v3nametest.c revision 1.1
1 1.1 christos /* 2 1.1 christos * Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <string.h> 11 1.1 christos 12 1.1 christos #include <openssl/e_os2.h> 13 1.1 christos #include <openssl/x509.h> 14 1.1 christos #include <openssl/x509v3.h> 15 1.1 christos #include "internal/nelem.h" 16 1.1 christos #include "testutil.h" 17 1.1 christos 18 1.1 christos static const char *const names[] = { 19 1.1 christos "a", "b", ".", "*", "@", 20 1.1 christos ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", 21 1.1 christos "-example.com", "example-.com", 22 1.1 christos "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com", 23 1.1 christos "*@example.com", "test@*.example.com", "example.com", "www.example.com", 24 1.1 christos "test.www.example.com", "*.example.com", "*.www.example.com", 25 1.1 christos "test.*.example.com", "www.*.com", 26 1.1 christos ".www.example.com", "*www.example.com", 27 1.1 christos "example.net", "xn--rger-koa.example.com", 28 1.1 christos "*.xn--rger-koa.example.com", "www.xn--rger-koa.example.com", 29 1.1 christos "*.good--example.com", "www.good--example.com", 30 1.1 christos "*.xn--bar.com", "xn--foo.xn--bar.com", 31 1.1 christos "a.example.com", "b.example.com", 32 1.1 christos "postmaster (at) example.com", "Postmaster (at) example.com", 33 1.1 christos "postmaster (at) EXAMPLE.COM", 34 1.1 christos NULL 35 1.1 christos }; 36 1.1 christos 37 1.1 christos static const char *const exceptions[] = { 38 1.1 christos "set CN: host: [*.example.com] matches [a.example.com]", 39 1.1 christos "set CN: host: [*.example.com] matches [b.example.com]", 40 1.1 christos "set CN: host: [*.example.com] matches [www.example.com]", 41 1.1 christos "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]", 42 1.1 christos "set CN: host: [*.www.example.com] matches [test.www.example.com]", 43 1.1 christos "set CN: host: [*.www.example.com] matches [.www.example.com]", 44 1.1 christos "set CN: host: [*www.example.com] matches [www.example.com]", 45 1.1 christos "set CN: host: [test.www.example.com] matches [.www.example.com]", 46 1.1 christos "set CN: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]", 47 1.1 christos "set CN: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]", 48 1.1 christos "set CN: host: [*.good--example.com] matches [www.good--example.com]", 49 1.1 christos "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", 50 1.1 christos "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", 51 1.1 christos "set emailAddress: email: [postmaster (at) example.com] does not match [Postmaster (at) example.com]", 52 1.1 christos "set emailAddress: email: [postmaster (at) EXAMPLE.COM] does not match [Postmaster (at) example.com]", 53 1.1 christos "set emailAddress: email: [Postmaster (at) example.com] does not match [postmaster (at) example.com]", 54 1.1 christos "set emailAddress: email: [Postmaster (at) example.com] does not match [postmaster (at) EXAMPLE.COM]", 55 1.1 christos "set dnsName: host: [*.example.com] matches [www.example.com]", 56 1.1 christos "set dnsName: host: [*.example.com] matches [a.example.com]", 57 1.1 christos "set dnsName: host: [*.example.com] matches [b.example.com]", 58 1.1 christos "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]", 59 1.1 christos "set dnsName: host: [*.www.example.com] matches [test.www.example.com]", 60 1.1 christos "set dnsName: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", 61 1.1 christos "set dnsName: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", 62 1.1 christos "set dnsName: host: [*.www.example.com] matches [.www.example.com]", 63 1.1 christos "set dnsName: host: [*www.example.com] matches [www.example.com]", 64 1.1 christos "set dnsName: host: [test.www.example.com] matches [.www.example.com]", 65 1.1 christos "set dnsName: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]", 66 1.1 christos "set dnsName: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]", 67 1.1 christos "set dnsName: host: [*.good--example.com] matches [www.good--example.com]", 68 1.1 christos "set rfc822Name: email: [postmaster (at) example.com] does not match [Postmaster (at) example.com]", 69 1.1 christos "set rfc822Name: email: [Postmaster (at) example.com] does not match [postmaster (at) example.com]", 70 1.1 christos "set rfc822Name: email: [Postmaster (at) example.com] does not match [postmaster (at) EXAMPLE.COM]", 71 1.1 christos "set rfc822Name: email: [postmaster (at) EXAMPLE.COM] does not match [Postmaster (at) example.com]", 72 1.1 christos NULL 73 1.1 christos }; 74 1.1 christos 75 1.1 christos static int is_exception(const char *msg) 76 1.1 christos { 77 1.1 christos const char *const *p; 78 1.1 christos 79 1.1 christos for (p = exceptions; *p; ++p) 80 1.1 christos if (strcmp(msg, *p) == 0) 81 1.1 christos return 1; 82 1.1 christos return 0; 83 1.1 christos } 84 1.1 christos 85 1.1 christos static int set_cn(X509 *crt, ...) 86 1.1 christos { 87 1.1 christos int ret = 0; 88 1.1 christos X509_NAME *n = NULL; 89 1.1 christos va_list ap; 90 1.1 christos 91 1.1 christos va_start(ap, crt); 92 1.1 christos n = X509_NAME_new(); 93 1.1 christos if (n == NULL) 94 1.1 christos goto out; 95 1.1 christos 96 1.1 christos while (1) { 97 1.1 christos int nid; 98 1.1 christos const char *name; 99 1.1 christos 100 1.1 christos nid = va_arg(ap, int); 101 1.1 christos if (nid == 0) 102 1.1 christos break; 103 1.1 christos name = va_arg(ap, const char *); 104 1.1 christos if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, 105 1.1 christos (unsigned char *)name, -1, -1, 1)) 106 1.1 christos goto out; 107 1.1 christos } 108 1.1 christos if (!X509_set_subject_name(crt, n)) 109 1.1 christos goto out; 110 1.1 christos ret = 1; 111 1.1 christos out: 112 1.1 christos X509_NAME_free(n); 113 1.1 christos va_end(ap); 114 1.1 christos return ret; 115 1.1 christos } 116 1.1 christos 117 1.1 christos /*- 118 1.1 christos int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 119 1.1 christos X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, 120 1.1 christos int nid, int crit, ASN1_OCTET_STRING *data); 121 1.1 christos int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 122 1.1 christos */ 123 1.1 christos 124 1.1 christos static int set_altname(X509 *crt, ...) 125 1.1 christos { 126 1.1 christos int ret = 0; 127 1.1 christos GENERAL_NAMES *gens = NULL; 128 1.1 christos GENERAL_NAME *gen = NULL; 129 1.1 christos ASN1_IA5STRING *ia5 = NULL; 130 1.1 christos va_list ap; 131 1.1 christos va_start(ap, crt); 132 1.1 christos gens = sk_GENERAL_NAME_new_null(); 133 1.1 christos if (gens == NULL) 134 1.1 christos goto out; 135 1.1 christos while (1) { 136 1.1 christos int type; 137 1.1 christos const char *name; 138 1.1 christos type = va_arg(ap, int); 139 1.1 christos if (type == 0) 140 1.1 christos break; 141 1.1 christos name = va_arg(ap, const char *); 142 1.1 christos 143 1.1 christos gen = GENERAL_NAME_new(); 144 1.1 christos if (gen == NULL) 145 1.1 christos goto out; 146 1.1 christos ia5 = ASN1_IA5STRING_new(); 147 1.1 christos if (ia5 == NULL) 148 1.1 christos goto out; 149 1.1 christos if (!ASN1_STRING_set(ia5, name, -1)) 150 1.1 christos goto out; 151 1.1 christos switch (type) { 152 1.1 christos case GEN_EMAIL: 153 1.1 christos case GEN_DNS: 154 1.1 christos GENERAL_NAME_set0_value(gen, type, ia5); 155 1.1 christos ia5 = NULL; 156 1.1 christos break; 157 1.1 christos default: 158 1.1 christos abort(); 159 1.1 christos } 160 1.1 christos if (!sk_GENERAL_NAME_push(gens, gen)) 161 1.1 christos goto out; 162 1.1 christos gen = NULL; 163 1.1 christos } 164 1.1 christos if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0)) 165 1.1 christos goto out; 166 1.1 christos ret = 1; 167 1.1 christos out: 168 1.1 christos ASN1_IA5STRING_free(ia5); 169 1.1 christos GENERAL_NAME_free(gen); 170 1.1 christos GENERAL_NAMES_free(gens); 171 1.1 christos va_end(ap); 172 1.1 christos return ret; 173 1.1 christos } 174 1.1 christos 175 1.1 christos static int set_cn1(X509 *crt, const char *name) 176 1.1 christos { 177 1.1 christos return set_cn(crt, NID_commonName, name, 0); 178 1.1 christos } 179 1.1 christos 180 1.1 christos static int set_cn_and_email(X509 *crt, const char *name) 181 1.1 christos { 182 1.1 christos return set_cn(crt, NID_commonName, name, 183 1.1 christos NID_pkcs9_emailAddress, "dummy (at) example.com", 0); 184 1.1 christos } 185 1.1 christos 186 1.1 christos static int set_cn2(X509 *crt, const char *name) 187 1.1 christos { 188 1.1 christos return set_cn(crt, NID_commonName, "dummy value", 189 1.1 christos NID_commonName, name, 0); 190 1.1 christos } 191 1.1 christos 192 1.1 christos static int set_cn3(X509 *crt, const char *name) 193 1.1 christos { 194 1.1 christos return set_cn(crt, NID_commonName, name, 195 1.1 christos NID_commonName, "dummy value", 0); 196 1.1 christos } 197 1.1 christos 198 1.1 christos static int set_email1(X509 *crt, const char *name) 199 1.1 christos { 200 1.1 christos return set_cn(crt, NID_pkcs9_emailAddress, name, 0); 201 1.1 christos } 202 1.1 christos 203 1.1 christos static int set_email2(X509 *crt, const char *name) 204 1.1 christos { 205 1.1 christos return set_cn(crt, NID_pkcs9_emailAddress, "dummy (at) example.com", 206 1.1 christos NID_pkcs9_emailAddress, name, 0); 207 1.1 christos } 208 1.1 christos 209 1.1 christos static int set_email3(X509 *crt, const char *name) 210 1.1 christos { 211 1.1 christos return set_cn(crt, NID_pkcs9_emailAddress, name, 212 1.1 christos NID_pkcs9_emailAddress, "dummy (at) example.com", 0); 213 1.1 christos } 214 1.1 christos 215 1.1 christos static int set_email_and_cn(X509 *crt, const char *name) 216 1.1 christos { 217 1.1 christos return set_cn(crt, NID_pkcs9_emailAddress, name, 218 1.1 christos NID_commonName, "www.example.org", 0); 219 1.1 christos } 220 1.1 christos 221 1.1 christos static int set_altname_dns(X509 *crt, const char *name) 222 1.1 christos { 223 1.1 christos return set_altname(crt, GEN_DNS, name, 0); 224 1.1 christos } 225 1.1 christos 226 1.1 christos static int set_altname_email(X509 *crt, const char *name) 227 1.1 christos { 228 1.1 christos return set_altname(crt, GEN_EMAIL, name, 0); 229 1.1 christos } 230 1.1 christos 231 1.1 christos struct set_name_fn { 232 1.1 christos int (*fn) (X509 *, const char *); 233 1.1 christos const char *name; 234 1.1 christos int host; 235 1.1 christos int email; 236 1.1 christos }; 237 1.1 christos 238 1.1 christos static const struct set_name_fn name_fns[] = { 239 1.1 christos {set_cn1, "set CN", 1, 0}, 240 1.1 christos {set_cn2, "set CN", 1, 0}, 241 1.1 christos {set_cn3, "set CN", 1, 0}, 242 1.1 christos {set_cn_and_email, "set CN", 1, 0}, 243 1.1 christos {set_email1, "set emailAddress", 0, 1}, 244 1.1 christos {set_email2, "set emailAddress", 0, 1}, 245 1.1 christos {set_email3, "set emailAddress", 0, 1}, 246 1.1 christos {set_email_and_cn, "set emailAddress", 0, 1}, 247 1.1 christos {set_altname_dns, "set dnsName", 1, 0}, 248 1.1 christos {set_altname_email, "set rfc822Name", 0, 1}, 249 1.1 christos }; 250 1.1 christos 251 1.1 christos static X509 *make_cert(void) 252 1.1 christos { 253 1.1 christos X509 *crt = NULL; 254 1.1 christos 255 1.1 christos if (!TEST_ptr(crt = X509_new())) 256 1.1 christos return NULL; 257 1.1 christos if (!TEST_true(X509_set_version(crt, X509_VERSION_3))) { 258 1.1 christos X509_free(crt); 259 1.1 christos return NULL; 260 1.1 christos } 261 1.1 christos return crt; 262 1.1 christos } 263 1.1 christos 264 1.1 christos static int check_message(const struct set_name_fn *fn, const char *op, 265 1.1 christos const char *nameincert, int match, const char *name) 266 1.1 christos { 267 1.1 christos char msg[1024]; 268 1.1 christos 269 1.1 christos if (match < 0) 270 1.1 christos return 1; 271 1.1 christos BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]", 272 1.1 christos fn->name, op, nameincert, 273 1.1 christos match ? "matches" : "does not match", name); 274 1.1 christos if (is_exception(msg)) 275 1.1 christos return 1; 276 1.1 christos TEST_error("%s", msg); 277 1.1 christos return 0; 278 1.1 christos } 279 1.1 christos 280 1.1 christos static int run_cert(X509 *crt, const char *nameincert, 281 1.1 christos const struct set_name_fn *fn) 282 1.1 christos { 283 1.1 christos const char *const *pname = names; 284 1.1 christos int failed = 0; 285 1.1 christos 286 1.1 christos for (; *pname != NULL; ++pname) { 287 1.1 christos int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0; 288 1.1 christos size_t namelen = strlen(*pname); 289 1.1 christos char *name = OPENSSL_malloc(namelen + 1); 290 1.1 christos int match, ret; 291 1.1 christos 292 1.1 christos if (!TEST_ptr(name)) 293 1.1 christos return 0; 294 1.1 christos memcpy(name, *pname, namelen + 1); 295 1.1 christos 296 1.1 christos match = -1; 297 1.1 christos if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL), 298 1.1 christos 0)) { 299 1.1 christos failed = 1; 300 1.1 christos } else if (fn->host) { 301 1.1 christos if (ret == 1 && !samename) 302 1.1 christos match = 1; 303 1.1 christos if (ret == 0 && samename) 304 1.1 christos match = 0; 305 1.1 christos } else if (ret == 1) 306 1.1 christos match = 1; 307 1.1 christos if (!TEST_true(check_message(fn, "host", nameincert, match, *pname))) 308 1.1 christos failed = 1; 309 1.1 christos 310 1.1 christos match = -1; 311 1.1 christos if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 312 1.1 christos X509_CHECK_FLAG_NO_WILDCARDS, 313 1.1 christos NULL), 0)) { 314 1.1 christos failed = 1; 315 1.1 christos } else if (fn->host) { 316 1.1 christos if (ret == 1 && !samename) 317 1.1 christos match = 1; 318 1.1 christos if (ret == 0 && samename) 319 1.1 christos match = 0; 320 1.1 christos } else if (ret == 1) 321 1.1 christos match = 1; 322 1.1 christos if (!TEST_true(check_message(fn, "host-no-wildcards", 323 1.1 christos nameincert, match, *pname))) 324 1.1 christos failed = 1; 325 1.1 christos 326 1.1 christos match = -1; 327 1.1 christos ret = X509_check_email(crt, name, namelen, 0); 328 1.1 christos if (fn->email) { 329 1.1 christos if (ret && !samename) 330 1.1 christos match = 1; 331 1.1 christos if (!ret && samename && strchr(nameincert, '@') != NULL) 332 1.1 christos match = 0; 333 1.1 christos } else if (ret) 334 1.1 christos match = 1; 335 1.1 christos if (!TEST_true(check_message(fn, "email", nameincert, match, *pname))) 336 1.1 christos failed = 1; 337 1.1 christos OPENSSL_free(name); 338 1.1 christos } 339 1.1 christos 340 1.1 christos return failed == 0; 341 1.1 christos } 342 1.1 christos 343 1.1 christos static int call_run_cert(int i) 344 1.1 christos { 345 1.1 christos int failed = 0; 346 1.1 christos const struct set_name_fn *pfn = &name_fns[i]; 347 1.1 christos X509 *crt; 348 1.1 christos const char *const *pname; 349 1.1 christos 350 1.1 christos TEST_info("%s", pfn->name); 351 1.1 christos for (pname = names; *pname != NULL; pname++) { 352 1.1 christos if (!TEST_ptr(crt = make_cert()) 353 1.1 christos || !TEST_true(pfn->fn(crt, *pname)) 354 1.1 christos || !run_cert(crt, *pname, pfn)) 355 1.1 christos failed = 1; 356 1.1 christos X509_free(crt); 357 1.1 christos } 358 1.1 christos return failed == 0; 359 1.1 christos } 360 1.1 christos 361 1.1 christos static struct gennamedata { 362 1.1 christos const unsigned char der[22]; 363 1.1 christos size_t derlen; 364 1.1 christos } gennames[] = { 365 1.1 christos { 366 1.1 christos /* 367 1.1 christos * [0] { 368 1.1 christos * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 369 1.1 christos * [0] { 370 1.1 christos * SEQUENCE {} 371 1.1 christos * } 372 1.1 christos * } 373 1.1 christos */ 374 1.1 christos { 375 1.1 christos 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 376 1.1 christos 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 377 1.1 christos }, 378 1.1 christos 21 379 1.1 christos }, { 380 1.1 christos /* 381 1.1 christos * [0] { 382 1.1 christos * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 383 1.1 christos * [0] { 384 1.1 christos * [APPLICATION 0] {} 385 1.1 christos * } 386 1.1 christos * } 387 1.1 christos */ 388 1.1 christos { 389 1.1 christos 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 390 1.1 christos 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 391 1.1 christos }, 392 1.1 christos 21 393 1.1 christos }, { 394 1.1 christos /* 395 1.1 christos * [0] { 396 1.1 christos * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 397 1.1 christos * [0] { 398 1.1 christos * UTF8String { "a" } 399 1.1 christos * } 400 1.1 christos * } 401 1.1 christos */ 402 1.1 christos { 403 1.1 christos 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 404 1.1 christos 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 405 1.1 christos }, 406 1.1 christos 22 407 1.1 christos }, { 408 1.1 christos /* 409 1.1 christos * [0] { 410 1.1 christos * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } 411 1.1 christos * [0] { 412 1.1 christos * UTF8String { "a" } 413 1.1 christos * } 414 1.1 christos * } 415 1.1 christos */ 416 1.1 christos { 417 1.1 christos 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 418 1.1 christos 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 419 1.1 christos }, 420 1.1 christos 22 421 1.1 christos }, { 422 1.1 christos /* 423 1.1 christos * [0] { 424 1.1 christos * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 425 1.1 christos * [0] { 426 1.1 christos * UTF8String { "b" } 427 1.1 christos * } 428 1.1 christos * } 429 1.1 christos */ 430 1.1 christos { 431 1.1 christos 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 432 1.1 christos 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 433 1.1 christos }, 434 1.1 christos 22 435 1.1 christos }, { 436 1.1 christos /* 437 1.1 christos * [0] { 438 1.1 christos * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 439 1.1 christos * [0] { 440 1.1 christos * BOOLEAN { TRUE } 441 1.1 christos * } 442 1.1 christos * } 443 1.1 christos */ 444 1.1 christos { 445 1.1 christos 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 446 1.1 christos 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff 447 1.1 christos }, 448 1.1 christos 22 449 1.1 christos }, { 450 1.1 christos /* 451 1.1 christos * [0] { 452 1.1 christos * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } 453 1.1 christos * [0] { 454 1.1 christos * BOOLEAN { FALSE } 455 1.1 christos * } 456 1.1 christos * } 457 1.1 christos */ 458 1.1 christos { 459 1.1 christos 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 460 1.1 christos 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 461 1.1 christos }, 462 1.1 christos 22 463 1.1 christos }, { 464 1.1 christos /* [1 PRIMITIVE] { "a" } */ 465 1.1 christos { 466 1.1 christos 0x81, 0x01, 0x61 467 1.1 christos }, 468 1.1 christos 3 469 1.1 christos }, { 470 1.1 christos /* [1 PRIMITIVE] { "b" } */ 471 1.1 christos { 472 1.1 christos 0x81, 0x01, 0x62 473 1.1 christos }, 474 1.1 christos 3 475 1.1 christos }, { 476 1.1 christos /* [2 PRIMITIVE] { "a" } */ 477 1.1 christos { 478 1.1 christos 0x82, 0x01, 0x61 479 1.1 christos }, 480 1.1 christos 3 481 1.1 christos }, { 482 1.1 christos /* [2 PRIMITIVE] { "b" } */ 483 1.1 christos { 484 1.1 christos 0x82, 0x01, 0x62 485 1.1 christos }, 486 1.1 christos 3 487 1.1 christos }, { 488 1.1 christos /* 489 1.1 christos * [4] { 490 1.1 christos * SEQUENCE { 491 1.1 christos * SET { 492 1.1 christos * SEQUENCE { 493 1.1 christos * # commonName 494 1.1 christos * OBJECT_IDENTIFIER { 2.5.4.3 } 495 1.1 christos * UTF8String { "a" } 496 1.1 christos * } 497 1.1 christos * } 498 1.1 christos * } 499 1.1 christos * } 500 1.1 christos */ 501 1.1 christos { 502 1.1 christos 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 503 1.1 christos 0x04, 0x03, 0x0c, 0x01, 0x61 504 1.1 christos }, 505 1.1 christos 16 506 1.1 christos }, { 507 1.1 christos /* 508 1.1 christos * [4] { 509 1.1 christos * SEQUENCE { 510 1.1 christos * SET { 511 1.1 christos * SEQUENCE { 512 1.1 christos * # commonName 513 1.1 christos * OBJECT_IDENTIFIER { 2.5.4.3 } 514 1.1 christos * UTF8String { "b" } 515 1.1 christos * } 516 1.1 christos * } 517 1.1 christos * } 518 1.1 christos * } 519 1.1 christos */ 520 1.1 christos { 521 1.1 christos 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, 522 1.1 christos 0x04, 0x03, 0x0c, 0x01, 0x62 523 1.1 christos }, 524 1.1 christos 16 525 1.1 christos }, { 526 1.1 christos /* 527 1.1 christos * [5] { 528 1.1 christos * [1] { 529 1.1 christos * UTF8String { "a" } 530 1.1 christos * } 531 1.1 christos * } 532 1.1 christos */ 533 1.1 christos { 534 1.1 christos 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 535 1.1 christos }, 536 1.1 christos 7 537 1.1 christos }, { 538 1.1 christos /* 539 1.1 christos * [5] { 540 1.1 christos * [1] { 541 1.1 christos * UTF8String { "b" } 542 1.1 christos * } 543 1.1 christos * } 544 1.1 christos */ 545 1.1 christos { 546 1.1 christos 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 547 1.1 christos }, 548 1.1 christos 7 549 1.1 christos }, { 550 1.1 christos /* 551 1.1 christos * [5] { 552 1.1 christos * [0] { 553 1.1 christos * UTF8String {} 554 1.1 christos * } 555 1.1 christos * [1] { 556 1.1 christos * UTF8String { "a" } 557 1.1 christos * } 558 1.1 christos * } 559 1.1 christos */ 560 1.1 christos { 561 1.1 christos 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 562 1.1 christos }, 563 1.1 christos 11 564 1.1 christos }, { 565 1.1 christos /* 566 1.1 christos * [5] { 567 1.1 christos * [0] { 568 1.1 christos * UTF8String { "a" } 569 1.1 christos * } 570 1.1 christos * [1] { 571 1.1 christos * UTF8String { "a" } 572 1.1 christos * } 573 1.1 christos * } 574 1.1 christos */ 575 1.1 christos { 576 1.1 christos 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, 577 1.1 christos 0x61 578 1.1 christos }, 579 1.1 christos 12 580 1.1 christos }, { 581 1.1 christos /* 582 1.1 christos * [5] { 583 1.1 christos * [0] { 584 1.1 christos * UTF8String { "b" } 585 1.1 christos * } 586 1.1 christos * [1] { 587 1.1 christos * UTF8String { "a" } 588 1.1 christos * } 589 1.1 christos * } 590 1.1 christos */ 591 1.1 christos { 592 1.1 christos 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, 593 1.1 christos 0x61 594 1.1 christos }, 595 1.1 christos 12 596 1.1 christos }, { 597 1.1 christos /* [6 PRIMITIVE] { "a" } */ 598 1.1 christos { 599 1.1 christos 0x86, 0x01, 0x61 600 1.1 christos }, 601 1.1 christos 3 602 1.1 christos }, { 603 1.1 christos /* [6 PRIMITIVE] { "b" } */ 604 1.1 christos { 605 1.1 christos 0x86, 0x01, 0x62 606 1.1 christos }, 607 1.1 christos 3 608 1.1 christos }, { 609 1.1 christos /* [7 PRIMITIVE] { `11111111` } */ 610 1.1 christos { 611 1.1 christos 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 612 1.1 christos }, 613 1.1 christos 6 614 1.1 christos }, { 615 1.1 christos /* [7 PRIMITIVE] { `22222222`} */ 616 1.1 christos { 617 1.1 christos 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 618 1.1 christos }, 619 1.1 christos 6 620 1.1 christos }, { 621 1.1 christos /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ 622 1.1 christos { 623 1.1 christos 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 624 1.1 christos 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 625 1.1 christos }, 626 1.1 christos 18 627 1.1 christos }, { 628 1.1 christos /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ 629 1.1 christos { 630 1.1 christos 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 631 1.1 christos 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 632 1.1 christos }, 633 1.1 christos 18 634 1.1 christos }, { 635 1.1 christos /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ 636 1.1 christos { 637 1.1 christos 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 638 1.1 christos 0xb7, 0x09, 0x02, 0x01 639 1.1 christos }, 640 1.1 christos 15 641 1.1 christos }, { 642 1.1 christos /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ 643 1.1 christos { 644 1.1 christos 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 645 1.1 christos 0xb7, 0x09, 0x02, 0x02 646 1.1 christos }, 647 1.1 christos 15 648 1.1 christos }, { 649 1.1 christos /* 650 1.1 christos * Regression test for CVE-2023-0286. 651 1.1 christos */ 652 1.1 christos { 653 1.1 christos 0xa3, 0x00 654 1.1 christos }, 655 1.1 christos 2 656 1.1 christos } 657 1.1 christos }; 658 1.1 christos 659 1.1 christos static int test_GENERAL_NAME_cmp(void) 660 1.1 christos { 661 1.1 christos size_t i, j; 662 1.1 christos GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa) 663 1.1 christos * OSSL_NELEM(gennames)); 664 1.1 christos GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb) 665 1.1 christos * OSSL_NELEM(gennames)); 666 1.1 christos int testresult = 0; 667 1.1 christos 668 1.1 christos if (!TEST_ptr(namesa) || !TEST_ptr(namesb)) 669 1.1 christos goto end; 670 1.1 christos 671 1.1 christos for (i = 0; i < OSSL_NELEM(gennames); i++) { 672 1.1 christos const unsigned char *derp = gennames[i].der; 673 1.1 christos 674 1.1 christos /* 675 1.1 christos * We create two versions of each GENERAL_NAME so that we ensure when 676 1.1 christos * we compare them they are always different pointers. 677 1.1 christos */ 678 1.1 christos namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); 679 1.1 christos derp = gennames[i].der; 680 1.1 christos namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); 681 1.1 christos if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i])) 682 1.1 christos goto end; 683 1.1 christos } 684 1.1 christos 685 1.1 christos /* Every name should be equal to itself and not equal to any others. */ 686 1.1 christos for (i = 0; i < OSSL_NELEM(gennames); i++) { 687 1.1 christos for (j = 0; j < OSSL_NELEM(gennames); j++) { 688 1.1 christos if (i == j) { 689 1.1 christos if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0)) 690 1.1 christos goto end; 691 1.1 christos } else { 692 1.1 christos if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0)) 693 1.1 christos goto end; 694 1.1 christos } 695 1.1 christos } 696 1.1 christos } 697 1.1 christos testresult = 1; 698 1.1 christos 699 1.1 christos end: 700 1.1 christos for (i = 0; i < OSSL_NELEM(gennames); i++) { 701 1.1 christos if (namesa != NULL) 702 1.1 christos GENERAL_NAME_free(namesa[i]); 703 1.1 christos if (namesb != NULL) 704 1.1 christos GENERAL_NAME_free(namesb[i]); 705 1.1 christos } 706 1.1 christos OPENSSL_free(namesa); 707 1.1 christos OPENSSL_free(namesb); 708 1.1 christos 709 1.1 christos return testresult; 710 1.1 christos } 711 1.1 christos 712 1.1 christos int setup_tests(void) 713 1.1 christos { 714 1.1 christos ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns)); 715 1.1 christos ADD_TEST(test_GENERAL_NAME_cmp); 716 1.1 christos return 1; 717 1.1 christos } 718
Indexes created Sun Mar 01 05:31:48 UTC 2026