verify_extra_test.c 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
  1. /*
  2. * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <openssl/crypto.h>
  12. #include <openssl/bio.h>
  13. #include <openssl/x509.h>
  14. #include <openssl/pem.h>
  15. #include <openssl/err.h>
  16. #include "testutil.h"
  17. static const char *roots_f;
  18. static const char *untrusted_f;
  19. static const char *bad_f;
  20. static const char *req_f;
  21. static STACK_OF(X509) *load_certs_from_file(const char *filename)
  22. {
  23. STACK_OF(X509) *certs;
  24. BIO *bio;
  25. X509 *x;
  26. bio = BIO_new_file(filename, "r");
  27. if (bio == NULL) {
  28. return NULL;
  29. }
  30. certs = sk_X509_new_null();
  31. if (certs == NULL) {
  32. BIO_free(bio);
  33. return NULL;
  34. }
  35. ERR_set_mark();
  36. do {
  37. x = PEM_read_bio_X509(bio, NULL, 0, NULL);
  38. if (x != NULL && !sk_X509_push(certs, x)) {
  39. sk_X509_pop_free(certs, X509_free);
  40. BIO_free(bio);
  41. return NULL;
  42. } else if (x == NULL) {
  43. /*
  44. * We probably just ran out of certs, so ignore any errors
  45. * generated
  46. */
  47. ERR_pop_to_mark();
  48. }
  49. } while (x != NULL);
  50. BIO_free(bio);
  51. return certs;
  52. }
  53. /*
  54. * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
  55. *
  56. * Chain is as follows:
  57. *
  58. * rootCA (self-signed)
  59. * |
  60. * interCA
  61. * |
  62. * subinterCA subinterCA (self-signed)
  63. * | |
  64. * leaf ------------------
  65. * |
  66. * bad
  67. *
  68. * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
  69. * leaf and bad have CA=FALSE
  70. *
  71. * subinterCA and subinterCA (ss) have the same subject name and keys
  72. *
  73. * interCA (but not rootCA) and subinterCA (ss) are in the trusted store
  74. * (roots.pem)
  75. * leaf and subinterCA are in the untrusted list (untrusted.pem)
  76. * bad is the certificate being verified (bad.pem)
  77. *
  78. * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
  79. * CA=FALSE, and will therefore incorrectly verify bad
  80. *
  81. */
  82. static int test_alt_chains_cert_forgery(void)
  83. {
  84. int ret = 0;
  85. int i;
  86. X509 *x = NULL;
  87. STACK_OF(X509) *untrusted = NULL;
  88. BIO *bio = NULL;
  89. X509_STORE_CTX *sctx = NULL;
  90. X509_STORE *store = NULL;
  91. X509_LOOKUP *lookup = NULL;
  92. store = X509_STORE_new();
  93. if (store == NULL)
  94. goto err;
  95. lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
  96. if (lookup == NULL)
  97. goto err;
  98. if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
  99. goto err;
  100. untrusted = load_certs_from_file(untrusted_f);
  101. if ((bio = BIO_new_file(bad_f, "r")) == NULL)
  102. goto err;
  103. if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
  104. goto err;
  105. sctx = X509_STORE_CTX_new();
  106. if (sctx == NULL)
  107. goto err;
  108. if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
  109. goto err;
  110. i = X509_verify_cert(sctx);
  111. if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) {
  112. /* This is the result we were expecting: Test passed */
  113. ret = 1;
  114. }
  115. err:
  116. X509_STORE_CTX_free(sctx);
  117. X509_free(x);
  118. BIO_free(bio);
  119. sk_X509_pop_free(untrusted, X509_free);
  120. X509_STORE_free(store);
  121. return ret;
  122. }
  123. static int test_store_ctx(void)
  124. {
  125. X509_STORE_CTX *sctx = NULL;
  126. X509 *x = NULL;
  127. BIO *bio = NULL;
  128. int testresult = 0, ret;
  129. bio = BIO_new_file(bad_f, "r");
  130. if (bio == NULL)
  131. goto err;
  132. x = PEM_read_bio_X509(bio, NULL, 0, NULL);
  133. if (x == NULL)
  134. goto err;
  135. sctx = X509_STORE_CTX_new();
  136. if (sctx == NULL)
  137. goto err;
  138. if (!X509_STORE_CTX_init(sctx, NULL, x, NULL))
  139. goto err;
  140. /* Verifying a cert where we have no trusted certs should fail */
  141. ret = X509_verify_cert(sctx);
  142. if (ret == 0) {
  143. /* This is the result we were expecting: Test passed */
  144. testresult = 1;
  145. }
  146. err:
  147. X509_STORE_CTX_free(sctx);
  148. X509_free(x);
  149. BIO_free(bio);
  150. return testresult;
  151. }
  152. OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
  153. static int test_distinguishing_id(void)
  154. {
  155. X509 *x = NULL;
  156. BIO *bio = NULL;
  157. int ret = 0;
  158. ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
  159. char *distid = "this is an ID";
  160. bio = BIO_new_file(bad_f, "r");
  161. if (bio == NULL)
  162. goto err;
  163. x = PEM_read_bio_X509(bio, NULL, 0, NULL);
  164. if (x == NULL)
  165. goto err;
  166. v = ASN1_OCTET_STRING_new();
  167. if (v == NULL)
  168. goto err;
  169. if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
  170. (int)strlen(distid))) {
  171. ASN1_OCTET_STRING_free(v);
  172. goto err;
  173. }
  174. X509_set0_distinguishing_id(x, v);
  175. v2 = X509_get0_distinguishing_id(x);
  176. if (!TEST_ptr(v2)
  177. || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
  178. goto err;
  179. ret = 1;
  180. err:
  181. X509_free(x);
  182. BIO_free(bio);
  183. return ret;
  184. }
  185. static int test_req_distinguishing_id(void)
  186. {
  187. X509_REQ *x = NULL;
  188. BIO *bio = NULL;
  189. int ret = 0;
  190. ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
  191. char *distid = "this is an ID";
  192. bio = BIO_new_file(req_f, "r");
  193. if (bio == NULL)
  194. goto err;
  195. x = PEM_read_bio_X509_REQ(bio, NULL, 0, NULL);
  196. if (x == NULL)
  197. goto err;
  198. v = ASN1_OCTET_STRING_new();
  199. if (v == NULL)
  200. goto err;
  201. if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
  202. (int)strlen(distid))) {
  203. ASN1_OCTET_STRING_free(v);
  204. goto err;
  205. }
  206. X509_REQ_set0_distinguishing_id(x, v);
  207. v2 = X509_REQ_get0_distinguishing_id(x);
  208. if (!TEST_ptr(v2)
  209. || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
  210. goto err;
  211. ret = 1;
  212. err:
  213. X509_REQ_free(x);
  214. BIO_free(bio);
  215. return ret;
  216. }
  217. int setup_tests(void)
  218. {
  219. if (!test_skip_common_options()) {
  220. TEST_error("Error parsing test options\n");
  221. return 0;
  222. }
  223. if (!TEST_ptr(roots_f = test_get_argument(0))
  224. || !TEST_ptr(untrusted_f = test_get_argument(1))
  225. || !TEST_ptr(bad_f = test_get_argument(2))
  226. || !TEST_ptr(req_f = test_get_argument(3)))
  227. return 0;
  228. ADD_TEST(test_alt_chains_cert_forgery);
  229. ADD_TEST(test_store_ctx);
  230. ADD_TEST(test_distinguishing_id);
  231. ADD_TEST(test_req_distinguishing_id);
  232. return 1;
  233. }