1 1.1 christos /* 2 1.1 christos * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the OpenSSL license (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <stdio.h> 11 1.1 christos #include <openssl/crypto.h> 12 1.1 christos #include <openssl/bio.h> 13 1.1 christos #include <openssl/x509.h> 14 1.1 christos #include <openssl/x509v3.h> 15 1.1 christos #include <openssl/pem.h> 16 1.1 christos #include <openssl/err.h> 17 1.1 christos #include "testutil.h" 18 1.1 christos 19 1.1 christos static const char *certs_dir; 20 1.1 christos static char *roots_f = NULL; 21 1.1 christos static char *untrusted_f = NULL; 22 1.1 christos static char *bad_f = NULL; 23 1.1 christos static char *good_f = NULL; 24 1.1 christos static char *sroot_cert = NULL; 25 1.1 christos static char *ca_cert = NULL; 26 1.1 christos static char *ee_cert = NULL; 27 1.1 christos 28 1.1 christos static X509 *load_cert_pem(const char *file) 29 1.1 christos { 30 1.1 christos X509 *cert = NULL; 31 1.1 christos BIO *bio = NULL; 32 1.1 christos 33 1.1 christos if (!TEST_ptr(bio = BIO_new(BIO_s_file()))) 34 1.1 christos return NULL; 35 1.1 christos if (TEST_int_gt(BIO_read_filename(bio, file), 0)) 36 1.1 christos (void)TEST_ptr(cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)); 37 1.1 christos 38 1.1 christos BIO_free(bio); 39 1.1 christos return cert; 40 1.1 christos } 41 1.1 christos 42 1.1 christos static STACK_OF(X509) *load_certs_from_file(const char *filename) 43 1.1 christos { 44 1.1 christos STACK_OF(X509) *certs; 45 1.1 christos BIO *bio; 46 1.1 christos X509 *x; 47 1.1 christos 48 1.1 christos bio = BIO_new_file(filename, "r"); 49 1.1 christos 50 1.1 christos if (bio == NULL) { 51 1.1 christos return NULL; 52 1.1 christos } 53 1.1 christos 54 1.1 christos certs = sk_X509_new_null(); 55 1.1 christos if (certs == NULL) { 56 1.1 christos BIO_free(bio); 57 1.1 christos return NULL; 58 1.1 christos } 59 1.1 christos 60 1.1 christos ERR_set_mark(); 61 1.1 christos do { 62 1.1 christos x = PEM_read_bio_X509(bio, NULL, 0, NULL); 63 1.1 christos if (x != NULL && !sk_X509_push(certs, x)) { 64 1.1 christos sk_X509_pop_free(certs, X509_free); 65 1.1 christos BIO_free(bio); 66 1.1 christos return NULL; 67 1.1 christos } else if (x == NULL) { 68 1.1 christos /* 69 1.1 christos * We probably just ran out of certs, so ignore any errors 70 1.1 christos * generated 71 1.1 christos */ 72 1.1 christos ERR_pop_to_mark(); 73 1.1 christos } 74 1.1 christos } while (x != NULL); 75 1.1 christos 76 1.1 christos BIO_free(bio); 77 1.1 christos 78 1.1 christos return certs; 79 1.1 christos } 80 1.1 christos 81 1.1 christos /*- 82 1.1 christos * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) 83 1.1 christos * 84 1.1 christos * Chain is as follows: 85 1.1 christos * 86 1.1 christos * rootCA (self-signed) 87 1.1 christos * | 88 1.1 christos * interCA 89 1.1 christos * | 90 1.1 christos * subinterCA subinterCA (self-signed) 91 1.1 christos * | | 92 1.1 christos * leaf ------------------ 93 1.1 christos * | 94 1.1 christos * bad 95 1.1 christos * 96 1.1 christos * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE 97 1.1 christos * leaf and bad have CA=FALSE 98 1.1 christos * 99 1.1 christos * subinterCA and subinterCA (ss) have the same subject name and keys 100 1.1 christos * 101 1.1 christos * interCA (but not rootCA) and subinterCA (ss) are in the trusted store 102 1.1 christos * (roots.pem) 103 1.1 christos * leaf and subinterCA are in the untrusted list (untrusted.pem) 104 1.1 christos * bad is the certificate being verified (bad.pem) 105 1.1 christos * 106 1.1 christos * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has 107 1.1 christos * CA=FALSE, and will therefore incorrectly verify bad 108 1.1 christos * 109 1.1 christos */ 110 1.1 christos static int test_alt_chains_cert_forgery(void) 111 1.1 christos { 112 1.1 christos int ret = 0; 113 1.1 christos int i; 114 1.1 christos X509 *x = NULL; 115 1.1 christos STACK_OF(X509) *untrusted = NULL; 116 1.1 christos BIO *bio = NULL; 117 1.1 christos X509_STORE_CTX *sctx = NULL; 118 1.1 christos X509_STORE *store = NULL; 119 1.1 christos X509_LOOKUP *lookup = NULL; 120 1.1 christos 121 1.1 christos store = X509_STORE_new(); 122 1.1 christos if (store == NULL) 123 1.1 christos goto err; 124 1.1 christos 125 1.1 christos lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); 126 1.1 christos if (lookup == NULL) 127 1.1 christos goto err; 128 1.1 christos if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM)) 129 1.1 christos goto err; 130 1.1 christos 131 1.1 christos untrusted = load_certs_from_file(untrusted_f); 132 1.1 christos 133 1.1 christos if ((bio = BIO_new_file(bad_f, "r")) == NULL) 134 1.1 christos goto err; 135 1.1 christos 136 1.1 christos if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) 137 1.1 christos goto err; 138 1.1 christos 139 1.1 christos sctx = X509_STORE_CTX_new(); 140 1.1 christos if (sctx == NULL) 141 1.1 christos goto err; 142 1.1 christos 143 1.1 christos if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) 144 1.1 christos goto err; 145 1.1 christos 146 1.1 christos i = X509_verify_cert(sctx); 147 1.1 christos 148 1.1 christos if (i != 0 || X509_STORE_CTX_get_error(sctx) != X509_V_ERR_INVALID_CA) 149 1.1 christos goto err; 150 1.1 christos 151 1.1 christos /* repeat with X509_V_FLAG_X509_STRICT */ 152 1.1 christos X509_STORE_CTX_cleanup(sctx); 153 1.1 christos X509_STORE_set_flags(store, X509_V_FLAG_X509_STRICT); 154 1.1 christos 155 1.1 christos if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) 156 1.1 christos goto err; 157 1.1 christos 158 1.1 christos i = X509_verify_cert(sctx); 159 1.1 christos 160 1.1 christos if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) 161 1.1 christos /* This is the result we were expecting: Test passed */ 162 1.1 christos ret = 1; 163 1.1 christos 164 1.1 christos err: 165 1.1 christos X509_STORE_CTX_free(sctx); 166 1.1 christos X509_free(x); 167 1.1 christos BIO_free(bio); 168 1.1 christos sk_X509_pop_free(untrusted, X509_free); 169 1.1 christos X509_STORE_free(store); 170 1.1 christos return ret; 171 1.1 christos } 172 1.1 christos 173 1.1 christos static int test_store_ctx(void) 174 1.1 christos { 175 1.1 christos X509_STORE_CTX *sctx = NULL; 176 1.1 christos X509 *x = NULL; 177 1.1 christos BIO *bio = NULL; 178 1.1 christos int testresult = 0, ret; 179 1.1 christos 180 1.1 christos bio = BIO_new_file(bad_f, "r"); 181 1.1 christos if (bio == NULL) 182 1.1 christos goto err; 183 1.1 christos 184 1.1 christos x = PEM_read_bio_X509(bio, NULL, 0, NULL); 185 1.1 christos if (x == NULL) 186 1.1 christos goto err; 187 1.1 christos 188 1.1 christos sctx = X509_STORE_CTX_new(); 189 1.1 christos if (sctx == NULL) 190 1.1 christos goto err; 191 1.1 christos 192 1.1 christos if (!X509_STORE_CTX_init(sctx, NULL, x, NULL)) 193 1.1 christos goto err; 194 1.1 christos 195 1.1 christos /* Verifying a cert where we have no trusted certs should fail */ 196 1.1 christos ret = X509_verify_cert(sctx); 197 1.1 christos 198 1.1 christos if (ret == 0) { 199 1.1 christos /* This is the result we were expecting: Test passed */ 200 1.1 christos testresult = 1; 201 1.1 christos } 202 1.1 christos 203 1.1 christos err: 204 1.1 christos X509_STORE_CTX_free(sctx); 205 1.1 christos X509_free(x); 206 1.1 christos BIO_free(bio); 207 1.1 christos return testresult; 208 1.1 christos } 209 1.1 christos 210 1.1 christos static int test_self_signed(const char *filename, int expected) 211 1.1 christos { 212 1.1 christos X509 *cert = load_cert_pem(filename); 213 1.1 christos STACK_OF(X509) *trusted = sk_X509_new_null(); 214 1.1 christos X509_STORE_CTX *ctx = X509_STORE_CTX_new(); 215 1.1 christos int ret; 216 1.1 christos 217 1.1 christos ret = TEST_ptr(cert) 218 1.1 christos && TEST_true(sk_X509_push(trusted, cert)) 219 1.1 christos && TEST_true(X509_STORE_CTX_init(ctx, NULL, cert, NULL)); 220 1.1 christos X509_STORE_CTX_set0_trusted_stack(ctx, trusted); 221 1.1 christos ret = ret && TEST_int_eq(X509_verify_cert(ctx), expected); 222 1.1 christos 223 1.1 christos X509_STORE_CTX_free(ctx); 224 1.1 christos sk_X509_free(trusted); 225 1.1 christos X509_free(cert); 226 1.1 christos return ret; 227 1.1 christos } 228 1.1 christos 229 1.1 christos static int test_self_signed_good(void) 230 1.1 christos { 231 1.1 christos return test_self_signed(good_f, 1); 232 1.1 christos } 233 1.1 christos 234 1.1 christos static int test_self_signed_bad(void) 235 1.1 christos { 236 1.1 christos return test_self_signed(bad_f, 0); 237 1.1 christos } 238 1.1 christos 239 1.1 christos static int do_test_purpose(int purpose, int expected) 240 1.1 christos { 241 1.1 christos X509 *eecert = load_cert_pem(ee_cert); /* may result in NULL */ 242 1.1 christos X509 *untrcert = load_cert_pem(ca_cert); 243 1.1 christos X509 *trcert = load_cert_pem(sroot_cert); 244 1.1 christos STACK_OF(X509) *trusted = sk_X509_new_null(); 245 1.1 christos STACK_OF(X509) *untrusted = sk_X509_new_null(); 246 1.1 christos X509_STORE_CTX *ctx = X509_STORE_CTX_new(); 247 1.1 christos int testresult = 0; 248 1.1 christos 249 1.1 christos if (!TEST_ptr(eecert) 250 1.1 christos || !TEST_ptr(untrcert) 251 1.1 christos || !TEST_ptr(trcert) 252 1.1 christos || !TEST_ptr(trusted) 253 1.1 christos || !TEST_ptr(untrusted) 254 1.1 christos || !TEST_ptr(ctx)) 255 1.1 christos goto err; 256 1.1 christos 257 1.1 christos 258 1.1 christos if (!TEST_true(sk_X509_push(trusted, trcert))) 259 1.1 christos goto err; 260 1.1 christos trcert = NULL; 261 1.1 christos if (!TEST_true(sk_X509_push(untrusted, untrcert))) 262 1.1 christos goto err; 263 1.1 christos untrcert = NULL; 264 1.1 christos 265 1.1 christos if (!TEST_true(X509_STORE_CTX_init(ctx, NULL, eecert, untrusted))) 266 1.1 christos goto err; 267 1.1 christos 268 1.1 christos if (!TEST_true(X509_STORE_CTX_set_purpose(ctx, purpose))) 269 1.1 christos goto err; 270 1.1 christos 271 1.1 christos /* 272 1.1 christos * X509_STORE_CTX_set0_trusted_stack() is bady named. Despite the set0 name 273 1.1 christos * we are still responsible for freeing trusted after we have finished with 274 1.1 christos * it. 275 1.1 christos */ 276 1.1 christos X509_STORE_CTX_set0_trusted_stack(ctx, trusted); 277 1.1 christos 278 1.1 christos if (!TEST_int_eq(X509_verify_cert(ctx), expected)) 279 1.1 christos goto err; 280 1.1 christos 281 1.1 christos testresult = 1; 282 1.1 christos err: 283 1.1 christos sk_X509_pop_free(trusted, X509_free); 284 1.1 christos sk_X509_pop_free(untrusted, X509_free); 285 1.1 christos X509_STORE_CTX_free(ctx); 286 1.1 christos X509_free(eecert); 287 1.1 christos X509_free(untrcert); 288 1.1 christos X509_free(trcert); 289 1.1 christos return testresult; 290 1.1 christos } 291 1.1 christos 292 1.1 christos static int test_purpose_ssl_client(void) 293 1.1 christos { 294 1.1 christos return do_test_purpose(X509_PURPOSE_SSL_CLIENT, 0); 295 1.1 christos } 296 1.1 christos 297 1.1 christos static int test_purpose_ssl_server(void) 298 1.1 christos { 299 1.1 christos return do_test_purpose(X509_PURPOSE_SSL_SERVER, 1); 300 1.1 christos } 301 1.1 christos 302 1.1 christos static int test_purpose_any(void) 303 1.1 christos { 304 1.1 christos return do_test_purpose(X509_PURPOSE_ANY, 1); 305 1.1 christos } 306 1.1 christos 307 1.1 christos int setup_tests(void) 308 1.1 christos { 309 1.1 christos if (!TEST_ptr(certs_dir = test_get_argument(0))) { 310 1.1 christos TEST_error("usage: verify_extra_test certs-dir\n"); 311 1.1 christos return 0; 312 1.1 christos } 313 1.1 christos 314 1.1 christos if (!TEST_ptr(roots_f = test_mk_file_path(certs_dir, "roots.pem")) 315 1.1 christos || !TEST_ptr(untrusted_f = test_mk_file_path(certs_dir, "untrusted.pem")) 316 1.1 christos || !TEST_ptr(bad_f = test_mk_file_path(certs_dir, "bad.pem")) 317 1.1 christos || !TEST_ptr(good_f = test_mk_file_path(certs_dir, "rootCA.pem")) 318 1.1 christos || !TEST_ptr(sroot_cert = test_mk_file_path(certs_dir, "sroot-cert.pem")) 319 1.1 christos || !TEST_ptr(ca_cert = test_mk_file_path(certs_dir, "ca-cert.pem")) 320 1.1 christos || !TEST_ptr(ee_cert = test_mk_file_path(certs_dir, "ee-cert.pem"))) 321 1.1 christos goto err; 322 1.1 christos 323 1.1 christos ADD_TEST(test_alt_chains_cert_forgery); 324 1.1 christos ADD_TEST(test_store_ctx); 325 1.1 christos ADD_TEST(test_self_signed_good); 326 1.1 christos ADD_TEST(test_self_signed_bad); 327 1.1 christos ADD_TEST(test_purpose_ssl_client); 328 1.1 christos ADD_TEST(test_purpose_ssl_server); 329 1.1 christos ADD_TEST(test_purpose_any); 330 1.1 christos return 1; 331 1.1 christos err: 332 1.1 christos cleanup_tests(); 333 1.1 christos return 0; 334 1.1 christos } 335 1.1 christos 336 1.1 christos void cleanup_tests(void) 337 1.1 christos { 338 1.1 christos OPENSSL_free(roots_f); 339 1.1 christos OPENSSL_free(untrusted_f); 340 1.1 christos OPENSSL_free(bad_f); 341 1.1 christos OPENSSL_free(good_f); 342 1.1 christos OPENSSL_free(sroot_cert); 343 1.1 christos OPENSSL_free(ca_cert); 344 1.1 christos OPENSSL_free(ee_cert); 345 1.1 christos } 346
Indexes created Sat Feb 28 05:31:39 UTC 2026