1 /* 2 * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* Internal tests for the x509 and x509v3 modules */ 11 12 #include <stdio.h> 13 #include <string.h> 14 15 #include <openssl/x509.h> 16 #include <openssl/x509v3.h> 17 #include "testutil.h" 18 #include "internal/nelem.h" 19 20 /********************************************************************** 21 * 22 * Test of x509v3 23 * 24 ***/ 25 26 #include "../crypto/x509/ext_dat.h" 27 #include "../crypto/x509/standard_exts.h" 28 29 static int test_standard_exts(void) 30 { 31 size_t i; 32 int prev = -1, good = 1; 33 const X509V3_EXT_METHOD **tmp; 34 35 tmp = standard_exts; 36 for (i = 0; i < OSSL_NELEM(standard_exts); i++, tmp++) { 37 if ((*tmp)->ext_nid < prev) 38 good = 0; 39 prev = (*tmp)->ext_nid; 40 41 } 42 if (!good) { 43 tmp = standard_exts; 44 TEST_error("Extensions out of order!"); 45 for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) 46 TEST_note("%d : %s", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); 47 } 48 return good; 49 } 50 51 typedef struct { 52 const char *ipasc; 53 const char *data; 54 int length; 55 } IP_TESTDATA; 56 57 static IP_TESTDATA a2i_ipaddress_tests[] = { 58 {"127.0.0.1", "\x7f\x00\x00\x01", 4}, 59 {"1.2.3.4", "\x01\x02\x03\x04", 4}, 60 {"1.2.3.255", "\x01\x02\x03\xff", 4}, 61 {"255.255.255.255", "\xff\xff\xff\xff", 4}, 62 63 {"::", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16}, 64 {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, 65 {"::01", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, 66 {"::0001", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, 67 {"ffff::", "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16}, 68 {"ffff::1", "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, 69 {"1::2", "\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02", 16}, 70 {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16}, 71 {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16}, 72 {"::1.2.3.4", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04", 16}, 73 {"ffff:ffff:ffff:ffff:ffff:ffff:1.2.3.4", "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x02\x03\x04", 16}, 74 75 {"1:1:1:1:1:1:1:1.test", NULL, 0}, 76 {":::1", NULL, 0}, 77 {"2001::123g", NULL, 0}, 78 79 /* Too few IPv4 components. */ 80 {"1", NULL, 0 }, 81 {"1.", NULL, 0 }, 82 {"1.2", NULL, 0 }, 83 {"1.2.", NULL, 0 }, 84 {"1.2.3", NULL, 0 }, 85 {"1.2.3.", NULL, 0 }, 86 87 /* Invalid embedded IPv4 address. */ 88 {"::1.2.3", NULL, 0 }, 89 90 /* IPv4 literals take the place of two IPv6 components. */ 91 {"1:2:3:4:5:6:7:1.2.3.4", NULL, 0 }, 92 93 /* '::' should have fewer than 16 components or it is redundant. */ 94 {"1:2:3:4:5:6:7::8", NULL, 0 }, 95 96 /* Embedded IPv4 addresses must be at the end. */ 97 {"::1.2.3.4:1", NULL, 0 }, 98 99 /* Too many components. */ 100 {"1.2.3.4.5", NULL, 0 }, 101 {"1:2:3:4:5:6:7:8:9", NULL, 0 }, 102 {"1:2:3:4:5::6:7:8:9", NULL, 0 }, 103 104 /* Stray whitespace or other invalid characters. */ 105 {"1.2.3.4 ", NULL, 0 }, 106 {"1.2.3 .4", NULL, 0 }, 107 {"1.2.3. 4", NULL, 0 }, 108 {" 1.2.3.4", NULL, 0 }, 109 {"1.2.3.4.", NULL, 0 }, 110 {"1.2.3.+4", NULL, 0 }, 111 {"1.2.3.-4", NULL, 0 }, 112 {"1.2.3.4.example.test", NULL, 0 }, 113 {"::1 ", NULL, 0 }, 114 {" ::1", NULL, 0 }, 115 {":: 1", NULL, 0 }, 116 {": :1", NULL, 0 }, 117 {"1.2.3.nope", NULL, 0 }, 118 {"::nope", NULL, 0 }, 119 120 /* Components too large. */ 121 {"1.2.3.256", NULL, 0}, /* Overflows when adding */ 122 {"1.2.3.260", NULL, 0}, /* Overflows when multiplying by 10 */ 123 {"1.2.3.999999999999999999999999999999999999999999", NULL, 0 }, 124 {"::fffff", NULL, 0 }, 125 126 /* Although not an overflow, more than four hex digits is an error. */ 127 {"::00000", NULL, 0 }, 128 129 /* Too many colons. */ 130 {":::", NULL, 0 }, 131 {"1:::", NULL, 0 }, 132 {":::2", NULL, 0 }, 133 {"1:::2", NULL, 0 }, 134 135 /* Only one group of zeros may be elided. */ 136 {"1::2::3", NULL, 0 }, 137 138 /* We only support decimal. */ 139 {"1.2.3.01", NULL, 0 }, 140 {"1.2.3.0x1", NULL, 0 }, 141 142 /* Random garbage. */ 143 {"example.test", NULL, 0 }, 144 {"", NULL, 0}, 145 {" 1.2.3.4", NULL, 0}, 146 {" 1.2.3.4 ", NULL, 0}, 147 {"1.2.3.4.example.test", NULL, 0}, 148 }; 149 150 151 static int test_a2i_ipaddress(int idx) 152 { 153 int good = 1; 154 ASN1_OCTET_STRING *ip; 155 int len = a2i_ipaddress_tests[idx].length; 156 157 ip = a2i_IPADDRESS(a2i_ipaddress_tests[idx].ipasc); 158 if (len == 0) { 159 if (!TEST_ptr_null(ip)) { 160 good = 0; 161 TEST_note("'%s' should not be parsed as IP address", a2i_ipaddress_tests[idx].ipasc); 162 } 163 } else { 164 if (!TEST_ptr(ip) 165 || !TEST_int_eq(ASN1_STRING_length(ip), len) 166 || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len, 167 a2i_ipaddress_tests[idx].data, len)) { 168 good = 0; 169 } 170 } 171 ASN1_OCTET_STRING_free(ip); 172 return good; 173 } 174 175 static int ck_purp(ossl_unused const X509_PURPOSE *purpose, 176 ossl_unused const X509 *x, int ca) 177 { 178 return 1; 179 } 180 181 static int tests_X509_PURPOSE(void) 182 { 183 OSSL_LIB_CTX *libctx = NULL; 184 int id, idx, *p; 185 X509_PURPOSE *xp; 186 187 #undef LN 188 #define LN "LN_test" 189 #undef SN 190 #define SN "SN_test" 191 #undef ARGS 192 #define ARGS(id, sn) id, X509_TRUST_MAX, 0, ck_purp, LN, sn, NULL 193 return TEST_int_gt((id = X509_PURPOSE_get_unused_id(libctx)), X509_PURPOSE_MAX) 194 && TEST_int_eq(X509_PURPOSE_get_count() + 1, id) 195 && TEST_int_eq(X509_PURPOSE_get_by_id(id), -1) 196 && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), -1) 197 198 /* add new entry with fresh id and fresh sname: */ 199 && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN)), 1) 200 && TEST_int_ne((idx = X509_PURPOSE_get_by_sname(SN)), -1) 201 && TEST_int_eq(X509_PURPOSE_get_by_id(id), idx) 202 203 /* overwrite same entry, should be idempotent: */ 204 && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN)), 1) 205 && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), idx) 206 && TEST_int_eq(X509_PURPOSE_get_by_id(id), idx) 207 208 /* fail adding entry with same sname but existing conflicting id: */ 209 && TEST_int_eq(X509_PURPOSE_add(ARGS(X509_PURPOSE_MAX, SN)), 0) 210 /* fail adding entry with same existing id but conflicting sname: */ 211 && TEST_int_eq(X509_PURPOSE_add(ARGS(id, SN"_different")), 0) 212 213 && TEST_ptr((xp = X509_PURPOSE_get0(idx))) 214 && TEST_int_eq(X509_PURPOSE_get_id(xp), id) 215 && TEST_str_eq(X509_PURPOSE_get0_name(xp), LN) 216 && TEST_str_eq(X509_PURPOSE_get0_sname(xp), SN) 217 && TEST_int_eq(X509_PURPOSE_get_trust(xp), X509_TRUST_MAX) 218 219 && TEST_int_eq(*(p = &xp->purpose), id) 220 && TEST_int_eq(X509_PURPOSE_set(p, X509_PURPOSE_DEFAULT_ANY), 1) 221 && TEST_int_eq(X509_PURPOSE_get_id(xp), X509_PURPOSE_DEFAULT_ANY); 222 } 223 224 int setup_tests(void) 225 { 226 ADD_TEST(test_standard_exts); 227 ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests)); 228 ADD_TEST(tests_X509_PURPOSE); 229 return 1; 230 } 231