1 /*
2 * Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11
12 #include <openssl/e_os2.h>
13 #include <openssl/x509.h>
14 #include <openssl/x509v3.h>
15 #include "internal/nelem.h"
16 #include "testutil.h"
17
18 static const char *const names[] = {
19 "a", "b", ".", "*", "@",
20 ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",
21 "-example.com", "example-.com",
22 "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com",
23 "*@example.com", "test@*.example.com", "example.com", "www.example.com",
24 "test.www.example.com", "*.example.com", "*.www.example.com",
25 "test.*.example.com", "www.*.com",
26 ".www.example.com", "*www.example.com",
27 "example.net", "xn--rger-koa.example.com",
28 "*.xn--rger-koa.example.com", "www.xn--rger-koa.example.com",
29 "*.good--example.com", "www.good--example.com",
30 "*.xn--bar.com", "xn--foo.xn--bar.com",
31 "a.example.com", "b.example.com",
32 "postmaster@example.com", "Postmaster@example.com",
33 "postmaster@EXAMPLE.COM",
34 NULL
35 };
36
37 static const char *const exceptions[] = {
38 "set CN: host: [*.example.com] matches [a.example.com]",
39 "set CN: host: [*.example.com] matches [b.example.com]",
40 "set CN: host: [*.example.com] matches [www.example.com]",
41 "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]",
42 "set CN: host: [*.www.example.com] matches [test.www.example.com]",
43 "set CN: host: [*.www.example.com] matches [.www.example.com]",
44 "set CN: host: [*www.example.com] matches [www.example.com]",
45 "set CN: host: [test.www.example.com] matches [.www.example.com]",
46 "set CN: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]",
47 "set CN: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]",
48 "set CN: host: [*.good--example.com] matches [www.good--example.com]",
49 "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]",
50 "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]",
51 "set emailAddress: email: [postmaster@example.com] does not match [Postmaster@example.com]",
52 "set emailAddress: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]",
53 "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@example.com]",
54 "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]",
55 "set dnsName: host: [*.example.com] matches [www.example.com]",
56 "set dnsName: host: [*.example.com] matches [a.example.com]",
57 "set dnsName: host: [*.example.com] matches [b.example.com]",
58 "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]",
59 "set dnsName: host: [*.www.example.com] matches [test.www.example.com]",
60 "set dnsName: host-no-wildcards: [*.www.example.com] matches [.www.example.com]",
61 "set dnsName: host-no-wildcards: [test.www.example.com] matches [.www.example.com]",
62 "set dnsName: host: [*.www.example.com] matches [.www.example.com]",
63 "set dnsName: host: [*www.example.com] matches [www.example.com]",
64 "set dnsName: host: [test.www.example.com] matches [.www.example.com]",
65 "set dnsName: host: [*.xn--rger-koa.example.com] matches [www.xn--rger-koa.example.com]",
66 "set dnsName: host: [*.xn--bar.com] matches [xn--foo.xn--bar.com]",
67 "set dnsName: host: [*.good--example.com] matches [www.good--example.com]",
68 "set rfc822Name: email: [postmaster@example.com] does not match [Postmaster@example.com]",
69 "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@example.com]",
70 "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]",
71 "set rfc822Name: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]",
72 NULL
73 };
74
is_exception(const char * msg)75 static int is_exception(const char *msg)
76 {
77 const char *const *p;
78
79 for (p = exceptions; *p; ++p)
80 if (strcmp(msg, *p) == 0)
81 return 1;
82 return 0;
83 }
84
set_cn(X509 * crt,...)85 static int set_cn(X509 *crt, ...)
86 {
87 int ret = 0;
88 X509_NAME *n = NULL;
89 va_list ap;
90
91 va_start(ap, crt);
92 n = X509_NAME_new();
93 if (n == NULL)
94 goto out;
95
96 while (1) {
97 int nid;
98 const char *name;
99
100 nid = va_arg(ap, int);
101 if (nid == 0)
102 break;
103 name = va_arg(ap, const char *);
104 if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC,
105 (unsigned char *)name, -1, -1, 1))
106 goto out;
107 }
108 if (!X509_set_subject_name(crt, n))
109 goto out;
110 ret = 1;
111 out:
112 X509_NAME_free(n);
113 va_end(ap);
114 return ret;
115 }
116
117 /*-
118 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
119 X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
120 int nid, int crit, ASN1_OCTET_STRING *data);
121 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
122 */
123
set_altname(X509 * crt,...)124 static int set_altname(X509 *crt, ...)
125 {
126 int ret = 0;
127 GENERAL_NAMES *gens = NULL;
128 GENERAL_NAME *gen = NULL;
129 ASN1_IA5STRING *ia5 = NULL;
130 va_list ap;
131 va_start(ap, crt);
132 gens = sk_GENERAL_NAME_new_null();
133 if (gens == NULL)
134 goto out;
135 while (1) {
136 int type;
137 const char *name;
138 type = va_arg(ap, int);
139 if (type == 0)
140 break;
141 name = va_arg(ap, const char *);
142
143 gen = GENERAL_NAME_new();
144 if (gen == NULL)
145 goto out;
146 ia5 = ASN1_IA5STRING_new();
147 if (ia5 == NULL)
148 goto out;
149 if (!ASN1_STRING_set(ia5, name, -1))
150 goto out;
151 switch (type) {
152 case GEN_EMAIL:
153 case GEN_DNS:
154 GENERAL_NAME_set0_value(gen, type, ia5);
155 ia5 = NULL;
156 break;
157 default:
158 abort();
159 }
160 if (!sk_GENERAL_NAME_push(gens, gen))
161 goto out;
162 gen = NULL;
163 }
164 if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0))
165 goto out;
166 ret = 1;
167 out:
168 ASN1_IA5STRING_free(ia5);
169 GENERAL_NAME_free(gen);
170 GENERAL_NAMES_free(gens);
171 va_end(ap);
172 return ret;
173 }
174
set_cn1(X509 * crt,const char * name)175 static int set_cn1(X509 *crt, const char *name)
176 {
177 return set_cn(crt, NID_commonName, name, 0);
178 }
179
set_cn_and_email(X509 * crt,const char * name)180 static int set_cn_and_email(X509 *crt, const char *name)
181 {
182 return set_cn(crt, NID_commonName, name,
183 NID_pkcs9_emailAddress, "dummy@example.com", 0);
184 }
185
set_cn2(X509 * crt,const char * name)186 static int set_cn2(X509 *crt, const char *name)
187 {
188 return set_cn(crt, NID_commonName, "dummy value",
189 NID_commonName, name, 0);
190 }
191
set_cn3(X509 * crt,const char * name)192 static int set_cn3(X509 *crt, const char *name)
193 {
194 return set_cn(crt, NID_commonName, name,
195 NID_commonName, "dummy value", 0);
196 }
197
set_email1(X509 * crt,const char * name)198 static int set_email1(X509 *crt, const char *name)
199 {
200 return set_cn(crt, NID_pkcs9_emailAddress, name, 0);
201 }
202
set_email2(X509 * crt,const char * name)203 static int set_email2(X509 *crt, const char *name)
204 {
205 return set_cn(crt, NID_pkcs9_emailAddress, "dummy@example.com",
206 NID_pkcs9_emailAddress, name, 0);
207 }
208
set_email3(X509 * crt,const char * name)209 static int set_email3(X509 *crt, const char *name)
210 {
211 return set_cn(crt, NID_pkcs9_emailAddress, name,
212 NID_pkcs9_emailAddress, "dummy@example.com", 0);
213 }
214
set_email_and_cn(X509 * crt,const char * name)215 static int set_email_and_cn(X509 *crt, const char *name)
216 {
217 return set_cn(crt, NID_pkcs9_emailAddress, name,
218 NID_commonName, "www.example.org", 0);
219 }
220
set_altname_dns(X509 * crt,const char * name)221 static int set_altname_dns(X509 *crt, const char *name)
222 {
223 return set_altname(crt, GEN_DNS, name, 0);
224 }
225
set_altname_email(X509 * crt,const char * name)226 static int set_altname_email(X509 *crt, const char *name)
227 {
228 return set_altname(crt, GEN_EMAIL, name, 0);
229 }
230
231 struct set_name_fn {
232 int (*fn)(X509 *, const char *);
233 const char *name;
234 int host;
235 int email;
236 };
237
238 static const struct set_name_fn name_fns[] = {
239 { set_cn1, "set CN", 1, 0 },
240 { set_cn2, "set CN", 1, 0 },
241 { set_cn3, "set CN", 1, 0 },
242 { set_cn_and_email, "set CN", 1, 0 },
243 { set_email1, "set emailAddress", 0, 1 },
244 { set_email2, "set emailAddress", 0, 1 },
245 { set_email3, "set emailAddress", 0, 1 },
246 { set_email_and_cn, "set emailAddress", 0, 1 },
247 { set_altname_dns, "set dnsName", 1, 0 },
248 { set_altname_email, "set rfc822Name", 0, 1 },
249 };
250
make_cert(void)251 static X509 *make_cert(void)
252 {
253 X509 *crt = NULL;
254
255 if (!TEST_ptr(crt = X509_new()))
256 return NULL;
257 if (!TEST_true(X509_set_version(crt, X509_VERSION_3))) {
258 X509_free(crt);
259 return NULL;
260 }
261 return crt;
262 }
263
check_message(const struct set_name_fn * fn,const char * op,const char * nameincert,int match,const char * name)264 static int check_message(const struct set_name_fn *fn, const char *op,
265 const char *nameincert, int match, const char *name)
266 {
267 char msg[1024];
268
269 if (match < 0)
270 return 1;
271 BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
272 fn->name, op, nameincert,
273 match ? "matches" : "does not match", name);
274 if (is_exception(msg))
275 return 1;
276 TEST_error("%s", msg);
277 return 0;
278 }
279
run_cert(X509 * crt,const char * nameincert,const struct set_name_fn * fn)280 static int run_cert(X509 *crt, const char *nameincert,
281 const struct set_name_fn *fn)
282 {
283 const char *const *pname = names;
284 int failed = 0;
285
286 for (; *pname != NULL; ++pname) {
287 int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0;
288 size_t namelen = strlen(*pname);
289 char *name = OPENSSL_malloc(namelen + 1);
290 int match, ret;
291
292 if (!TEST_ptr(name))
293 return 0;
294 memcpy(name, *pname, namelen + 1);
295
296 match = -1;
297 if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL),
298 0)) {
299 failed = 1;
300 } else if (fn->host) {
301 if (ret == 1 && !samename)
302 match = 1;
303 if (ret == 0 && samename)
304 match = 0;
305 } else if (ret == 1)
306 match = 1;
307 if (!TEST_true(check_message(fn, "host", nameincert, match, *pname)))
308 failed = 1;
309
310 match = -1;
311 if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen,
312 X509_CHECK_FLAG_NO_WILDCARDS,
313 NULL),
314 0)) {
315 failed = 1;
316 } else if (fn->host) {
317 if (ret == 1 && !samename)
318 match = 1;
319 if (ret == 0 && samename)
320 match = 0;
321 } else if (ret == 1)
322 match = 1;
323 if (!TEST_true(check_message(fn, "host-no-wildcards",
324 nameincert, match, *pname)))
325 failed = 1;
326
327 match = -1;
328 ret = X509_check_email(crt, name, namelen, 0);
329 if (fn->email) {
330 if (ret && !samename)
331 match = 1;
332 if (!ret && samename && strchr(nameincert, '@') != NULL)
333 match = 0;
334 } else if (ret)
335 match = 1;
336 if (!TEST_true(check_message(fn, "email", nameincert, match, *pname)))
337 failed = 1;
338 OPENSSL_free(name);
339 }
340
341 return failed == 0;
342 }
343
call_run_cert(int i)344 static int call_run_cert(int i)
345 {
346 int failed = 0;
347 const struct set_name_fn *pfn = &name_fns[i];
348 X509 *crt;
349 const char *const *pname;
350
351 TEST_info("%s", pfn->name);
352 for (pname = names; *pname != NULL; pname++) {
353 if (!TEST_ptr(crt = make_cert())
354 || !TEST_true(pfn->fn(crt, *pname))
355 || !run_cert(crt, *pname, pfn))
356 failed = 1;
357 X509_free(crt);
358 }
359 return failed == 0;
360 }
361
362 static struct gennamedata {
363 const unsigned char der[22];
364 size_t derlen;
365 } gennames[] = {
366 { /*
367 * [0] {
368 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
369 * [0] {
370 * SEQUENCE {}
371 * }
372 * }
373 */
374 {
375 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
376 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 },
377 21 },
378 { /*
379 * [0] {
380 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
381 * [0] {
382 * [APPLICATION 0] {}
383 * }
384 * }
385 */
386 {
387 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
388 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 },
389 21 },
390 { /*
391 * [0] {
392 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
393 * [0] {
394 * UTF8String { "a" }
395 * }
396 * }
397 */
398 {
399 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
400 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 },
401 22 },
402 { /*
403 * [0] {
404 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
405 * [0] {
406 * UTF8String { "a" }
407 * }
408 * }
409 */
410 {
411 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
412 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 },
413 22 },
414 { /*
415 * [0] {
416 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
417 * [0] {
418 * UTF8String { "b" }
419 * }
420 * }
421 */
422 {
423 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
424 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 },
425 22 },
426 { /*
427 * [0] {
428 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
429 * [0] {
430 * BOOLEAN { TRUE }
431 * }
432 * }
433 */
434 {
435 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
436 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff },
437 22 },
438 { /*
439 * [0] {
440 * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
441 * [0] {
442 * BOOLEAN { FALSE }
443 * }
444 * }
445 */
446 {
447 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
448 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 },
449 22 },
450 { /* [1 PRIMITIVE] { "a" } */
451 {
452 0x81, 0x01, 0x61 },
453 3 },
454 { /* [1 PRIMITIVE] { "b" } */
455 {
456 0x81, 0x01, 0x62 },
457 3 },
458 { /* [2 PRIMITIVE] { "a" } */
459 {
460 0x82, 0x01, 0x61 },
461 3 },
462 { /* [2 PRIMITIVE] { "b" } */
463 {
464 0x82, 0x01, 0x62 },
465 3 },
466 { /*
467 * [4] {
468 * SEQUENCE {
469 * SET {
470 * SEQUENCE {
471 * # commonName
472 * OBJECT_IDENTIFIER { 2.5.4.3 }
473 * UTF8String { "a" }
474 * }
475 * }
476 * }
477 * }
478 */
479 {
480 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
481 0x04, 0x03, 0x0c, 0x01, 0x61 },
482 16 },
483 { /*
484 * [4] {
485 * SEQUENCE {
486 * SET {
487 * SEQUENCE {
488 * # commonName
489 * OBJECT_IDENTIFIER { 2.5.4.3 }
490 * UTF8String { "b" }
491 * }
492 * }
493 * }
494 * }
495 */
496 {
497 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
498 0x04, 0x03, 0x0c, 0x01, 0x62 },
499 16 },
500 { /*
501 * [5] {
502 * [1] {
503 * UTF8String { "a" }
504 * }
505 * }
506 */
507 {
508 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 },
509 7 },
510 { /*
511 * [5] {
512 * [1] {
513 * UTF8String { "b" }
514 * }
515 * }
516 */
517 {
518 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 },
519 7 },
520 { /*
521 * [5] {
522 * [0] {
523 * UTF8String {}
524 * }
525 * [1] {
526 * UTF8String { "a" }
527 * }
528 * }
529 */
530 {
531 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 },
532 11 },
533 { /*
534 * [5] {
535 * [0] {
536 * UTF8String { "a" }
537 * }
538 * [1] {
539 * UTF8String { "a" }
540 * }
541 * }
542 */
543 {
544 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
545 0x61 },
546 12 },
547 { /*
548 * [5] {
549 * [0] {
550 * UTF8String { "b" }
551 * }
552 * [1] {
553 * UTF8String { "a" }
554 * }
555 * }
556 */
557 {
558 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
559 0x61 },
560 12 },
561 { /* [6 PRIMITIVE] { "a" } */
562 {
563 0x86, 0x01, 0x61 },
564 3 },
565 { /* [6 PRIMITIVE] { "b" } */
566 {
567 0x86, 0x01, 0x62 },
568 3 },
569 { /* [7 PRIMITIVE] { `11111111` } */
570 {
571 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 },
572 6 },
573 { /* [7 PRIMITIVE] { `22222222`} */
574 {
575 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 },
576 6 },
577 { /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
578 {
579 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
580 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
581 18 },
582 { /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
583 {
584 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
585 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
586 18 },
587 { /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
588 {
589 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
590 0xb7, 0x09, 0x02, 0x01 },
591 15 },
592 { /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
593 {
594 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
595 0xb7, 0x09, 0x02, 0x02 },
596 15 },
597 { /*
598 * Regression test for CVE-2023-0286.
599 */
600 {
601 0xa3, 0x00 },
602 2 }
603 };
604
test_GENERAL_NAME_cmp(void)605 static int test_GENERAL_NAME_cmp(void)
606 {
607 size_t i, j;
608 GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
609 * OSSL_NELEM(gennames));
610 GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
611 * OSSL_NELEM(gennames));
612 int testresult = 0;
613
614 if (!TEST_ptr(namesa) || !TEST_ptr(namesb))
615 goto end;
616
617 for (i = 0; i < OSSL_NELEM(gennames); i++) {
618 const unsigned char *derp = gennames[i].der;
619
620 /*
621 * We create two versions of each GENERAL_NAME so that we ensure when
622 * we compare them they are always different pointers.
623 */
624 namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
625 derp = gennames[i].der;
626 namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
627 if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i]))
628 goto end;
629 }
630
631 /* Every name should be equal to itself and not equal to any others. */
632 for (i = 0; i < OSSL_NELEM(gennames); i++) {
633 for (j = 0; j < OSSL_NELEM(gennames); j++) {
634 if (i == j) {
635 if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
636 goto end;
637 } else {
638 if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
639 goto end;
640 }
641 }
642 }
643 testresult = 1;
644
645 end:
646 for (i = 0; i < OSSL_NELEM(gennames); i++) {
647 if (namesa != NULL)
648 GENERAL_NAME_free(namesa[i]);
649 if (namesb != NULL)
650 GENERAL_NAME_free(namesb[i]);
651 }
652 OPENSSL_free(namesa);
653 OPENSSL_free(namesb);
654
655 return testresult;
656 }
657
setup_tests(void)658 int setup_tests(void)
659 {
660 ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns));
661 ADD_TEST(test_GENERAL_NAME_cmp);
662 return 1;
663 }
664