1 /*
2 * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* Internal tests for the x509 and x509v3 modules */
11
12 #include <stdio.h>
13 #include <string.h>
14
15 #include <openssl/x509.h>
16 #include <openssl/x509v3.h>
17 #include "testutil.h"
18 #include "internal/nelem.h"
19
20 /**********************************************************************
21 *
22 * Test of x509v3
23 *
24 ***/
25
26 #include "../crypto/x509/ext_dat.h"
27 #include "../crypto/x509/standard_exts.h"
28
test_standard_exts(void)29 static int test_standard_exts(void)
30 {
31 size_t i;
32 int prev = -1, good = 1;
33 const X509V3_EXT_METHOD **tmp;
34
35 tmp = standard_exts;
36 for (i = 0; i < OSSL_NELEM(standard_exts); i++, tmp++) {
37 if ((*tmp)->ext_nid < prev)
38 good = 0;
39 prev = (*tmp)->ext_nid;
40 }
41 if (!good) {
42 tmp = standard_exts;
43 TEST_error("Extensions out of order!");
44 for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
45 TEST_note("%d : %s", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
46 }
47 return good;
48 }
49
50 typedef struct {
51 const char *ipasc;
52 const char *data;
53 int length;
54 } IP_TESTDATA;
55
56 static IP_TESTDATA a2i_ipaddress_tests[] = {
57 { "127.0.0.1", "\x7f\x00\x00\x01", 4 },
58 { "1.2.3.4", "\x01\x02\x03\x04", 4 },
59 { "1.2.3.255", "\x01\x02\x03\xff", 4 },
60 { "255.255.255.255", "\xff\xff\xff\xff", 4 },
61
62 { "::", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 },
63 { "::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16 },
64 { "::01", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16 },
65 { "::0001", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16 },
66 { "ffff::", "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 },
67 { "ffff::1", "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16 },
68 { "1::2", "\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02", 16 },
69 { "1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16 },
70 { "2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16 },
71 { "::1.2.3.4", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04", 16 },
72 { "ffff:ffff:ffff:ffff:ffff:ffff:1.2.3.4", "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x02\x03\x04", 16 },
73
74 { "1:1:1:1:1:1:1:1.test", NULL, 0 },
75 { ":::1", NULL, 0 },
76 { "2001::123g", NULL, 0 },
77
78 /* Too few IPv4 components. */
79 { "1", NULL, 0 },
80 { "1.", NULL, 0 },
81 { "1.2", NULL, 0 },
82 { "1.2.", NULL, 0 },
83 { "1.2.3", NULL, 0 },
84 { "1.2.3.", NULL, 0 },
85
86 /* Invalid embedded IPv4 address. */
87 { "::1.2.3", NULL, 0 },
88
89 /* IPv4 literals take the place of two IPv6 components. */
90 { "1:2:3:4:5:6:7:1.2.3.4", NULL, 0 },
91
92 /* '::' should have fewer than 16 components or it is redundant. */
93 { "1:2:3:4:5:6:7::8", NULL, 0 },
94
95 /* Embedded IPv4 addresses must be at the end. */
96 { "::1.2.3.4:1", NULL, 0 },
97
98 /* Too many components. */
99 { "1.2.3.4.5", NULL, 0 },
100 { "1:2:3:4:5:6:7:8:9", NULL, 0 },
101 { "1:2:3:4:5::6:7:8:9", NULL, 0 },
102
103 /* Stray whitespace or other invalid characters. */
104 { "1.2.3.4 ", NULL, 0 },
105 { "1.2.3 .4", NULL, 0 },
106 { "1.2.3. 4", NULL, 0 },
107 { " 1.2.3.4", NULL, 0 },
108 { "1.2.3.4.", NULL, 0 },
109 { "1.2.3.+4", NULL, 0 },
110 { "1.2.3.-4", NULL, 0 },
111 { "1.2.3.4.example.test", NULL, 0 },
112 { "::1 ", NULL, 0 },
113 { " ::1", NULL, 0 },
114 { ":: 1", NULL, 0 },
115 { ": :1", NULL, 0 },
116 { "1.2.3.nope", NULL, 0 },
117 { "::nope", NULL, 0 },
118
119 /* Components too large. */
120 { "1.2.3.256", NULL, 0 }, /* Overflows when adding */
121 { "1.2.3.260", NULL, 0 }, /* Overflows when multiplying by 10 */
122 { "1.2.3.999999999999999999999999999999999999999999", NULL, 0 },
123 { "::fffff", NULL, 0 },
124
125 /* Although not an overflow, more than four hex digits is an error. */
126 { "::00000", NULL, 0 },
127
128 /* Too many colons. */
129 { ":::", NULL, 0 },
130 { "1:::", NULL, 0 },
131 { ":::2", NULL, 0 },
132 { "1:::2", NULL, 0 },
133
134 /* Only one group of zeros may be elided. */
135 { "1::2::3", NULL, 0 },
136
137 /* We only support decimal. */
138 { "1.2.3.01", NULL, 0 },
139 { "1.2.3.0x1", NULL, 0 },
140
141 /* Random garbage. */
142 { "example.test", NULL, 0 },
143 { "", NULL, 0 },
144 { " 1.2.3.4", NULL, 0 },
145 { " 1.2.3.4 ", NULL, 0 },
146 { "1.2.3.4.example.test", NULL, 0 },
147 };
148
test_a2i_ipaddress(int idx)149 static int test_a2i_ipaddress(int idx)
150 {
151 int good = 1;
152 ASN1_OCTET_STRING *ip;
153 int len = a2i_ipaddress_tests[idx].length;
154
155 ip = a2i_IPADDRESS(a2i_ipaddress_tests[idx].ipasc);
156 if (len == 0) {
157 if (!TEST_ptr_null(ip)) {
158 good = 0;
159 TEST_note("'%s' should not be parsed as IP address", a2i_ipaddress_tests[idx].ipasc);
160 }
161 } else {
162 if (!TEST_ptr(ip)
163 || !TEST_int_eq(ASN1_STRING_length(ip), len)
164 || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len,
165 a2i_ipaddress_tests[idx].data, len)) {
166 good = 0;
167 }
168 }
169 ASN1_OCTET_STRING_free(ip);
170 return good;
171 }
172
ck_purp(ossl_unused const X509_PURPOSE * purpose,ossl_unused const X509 * x,int ca)173 static int ck_purp(ossl_unused const X509_PURPOSE *purpose,
174 ossl_unused const X509 *x, int ca)
175 {
176 return 1;
177 }
178
tests_X509_PURPOSE(void)179 static int tests_X509_PURPOSE(void)
180 {
181 OSSL_LIB_CTX *libctx = NULL;
182 int id, idx, *p;
183 X509_PURPOSE *xp;
184
185 #undef LN
186 #define LN "LN_test"
187 #undef SN
188 #define SN "SN_test"
189 #undef ARGS
190 #define ARGS(id, sn) id, X509_TRUST_MAX, 0, ck_purp, LN, sn, NULL
191 return TEST_int_gt((id = X509_PURPOSE_get_unused_id(libctx)), X509_PURPOSE_MAX)
192 && TEST_int_eq(X509_PURPOSE_get_count() + 1, id)
193 && TEST_int_eq(X509_PURPOSE_get_by_id(id), -1)
194 && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), -1)
195
196 /* add new entry with fresh id and fresh sname: */
197 && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN)), 1)
198 && TEST_int_ne((idx = X509_PURPOSE_get_by_sname(SN)), -1)
199 && TEST_int_eq(X509_PURPOSE_get_by_id(id), idx)
200
201 /* overwrite same entry, should be idempotent: */
202 && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN)), 1)
203 && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), idx)
204 && TEST_int_eq(X509_PURPOSE_get_by_id(id), idx)
205
206 /* fail adding entry with same sname but existing conflicting id: */
207 && TEST_int_eq(X509_PURPOSE_add(ARGS(X509_PURPOSE_MAX, SN)), 0)
208 /* fail adding entry with same existing id but conflicting sname: */
209 && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN "_different")), 0)
210
211 && TEST_ptr((xp = X509_PURPOSE_get0(idx)))
212 && TEST_int_eq(X509_PURPOSE_get_id(xp), id)
213 && TEST_str_eq(X509_PURPOSE_get0_name(xp), LN)
214 && TEST_str_eq(X509_PURPOSE_get0_sname(xp), SN)
215 && TEST_int_eq(X509_PURPOSE_get_trust(xp), X509_TRUST_MAX)
216
217 && TEST_int_eq(*(p = &xp->purpose), id)
218 && TEST_int_eq(X509_PURPOSE_set(p, X509_PURPOSE_DEFAULT_ANY), 1)
219 && TEST_int_eq(X509_PURPOSE_get_id(xp), X509_PURPOSE_DEFAULT_ANY);
220 }
221
setup_tests(void)222 int setup_tests(void)
223 {
224 ADD_TEST(test_standard_exts);
225 ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests));
226 ADD_TEST(tests_X509_PURPOSE);
227 return 1;
228 }
229