verify_extra_test.c 8.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341
  1. /*
  2. * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <openssl/crypto.h>
  12. #include <openssl/bio.h>
  13. #include <openssl/x509.h>
  14. #include <openssl/x509v3.h>
  15. #include <openssl/pem.h>
  16. #include <openssl/err.h>
  17. #include "testutil.h"
  18. static const char *certs_dir;
  19. static char *root_f = NULL;
  20. static char *roots_f = NULL;
  21. static char *untrusted_f = NULL;
  22. static char *bad_f = NULL;
  23. static char *req_f = NULL;
  24. static char *sroot_cert = NULL;
  25. static char *ca_cert = NULL;
  26. static char *ee_cert = NULL;
  27. #define load_cert_from_file(file) load_cert_pem(file, NULL)
  28. /*-
  29. * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
  30. *
  31. * Chain is as follows:
  32. *
  33. * rootCA (self-signed)
  34. * |
  35. * interCA
  36. * |
  37. * subinterCA subinterCA (self-signed)
  38. * | |
  39. * leaf ------------------
  40. * |
  41. * bad
  42. *
  43. * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
  44. * leaf and bad have CA=FALSE
  45. *
  46. * subinterCA and subinterCA (ss) have the same subject name and keys
  47. *
  48. * interCA (but not rootCA) and subinterCA (ss) are in the trusted store
  49. * (roots.pem)
  50. * leaf and subinterCA are in the untrusted list (untrusted.pem)
  51. * bad is the certificate being verified (bad.pem)
  52. *
  53. * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
  54. * CA=FALSE, and will therefore incorrectly verify bad
  55. *
  56. */
  57. static int test_alt_chains_cert_forgery(void)
  58. {
  59. int ret = 0;
  60. int i;
  61. X509 *x = NULL;
  62. STACK_OF(X509) *untrusted = NULL;
  63. X509_STORE_CTX *sctx = NULL;
  64. X509_STORE *store = NULL;
  65. X509_LOOKUP *lookup = NULL;
  66. store = X509_STORE_new();
  67. if (store == NULL)
  68. goto err;
  69. lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
  70. if (lookup == NULL)
  71. goto err;
  72. if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
  73. goto err;
  74. untrusted = load_certs_pem(untrusted_f);
  75. if ((x = load_cert_from_file(bad_f)) == NULL)
  76. goto err;
  77. sctx = X509_STORE_CTX_new();
  78. if (sctx == NULL)
  79. goto err;
  80. if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
  81. goto err;
  82. i = X509_verify_cert(sctx);
  83. if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
  84. /* This is the result we were expecting: Test passed */
  85. ret = 1;
  86. }
  87. err:
  88. X509_STORE_CTX_free(sctx);
  89. X509_free(x);
  90. OSSL_STACK_OF_X509_free(untrusted);
  91. X509_STORE_free(store);
  92. return ret;
  93. }
  94. static int test_distinguishing_id(void)
  95. {
  96. X509 *x = NULL;
  97. int ret = 0;
  98. ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
  99. char *distid = "this is an ID";
  100. x = load_cert_from_file(bad_f);
  101. if (x == NULL)
  102. goto err;
  103. v = ASN1_OCTET_STRING_new();
  104. if (v == NULL)
  105. goto err;
  106. if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
  107. (int)strlen(distid))) {
  108. ASN1_OCTET_STRING_free(v);
  109. goto err;
  110. }
  111. X509_set0_distinguishing_id(x, v);
  112. v2 = X509_get0_distinguishing_id(x);
  113. if (!TEST_ptr(v2)
  114. || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
  115. goto err;
  116. ret = 1;
  117. err:
  118. X509_free(x);
  119. return ret;
  120. }
  121. static int test_req_distinguishing_id(void)
  122. {
  123. X509_REQ *x = NULL;
  124. BIO *bio = NULL;
  125. int ret = 0;
  126. ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
  127. char *distid = "this is an ID";
  128. bio = BIO_new_file(req_f, "r");
  129. if (bio == NULL)
  130. goto err;
  131. x = PEM_read_bio_X509_REQ(bio, NULL, 0, NULL);
  132. if (x == NULL)
  133. goto err;
  134. v = ASN1_OCTET_STRING_new();
  135. if (v == NULL)
  136. goto err;
  137. if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
  138. (int)strlen(distid))) {
  139. ASN1_OCTET_STRING_free(v);
  140. goto err;
  141. }
  142. X509_REQ_set0_distinguishing_id(x, v);
  143. v2 = X509_REQ_get0_distinguishing_id(x);
  144. if (!TEST_ptr(v2)
  145. || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
  146. goto err;
  147. ret = 1;
  148. err:
  149. X509_REQ_free(x);
  150. BIO_free(bio);
  151. return ret;
  152. }
  153. static int test_self_signed(const char *filename, int use_trusted, int expected)
  154. {
  155. X509 *cert = load_cert_from_file(filename); /* may result in NULL */
  156. STACK_OF(X509) *trusted = sk_X509_new_null();
  157. X509_STORE_CTX *ctx = X509_STORE_CTX_new();
  158. int ret;
  159. ret = TEST_int_eq(X509_self_signed(cert, 1), expected);
  160. if (cert != NULL) {
  161. if (use_trusted)
  162. ret = ret && TEST_true(sk_X509_push(trusted, cert));
  163. ret = ret && TEST_true(X509_STORE_CTX_init(ctx, NULL, cert, NULL));
  164. X509_STORE_CTX_set0_trusted_stack(ctx, trusted);
  165. ret = ret && TEST_int_eq(X509_verify_cert(ctx), expected);
  166. }
  167. X509_STORE_CTX_free(ctx);
  168. sk_X509_free(trusted);
  169. X509_free(cert);
  170. return ret;
  171. }
  172. static int test_self_signed_good(void)
  173. {
  174. return test_self_signed(root_f, 1, 1);
  175. }
  176. static int test_self_signed_bad(void)
  177. {
  178. return test_self_signed(bad_f, 1, 0);
  179. }
  180. static int test_self_signed_error(void)
  181. {
  182. return test_self_signed("nonexistent file name", 1, -1);
  183. }
  184. static int test_store_ctx(void)
  185. {
  186. /* Verifying a cert where we have no trusted certs should fail */
  187. return test_self_signed(bad_f, 0, 0);
  188. }
  189. static int do_test_purpose(int purpose, int expected)
  190. {
  191. X509 *eecert = load_cert_from_file(ee_cert); /* may result in NULL */
  192. X509 *untrcert = load_cert_from_file(ca_cert);
  193. X509 *trcert = load_cert_from_file(sroot_cert);
  194. STACK_OF(X509) *trusted = sk_X509_new_null();
  195. STACK_OF(X509) *untrusted = sk_X509_new_null();
  196. X509_STORE_CTX *ctx = X509_STORE_CTX_new();
  197. int testresult = 0;
  198. if (!TEST_ptr(eecert)
  199. || !TEST_ptr(untrcert)
  200. || !TEST_ptr(trcert)
  201. || !TEST_ptr(trusted)
  202. || !TEST_ptr(untrusted)
  203. || !TEST_ptr(ctx))
  204. goto err;
  205. if (!TEST_true(sk_X509_push(trusted, trcert)))
  206. goto err;
  207. trcert = NULL;
  208. if (!TEST_true(sk_X509_push(untrusted, untrcert)))
  209. goto err;
  210. untrcert = NULL;
  211. if (!TEST_true(X509_STORE_CTX_init(ctx, NULL, eecert, untrusted)))
  212. goto err;
  213. if (!TEST_true(X509_STORE_CTX_set_purpose(ctx, purpose)))
  214. goto err;
  215. /*
  216. * X509_STORE_CTX_set0_trusted_stack() is bady named. Despite the set0 name
  217. * we are still responsible for freeing trusted after we have finished with
  218. * it.
  219. */
  220. X509_STORE_CTX_set0_trusted_stack(ctx, trusted);
  221. if (!TEST_int_eq(X509_verify_cert(ctx), expected))
  222. goto err;
  223. testresult = 1;
  224. err:
  225. OSSL_STACK_OF_X509_free(trusted);
  226. OSSL_STACK_OF_X509_free(untrusted);
  227. X509_STORE_CTX_free(ctx);
  228. X509_free(eecert);
  229. X509_free(untrcert);
  230. X509_free(trcert);
  231. return testresult;
  232. }
  233. static int test_purpose_ssl_client(void)
  234. {
  235. return do_test_purpose(X509_PURPOSE_SSL_CLIENT, 0);
  236. }
  237. static int test_purpose_ssl_server(void)
  238. {
  239. return do_test_purpose(X509_PURPOSE_SSL_SERVER, 1);
  240. }
  241. static int test_purpose_any(void)
  242. {
  243. return do_test_purpose(X509_PURPOSE_ANY, 1);
  244. }
  245. OPT_TEST_DECLARE_USAGE("certs-dir\n")
  246. int setup_tests(void)
  247. {
  248. if (!test_skip_common_options()) {
  249. TEST_error("Error parsing test options\n");
  250. return 0;
  251. }
  252. if (!TEST_ptr(certs_dir = test_get_argument(0)))
  253. return 0;
  254. if (!TEST_ptr(root_f = test_mk_file_path(certs_dir, "rootCA.pem"))
  255. || !TEST_ptr(roots_f = test_mk_file_path(certs_dir, "roots.pem"))
  256. || !TEST_ptr(untrusted_f = test_mk_file_path(certs_dir, "untrusted.pem"))
  257. || !TEST_ptr(bad_f = test_mk_file_path(certs_dir, "bad.pem"))
  258. || !TEST_ptr(req_f = test_mk_file_path(certs_dir, "sm2-csr.pem"))
  259. || !TEST_ptr(sroot_cert = test_mk_file_path(certs_dir, "sroot-cert.pem"))
  260. || !TEST_ptr(ca_cert = test_mk_file_path(certs_dir, "ca-cert.pem"))
  261. || !TEST_ptr(ee_cert = test_mk_file_path(certs_dir, "ee-cert.pem")))
  262. goto err;
  263. ADD_TEST(test_alt_chains_cert_forgery);
  264. ADD_TEST(test_store_ctx);
  265. ADD_TEST(test_distinguishing_id);
  266. ADD_TEST(test_req_distinguishing_id);
  267. ADD_TEST(test_self_signed_good);
  268. ADD_TEST(test_self_signed_bad);
  269. ADD_TEST(test_self_signed_error);
  270. ADD_TEST(test_purpose_ssl_client);
  271. ADD_TEST(test_purpose_ssl_server);
  272. ADD_TEST(test_purpose_any);
  273. return 1;
  274. err:
  275. cleanup_tests();
  276. return 0;
  277. }
  278. void cleanup_tests(void)
  279. {
  280. OPENSSL_free(root_f);
  281. OPENSSL_free(roots_f);
  282. OPENSSL_free(untrusted_f);
  283. OPENSSL_free(bad_f);
  284. OPENSSL_free(req_f);
  285. OPENSSL_free(sroot_cert);
  286. OPENSSL_free(ca_cert);
  287. OPENSSL_free(ee_cert);
  288. }