
1248 static const char kHostname[] = "example.com";
1249 static const char kWrongHostname[] = "example2.com";
1250 static const char kEmail[] = "test@example.com";
1251 static const char kWrongEmail[] = "test2@example.com";
1252 static const uint8_t kIP[4] = {127, 0, 0, 1};
1253 static const uint8_t kWrongIP[4] = {127, 0, 0, 2};
1254 static const char kIPString[] = "127.0.0.1";
1255 static const char kWrongIPString[] = "127.0.0.2";
1256
TEST(X509Test,ZeroLengthsWithX509PARAM)1257 TEST(X509Test, ZeroLengthsWithX509PARAM) {
1258 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1259 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
1260 ASSERT_TRUE(leaf);
1261 ASSERT_TRUE(root);
1262
1263 std::vector<X509_CRL *> empty_crls;
1264
1265 struct X509Test {
1266 const char *correct_value;
1267 size_t correct_value_len;
1268 const char *incorrect_value;
1269 size_t incorrect_value_len;
1270 int (*func)(X509_VERIFY_PARAM *, const char *, size_t);
1271 int mismatch_error;
1272 };
1273 const std::vector<X509Test> kTests = {
1274 {kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
1275 X509_VERIFY_PARAM_set1_host, X509_V_ERR_HOSTNAME_MISMATCH},
1276 {kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
1277 X509_VERIFY_PARAM_set1_email, X509_V_ERR_EMAIL_MISMATCH},
1278 };
1279
1280 for (size_t i = 0; i < kTests.size(); i++) {
1281 SCOPED_TRACE(i);
1282 const X509Test &test = kTests[i];
1283
1284 // The correct value should work.
1285 ASSERT_EQ(X509_V_OK,
1286 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1287 [&test](X509_VERIFY_PARAM *param) {
1288 ASSERT_TRUE(test.func(param, test.correct_value,
1289 test.correct_value_len));
1290 }));
1291
1292 // The wrong value should trigger a verification error.
1293 ASSERT_EQ(test.mismatch_error,
1294 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1295 [&test](X509_VERIFY_PARAM *param) {
1296 ASSERT_TRUE(test.func(param, test.incorrect_value,
1297 test.incorrect_value_len));
1298 }));
1299
1300 // Passing zero as the length, unlike OpenSSL, should trigger an error and
1301 // should cause verification to fail.
1302 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1303 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1304 [&test](X509_VERIFY_PARAM *param) {
1305 ASSERT_FALSE(test.func(param, test.correct_value, 0));
1306 }));
1307
1308 // Passing an empty value should be an error when setting and should cause
1309 // verification to fail.
1310 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1311 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1312 [&test](X509_VERIFY_PARAM *param) {
1313 ASSERT_FALSE(test.func(param, nullptr, 0));
1314 }));
1315
1316 // Passing a value with embedded NULs should also be an error and should
1317 // also cause verification to fail.
1318 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1319 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1320 [&test](X509_VERIFY_PARAM *param) {
1321 ASSERT_FALSE(test.func(param, "a", 2));
1322 }));
1323 }
1324
1325 // IP addresses work slightly differently:
1326
1327 // The correct value should still work.
1328 ASSERT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {}, empty_crls, 0,
1329 false, [](X509_VERIFY_PARAM *param) {
1330 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(
1331 param, kIP, sizeof(kIP)));
1332 }));
1333
1334 // Incorrect values should still fail.
1335 ASSERT_EQ(X509_V_ERR_IP_ADDRESS_MISMATCH,
1336 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1337 [](X509_VERIFY_PARAM *param) {
1338 ASSERT_TRUE(X509_VERIFY_PARAM_set1_ip(param, kWrongIP,
1339 sizeof(kWrongIP)));
1340 }));
1341
1342 // Zero length values should trigger an error when setting and cause
1343 // verification to always fail.
1344 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1345 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1346 [](X509_VERIFY_PARAM *param) {
1347 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, kIP, 0));
1348 }));
1349
1350 // ... and so should NULL values.
1351 ASSERT_EQ(X509_V_ERR_INVALID_CALL,
1352 Verify(leaf.get(), {root.get()}, {}, empty_crls, 0, false,
1353 [](X509_VERIFY_PARAM *param) {
1354 ASSERT_FALSE(X509_VERIFY_PARAM_set1_ip(param, nullptr, 0));
1355 }));
1356
1357 // Zero bytes in an IP address are, of course, fine. This is tested above
1358 // because |kIP| contains zeros.
1359 }
1360
TEST(X509Test,ZeroLengthsWithCheckFunctions)1361 TEST(X509Test, ZeroLengthsWithCheckFunctions) {
1362 bssl::UniquePtr<X509> leaf(CertFromPEM(kSANTypesLeaf));
1363
1364 EXPECT_EQ(
1365 1, X509_check_host(leaf.get(), kHostname, strlen(kHostname), 0, nullptr));
1366 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname,
1367 strlen(kWrongHostname), 0, nullptr));
1368
1369 EXPECT_EQ(1, X509_check_email(leaf.get(), kEmail, strlen(kEmail), 0));
1370 EXPECT_NE(1,
1371 X509_check_email(leaf.get(), kWrongEmail, strlen(kWrongEmail), 0));
1372
1373 EXPECT_EQ(1, X509_check_ip(leaf.get(), kIP, sizeof(kIP), 0));
1374 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, sizeof(kWrongIP), 0));
1375
1376 EXPECT_EQ(1, X509_check_ip_asc(leaf.get(), kIPString, 0));
1377 EXPECT_NE(1, X509_check_ip_asc(leaf.get(), kWrongIPString, 0));
1378
1379 // OpenSSL supports passing zero as the length for host and email. We do not
1380 // and it should always fail.
1381 EXPECT_NE(1, X509_check_host(leaf.get(), kHostname, 0, 0, nullptr));
1382 EXPECT_NE(1, X509_check_host(leaf.get(), kWrongHostname, 0, 0, nullptr));
1383
1384 EXPECT_NE(1, X509_check_email(leaf.get(), kEmail, 0, 0));
1385 EXPECT_NE(1, X509_check_email(leaf.get(), kWrongEmail, 0, 0));
1386
1387 EXPECT_NE(1, X509_check_ip(leaf.get(), kIP, 0, 0));
1388 EXPECT_NE(1, X509_check_ip(leaf.get(), kWrongIP, 0, 0));
1389
1390 // Unlike all the other functions, |X509_check_ip_asc| doesn't take a length,
1391 // so it cannot be zero.
1392 }
1393
TEST(X509Test,TestCRL)1394 TEST(X509Test, TestCRL) {
1395 bssl::UniquePtr<X509> root(CertFromPEM(kCRLTestRoot));
1396 bssl::UniquePtr<X509> leaf(CertFromPEM(kCRLTestLeaf));
1397 bssl::UniquePtr<X509_CRL> basic_crl(CRLFromPEM(kBasicCRL));
1398 bssl::UniquePtr<X509_CRL> revoked_crl(CRLFromPEM(kRevokedCRL));
1399 bssl::UniquePtr<X509_CRL> bad_issuer_crl(CRLFromPEM(kBadIssuerCRL));
1400 bssl::UniquePtr<X509_CRL> known_critical_crl(CRLFromPEM(kKnownCriticalCRL));
1401 bssl::UniquePtr<X509_CRL> unknown_critical_crl(
1402 CRLFromPEM(kUnknownCriticalCRL));
1403 bssl::UniquePtr<X509_CRL> unknown_critical_crl2(
1404 CRLFromPEM(kUnknownCriticalCRL2));
1405 bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl(
1406 CRLFromPEM(kAlgorithmMismatchCRL));
1407 bssl::UniquePtr<X509_CRL> algorithm_mismatch_crl2(
1408 CRLFromPEM(kAlgorithmMismatchCRL2));
1409
1410 ASSERT_TRUE(root);
1411 ASSERT_TRUE(leaf);
1412 ASSERT_TRUE(basic_crl);
1413 ASSERT_TRUE(revoked_crl);
1414 ASSERT_TRUE(bad_issuer_crl);
1415 ASSERT_TRUE(known_critical_crl);
1416 ASSERT_TRUE(unknown_critical_crl);
1417 ASSERT_TRUE(unknown_critical_crl2);
1418 ASSERT_TRUE(algorithm_mismatch_crl);
1419 ASSERT_TRUE(algorithm_mismatch_crl2);
1420
1421 EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {root.get()},
1422 {basic_crl.get()}, X509_V_FLAG_CRL_CHECK));
1423 EXPECT_EQ(
1424 X509_V_ERR_CERT_REVOKED,
1425 Verify(leaf.get(), {root.get()}, {root.get()},
1426 {basic_crl.get(), revoked_crl.get()}, X509_V_FLAG_CRL_CHECK));
1427
1428 std::vector<X509_CRL *> empty_crls;
1429 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1430 Verify(leaf.get(), {root.get()}, {root.get()}, empty_crls,
1431 X509_V_FLAG_CRL_CHECK));
1432 EXPECT_EQ(X509_V_ERR_UNABLE_TO_GET_CRL,
1433 Verify(leaf.get(), {root.get()}, {root.get()},
1434 {bad_issuer_crl.get()}, X509_V_FLAG_CRL_CHECK));
1435 EXPECT_EQ(X509_V_OK,
1436 Verify(leaf.get(), {root.get()}, {root.get()},
1437 {known_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1438 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1439 Verify(leaf.get(), {root.get()}, {root.get()},
1440 {unknown_critical_crl.get()}, X509_V_FLAG_CRL_CHECK));
1441 EXPECT_EQ(X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
1442 Verify(leaf.get(), {root.get()}, {root.get()},
1443 {unknown_critical_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1444 EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
1445 Verify(leaf.get(), {root.get()}, {root.get()},
1446 {algorithm_mismatch_crl.get()}, X509_V_FLAG_CRL_CHECK));
1447 EXPECT_EQ(X509_V_ERR_CRL_SIGNATURE_FAILURE,
1448 Verify(leaf.get(), {root.get()}, {root.get()},
1449 {algorithm_mismatch_crl2.get()}, X509_V_FLAG_CRL_CHECK));
1450
1451 // Parsing kBadExtensionCRL should fail.
1452 EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
1453 }
1454
TEST(X509Test,ManyNamesAndConstraints)1455 TEST(X509Test, ManyNamesAndConstraints) {
1456 bssl::UniquePtr<X509> many_constraints(CertFromPEM(
1457 GetTestData("crypto/x509/test/many_constraints.pem").c_str()));
1458 ASSERT_TRUE(many_constraints);
1459 bssl::UniquePtr<X509> many_names1(
1460 CertFromPEM(GetTestData("crypto/x509/test/many_names1.pem").c_str()));
1461 ASSERT_TRUE(many_names1);
1462 bssl::UniquePtr<X509> many_names2(
1463 CertFromPEM(GetTestData("crypto/x509/test/many_names2.pem").c_str()));
1464 ASSERT_TRUE(many_names2);
1465 bssl::UniquePtr<X509> many_names3(
1466 CertFromPEM(GetTestData("crypto/x509/test/many_names3.pem").c_str()));
1467 ASSERT_TRUE(many_names3);
1468 bssl::UniquePtr<X509> some_names1(
1469 CertFromPEM(GetTestData("crypto/x509/test/some_names1.pem").c_str()));
1470 ASSERT_TRUE(some_names1);
1471 bssl::UniquePtr<X509> some_names2(
1472 CertFromPEM(GetTestData("crypto/x509/test/some_names2.pem").c_str()));
1473 ASSERT_TRUE(some_names2);
1474 bssl::UniquePtr<X509> some_names3(
1475 CertFromPEM(GetTestData("crypto/x509/test/some_names3.pem").c_str()));
1476 ASSERT_TRUE(some_names3);
1477
1478 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1479 Verify(many_names1.get(), {many_constraints.get()},
1480 {many_constraints.get()}, {}));
1481 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1482 Verify(many_names2.get(), {many_constraints.get()},
1483 {many_constraints.get()}, {}));
1484 EXPECT_EQ(X509_V_ERR_UNSPECIFIED,
1485 Verify(many_names3.get(), {many_constraints.get()},
1486 {many_constraints.get()}, {}));
1487
1488 EXPECT_EQ(X509_V_OK, Verify(some_names1.get(), {many_constraints.get()},
1489 {many_constraints.get()}, {}));
1490 EXPECT_EQ(X509_V_OK, Verify(some_names2.get(), {many_constraints.get()},
1491 {many_constraints.get()}, {}));
1492 EXPECT_EQ(X509_V_OK, Verify(some_names3.get(), {many_constraints.get()},
1493 {many_constraints.get()}, {}));
1494 }
1495
MakeGeneralName(int type,const std::string & value)1496 static bssl::UniquePtr<GENERAL_NAME> MakeGeneralName(int type,
1497 const std::string &value) {
1498 if (type != GEN_EMAIL && type != GEN_DNS && type != GEN_URI) {
1499 // This function only supports the IA5String types.
1500 return nullptr;
1501 }
1502 bssl::UniquePtr<ASN1_IA5STRING> str(ASN1_IA5STRING_new());
1503 bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new());
1504 if (!str || !name ||
1505 !ASN1_STRING_set(str.get(), value.data(), value.size())) {
1506 return nullptr;
1507 }
1508
1509 name->type = type;
1510 name->d.ia5 = str.release();
1511 return name;
1512 }
1513
MakeTestCert(const char * issuer,const char * subject,EVP_PKEY * key)1514 static bssl::UniquePtr<X509> MakeTestCert(const char *issuer,
1515 const char *subject, EVP_PKEY *key) {
1516 bssl::UniquePtr<X509> cert(X509_new());
1517 if (!cert || //
1518 !X509_set_version(cert.get(), X509_VERSION_3) ||
1519 !X509_NAME_add_entry_by_txt(
1520 X509_get_issuer_name(cert.get()), "CN", MBSTRING_UTF8,
1521 reinterpret_cast<const uint8_t *>(issuer), -1, -1, 0) ||
1522 !X509_NAME_add_entry_by_txt(
1523 X509_get_subject_name(cert.get()), "CN", MBSTRING_UTF8,
1524 reinterpret_cast<const uint8_t *>(subject), -1, -1, 0) ||
1525 !X509_set_pubkey(cert.get(), key) ||
1526 !ASN1_TIME_adj(X509_getm_notBefore(cert.get()), kReferenceTime, -1, 0) ||
1527 !ASN1_TIME_adj(X509_getm_notAfter(cert.get()), kReferenceTime, 1, 0)) {
1528 return nullptr;
1529 }
1530 return cert;
1531 }
1532
TEST(X509Test,NameConstraints)1533 TEST(X509Test, NameConstraints) {
1534 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
1535 ASSERT_TRUE(key);
1536
1537 const struct {
1538 int type;
1539 std::string name;
1540 std::string constraint;
1541 int result;
1542 } kTests[] = {
1543 // Empty string matches everything.
1544 {GEN_DNS, "foo.example.com", "", X509_V_OK},
1545 // Name constraints match the entire subtree.
1546 {GEN_DNS, "foo.example.com", "example.com", X509_V_OK},
1547 {GEN_DNS, "foo.example.com", "EXAMPLE.COM", X509_V_OK},
1548 {GEN_DNS, "foo.example.com", "xample.com",
1549 X509_V_ERR_PERMITTED_VIOLATION},
1550 {GEN_DNS, "foo.example.com", "unrelated.much.longer.name.example",
1551 X509_V_ERR_PERMITTED_VIOLATION},
1552 // A leading dot means at least one component must be added.
1553 {GEN_DNS, "foo.example.com", ".example.com", X509_V_OK},
1554 {GEN_DNS, "foo.example.com", "foo.example.com", X509_V_OK},
1555 {GEN_DNS, "foo.example.com", ".foo.example.com",
1556 X509_V_ERR_PERMITTED_VIOLATION},
1557 {GEN_DNS, "foo.example.com", ".xample.com",
1558 X509_V_ERR_PERMITTED_VIOLATION},
1559 {GEN_DNS, "foo.example.com", ".unrelated.much.longer.name.example",
1560 X509_V_ERR_PERMITTED_VIOLATION},
1561 // NUL bytes, if not rejected, should not confuse the matching logic.
1562 {GEN_DNS, std::string({'a', '\0', 'a'}), std::string({'a', '\0', 'b'}),
1563 X509_V_ERR_PERMITTED_VIOLATION},
1564
1565 // Names must be emails.
1566 {GEN_EMAIL, "not-an-email.example", "not-an-email.example",
1567 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1568 // A leading dot matches all local names and all subdomains
1569 {GEN_EMAIL, "foo@bar.example.com", ".example.com", X509_V_OK},
1570 {GEN_EMAIL, "foo@bar.example.com", ".EXAMPLE.COM", X509_V_OK},
1571 {GEN_EMAIL, "foo@bar.example.com", ".bar.example.com",
1572 X509_V_ERR_PERMITTED_VIOLATION},
1573 // Without a leading dot, the host must match exactly.
1574 {GEN_EMAIL, "foo@example.com", "example.com", X509_V_OK},
1575 {GEN_EMAIL, "foo@example.com", "EXAMPLE.COM", X509_V_OK},
1576 {GEN_EMAIL, "foo@bar.example.com", "example.com",
1577 X509_V_ERR_PERMITTED_VIOLATION},
1578 // If the constraint specifies a mailbox, it specifies the whole thing.
1579 // The halves are compared insensitively.
1580 {GEN_EMAIL, "foo@example.com", "foo@example.com", X509_V_OK},
1581 {GEN_EMAIL, "foo@example.com", "foo@EXAMPLE.COM", X509_V_OK},
1582 {GEN_EMAIL, "foo@example.com", "FOO@example.com",
1583 X509_V_ERR_PERMITTED_VIOLATION},
1584 {GEN_EMAIL, "foo@example.com", "bar@example.com",
1585 X509_V_ERR_PERMITTED_VIOLATION},
1586 // OpenSSL ignores a stray leading @.
1587 {GEN_EMAIL, "foo@example.com", "@example.com", X509_V_OK},
1588 {GEN_EMAIL, "foo@example.com", "@EXAMPLE.COM", X509_V_OK},
1589 {GEN_EMAIL, "foo@bar.example.com", "@example.com",
1590 X509_V_ERR_PERMITTED_VIOLATION},
1591
1592 // Basic syntax check.
1593 {GEN_URI, "not-a-url", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1594 {GEN_URI, "foo:not-a-url", "not-a-url",
1595 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1596 {GEN_URI, "foo:/not-a-url", "not-a-url",
1597 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1598 {GEN_URI, "foo:///not-a-url", "not-a-url",
1599 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1600 {GEN_URI, "foo://:not-a-url", "not-a-url",
1601 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1602 {GEN_URI, "foo://", "not-a-url", X509_V_ERR_UNSUPPORTED_NAME_SYNTAX},
1603 // Hosts are an exact match.
1604 {GEN_URI, "foo://example.com", "example.com", X509_V_OK},
1605 {GEN_URI, "foo://example.com:443", "example.com", X509_V_OK},
1606 {GEN_URI, "foo://example.com/whatever", "example.com", X509_V_OK},
1607 {GEN_URI, "foo://bar.example.com", "example.com",
1608 X509_V_ERR_PERMITTED_VIOLATION},
1609 {GEN_URI, "foo://bar.example.com:443", "example.com",
1610 X509_V_ERR_PERMITTED_VIOLATION},
1611 {GEN_URI, "foo://bar.example.com/whatever", "example.com",
1612 X509_V_ERR_PERMITTED_VIOLATION},
1613 {GEN_URI, "foo://bar.example.com", "xample.com",
1614 X509_V_ERR_PERMITTED_VIOLATION},
1615 {GEN_URI, "foo://bar.example.com:443", "xample.com",
1616 X509_V_ERR_PERMITTED_VIOLATION},
1617 {GEN_URI, "foo://bar.example.com/whatever", "xample.com",
1618 X509_V_ERR_PERMITTED_VIOLATION},
1619 {GEN_URI, "foo://example.com", "some-other-name.example",
1620 X509_V_ERR_PERMITTED_VIOLATION},
1621 {GEN_URI, "foo://example.com:443", "some-other-name.example",
1622 X509_V_ERR_PERMITTED_VIOLATION},
1623 {GEN_URI, "foo://example.com/whatever", "some-other-name.example",
1624 X509_V_ERR_PERMITTED_VIOLATION},
1625 // A leading dot allows components to be added.
1626 {GEN_URI, "foo://example.com", ".example.com",
1627 X509_V_ERR_PERMITTED_VIOLATION},
1628 {GEN_URI, "foo://example.com:443", ".example.com",
1629 X509_V_ERR_PERMITTED_VIOLATION},
1630 {GEN_URI, "foo://example.com/whatever", ".example.com",
1631 X509_V_ERR_PERMITTED_VIOLATION},
1632 {GEN_URI, "foo://bar.example.com", ".example.com", X509_V_OK},
1633 {GEN_URI, "foo://bar.example.com:443", ".example.com", X509_V_OK},
1634 {GEN_URI, "foo://bar.example.com/whatever", ".example.com", X509_V_OK},
1635 {GEN_URI, "foo://example.com", ".some-other-name.example",
1636 X509_V_ERR_PERMITTED_VIOLATION},
1637 {GEN_URI, "foo://example.com:443", ".some-other-name.example",
1638 X509_V_ERR_PERMITTED_VIOLATION},
1639 {GEN_URI, "foo://example.com/whatever", ".some-other-name.example",
1640 X509_V_ERR_PERMITTED_VIOLATION},
1641 {GEN_URI, "foo://example.com", ".xample.com",
1642 X509_V_ERR_PERMITTED_VIOLATION},
1643 {GEN_URI, "foo://example.com:443", ".xample.com",
1644 X509_V_ERR_PERMITTED_VIOLATION},
1645 {GEN_URI, "foo://example.com/whatever", ".xample.com",
1646 X509_V_ERR_PERMITTED_VIOLATION},
1647 };
1648 for (const auto &t : kTests) {
1649 SCOPED_TRACE(t.type);
1650 SCOPED_TRACE(t.name);
1651 SCOPED_TRACE(t.constraint);
1652
1653 bssl::UniquePtr<GENERAL_NAME> name = MakeGeneralName(t.type, t.name);
1654 ASSERT_TRUE(name);
1655 bssl::UniquePtr<GENERAL_NAMES> names(GENERAL_NAMES_new());
1656 ASSERT_TRUE(names);
1657 ASSERT_TRUE(bssl::PushToStack(names.get(), std::move(name)));
1658
1659 bssl::UniquePtr<NAME_CONSTRAINTS> nc(NAME_CONSTRAINTS_new());
1660 ASSERT_TRUE(nc);
1661 nc->permittedSubtrees = sk_GENERAL_SUBTREE_new_null();
1662 ASSERT_TRUE(nc->permittedSubtrees);
1663 bssl::UniquePtr<GENERAL_SUBTREE> subtree(GENERAL_SUBTREE_new());
1664 ASSERT_TRUE(subtree);
1665 GENERAL_NAME_free(subtree->base);
1666 subtree->base = MakeGeneralName(t.type, t.constraint).release();
1667 ASSERT_TRUE(subtree->base);
1668 ASSERT_TRUE(bssl::PushToStack(nc->permittedSubtrees, std::move(subtree)));
1669
1670 bssl::UniquePtr<X509> root = MakeTestCert("Root", "Root", key.get());
1671 ASSERT_TRUE(root);
1672 ASSERT_TRUE(X509_add1_ext_i2d(root.get(), NID_name_constraints, nc.get(),
1673 /*crit=*/1, /*flags=*/0));
1674 ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
1675
1676 bssl::UniquePtr<X509> leaf = MakeTestCert("Root", "Leaf", key.get());
1677 ASSERT_TRUE(leaf);
1678 ASSERT_TRUE(X509_add1_ext_i2d(leaf.get(), NID_subject_alt_name, names.get(),
1679 /*crit=*/0, /*flags=*/0));
1680 ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
1681
1682 int ret = Verify(leaf.get(), {root.get()}, {}, {}, 0);
1683 EXPECT_EQ(t.result, ret) << X509_verify_cert_error_string(ret);
1684 }
1685 }
1686
TEST(X509Test,PrintGeneralName)1687 TEST(X509Test, PrintGeneralName) {
1688 // TODO(https://crbug.com/boringssl/430): Add more tests. Also fix the
1689 // external projects that use this to extract the SAN list and unexport.
1690 bssl::UniquePtr<GENERAL_NAME> gen = MakeGeneralName(GEN_DNS, "example.com");
1691 ASSERT_TRUE(gen);
1692 bssl::UniquePtr<STACK_OF(CONF_VALUE)> values(
1693 i2v_GENERAL_NAME(nullptr, gen.get(), nullptr));
1694 ASSERT_TRUE(values);
1695 ASSERT_EQ(1u, sk_CONF_VALUE_num(values.get()));
1696 const CONF_VALUE *value = sk_CONF_VALUE_value(values.get(), 0);
1697 EXPECT_STREQ(value->name, "DNS");
1698 EXPECT_STREQ(value->value, "example.com");
1699 }
1700
TEST(X509Test,TestPSS)1701 TEST(X509Test, TestPSS) {
1702 bssl::UniquePtr<X509> cert(CertFromPEM(kExamplePSSCert));
1703 ASSERT_TRUE(cert);
1704
1705 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1706 ASSERT_TRUE(pkey);
1707
1708 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1709 }
1710
TEST(X509Test,TestPSSBadParameters)1711 TEST(X509Test, TestPSSBadParameters) {
1712 bssl::UniquePtr<X509> cert(CertFromPEM(kBadPSSCertPEM));
1713 ASSERT_TRUE(cert);
1714
1715 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1716 ASSERT_TRUE(pkey);
1717
1718 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1719 ERR_clear_error();
1720 }
1721
TEST(X509Test,TestEd25519)1722 TEST(X509Test, TestEd25519) {
1723 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519Cert));
1724 ASSERT_TRUE(cert);
1725
1726 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1727 ASSERT_TRUE(pkey);
1728
1729 ASSERT_TRUE(X509_verify(cert.get(), pkey.get()));
1730 }
1731
TEST(X509Test,TestEd25519BadParameters)1732 TEST(X509Test, TestEd25519BadParameters) {
1733 bssl::UniquePtr<X509> cert(CertFromPEM(kEd25519CertNull));
1734 ASSERT_TRUE(cert);
1735
1736 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1737 ASSERT_TRUE(pkey);
1738
1739 ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
1740
1741 uint32_t err = ERR_get_error();
1742 ASSERT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
1743 ASSERT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
1744 ERR_clear_error();
1745 }
1746
TEST(X509Test,TestX25519)1747 TEST(X509Test, TestX25519) {
1748 bssl::UniquePtr<X509> cert(CertFromPEM(kX25519Cert));
1749 ASSERT_TRUE(cert);
1750
1751 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
1752 ASSERT_TRUE(pkey);
1753
1754 EXPECT_EQ(EVP_PKEY_id(pkey.get()), EVP_PKEY_X25519);
1755
1756 constexpr uint8_t kExpectedPublicValue[] = {
1757 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
1758 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
1759 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a,
1760 };
1761 uint8_t public_value[sizeof(kExpectedPublicValue)];
1762 size_t public_value_size = sizeof(public_value);
1763 ASSERT_TRUE(EVP_PKEY_get_raw_public_key(pkey.get(), public_value,
1764 &public_value_size));
1765 EXPECT_EQ(Bytes(kExpectedPublicValue),
1766 Bytes(public_value, public_value_size));
1767 }
1768
ReencodeCertificate(X509 * cert)1769 static bssl::UniquePtr<X509> ReencodeCertificate(X509 *cert) {
1770 uint8_t *der = nullptr;
1771 int len = i2d_X509(cert, &der);
1772 bssl::UniquePtr<uint8_t> free_der(der);
1773 if (len <= 0) {
1774 return nullptr;
1775 }
1776
1777 const uint8_t *inp = der;
1778 return bssl::UniquePtr<X509>(d2i_X509(nullptr, &inp, len));
1779 }
1780
SignatureRoundTrips(EVP_MD_CTX * md_ctx,EVP_PKEY * pkey)1781 static bool SignatureRoundTrips(EVP_MD_CTX *md_ctx, EVP_PKEY *pkey) {
1782 // Make a certificate like signed with |md_ctx|'s settings.'
1783 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
1784 if (!cert || !X509_sign_ctx(cert.get(), md_ctx)) {
1785 return false;
1786 }
1787
1788 // Ensure that |pkey| may still be used to verify the resulting signature. All
1789 // settings in |md_ctx| must have been serialized appropriately.
1790 if (!X509_verify(cert.get(), pkey)) {
1791 return false;
1792 }
1793
1794 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
1795 // encoding and |X509_sign_ctx| should have refreshed that cache.
1796 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
1797 return copy && X509_verify(copy.get(), pkey);
1798 }
1799
TEST(X509Test,RSASign)1800 TEST(X509Test, RSASign) {
1801 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1802 ASSERT_TRUE(pkey);
1803 // Test PKCS#1 v1.5.
1804 bssl::ScopedEVP_MD_CTX md_ctx;
1805 ASSERT_TRUE(
1806 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, pkey.get()));
1807 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1808
1809 // Test RSA-PSS with custom parameters.
1810 md_ctx.Reset();
1811 EVP_PKEY_CTX *pkey_ctx;
1812 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1813 pkey.get()));
1814 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1815 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()));
1816 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1817
1818 // RSA-PSS with salt length matching hash length should work when passing in
1819 // -1 or the value explicitly.
1820 md_ctx.Reset();
1821 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1822 pkey.get()));
1823 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1824 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1));
1825 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1826
1827 md_ctx.Reset();
1828 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), &pkey_ctx, EVP_sha256(), NULL,
1829 pkey.get()));
1830 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1831 ASSERT_TRUE(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, 32));
1832 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pkey.get()));
1833 }
1834
1835 // Test the APIs for manually signing a certificate.
TEST(X509Test,RSASignManual)1836 TEST(X509Test, RSASignManual) {
1837 const int kSignatureNID = NID_sha384WithRSAEncryption;
1838 const EVP_MD *kSignatureHash = EVP_sha384();
1839
1840 bssl::UniquePtr<EVP_PKEY> pkey(PrivateKeyFromPEM(kRSAKey));
1841 ASSERT_TRUE(pkey);
1842 bssl::UniquePtr<X509_ALGOR> algor(X509_ALGOR_new());
1843 ASSERT_TRUE(algor);
1844 ASSERT_TRUE(X509_ALGOR_set0(algor.get(), OBJ_nid2obj(kSignatureNID),
1845 V_ASN1_NULL, nullptr));
1846
1847 // Test certificates made both from other certificates and |X509_new|, in case
1848 // there are bugs in filling in fields from different states. (Parsed
1849 // certificate contain a TBSCertificate cache, and |X509_new| initializes
1850 // fields based on complex ASN.1 template logic.)
1851 for (bool new_cert : {true, false}) {
1852 SCOPED_TRACE(new_cert);
1853
1854 bssl::UniquePtr<X509> cert;
1855 if (new_cert) {
1856 cert.reset(X509_new());
1857 // Fill in some fields for the certificate arbitrarily.
1858 EXPECT_TRUE(X509_set_version(cert.get(), X509_VERSION_3));
1859 EXPECT_TRUE(ASN1_INTEGER_set(X509_get_serialNumber(cert.get()), 1));
1860 EXPECT_TRUE(X509_gmtime_adj(X509_getm_notBefore(cert.get()), 0));
1861 EXPECT_TRUE(
1862 X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60 * 60 * 24));
1863 X509_NAME *subject = X509_get_subject_name(cert.get());
1864 X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
1865 reinterpret_cast<const uint8_t *>("Test"), -1,
1866 -1, 0);
1867 EXPECT_TRUE(X509_set_issuer_name(cert.get(), subject));
1868 EXPECT_TRUE(X509_set_pubkey(cert.get(), pkey.get()));
1869 } else {
1870 // Extract fields from a parsed certificate.
1871 cert = CertFromPEM(kLeafPEM);
1872 ASSERT_TRUE(cert);
1873
1874 // We should test with a different algorithm from what is already in the
1875 // certificate.
1876 EXPECT_NE(kSignatureNID, X509_get_signature_nid(cert.get()));
1877 }
1878
1879 // Fill in the signature algorithm.
1880 ASSERT_TRUE(X509_set1_signature_algo(cert.get(), algor.get()));
1881
1882 // Extract the TBSCertificiate.
1883 uint8_t *tbs_cert = nullptr;
1884 int tbs_cert_len = i2d_re_X509_tbs(cert.get(), &tbs_cert);
1885 bssl::UniquePtr<uint8_t> free_tbs_cert(tbs_cert);
1886 ASSERT_GT(tbs_cert_len, 0);
1887
1888 // Generate a signature externally and fill it in.
1889 bssl::ScopedEVP_MD_CTX md_ctx;
1890 ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
1891 nullptr, pkey.get()));
1892 size_t sig_len;
1893 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs_cert,
1894 tbs_cert_len));
1895 std::vector<uint8_t> sig(sig_len);
1896 ASSERT_TRUE(EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs_cert,
1897 tbs_cert_len));
1898 sig.resize(sig_len);
1899 ASSERT_TRUE(X509_set1_signature_value(cert.get(), sig.data(), sig.size()));
1900
1901 // Check the signature.
1902 EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
1903
1904 // Re-encode the certificate. X509 objects contain a cached TBSCertificate
1905 // encoding and |i2d_re_X509_tbs| should have refreshed that cache.
1906 bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
1907 ASSERT_TRUE(copy);
1908 EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
1909 }
1910 }
1911
TEST(X509Test,Ed25519Sign)1912 TEST(X509Test, Ed25519Sign) {
1913 uint8_t pub_bytes[32], priv_bytes[64];
1914 ED25519_keypair(pub_bytes, priv_bytes);
1915
1916 bssl::UniquePtr<EVP_PKEY> pub(
1917 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, pub_bytes, 32));
1918 ASSERT_TRUE(pub);
1919 bssl::UniquePtr<EVP_PKEY> priv(
1920 EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, priv_bytes, 32));
1921 ASSERT_TRUE(priv);
1922
1923 bssl::ScopedEVP_MD_CTX md_ctx;
1924 ASSERT_TRUE(
1925 EVP_DigestSignInit(md_ctx.get(), nullptr, nullptr, nullptr, priv.get()));
1926 ASSERT_TRUE(SignatureRoundTrips(md_ctx.get(), pub.get()));
1927 }
1928
PEMToDER(bssl::UniquePtr<uint8_t> * out,size_t * out_len,const char * pem)1929 static bool PEMToDER(bssl::UniquePtr<uint8_t> *out, size_t *out_len,
1930 const char *pem) {
1931 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
1932 if (!bio) {
1933 return false;
1934 }
1935
1936 char *name, *header;
1937 uint8_t *data;
1938 long data_len;
1939 if (!PEM_read_bio(bio.get(), &name, &header, &data, &data_len)) {
1940 fprintf(stderr, "failed to read PEM data.\n");
1941 return false;
1942 }
1943 OPENSSL_free(name);
1944 OPENSSL_free(header);
1945
1946 out->reset(data);
1947 *out_len = data_len;
1948
1949 return true;
1950 }
1951
TEST(X509Test,TestFromBuffer)1952 TEST(X509Test, TestFromBuffer) {
1953 size_t data_len;
1954 bssl::UniquePtr<uint8_t> data;
1955 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1956
1957 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1958 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1959 ASSERT_TRUE(buf);
1960 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
1961 ASSERT_TRUE(root);
1962
1963 const uint8_t *enc_pointer = root->cert_info->enc.enc;
1964 const uint8_t *buf_pointer = CRYPTO_BUFFER_data(buf.get());
1965 ASSERT_GE(enc_pointer, buf_pointer);
1966 ASSERT_LT(enc_pointer, buf_pointer + CRYPTO_BUFFER_len(buf.get()));
1967 buf.reset();
1968
1969 /* This ensures the X509 took a reference to |buf|, otherwise this will be a
1970 * reference to free memory and ASAN should notice. */
1971 ASSERT_EQ(0x30, enc_pointer[0]);
1972 }
1973
TEST(X509Test,TestFromBufferWithTrailingData)1974 TEST(X509Test, TestFromBufferWithTrailingData) {
1975 size_t data_len;
1976 bssl::UniquePtr<uint8_t> data;
1977 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1978
1979 std::unique_ptr<uint8_t[]> trailing_data(new uint8_t[data_len + 1]);
1980 OPENSSL_memcpy(trailing_data.get(), data.get(), data_len);
1981
1982 bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data(
1983 CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr));
1984 ASSERT_TRUE(buf_trailing_data);
1985
1986 bssl::UniquePtr<X509> root_trailing_data(
1987 X509_parse_from_buffer(buf_trailing_data.get()));
1988 ASSERT_FALSE(root_trailing_data);
1989 }
1990
TEST(X509Test,TestFromBufferModified)1991 TEST(X509Test, TestFromBufferModified) {
1992 size_t data_len;
1993 bssl::UniquePtr<uint8_t> data;
1994 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
1995
1996 bssl::UniquePtr<CRYPTO_BUFFER> buf(
1997 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
1998 ASSERT_TRUE(buf);
1999
2000 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2001 ASSERT_TRUE(root);
2002
2003 bssl::UniquePtr<ASN1_INTEGER> fourty_two(ASN1_INTEGER_new());
2004 ASN1_INTEGER_set(fourty_two.get(), 42);
2005 X509_set_serialNumber(root.get(), fourty_two.get());
2006
2007 ASSERT_EQ(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
2008
2009 // Re-encode the TBSCertificate.
2010 i2d_re_X509_tbs(root.get(), nullptr);
2011
2012 ASSERT_NE(static_cast<long>(data_len), i2d_X509(root.get(), nullptr));
2013 }
2014
TEST(X509Test,TestFromBufferReused)2015 TEST(X509Test, TestFromBufferReused) {
2016 size_t data_len;
2017 bssl::UniquePtr<uint8_t> data;
2018 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2019
2020 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2021 CRYPTO_BUFFER_new(data.get(), data_len, nullptr));
2022 ASSERT_TRUE(buf);
2023
2024 bssl::UniquePtr<X509> root(X509_parse_from_buffer(buf.get()));
2025 ASSERT_TRUE(root);
2026
2027 size_t data2_len;
2028 bssl::UniquePtr<uint8_t> data2;
2029 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
2030
2031 X509 *x509p = root.get();
2032 const uint8_t *inp = data2.get();
2033 X509 *ret = d2i_X509(&x509p, &inp, data2_len);
2034 ASSERT_EQ(root.get(), ret);
2035 ASSERT_EQ(nullptr, root->buf);
2036
2037 // Free |data2| and ensure that |root| took its own copy. Otherwise the
2038 // following will trigger a use-after-free.
2039 data2.reset();
2040
2041 uint8_t *i2d = nullptr;
2042 int i2d_len = i2d_X509(root.get(), &i2d);
2043 ASSERT_GE(i2d_len, 0);
2044 bssl::UniquePtr<uint8_t> i2d_storage(i2d);
2045
2046 ASSERT_TRUE(PEMToDER(&data2, &data2_len, kLeafPEM));
2047
2048 ASSERT_EQ(static_cast<long>(data2_len), i2d_len);
2049 ASSERT_EQ(0, OPENSSL_memcmp(data2.get(), i2d, i2d_len));
2050 ASSERT_EQ(nullptr, root->buf);
2051 }
2052
TEST(X509Test,TestFailedParseFromBuffer)2053 TEST(X509Test, TestFailedParseFromBuffer) {
2054 static const uint8_t kNonsense[] = {1, 2, 3, 4, 5};
2055
2056 bssl::UniquePtr<CRYPTO_BUFFER> buf(
2057 CRYPTO_BUFFER_new(kNonsense, sizeof(kNonsense), nullptr));
2058 ASSERT_TRUE(buf);
2059
2060 bssl::UniquePtr<X509> cert(X509_parse_from_buffer(buf.get()));
2061 ASSERT_FALSE(cert);
2062 ERR_clear_error();
2063
2064 // Test a buffer with trailing data.
2065 size_t data_len;
2066 bssl::UniquePtr<uint8_t> data;
2067 ASSERT_TRUE(PEMToDER(&data, &data_len, kRootCAPEM));
2068
2069 std::unique_ptr<uint8_t[]> data_with_trailing_byte(new uint8_t[data_len + 1]);
2070 OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len);
2071 data_with_trailing_byte[data_len] = 0;
2072
2073 bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
2074 CRYPTO_BUFFER_new(data_with_trailing_byte.get(), data_len + 1, nullptr));
2075 ASSERT_TRUE(buf_with_trailing_byte);
2076
2077 bssl::UniquePtr<X509> root(
2078 X509_parse_from_buffer(buf_with_trailing_byte.get()));
2079 ASSERT_FALSE(root);
2080 ERR_clear_error();
2081 }
2082
TEST(X509Test,TestPrintUTCTIME)2083 TEST(X509Test, TestPrintUTCTIME) {
2084 static const struct {
2085 const char *val, *want;
2086 } asn1_utctime_tests[] = {
2087 {"", "Bad time value"},
2088
2089 // Correct RFC 5280 form. Test years < 2000 and > 2000.
2090 {"090303125425Z", "Mar 3 12:54:25 2009 GMT"},
2091 {"900303125425Z", "Mar 3 12:54:25 1990 GMT"},
2092 {"000303125425Z", "Mar 3 12:54:25 2000 GMT"},
2093
2094 // Correct form, bad values.
2095 {"000000000000Z", "Bad time value"},
2096 {"999999999999Z", "Bad time value"},
2097
2098 // Missing components. Not legal RFC 5280, but permitted.
2099 {"090303125425", "Mar 3 12:54:25 2009"},
2100 {"9003031254", "Mar 3 12:54:00 1990"},
2101 {"9003031254Z", "Mar 3 12:54:00 1990 GMT"},
2102
2103 // GENERALIZEDTIME confused for UTCTIME.
2104 {"20090303125425Z", "Bad time value"},
2105
2106 // Legal ASN.1, but not legal RFC 5280.
2107 {"9003031254+0800", "Bad time value"},
2108 {"9003031254-0800", "Bad time value"},
2109
2110 // Trailing garbage.
2111 {"9003031254Z ", "Bad time value"},
2112 };
2113
2114 for (auto t : asn1_utctime_tests) {
2115 SCOPED_TRACE(t.val);
2116 bssl::UniquePtr<ASN1_UTCTIME> tm(ASN1_UTCTIME_new());
2117 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
2118
2119 // Use this instead of ASN1_UTCTIME_set() because some callers get
2120 // type-confused and pass ASN1_GENERALIZEDTIME to ASN1_UTCTIME_print().
2121 // ASN1_UTCTIME_set_string() is stricter, and would reject the inputs in
2122 // question.
2123 ASSERT_TRUE(ASN1_STRING_set(tm.get(), t.val, strlen(t.val)));
2124 const int ok = ASN1_UTCTIME_print(bio.get(), tm.get());
2125
2126 const uint8_t *contents;
2127 size_t len;
2128 ASSERT_TRUE(BIO_mem_contents(bio.get(), &contents, &len));
2129 EXPECT_EQ(ok, (strcmp(t.want, "Bad time value") != 0) ? 1 : 0);
2130 EXPECT_EQ(t.want,
2131 std::string(reinterpret_cast<const char *>(contents), len));
2132 }
2133 }
2134
TEST(X509Test,PrettyPrintIntegers)2135 TEST(X509Test, PrettyPrintIntegers) {
2136 static const char *kTests[] = {
2137 // Small numbers are pretty-printed in decimal.
2138 "0",
2139 "-1",
2140 "1",
2141 "42",
2142 "-42",
2143 "256",
2144 "-256",
2145 // Large numbers are pretty-printed in hex to avoid taking quadratic time.
2146 "0x0123456789",
2147 "-0x0123456789",
2148 };
2149 for (const char *in : kTests) {
2150 SCOPED_TRACE(in);
2151 BIGNUM *bn = nullptr;
2152 ASSERT_TRUE(BN_asc2bn(&bn, in));
2153 bssl::UniquePtr<BIGNUM> free_bn(bn);
2154
2155 {
2156 bssl::UniquePtr<ASN1_INTEGER> asn1(BN_to_ASN1_INTEGER(bn, nullptr));
2157 ASSERT_TRUE(asn1);
2158 bssl::UniquePtr<char> out(i2s_ASN1_INTEGER(nullptr, asn1.get()));
2159 ASSERT_TRUE(out.get());
2160 EXPECT_STREQ(in, out.get());
2161 }
2162
2163 {
2164 bssl::UniquePtr<ASN1_ENUMERATED> asn1(BN_to_ASN1_ENUMERATED(bn, nullptr));
2165 ASSERT_TRUE(asn1);
2166 bssl::UniquePtr<char> out(i2s_ASN1_ENUMERATED(nullptr, asn1.get()));
2167 ASSERT_TRUE(out.get());
2168 EXPECT_STREQ(in, out.get());
2169 }
2170 }
2171 }
2172
TEST(X509Test,X509NameSet)2173 TEST(X509Test, X509NameSet) {
2174 bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
2175 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2176 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("US"),
2177 -1, -1, 0));
2178 EXPECT_EQ(X509_NAME_entry_count(name.get()), 1);
2179 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2180 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("CA"),
2181 -1, -1, 0));
2182 EXPECT_EQ(X509_NAME_entry_count(name.get()), 2);
2183 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2184 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("UK"),
2185 -1, -1, 0));
2186 EXPECT_EQ(X509_NAME_entry_count(name.get()), 3);
2187 EXPECT_TRUE(X509_NAME_add_entry_by_txt(
2188 name.get(), "C", MBSTRING_ASC, reinterpret_cast<const uint8_t *>("JP"),
2189 -1, 1, 0));
2190 EXPECT_EQ(X509_NAME_entry_count(name.get()), 4);
2191
2192 // Check that the correct entries get incremented when inserting new entry.
2193 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 1)), 1);
2194 EXPECT_EQ(X509_NAME_ENTRY_set(X509_NAME_get_entry(name.get(), 2)), 2);
2195 }
2196
TEST(X509Test,NoBasicConstraintsCertSign)2197 TEST(X509Test, NoBasicConstraintsCertSign) {
2198 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2199 bssl::UniquePtr<X509> intermediate(
2200 CertFromPEM(kNoBasicConstraintsCertSignIntermediate));
2201 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsCertSignLeaf));
2202
2203 ASSERT_TRUE(root);
2204 ASSERT_TRUE(intermediate);
2205 ASSERT_TRUE(leaf);
2206
2207 // The intermediate has keyUsage certSign, but is not marked as a CA in the
2208 // basicConstraints.
2209 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2210 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2211 }
2212
TEST(X509Test,NoBasicConstraintsNetscapeCA)2213 TEST(X509Test, NoBasicConstraintsNetscapeCA) {
2214 bssl::UniquePtr<X509> root(CertFromPEM(kSANTypesRoot));
2215 bssl::UniquePtr<X509> intermediate(
2216 CertFromPEM(kNoBasicConstraintsNetscapeCAIntermediate));
2217 bssl::UniquePtr<X509> leaf(CertFromPEM(kNoBasicConstraintsNetscapeCALeaf));
2218
2219 ASSERT_TRUE(root);
2220 ASSERT_TRUE(intermediate);
2221 ASSERT_TRUE(leaf);
2222
2223 // The intermediate has a Netscape certificate type of "SSL CA", but is not
2224 // marked as a CA in the basicConstraints.
2225 EXPECT_EQ(X509_V_ERR_INVALID_CA,
2226 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, 0));
2227 }
2228
TEST(X509Test,MismatchAlgorithms)2229 TEST(X509Test, MismatchAlgorithms) {
2230 bssl::UniquePtr<X509> cert(CertFromPEM(kSelfSignedMismatchAlgorithms));
2231 ASSERT_TRUE(cert);
2232
2233 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert.get()));
2234 ASSERT_TRUE(pkey);
2235
2236 EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
2237 uint32_t err = ERR_get_error();
2238 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
2239 EXPECT_EQ(X509_R_SIGNATURE_ALGORITHM_MISMATCH, ERR_GET_REASON(err));
2240 }
2241
TEST(X509Test,PEMX509Info)2242 TEST(X509Test, PEMX509Info) {
2243 std::string cert = kRootCAPEM;
2244 auto cert_obj = CertFromPEM(kRootCAPEM);
2245 ASSERT_TRUE(cert_obj);
2246
2247 std::string rsa = kRSAKey;
2248 auto rsa_obj = PrivateKeyFromPEM(kRSAKey);
2249 ASSERT_TRUE(rsa_obj);
2250
2251 std::string crl = kBasicCRL;
2252 auto crl_obj = CRLFromPEM(kBasicCRL);
2253 ASSERT_TRUE(crl_obj);
2254
2255 std::string unknown =
2256 "-----BEGIN UNKNOWN-----\n"
2257 "AAAA\n"
2258 "-----END UNKNOWN-----\n";
2259
2260 std::string invalid =
2261 "-----BEGIN CERTIFICATE-----\n"
2262 "AAAA\n"
2263 "-----END CERTIFICATE-----\n";
2264
2265 // Each X509_INFO contains at most one certificate, CRL, etc. The format
2266 // creates a new X509_INFO when a repeated type is seen.
2267 std::string pem =
2268 // The first few entries have one of everything in different orders.
2269 cert + rsa + crl +
2270 rsa + crl + cert +
2271 // Unknown types are ignored.
2272 crl + unknown + cert + rsa +
2273 // Seeing a new certificate starts a new entry, so now we have a bunch of
2274 // certificate-only entries.
2275 cert + cert + cert +
2276 // The key folds into the certificate's entry.
2277 cert + rsa +
2278 // Doubled keys also start new entries.
2279 rsa + rsa + rsa + rsa + crl +
2280 // As do CRLs.
2281 crl + crl;
2282
2283 const struct ExpectedInfo {
2284 const X509 *cert;
2285 const EVP_PKEY *key;
2286 const X509_CRL *crl;
2287 } kExpected[] = {
2288 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2289 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2290 {cert_obj.get(), rsa_obj.get(), crl_obj.get()},
2291 {cert_obj.get(), nullptr, nullptr},
2292 {cert_obj.get(), nullptr, nullptr},
2293 {cert_obj.get(), nullptr, nullptr},
2294 {cert_obj.get(), rsa_obj.get(), nullptr},
2295 {nullptr, rsa_obj.get(), nullptr},
2296 {nullptr, rsa_obj.get(), nullptr},
2297 {nullptr, rsa_obj.get(), nullptr},
2298 {nullptr, rsa_obj.get(), crl_obj.get()},
2299 {nullptr, nullptr, crl_obj.get()},
2300 {nullptr, nullptr, crl_obj.get()},
2301 };
2302
2303 auto check_info = [](const ExpectedInfo *expected, const X509_INFO *info) {
2304 if (expected->cert != nullptr) {
2305 EXPECT_EQ(0, X509_cmp(expected->cert, info->x509));
2306 } else {
2307 EXPECT_EQ(nullptr, info->x509);
2308 }
2309 if (expected->crl != nullptr) {
2310 EXPECT_EQ(0, X509_CRL_cmp(expected->crl, info->crl));
2311 } else {
2312 EXPECT_EQ(nullptr, info->crl);
2313 }
2314 if (expected->key != nullptr) {
2315 ASSERT_NE(nullptr, info->x_pkey);
2316 // EVP_PKEY_cmp returns one if the keys are equal.
2317 EXPECT_EQ(1, EVP_PKEY_cmp(expected->key, info->x_pkey->dec_pkey));
2318 } else {
2319 EXPECT_EQ(nullptr, info->x_pkey);
2320 }
2321 };
2322
2323 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem.data(), pem.size()));
2324 ASSERT_TRUE(bio);
2325 bssl::UniquePtr<STACK_OF(X509_INFO)> infos(
2326 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
2327 ASSERT_TRUE(infos);
2328 ASSERT_EQ(OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2329 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
2330 SCOPED_TRACE(i);
2331 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
2332 }
2333
2334 // Passing an existing stack appends to it.
2335 bio.reset(BIO_new_mem_buf(pem.data(), pem.size()));
2336 ASSERT_TRUE(bio);
2337 ASSERT_EQ(infos.get(),
2338 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
2339 ASSERT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2340 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kExpected); i++) {
2341 SCOPED_TRACE(i);
2342 check_info(&kExpected[i], sk_X509_INFO_value(infos.get(), i));
2343 check_info(
2344 &kExpected[i],
2345 sk_X509_INFO_value(infos.get(), i + OPENSSL_ARRAY_SIZE(kExpected)));
2346 }
2347
2348 // Gracefully handle errors in both the append and fresh cases.
2349 std::string bad_pem = cert + cert + invalid;
2350
2351 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
2352 ASSERT_TRUE(bio);
2353 bssl::UniquePtr<STACK_OF(X509_INFO)> infos2(
2354 PEM_X509_INFO_read_bio(bio.get(), nullptr, nullptr, nullptr));
2355 EXPECT_FALSE(infos2);
2356
2357 bio.reset(BIO_new_mem_buf(bad_pem.data(), bad_pem.size()));
2358 ASSERT_TRUE(bio);
2359 EXPECT_FALSE(
2360 PEM_X509_INFO_read_bio(bio.get(), infos.get(), nullptr, nullptr));
2361 EXPECT_EQ(2 * OPENSSL_ARRAY_SIZE(kExpected), sk_X509_INFO_num(infos.get()));
2362 }
2363
TEST(X509Test,ReadBIOEmpty)2364 TEST(X509Test, ReadBIOEmpty) {
2365 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(nullptr, 0));
2366 ASSERT_TRUE(bio);
2367
2368 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
2369 // certificates.
2370 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
2371 EXPECT_FALSE(x509);
2372 uint32_t err = ERR_get_error();
2373 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
2374 EXPECT_EQ(ASN1_R_HEADER_TOO_LONG, ERR_GET_REASON(err));
2375 }
2376
TEST(X509Test,ReadBIOOneByte)2377 TEST(X509Test, ReadBIOOneByte) {
2378 bssl::UniquePtr<BIO> bio(BIO_new_mem_buf("\x30", 1));
2379 ASSERT_TRUE(bio);
2380
2381 // CPython expects |ASN1_R_HEADER_TOO_LONG| on EOF, to terminate a series of
2382 // certificates. This EOF appeared after some data, however, so we do not wish
2383 // to signal EOF.
2384 bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
2385 EXPECT_FALSE(x509);
2386 uint32_t err = ERR_get_error();
2387 EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err));
2388 EXPECT_EQ(ASN1_R_NOT_ENOUGH_DATA, ERR_GET_REASON(err));
2389 }
2390
TEST(X509Test,PartialBIOReturn)2391 TEST(X509Test, PartialBIOReturn) {
2392 // Create a filter BIO that only reads and writes one byte at a time.
2393 bssl::UniquePtr<BIO_METHOD> method(BIO_meth_new(0, nullptr));
2394 ASSERT_TRUE(method);
2395 ASSERT_TRUE(BIO_meth_set_create(method.get(), [](BIO *b) -> int {
2396 BIO_set_init(b, 1);
2397 return 1;
2398 }));
2399 ASSERT_TRUE(
2400 BIO_meth_set_read(method.get(), [](BIO *b, char *out, int len) -> int {
2401 return BIO_read(BIO_next(b), out, std::min(len, 1));
2402 }));
2403 ASSERT_TRUE(BIO_meth_set_write(
2404 method.get(), [](BIO *b, const char *in, int len) -> int {
2405 return BIO_write(BIO_next(b), in, std::min(len, 1));
2406 }));
2407
2408 bssl::UniquePtr<BIO> bio(BIO_new(method.get()));
2409 ASSERT_TRUE(bio);
2410 BIO *mem_bio = BIO_new(BIO_s_mem());
2411 ASSERT_TRUE(mem_bio);
2412 BIO_push(bio.get(), mem_bio); // BIO_push takes ownership.
2413
2414 bssl::UniquePtr<X509> cert(CertFromPEM(kLeafPEM));
2415 ASSERT_TRUE(cert);
2416 uint8_t *der = nullptr;
2417 int der_len = i2d_X509(cert.get(), &der);
2418 ASSERT_GT(der_len, 0);
2419 bssl::UniquePtr<uint8_t> free_der(der);
2420
2421 // Write the certificate into the BIO. Though we only write one byte at a
2422 // time, the write should succeed.
2423 ASSERT_EQ(1, i2d_X509_bio(bio.get(), cert.get()));
2424 const uint8_t *der2;
2425 size_t der2_len;
2426 ASSERT_TRUE(BIO_mem_contents(mem_bio, &der2, &der2_len));
2427 EXPECT_EQ(Bytes(der, static_cast<size_t>(der_len)), Bytes(der2, der2_len));
2428
2429 // Read the certificate back out of the BIO. Though we only read one byte at a
2430 // time, the read should succeed.
2431 bssl::UniquePtr<X509> cert2(d2i_X509_bio(bio.get(), nullptr));
2432 ASSERT_TRUE(cert2);
2433 EXPECT_EQ(0, X509_cmp(cert.get(), cert2.get()));
2434 }
2435
TEST(X509Test,CommonNameFallback)2436 TEST(X509Test, CommonNameFallback) {
2437 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2438 ASSERT_TRUE(root);
2439 bssl::UniquePtr<X509> with_sans = CertFromPEM(kCommonNameWithSANs);
2440 ASSERT_TRUE(with_sans);
2441 bssl::UniquePtr<X509> without_sans = CertFromPEM(kCommonNameWithoutSANs);
2442 ASSERT_TRUE(without_sans);
2443 bssl::UniquePtr<X509> with_email = CertFromPEM(kCommonNameWithEmailSAN);
2444 ASSERT_TRUE(with_email);
2445 bssl::UniquePtr<X509> with_ip = CertFromPEM(kCommonNameWithIPSAN);
2446 ASSERT_TRUE(with_ip);
2447
2448 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2449 return Verify(
2450 leaf, {root.get()}, {}, {}, 0, false, [&](X509_VERIFY_PARAM *param) {
2451 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2452 X509_VERIFY_PARAM_set_hostflags(param, flags);
2453 });
2454 };
2455
2456 // By default, the common name is ignored if the SAN list is present but
2457 // otherwise is checked.
2458 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2459 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host1.test"));
2460 EXPECT_EQ(X509_V_OK,
2461 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host2.test"));
2462 EXPECT_EQ(X509_V_OK,
2463 verify_cert(with_sans.get(), 0 /* no flags */, "foo.host3.test"));
2464 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(), 0 /* no flags */,
2465 "foo.host1.test"));
2466 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2467 verify_cert(with_email.get(), 0 /* no flags */, "foo.host1.test"));
2468 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2469 verify_cert(with_ip.get(), 0 /* no flags */, "foo.host1.test"));
2470
2471 // X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT is ignored.
2472 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2473 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2474 "foo.host1.test"));
2475 EXPECT_EQ(X509_V_OK,
2476 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2477 "foo.host2.test"));
2478 EXPECT_EQ(X509_V_OK,
2479 verify_cert(with_sans.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2480 "foo.host3.test"));
2481 EXPECT_EQ(X509_V_OK, verify_cert(without_sans.get(),
2482 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2483 "foo.host1.test"));
2484 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2485 verify_cert(with_email.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2486 "foo.host1.test"));
2487 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2488 verify_cert(with_ip.get(), X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT,
2489 "foo.host1.test"));
2490
2491 // X509_CHECK_FLAG_NEVER_CHECK_SUBJECT implements the correct behavior: the
2492 // common name is never checked.
2493 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2494 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2495 "foo.host1.test"));
2496 EXPECT_EQ(X509_V_OK,
2497 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2498 "foo.host2.test"));
2499 EXPECT_EQ(X509_V_OK,
2500 verify_cert(with_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2501 "foo.host3.test"));
2502 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2503 verify_cert(without_sans.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2504 "foo.host1.test"));
2505 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2506 verify_cert(with_email.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2507 "foo.host1.test"));
2508 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2509 verify_cert(with_ip.get(), X509_CHECK_FLAG_NEVER_CHECK_SUBJECT,
2510 "foo.host1.test"));
2511 }
2512
TEST(X509Test,LooksLikeDNSName)2513 TEST(X509Test, LooksLikeDNSName) {
2514 static const char *kValid[] = {
2515 "example.com",
2516 "eXample123-.com",
2517 "*.example.com",
2518 "exa_mple.com",
2519 "example.com.",
2520 "project-dev:us-central1:main",
2521 };
2522 static const char *kInvalid[] = {
2523 "-eXample123-.com",
2524 "",
2525 ".",
2526 "*",
2527 "*.",
2528 "example..com",
2529 ".example.com",
2530 "example.com..",
2531 "*foo.example.com",
2532 "foo.*.example.com",
2533 "foo,bar",
2534 };
2535
2536 for (const char *str : kValid) {
2537 SCOPED_TRACE(str);
2538 EXPECT_TRUE(x509v3_looks_like_dns_name(
2539 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2540 }
2541 for (const char *str : kInvalid) {
2542 SCOPED_TRACE(str);
2543 EXPECT_FALSE(x509v3_looks_like_dns_name(
2544 reinterpret_cast<const uint8_t *>(str), strlen(str)));
2545 }
2546 }
2547
TEST(X509Test,CommonNameAndNameConstraints)2548 TEST(X509Test, CommonNameAndNameConstraints) {
2549 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2550 ASSERT_TRUE(root);
2551 bssl::UniquePtr<X509> intermediate = CertFromPEM(kConstrainedIntermediate);
2552 ASSERT_TRUE(intermediate);
2553 bssl::UniquePtr<X509> permitted = CertFromPEM(kCommonNamePermittedLeaf);
2554 ASSERT_TRUE(permitted);
2555 bssl::UniquePtr<X509> not_permitted =
2556 CertFromPEM(kCommonNameNotPermittedLeaf);
2557 ASSERT_TRUE(not_permitted);
2558 bssl::UniquePtr<X509> not_permitted_with_sans =
2559 CertFromPEM(kCommonNameNotPermittedWithSANsLeaf);
2560 ASSERT_TRUE(not_permitted_with_sans);
2561 bssl::UniquePtr<X509> not_dns = CertFromPEM(kCommonNameNotDNSLeaf);
2562 ASSERT_TRUE(not_dns);
2563
2564 auto verify_cert = [&](X509 *leaf, unsigned flags, const char *host) {
2565 return Verify(
2566 leaf, {root.get()}, {intermediate.get()}, {}, 0, false,
2567 [&](X509_VERIFY_PARAM *param) {
2568 ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(param, host, strlen(host)));
2569 X509_VERIFY_PARAM_set_hostflags(param, flags);
2570 });
2571 };
2572
2573 // Certificates which would otherwise trigger the common name fallback are
2574 // rejected whenever there are name constraints. We do this whether or not
2575 // the common name matches the constraints.
2576 EXPECT_EQ(
2577 X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2578 verify_cert(permitted.get(), 0 /* no flags */, kCommonNamePermitted));
2579 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2580 verify_cert(not_permitted.get(), 0 /* no flags */,
2581 kCommonNameNotPermitted));
2582
2583 // This occurs even if the built-in name checks aren't used. The caller may
2584 // separately call |X509_check_host|.
2585 EXPECT_EQ(X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS,
2586 Verify(not_permitted.get(), {root.get()}, {intermediate.get()}, {},
2587 0 /* no flags */, false, nullptr));
2588
2589 // If the leaf certificate has SANs, the common name fallback is always
2590 // disabled, so the name constraints do not apply.
2591 EXPECT_EQ(X509_V_OK, Verify(not_permitted_with_sans.get(), {root.get()},
2592 {intermediate.get()}, {}, 0, false, nullptr));
2593 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2594 verify_cert(not_permitted_with_sans.get(), 0 /* no flags */,
2595 kCommonNameNotPermittedWithSANs));
2596
2597 // If the common name does not look like a DNS name, we apply neither name
2598 // constraints nor common name fallback.
2599 EXPECT_EQ(X509_V_OK, Verify(not_dns.get(), {root.get()}, {intermediate.get()},
2600 {}, 0, false, nullptr));
2601 EXPECT_EQ(X509_V_ERR_HOSTNAME_MISMATCH,
2602 verify_cert(not_dns.get(), 0 /* no flags */, kCommonNameNotDNS));
2603 }
2604
TEST(X509Test,ServerGatedCryptoEKUs)2605 TEST(X509Test, ServerGatedCryptoEKUs) {
2606 bssl::UniquePtr<X509> root = CertFromPEM(kSANTypesRoot);
2607 ASSERT_TRUE(root);
2608 bssl::UniquePtr<X509> ms_sgc = CertFromPEM(kMicrosoftSGCCert);
2609 ASSERT_TRUE(ms_sgc);
2610 bssl::UniquePtr<X509> ns_sgc = CertFromPEM(kNetscapeSGCCert);
2611 ASSERT_TRUE(ns_sgc);
2612 bssl::UniquePtr<X509> server_eku = CertFromPEM(kServerEKUCert);
2613 ASSERT_TRUE(server_eku);
2614 bssl::UniquePtr<X509> server_eku_plus_ms_sgc =
2615 CertFromPEM(kServerEKUPlusMicrosoftSGCCert);
2616 ASSERT_TRUE(server_eku_plus_ms_sgc);
2617 bssl::UniquePtr<X509> any_eku = CertFromPEM(kAnyEKU);
2618 ASSERT_TRUE(any_eku);
2619 bssl::UniquePtr<X509> no_eku = CertFromPEM(kNoEKU);
2620 ASSERT_TRUE(no_eku);
2621
2622 auto verify_cert = [&root](X509 *leaf) {
2623 return Verify(leaf, {root.get()}, /*intermediates=*/{}, /*crls=*/{},
2624 /*flags=*/0, /*use_additional_untrusted=*/false,
2625 [&](X509_VERIFY_PARAM *param) {
2626 ASSERT_TRUE(X509_VERIFY_PARAM_set_purpose(
2627 param, X509_PURPOSE_SSL_SERVER));
2628 });
2629 };
2630
2631 // Neither the Microsoft nor Netscape SGC EKU should be sufficient for
2632 // |X509_PURPOSE_SSL_SERVER|. The "any" EKU probably, technically, should be.
2633 // However, we've never accepted it and it's not acceptable in leaf
2634 // certificates by the Baseline, so perhaps we don't need this complexity.
2635 for (X509 *leaf : {ms_sgc.get(), ns_sgc.get(), any_eku.get()}) {
2636 EXPECT_EQ(X509_V_ERR_INVALID_PURPOSE, verify_cert(leaf));
2637 }
2638
2639 // The server-auth EKU is sufficient, and it doesn't matter if an SGC EKU is
2640 // also included. Lastly, not specifying an EKU is also valid.
2641 for (X509 *leaf : {server_eku.get(), server_eku_plus_ms_sgc.get(),
2642 no_eku.get()}) {
2643 EXPECT_EQ(X509_V_OK, verify_cert(leaf));
2644 }
2645 }
2646
2647 // Test that invalid extensions are rejected by, if not the parser, at least the
2648 // verifier.
TEST(X509Test,InvalidExtensions)2649 TEST(X509Test, InvalidExtensions) {
2650 bssl::UniquePtr<X509> root = CertFromPEM(
2651 GetTestData("crypto/x509/test/invalid_extension_root.pem").c_str());
2652 ASSERT_TRUE(root);
2653 bssl::UniquePtr<X509> intermediate = CertFromPEM(
2654 GetTestData("crypto/x509/test/invalid_extension_intermediate.pem")
2655 .c_str());
2656 ASSERT_TRUE(intermediate);
2657 bssl::UniquePtr<X509> leaf = CertFromPEM(
2658 GetTestData("crypto/x509/test/invalid_extension_leaf.pem").c_str());
2659 ASSERT_TRUE(leaf);
2660
2661 // Sanity-check that the baseline chain is accepted.
2662 EXPECT_EQ(X509_V_OK,
2663 Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}));
2664
2665 static const char *kExtensions[] = {
2666 "authority_key_identifier",
2667 "basic_constraints",
2668 "ext_key_usage",
2669 "key_usage",
2670 "name_constraints",
2671 "subject_alt_name",
2672 "subject_key_identifier",
2673 };
2674 for (const char *ext : kExtensions) {
2675 SCOPED_TRACE(ext);
2676 bssl::UniquePtr<X509> invalid_root = CertFromPEM(
2677 GetTestData((std::string("crypto/x509/test/invalid_extension_root_") +
2678 ext + ".pem")
2679 .c_str())
2680 .c_str());
2681 ASSERT_TRUE(invalid_root);
2682
2683 bssl::UniquePtr<X509> invalid_intermediate = CertFromPEM(
2684 GetTestData(
2685 (std::string("crypto/x509/test/invalid_extension_intermediate_") +
2686 ext + ".pem")
2687 .c_str())
2688 .c_str());
2689 ASSERT_TRUE(invalid_intermediate);
2690
2691 bssl::UniquePtr<X509> invalid_leaf = CertFromPEM(
2692 GetTestData((std::string("crypto/x509/test/invalid_extension_leaf_") +
2693 ext + ".pem")
2694 .c_str())
2695 .c_str());
2696 ASSERT_TRUE(invalid_leaf);
2697
2698 EXPECT_EQ(
2699 X509_V_ERR_INVALID_EXTENSION,
2700 Verify(invalid_leaf.get(), {root.get()}, {intermediate.get()}, {}));
2701
2702 // If the invalid extension is on an intermediate or root,
2703 // |X509_verify_cert| notices by way of being unable to build a path to
2704 // a valid issuer.
2705 EXPECT_EQ(
2706 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
2707 Verify(leaf.get(), {root.get()}, {invalid_intermediate.get()}, {}));
2708 EXPECT_EQ(
2709 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
2710 Verify(leaf.get(), {invalid_root.get()}, {intermediate.get()}, {}));
2711 }
2712 }
2713
2714 // kExplicitDefaultVersionPEM is an X.509v1 certificate with the version number
2715 // encoded explicitly, rather than omitted as required by DER.
2716 static const char kExplicitDefaultVersionPEM[] = R"(
2717 -----BEGIN CERTIFICATE-----
2718 MIIBfTCCASSgAwIBAAIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2719 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2720 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2721 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2722 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2723 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2724 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2725 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2726 FA==
2727 -----END CERTIFICATE-----
2728 )";
2729
2730 // kNegativeVersionPEM is an X.509 certificate with a negative version number.
2731 static const char kNegativeVersionPEM[] = R"(
2732 -----BEGIN CERTIFICATE-----
2733 MIIBfTCCASSgAwIB/wIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2734 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2735 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2736 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2737 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2738 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2739 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2740 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2741 FA==
2742 -----END CERTIFICATE-----
2743 )";
2744
2745 // kFutureVersionPEM is an X.509 certificate with a version number value of
2746 // three, which is not defined. (v3 has value two).
2747 static const char kFutureVersionPEM[] = R"(
2748 -----BEGIN CERTIFICATE-----
2749 MIIBfTCCASSgAwIBAwIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2750 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2751 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2752 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2753 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2754 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2755 HPUdfvGULUvPciLBMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb7idQhY5w
2756 BnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYfMlJhXnXJ
2757 FA==
2758 -----END CERTIFICATE-----
2759 )";
2760
2761 // kOverflowVersionPEM is an X.509 certificate with a version field which
2762 // overflows |uint64_t|.
2763 static const char kOverflowVersionPEM[] = R"(
2764 -----BEGIN CERTIFICATE-----
2765 MIIBoDCCAUegJgIkAP//////////////////////////////////////////////
2766 AgkA2UwE2kl9v+swCQYHKoZIzj0EATBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
2767 U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4X
2768 DTE0MDQyMzIzMjE1N1oXDTE0MDUyMzIzMjE1N1owRTELMAkGA1UEBhMCQVUxEzAR
2769 BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
2770 IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWX
2771 a7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsEw
2772 CQYHKoZIzj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYdd
2773 xAcCIHweeRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
2774 -----END CERTIFICATE-----
2775 )";
2776
2777 // kV1WithExtensionsPEM is an X.509v1 certificate with extensions.
2778 static const char kV1WithExtensionsPEM[] = R"(
2779 -----BEGIN CERTIFICATE-----
2780 MIIByjCCAXECCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2781 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2782 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2783 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2784 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2785 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2786 lC1Lz3IiwaNQME4wHQYDVR0OBBYEFKuE0qyrlfCCThZ4B1VXX+QmjYLRMB8GA1Ud
2787 IwQYMBaAFKuE0qyrlfCCThZ4B1VXX+QmjYLRMAwGA1UdEwQFMAMBAf8wCQYHKoZI
2788 zj0EAQNIADBFAiEA8qA1XlE6NsOCeZvuJ1CFjnAGdJVX0il0APS+FYddxAcCIHwe
2789 eRRqIYPwenRoeV8UmZpotPHLnhVe5h8yUmFedckU
2790 -----END CERTIFICATE-----
2791 )";
2792
2793 // kV2WithExtensionsPEM is an X.509v2 certificate with extensions.
2794 static const char kV2WithExtensionsPEM[] = R"(
2795 -----BEGIN CERTIFICATE-----
2796 MIIBzzCCAXagAwIBAQIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
2797 QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
2798 dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
2799 BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
2800 dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
2801 v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
2802 HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
2803 HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
2804 BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
2805 BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=
2806 -----END CERTIFICATE-----
2807 )";
2808
2809 // kV1WithIssuerUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
2810 static const char kV1WithIssuerUniqueIDPEM[] = R"(
2811 -----BEGIN CERTIFICATE-----
2812 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2813 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2814 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2815 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2816 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2817 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2818 lC1Lz3IiwYEJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
2819 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
2820 MlJhXnXJFA==
2821 -----END CERTIFICATE-----
2822 )";
2823
2824 // kV1WithSubjectUniqueIDPEM is an X.509v1 certificate with an issuerUniqueID.
2825 static const char kV1WithSubjectUniqueIDPEM[] = R"(
2826 -----BEGIN CERTIFICATE-----
2827 MIIBgzCCASoCCQDZTATaSX2/6zAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
2828 EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
2829 eSBMdGQwHhcNMTQwNDIzMjMyMTU3WhcNMTQwNTIzMjMyMTU3WjBFMQswCQYDVQQG
2830 EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
2831 Z2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+
2832 Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7x
2833 lC1Lz3IiwYIJAAEjRWeJq83vMAkGByqGSM49BAEDSAAwRQIhAPKgNV5ROjbDgnmb
2834 7idQhY5wBnSVV9IpdAD0vhWHXcQHAiB8HnkUaiGD8Hp0aHlfFJmaaLTxy54VXuYf
2835 MlJhXnXJFA==
2836 -----END CERTIFICATE-----
2837 )";
2838
2839 // Test that the X.509 parser enforces versions are valid and match the fields
2840 // present.
TEST(X509Test,InvalidVersion)2841 TEST(X509Test, InvalidVersion) {
2842 // kExplicitDefaultVersionPEM is invalid but, for now, we accept it. See
2843 // https://crbug.com/boringssl/364.
2844 EXPECT_TRUE(CertFromPEM(kExplicitDefaultVersionPEM));
2845
2846 EXPECT_FALSE(CertFromPEM(kNegativeVersionPEM));
2847 EXPECT_FALSE(CertFromPEM(kFutureVersionPEM));
2848 EXPECT_FALSE(CertFromPEM(kOverflowVersionPEM));
2849 EXPECT_FALSE(CertFromPEM(kV1WithExtensionsPEM));
2850 EXPECT_FALSE(CertFromPEM(kV2WithExtensionsPEM));
2851 EXPECT_FALSE(CertFromPEM(kV1WithIssuerUniqueIDPEM));
2852 EXPECT_FALSE(CertFromPEM(kV1WithSubjectUniqueIDPEM));
2853 }
2854
2855 // Unlike upstream OpenSSL, we require a non-null store in
2856 // |X509_STORE_CTX_init|.
TEST(X509Test,NullStore)2857 TEST(X509Test, NullStore) {
2858 bssl::UniquePtr<X509> leaf(CertFromPEM(kLeafPEM));
2859 ASSERT_TRUE(leaf);
2860 bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
2861 ASSERT_TRUE(ctx);
2862 EXPECT_FALSE(X509_STORE_CTX_init(ctx.get(), nullptr, leaf.get(), nullptr));
2863 }
2864
TEST(X509Test,BasicConstraints)2865 TEST(X509Test, BasicConstraints) {
2866 const uint32_t kFlagMask = EXFLAG_CA | EXFLAG_BCONS | EXFLAG_INVALID;
2867
2868 static const struct {
2869 const char *file;
2870 uint32_t flags;
2871 int path_len;
2872 } kTests[] = {
2873 {"basic_constraints_none.pem", 0, -1},
2874 {"basic_constraints_ca.pem", EXFLAG_CA | EXFLAG_BCONS, -1},
2875 {"basic_constraints_ca_pathlen_0.pem", EXFLAG_CA | EXFLAG_BCONS, 0},
2876 {"basic_constraints_ca_pathlen_1.pem", EXFLAG_CA | EXFLAG_BCONS, 1},
2877 {"basic_constraints_ca_pathlen_10.pem", EXFLAG_CA | EXFLAG_BCONS, 10},
2878 {"basic_constraints_leaf.pem", EXFLAG_BCONS, -1},
2879 {"invalid_extension_leaf_basic_constraints.pem", EXFLAG_INVALID, -1},
2880 };
2881
2882 for (const auto &test : kTests) {
2883 SCOPED_TRACE(test.file);
2884
2885 std::string path = "crypto/x509/test/";
2886 path += test.file;
2887
2888 bssl::UniquePtr<X509> cert = CertFromPEM(GetTestData(path.c_str()).c_str());
2889 ASSERT_TRUE(cert);
2890 EXPECT_EQ(test.flags, X509_get_extension_flags(cert.get()) & kFlagMask);
2891 EXPECT_EQ(test.path_len, X509_get_pathlen(cert.get()));
2892 }
2893 }
2894
2895 // The following strings are test certificates signed by kP256Key and kRSAKey,
2896 // with missing, NULL, or invalid algorithm parameters.
2897 static const char kP256NoParam[] = R"(
2898 -----BEGIN CERTIFICATE-----
2899 MIIBIDCBxqADAgECAgIE0jAKBggqhkjOPQQDAjAPMQ0wCwYDVQQDEwRUZXN0MCAX
2900 DTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRUZXN0
2901 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6ke
2902 DUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQMA4w
2903 DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAqdIiF+bN9Cl44oUeICpy
2904 aXd7HqhpVUaglYKw9ChmNUACIQCpMdL0fNkFNDbRww9dSl/y7kBdk/tp16HiqeSy
2905 gGzFYg==
2906 -----END CERTIFICATE-----
2907 )";
2908 static const char kP256NullParam[] = R"(
2909 -----BEGIN CERTIFICATE-----
2910 MIIBJDCByKADAgECAgIE0jAMBggqhkjOPQQDAgUAMA8xDTALBgNVBAMTBFRlc3Qw
2911 IBcNMDAwMTAxMDAwMDAwWhgPMjEwMDAxMDEwMDAwMDBaMA8xDTALBgNVBAMTBFRl
2912 c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2niv2Wfl74vHg2UikzVl2u3
2913 qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYaHPUdfvGULUvPciLBoxAw
2914 DjAMBgNVHRMEBTADAQH/MAwGCCqGSM49BAMCBQADSQAwRgIhAKILHmyo+F3Cn/VX
2915 UUeSXOQQKX5aLzsQitwwmNF3ZgH3AiEAsYHcrVj/ftmoQIORARkQ/+PrqntXev8r
2916 t6uPxHrmpUY=
2917 -----END CERTIFICATE-----
2918 )";
2919 static const char kP256InvalidParam[] = R"(
2920 -----BEGIN CERTIFICATE-----
2921 MIIBMTCBz6ADAgECAgIE0jATBggqhkjOPQQDAgQHZ2FyYmFnZTAPMQ0wCwYDVQQD
2922 EwRUZXN0MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYD
2923 VQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4N
2924 lIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1L
2925 z3IiwaMQMA4wDAYDVR0TBAUwAwEB/zATBggqhkjOPQQDAgQHZ2FyYmFnZQNIADBF
2926 AiAglpDf/YhN89LeJ2WAs/F0SJIrsuhS4uoInIz6WXUiuQIhAIu5Pwhp5E3Pbo8y
2927 fLULTZnynuQUULQkRcF7S7T2WpIL
2928 -----END CERTIFICATE-----
2929 )";
2930 static const char kRSANoParam[] = R"(
2931 -----BEGIN CERTIFICATE-----
2932 MIIBWzCBx6ADAgECAgIE0jALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEVGVzdDAg
2933 Fw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsGA1UEAxMEVGVz
2934 dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8eDZSKTNWXa7ep
2935 Hg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQtS89yIsGjEDAO
2936 MAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4GBAC1f8W3W0Ao7CPfIBQYDSbPh
2937 brZpbxdBU5x27JOS7iSa+Lc9pEH5VCX9vIypHVHXLPEfZ38yIt11eiyrmZB6w62N
2938 l9kIeZ6FVPmC30d3sXx70Jjs+ZX9yt7kD1gLyNAQQfeYfa4rORAZT1n2YitD74NY
2939 TWUH2ieFP3l+ecj1SeQR
2940 -----END CERTIFICATE-----
2941 )";
2942 static const char kRSANullParam[] = R"(
2943 -----BEGIN CERTIFICATE-----
2944 MIIBXzCByaADAgECAgIE0jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRUZXN0
2945 MCAXDTAwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAwMDAwWjAPMQ0wCwYDVQQDEwRU
2946 ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdr
2947 t6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwaMQ
2948 MA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAzVcfIv+Rq1KrMXqIL
2949 fPq/cWZjgqFZA1RGaGElNaqp+rkJfamq5tDGzckWpebrK+jjRN7yIlcWDtPpy3Gy
2950 seZfvtBDR0TwJm0S/pQl8prKB4wgALcwe3bmi56Rq85nzY5ZLNcP16LQxL+jAAua
2951 SwmQUz4bRpckRBj+sIyp1We+pg==
2952 -----END CERTIFICATE-----
2953 )";
2954 static const char kRSAInvalidParam[] = R"(
2955 -----BEGIN CERTIFICATE-----
2956 MIIBbTCB0KADAgECAgIE0jAUBgkqhkiG9w0BAQsEB2dhcmJhZ2UwDzENMAsGA1UE
2957 AxMEVGVzdDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowDzENMAsG
2958 A1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOYraeK/ZZ+Xvi8e
2959 DZSKTNWXa7epHg1G+92pqR6d3LpaAefWl6gKGPnDxKMeVuJ8g0jbFhoc9R1+8ZQt
2960 S89yIsGjEDAOMAwGA1UdEwQFMAMBAf8wFAYJKoZIhvcNAQELBAdnYXJiYWdlA4GB
2961 AHTJ6cWWjCNrZhqiWWVI3jdK+h5xpRG8jGMXxR4JnjtoYRRusJLOXhmapwCB6fA0
2962 4vc+66O27v36yDmQX+tIc/hDrTpKNJptU8q3n2VagREvoHhkOTYkcCeS8vmnMtn8
2963 5OMNZ/ajVwOssw61GcAlScRqEHkZFBoGp7e+QpgB2tf9
2964 -----END CERTIFICATE-----
2965 )";
2966
TEST(X509Test,AlgorithmParameters)2967 TEST(X509Test, AlgorithmParameters) {
2968 // P-256 parameters should be omitted, but we accept NULL ones.
2969 bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
2970 ASSERT_TRUE(key);
2971
2972 bssl::UniquePtr<X509> cert = CertFromPEM(kP256NoParam);
2973 ASSERT_TRUE(cert);
2974 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
2975
2976 cert = CertFromPEM(kP256NullParam);
2977 ASSERT_TRUE(cert);
2978 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
2979
2980 cert = CertFromPEM(kP256InvalidParam);
2981 ASSERT_TRUE(cert);
2982 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
2983 uint32_t err = ERR_get_error();
2984 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
2985 EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
2986
2987 // RSA parameters should be NULL, but we accept omitted ones.
2988 key = PrivateKeyFromPEM(kRSAKey);
2989 ASSERT_TRUE(key);
2990
2991 cert = CertFromPEM(kRSANoParam);
2992 ASSERT_TRUE(cert);
2993 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
2994
2995 cert = CertFromPEM(kRSANullParam);
2996 ASSERT_TRUE(cert);
2997 EXPECT_TRUE(X509_verify(cert.get(), key.get()));
2998
2999 cert = CertFromPEM(kRSAInvalidParam);
3000 ASSERT_TRUE(cert);
3001 EXPECT_FALSE(X509_verify(cert.get(), key.get()));
3002 err = ERR_get_error();
3003 EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err));
3004 EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
3005 }
3006
TEST(X509Test,GeneralName)3007 TEST(X509Test, GeneralName) {
3008 const std::vector<uint8_t> kNames[] = {
3009 // [0] {
3010 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3011 // [0] {
3012 // SEQUENCE {}
3013 // }
3014 // }
3015 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3016 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00},
3017 // [0] {
3018 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3019 // [0] {
3020 // [APPLICATION 0] {}
3021 // }
3022 // }
3023 {0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3024 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00},
3025 // [0] {
3026 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3027 // [0] {
3028 // UTF8String { "a" }
3029 // }
3030 // }
3031 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3032 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61},
3033 // [0] {
3034 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
3035 // [0] {
3036 // UTF8String { "a" }
3037 // }
3038 // }
3039 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3040 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61},
3041 // [0] {
3042 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3043 // [0] {
3044 // UTF8String { "b" }
3045 // }
3046 // }
3047 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3048 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62},
3049 // [0] {
3050 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3051 // [0] {
3052 // BOOLEAN { TRUE }
3053 // }
3054 // }
3055 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3056 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff},
3057 // [0] {
3058 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
3059 // [0] {
3060 // BOOLEAN { FALSE }
3061 // }
3062 // }
3063 {0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
3064 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00},
3065 // [1 PRIMITIVE] { "a" }
3066 {0x81, 0x01, 0x61},
3067 // [1 PRIMITIVE] { "b" }
3068 {0x81, 0x01, 0x62},
3069 // [2 PRIMITIVE] { "a" }
3070 {0x82, 0x01, 0x61},
3071 // [2 PRIMITIVE] { "b" }
3072 {0x82, 0x01, 0x62},
3073 // [4] {
3074 // SEQUENCE {
3075 // SET {
3076 // SEQUENCE {
3077 // # commonName
3078 // OBJECT_IDENTIFIER { 2.5.4.3 }
3079 // UTF8String { "a" }
3080 // }
3081 // }
3082 // }
3083 // }
3084 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
3085 0x03, 0x0c, 0x01, 0x61},
3086 // [4] {
3087 // SEQUENCE {
3088 // SET {
3089 // SEQUENCE {
3090 // # commonName
3091 // OBJECT_IDENTIFIER { 2.5.4.3 }
3092 // UTF8String { "b" }
3093 // }
3094 // }
3095 // }
3096 // }
3097 {0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04,
3098 0x03, 0x0c, 0x01, 0x62},
3099 // [5] {
3100 // [1] {
3101 // UTF8String { "a" }
3102 // }
3103 // }
3104 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3105 // [5] {
3106 // [1] {
3107 // UTF8String { "b" }
3108 // }
3109 // }
3110 {0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62},
3111 // [5] {
3112 // [0] {
3113 // UTF8String {}
3114 // }
3115 // [1] {
3116 // UTF8String { "a" }
3117 // }
3118 // }
3119 {0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3120 // [5] {
3121 // [0] {
3122 // UTF8String { "a" }
3123 // }
3124 // [1] {
3125 // UTF8String { "a" }
3126 // }
3127 // }
3128 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3129 // [5] {
3130 // [0] {
3131 // UTF8String { "b" }
3132 // }
3133 // [1] {
3134 // UTF8String { "a" }
3135 // }
3136 // }
3137 {0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 0x61},
3138 // [6 PRIMITIVE] { "a" }
3139 {0x86, 0x01, 0x61},
3140 // [6 PRIMITIVE] { "b" }
3141 {0x86, 0x01, 0x62},
3142 // [7 PRIMITIVE] { `11111111` }
3143 {0x87, 0x04, 0x11, 0x11, 0x11, 0x11},
3144 // [7 PRIMITIVE] { `22222222`}
3145 {0x87, 0x04, 0x22, 0x22, 0x22, 0x22},
3146 // [7 PRIMITIVE] { `11111111111111111111111111111111` }
3147 {0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
3148 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
3149 // [7 PRIMITIVE] { `22222222222222222222222222222222` }
3150 {0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
3151 0x22, 0x22, 0x22, 0x22, 0x22, 0x22},
3152 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 }
3153 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3154 0x09, 0x02, 0x01},
3155 // [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 }
3156 {0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3157 0x09, 0x02, 0x02},
3158 };
3159
3160 // Every name should be equal to itself and not equal to any others.
3161 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kNames); i++) {
3162 SCOPED_TRACE(Bytes(kNames[i]));
3163
3164 const uint8_t *ptr = kNames[i].data();
3165 bssl::UniquePtr<GENERAL_NAME> a(
3166 d2i_GENERAL_NAME(nullptr, &ptr, kNames[i].size()));
3167 ASSERT_TRUE(a);
3168 ASSERT_EQ(ptr, kNames[i].data() + kNames[i].size());
3169
3170 for (size_t j = 0; j < OPENSSL_ARRAY_SIZE(kNames); j++) {
3171 SCOPED_TRACE(Bytes(kNames[j]));
3172
3173 ptr = kNames[j].data();
3174 bssl::UniquePtr<GENERAL_NAME> b(
3175 d2i_GENERAL_NAME(nullptr, &ptr, kNames[j].size()));
3176 ASSERT_TRUE(b);
3177 ASSERT_EQ(ptr, kNames[j].data() + kNames[j].size());
3178
3179 if (i == j) {
3180 EXPECT_EQ(GENERAL_NAME_cmp(a.get(), b.get()), 0);
3181 } else {
3182 EXPECT_NE(GENERAL_NAME_cmp(a.get(), b.get()), 0);
3183 }
3184 }
3185 }
3186 }
3187
3188 // Test that extracting fields of an |X509_ALGOR| works correctly.
TEST(X509Test,X509AlgorExtract)3189 TEST(X509Test, X509AlgorExtract) {
3190 static const char kTestOID[] = "1.2.840.113554.4.1.72585.2";
3191 const struct {
3192 int param_type;
3193 std::vector<uint8_t> param_der;
3194 } kTests[] = {
3195 // No parameter.
3196 {V_ASN1_UNDEF, {}},
3197 // BOOLEAN { TRUE }
3198 {V_ASN1_BOOLEAN, {0x01, 0x01, 0xff}},
3199 // BOOLEAN { FALSE }
3200 {V_ASN1_BOOLEAN, {0x01, 0x01, 0x00}},
3201 // OCTET_STRING { "a" }
3202 {V_ASN1_OCTET_STRING, {0x04, 0x01, 0x61}},
3203 // BIT_STRING { `01` `00` }
3204 {V_ASN1_BIT_STRING, {0x03, 0x02, 0x01, 0x00}},
3205 // INTEGER { -1 }
3206 {V_ASN1_INTEGER, {0x02, 0x01, 0xff}},
3207 // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 }
3208 {V_ASN1_OBJECT,
3209 {0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7,
3210 0x09, 0x02}},
3211 // NULL {}
3212 {V_ASN1_NULL, {0x05, 0x00}},
3213 // SEQUENCE {}
3214 {V_ASN1_SEQUENCE, {0x30, 0x00}},
3215 // SET {}
3216 {V_ASN1_SET, {0x31, 0x00}},
3217 // [0] { UTF8String { "a" } }
3218 {V_ASN1_OTHER, {0xa0, 0x03, 0x0c, 0x01, 0x61}},
3219 };
3220 for (const auto &t : kTests) {
3221 SCOPED_TRACE(Bytes(t.param_der));
3222
3223 // Assemble an AlgorithmIdentifier with the parameter.
3224 bssl::ScopedCBB cbb;
3225 CBB seq, oid;
3226 ASSERT_TRUE(CBB_init(cbb.get(), 64));
3227 ASSERT_TRUE(CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE));
3228 ASSERT_TRUE(CBB_add_asn1(&seq, &oid, CBS_ASN1_OBJECT));
3229 ASSERT_TRUE(CBB_add_asn1_oid_from_text(&oid, kTestOID, strlen(kTestOID)));
3230 ASSERT_TRUE(CBB_add_bytes(&seq, t.param_der.data(), t.param_der.size()));
3231 ASSERT_TRUE(CBB_flush(cbb.get()));
3232
3233 const uint8_t *ptr = CBB_data(cbb.get());
3234 bssl::UniquePtr<X509_ALGOR> alg(
3235 d2i_X509_ALGOR(nullptr, &ptr, CBB_len(cbb.get())));
3236 ASSERT_TRUE(alg);
3237
3238 const ASN1_OBJECT *obj;
3239 int param_type;
3240 const void *param_value;
3241 X509_ALGOR_get0(&obj, ¶m_type, ¶m_value, alg.get());
3242
3243 EXPECT_EQ(param_type, t.param_type);
3244 char oid_buf[sizeof(kTestOID)];
3245 ASSERT_EQ(int(sizeof(oid_buf) - 1),
3246 OBJ_obj2txt(oid_buf, sizeof(oid_buf), obj,
3247 /*always_return_oid=*/1));
3248 EXPECT_STREQ(oid_buf, kTestOID);
3249
3250 // |param_type| and |param_value| must be consistent with |ASN1_TYPE|.
3251 if (param_type == V_ASN1_UNDEF) {
3252 EXPECT_EQ(nullptr, param_value);
3253 } else {
3254 bssl::UniquePtr<ASN1_TYPE> param(ASN1_TYPE_new());
3255 ASSERT_TRUE(param);
3256 ASSERT_TRUE(ASN1_TYPE_set1(param.get(), param_type, param_value));
3257
3258 uint8_t *param_der = nullptr;
3259 int param_len = i2d_ASN1_TYPE(param.get(), ¶m_der);
3260 ASSERT_GE(param_len, 0);
3261 bssl::UniquePtr<uint8_t> free_param_der(param_der);
3262
3263 EXPECT_EQ(Bytes(param_der, param_len), Bytes(t.param_der));
3264 }
3265 }
3266 }
3267
3268 // Test the various |X509_ATTRIBUTE| creation functions.
TEST(X509Test,Attribute)3269 TEST(X509Test, Attribute) {
3270 // The friendlyName attribute has a BMPString value. See RFC 2985,
3271 // section 5.5.1.
3272 static const uint8_t kTest1[] = {0x26, 0x03}; // U+2603 SNOWMAN
3273 static const uint8_t kTest1UTF8[] = {0xe2, 0x98, 0x83};
3274 static const uint8_t kTest2[] = {0, 't', 0, 'e', 0, 's', 0, 't'};
3275
3276 auto check_attribute = [&](X509_ATTRIBUTE *attr, bool has_test2) {
3277 EXPECT_EQ(NID_friendlyName, OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)));
3278
3279 EXPECT_EQ(has_test2 ? 2 : 1, X509_ATTRIBUTE_count(attr));
3280
3281 // The first attribute should contain |kTest1|.
3282 const ASN1_TYPE *value = X509_ATTRIBUTE_get0_type(attr, 0);
3283 ASSERT_TRUE(value);
3284 EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
3285 EXPECT_EQ(Bytes(kTest1),
3286 Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
3287 ASN1_STRING_length(value->value.bmpstring)));
3288
3289 // |X509_ATTRIBUTE_get0_data| requires the type match.
3290 EXPECT_FALSE(
3291 X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_OCTET_STRING, nullptr));
3292 const ASN1_BMPSTRING *bmpstring = static_cast<const ASN1_BMPSTRING *>(
3293 X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_BMPSTRING, nullptr));
3294 ASSERT_TRUE(bmpstring);
3295 EXPECT_EQ(Bytes(kTest1), Bytes(ASN1_STRING_get0_data(bmpstring),
3296 ASN1_STRING_length(bmpstring)));
3297
3298 if (has_test2) {
3299 value = X509_ATTRIBUTE_get0_type(attr, 1);
3300 ASSERT_TRUE(value);
3301 EXPECT_EQ(V_ASN1_BMPSTRING, value->type);
3302 EXPECT_EQ(Bytes(kTest2),
3303 Bytes(ASN1_STRING_get0_data(value->value.bmpstring),
3304 ASN1_STRING_length(value->value.bmpstring)));
3305 } else {
3306 EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, 1));
3307 }
3308
3309 EXPECT_FALSE(X509_ATTRIBUTE_get0_type(attr, 2));
3310 };
3311
3312 bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
3313 ASSERT_TRUE(str);
3314 ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
3315
3316 // Test |X509_ATTRIBUTE_create|.
3317 bssl::UniquePtr<X509_ATTRIBUTE> attr(
3318 X509_ATTRIBUTE_create(NID_friendlyName, V_ASN1_BMPSTRING, str.get()));
3319 ASSERT_TRUE(attr);
3320 str.release(); // |X509_ATTRIBUTE_create| takes ownership on success.
3321 check_attribute(attr.get(), /*has_test2=*/false);
3322
3323 // Test the |MBSTRING_*| form of |X509_ATTRIBUTE_set1_data|.
3324 attr.reset(X509_ATTRIBUTE_new());
3325 ASSERT_TRUE(attr);
3326 ASSERT_TRUE(
3327 X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
3328 ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), MBSTRING_UTF8, kTest1UTF8,
3329 sizeof(kTest1UTF8)));
3330 check_attribute(attr.get(), /*has_test2=*/false);
3331
3332 // Test the |ASN1_STRING| form of |X509_ATTRIBUTE_set1_data|.
3333 ASSERT_TRUE(X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, kTest2,
3334 sizeof(kTest2)));
3335 check_attribute(attr.get(), /*has_test2=*/true);
3336
3337 // Test the |ASN1_TYPE| form of |X509_ATTRIBUTE_set1_data|.
3338 attr.reset(X509_ATTRIBUTE_new());
3339 ASSERT_TRUE(attr);
3340 ASSERT_TRUE(
3341 X509_ATTRIBUTE_set1_object(attr.get(), OBJ_nid2obj(NID_friendlyName)));
3342 str.reset(ASN1_STRING_type_new(V_ASN1_BMPSTRING));
3343 ASSERT_TRUE(str);
3344 ASSERT_TRUE(ASN1_STRING_set(str.get(), kTest1, sizeof(kTest1)));
3345 ASSERT_TRUE(
3346 X509_ATTRIBUTE_set1_data(attr.get(), V_ASN1_BMPSTRING, str.get(), -1));
3347 check_attribute(attr.get(), /*has_test2=*/false);
3348 }
3349