1 /* 2 * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/pem.h> 11 #include <openssl/x509.h> 12 13 #include "testutil.h" 14 15 static char *certsDir = NULL; 16 17 /* 18 * Test for the missing X509 version check discussed in issue #5738 and 19 * added in PR #24677. 20 * This test tries to verify a malformed CSR with the X509 version set 21 * version 6, instead of 1. As this request is malformed, even its 22 * signature is valid, the verification must fail. 23 */ 24 static int test_x509_req_detect_invalid_version(void) 25 { 26 char *certFilePath; 27 BIO *bio = NULL; 28 EVP_PKEY *pkey = NULL; 29 X509_REQ *req = NULL; 30 int ret = 0; 31 32 certFilePath = test_mk_file_path(certsDir, "x509-req-detect-invalid-version.pem"); 33 if (certFilePath == NULL) 34 goto err; 35 if (!TEST_ptr(bio = BIO_new_file(certFilePath, "r"))) 36 goto err; 37 req = PEM_read_bio_X509_REQ(bio, NULL, 0, NULL); 38 if (req == NULL) { 39 ret = 1; /* success, reading PEM with invalid CSR data is allowed to fail. */ 40 goto err; 41 } 42 if (!TEST_ptr(pkey = X509_REQ_get_pubkey(req))) 43 goto err; 44 /* Verification MUST fail at this point. ret != 1. */ 45 if (!TEST_int_ne(X509_REQ_verify(req, pkey), 1)) 46 goto err; 47 ret = 1; /* success */ 48 err: 49 EVP_PKEY_free(pkey); 50 X509_REQ_free(req); 51 BIO_free(bio); 52 OPENSSL_free(certFilePath); 53 return ret; 54 } 55 56 OPT_TEST_DECLARE_USAGE("certdir\n") 57 58 int setup_tests(void) 59 { 60 if (!test_skip_common_options()) { 61 TEST_error("Error parsing test options\n"); 62 return 0; 63 } 64 if (!TEST_ptr(certsDir = test_get_argument(0))) 65 return 0; 66 67 ADD_TEST(test_x509_req_detect_invalid_version); 68 return 1; 69 } 70 71 void cleanup_tests(void) 72 { 73 } 74