wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 20:02:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
100d765b0c333ec00a111ce7c19be6f1bf4070a5
wolfssl/tests/api/test_ossl_x509.c
Kareem 7d04a53a6c Update X509_get_default_cert_* stubs to return empty strings. 
According to the documentation, these functions must return static strings, so NULL was not valid.

Fixes #6474.
2025-12-26 15:26:05 -07:00

1691 lines
70 KiB
C
Raw Blame History

/* test_ossl_x509.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <tests/unit.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#include <wolfssl/ssl.h>
#include <wolfssl/internal.h>
#include <tests/api/api.h>
#include <tests/api/test_ossl_x509.h>
int test_x509_get_key_id(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509 *x509 = NULL;
const ASN1_STRING* str = NULL;
byte* keyId = NULL;
byte keyIdData[32];
int len;
ExpectNotNull(x509 = wolfSSL_X509_new());
len = (int)sizeof(keyIdData);
ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len));
ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL));
ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len));
wolfSSL_X509_free(x509);
x509 = NULL;
ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile,
WOLFSSL_FILETYPE_PEM));
ExpectNotNull(str = X509_get0_subject_key_id(x509));
ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL));
ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL));
ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
ASN1_STRING_length(str));
ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL));
ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
ASN1_STRING_length(str));
len = (int)sizeof(keyIdData);
ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len));
ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
ASN1_STRING_length(str));
ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len));
ExpectIntEQ(len, ASN1_STRING_length(str));
ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str),
ASN1_STRING_length(str));
ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str),
ASN1_STRING_length(str));
ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL));
ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL));
ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL));
len = (int)sizeof(keyIdData);
ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len));
ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len));
ExpectIntEQ(len, 20);
X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_get_version(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
WOLFSSL_X509 *x509 = NULL;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
WOLFSSL_FILETYPE_PEM));
ExpectIntEQ((int)wolfSSL_X509_get_version(x509), 2);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_cmp_time(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
&& !defined(USER_TIME) && !defined(TIME_OVERRIDES)
WOLFSSL_ASN1_TIME asn_time;
time_t t;
ExpectIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t));
XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
ExpectIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time));
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_time_adj(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
!defined(USER_TIME) && !defined(TIME_OVERRIDES) && \
defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \
!defined(NO_ASN_TIME)
X509* x509 = NULL;
time_t t;
time_t not_before;
time_t not_after;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
client_cert_der_2048, sizeof_client_cert_der_2048,
WOLFSSL_FILETYPE_ASN1));
t = 0;
not_before = wc_Time(0);
not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */
ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
/* Check X509_gmtime_adj, too. */
ExpectNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after));
X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_NID(void)
{
EXPECT_DECLS;
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
int sigType;
int nameSz = 0;
X509* cert = NULL;
EVP_PKEY* pubKeyTmp = NULL;
X509_NAME* name = NULL;
char commonName[80];
char countryName[80];
char localityName[80];
char stateName[80];
char orgName[80];
char orgUnit[80];
/* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
/* convert cert from DER to internal WOLFSSL_X509 struct */
ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048,
sizeof_client_cert_der_2048, HEAP_HINT));
/* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
/* extract PUBLIC KEY from cert */
ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert));
/* extract signatureType */
ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0);
ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
/* extract subjectName info */
ExpectNotNull(name = X509_get_subject_name(cert));
ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1);
ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, -2), 0);
ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
NULL, 0)), 0);
ExpectIntEQ(nameSz, 15);
ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, sizeof(commonName))), 0);
ExpectIntEQ(nameSz, 15);
ExpectIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, 9)), 0);
ExpectIntEQ(nameSz, 8);
ExpectIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
countryName, sizeof(countryName))), 0);
ExpectIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
localityName, sizeof(localityName))), 0);
ExpectIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name,
NID_stateOrProvinceName, stateName, sizeof(stateName))), 0);
ExpectIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
orgName, sizeof(orgName))), 0);
ExpectIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name,
NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0);
ExpectIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
EVP_PKEY_free(pubKeyTmp);
X509_free(cert);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_i2d_X509_NAME_canon(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA)
const long ex_hash1 = 0x0fdb2da4;
const long ex_hash2 = 0x9f3e8c9e;
X509_NAME *name = NULL;
X509 *x509 = NULL;
XFILE file = XBADFILE;
unsigned long hash = 0;
byte digest[WC_MAX_DIGEST_SIZE] = {0};
byte *pbuf = NULL;
word32 len = 0;
(void) ex_hash2;
ExpectTrue((file = XFOPEN(caCertFile, "rb")) != XBADFILE);
ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
ExpectNotNull(name = X509_get_issuer_name(x509));
/* When output buffer is NULL, should return necessary output buffer
* length.*/
ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG);
ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0);
ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
hash = (((unsigned long)digest[3] << 24) |
((unsigned long)digest[2] << 16) |
((unsigned long)digest[1] << 8) |
((unsigned long)digest[0]));
ExpectIntEQ(hash, ex_hash1);
if (file != XBADFILE) {
XFCLOSE(file);
file = XBADFILE;
}
X509_free(x509);
x509 = NULL;
XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
pbuf = NULL;
ExpectTrue((file = XFOPEN(cliCertFile, "rb")) != XBADFILE);
ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
ExpectNotNull(name = X509_get_issuer_name(x509));
ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
hash = (((unsigned long)digest[3] << 24) |
((unsigned long)digest[2] << 16) |
((unsigned long)digest[1] << 8) |
((unsigned long)digest[0]));
ExpectIntEQ(hash, ex_hash2);
if (file != XBADFILE)
XFCLOSE(file);
X509_free(x509);
XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_subject_name_hash(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
X509* x509 = NULL;
X509_NAME* subjectName = NULL;
unsigned long ret1 = 0;
unsigned long ret2 = 0;
ExpectNotNull(x509 = X509_new());
ExpectIntEQ(X509_subject_name_hash(NULL), 0);
ExpectIntEQ(X509_subject_name_hash(x509), 0);
X509_free(x509);
x509 = NULL;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
/* These two
* - X509_subject_name_hash(x509)
* - X509_NAME_hash(X509_get_subject_name(x509))
* should give the same hash, if !defined(NO_SHA) is true. */
ret1 = X509_subject_name_hash(x509);
ExpectIntNE(ret1, 0);
#if !defined(NO_SHA)
ret2 = X509_NAME_hash(X509_get_subject_name(x509));
ExpectIntNE(ret2, 0);
ExpectIntEQ(ret1, ret2);
#else
(void) ret2;
#endif
X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_issuer_name_hash(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
X509* x509 = NULL;
X509_NAME* issuertName = NULL;
unsigned long ret1 = 0;
unsigned long ret2 = 0;
ExpectNotNull(x509 = X509_new());
ExpectIntEQ(X509_issuer_name_hash(NULL), 0);
ExpectIntEQ(X509_issuer_name_hash(x509), 0);
X509_free(x509);
x509 = NULL;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
/* These two
* - X509_issuer_name_hash(x509)
* - X509_NAME_hash(X509_get_issuer_name(x509))
* should give the same hash, if !defined(NO_SHA) is true. */
ret1 = X509_issuer_name_hash(x509);
ExpectIntNE(ret1, 0);
#if !defined(NO_SHA)
ret2 = X509_NAME_hash(X509_get_issuer_name(x509));
ExpectIntNE(ret2, 0);
ExpectIntEQ(ret1, ret2);
#else
(void) ret2;
#endif
X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_check_host(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_SHA) && !defined(NO_RSA)
X509* x509 = NULL;
const char altName[] = "example.com";
const char badAltName[] = "a.example.com";
ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
/* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
WOLFSSL_SUCCESS);
ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
/* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */
ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName),
WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS);
ExpectIntEQ(X509_check_host(x509, NULL, 0,
WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName),
WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName),
WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
X509_free(x509);
ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
/* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */
ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName),
WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_check_email(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
X509* x509 = NULL;
X509* empty = NULL;
const char goodEmail[] = "info@wolfssl.com";
const char badEmail[] = "disinfo@wolfssl.com";
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
ExpectNotNull(empty = wolfSSL_X509_new());
ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0);
ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0);
ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail),
0), 0);
ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail),
0), 0);
/* Should fail on non-matching email address */
ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
/* Should succeed on matching email address */
ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail),
0), WOLFSSL_SUCCESS);
/* Should compute length internally when not provided */
ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0),
WOLFSSL_SUCCESS);
/* Should fail when email address is NULL */
ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
X509_free(empty);
X509_free(x509);
/* Should fail when x509 is NULL */
ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
return EXPECT_RESULT();
}
int test_wolfSSL_X509(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
X509* x509 = NULL;
#ifndef NO_BIO
BIO* bio = NULL;
X509_STORE_CTX* ctx = NULL;
X509_STORE* store = NULL;
#endif
char der[] = "certs/ca-cert.der";
XFILE fp = XBADFILE;
int derSz = 0;
#ifndef NO_BIO
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
#endif
ExpectNotNull(x509 = X509_new());
ExpectNull(wolfSSL_X509_get_der(x509, &derSz));
#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN)
ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE);
#endif
ExpectNull(wolfSSL_X509_dup(x509));
X509_free(x509);
x509 = NULL;
#ifndef NO_BIO
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
#ifdef WOLFSSL_CERT_GEN
ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE);
ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE);
ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE);
ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
#endif
ExpectNotNull(ctx = X509_STORE_CTX_new());
ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING));
ExpectNotNull(store = X509_STORE_new());
ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
#ifndef NO_WOLFSSL_STUB
ExpectStrEQ(X509_get_default_cert_file_env(), "");
ExpectStrEQ(X509_get_default_cert_file(), "");
ExpectStrEQ(X509_get_default_cert_dir_env(), "");
ExpectStrEQ(X509_get_default_cert_dir(), "");
#endif
ExpectNull(wolfSSL_X509_get_der(NULL, NULL));
ExpectNull(wolfSSL_X509_get_der(x509, NULL));
ExpectNull(wolfSSL_X509_get_der(NULL, &derSz));
ExpectIntEQ(wolfSSL_X509_version(NULL), 0);
ExpectIntEQ(wolfSSL_X509_version(x509), 3);
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
X509_free(x509);
x509 = NULL;
BIO_free(bio);
bio = NULL;
#endif
/** d2i_X509_fp test **/
ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
ExpectNotNull(x509);
#ifdef HAVE_EX_DATA_CRYPTO
ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0);
#endif
ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1));
ExpectNull(wolfSSL_X509_get_ex_data(x509, 1));
#ifdef HAVE_EX_DATA
ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0);
ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1);
ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der);
#else
ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0);
ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0);
ExpectNull(wolfSSL_X509_get_ex_data(x509, 1));
#endif
X509_free(x509);
x509 = NULL;
if (fp != XBADFILE) {
XFCLOSE(fp);
fp = XBADFILE;
}
ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE);
ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509));
ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
ExpectNotNull(x509);
X509_free(x509);
x509 = NULL;
if (fp != XBADFILE)
XFCLOSE(fp);
#ifndef NO_BIO
ExpectNotNull(bio = BIO_new_file(der, "rb"));
ExpectNull(d2i_X509_bio(NULL, &x509));
ExpectNotNull(x509 = d2i_X509_bio(bio, NULL));
ExpectNotNull(x509);
X509_free(x509);
BIO_free(bio);
bio = NULL;
#endif
/* X509_up_ref test */
ExpectIntEQ(X509_up_ref(NULL), 0);
ExpectNotNull(x509 = X509_new()); /* refCount = 1 */
ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */
ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */
X509_free(x509); /* refCount = 2 */
X509_free(x509); /* refCount = 1 */
X509_free(x509); /* refCount = 0, free */
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_get0_tbs_sigalg(void)
{
EXPECT_DECLS;
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
X509* x509 = NULL;
const X509_ALGOR* alg;
ExpectNotNull(x509 = X509_new());
ExpectNull(alg = X509_get0_tbs_sigalg(NULL));
ExpectNotNull(alg = X509_get0_tbs_sigalg(x509));
X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_set_name(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
X509* x509 = NULL;
X509_NAME* name = NULL;
ExpectNotNull(name = X509_NAME_new());
ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, 0, 1),
WOLFSSL_SUCCESS);
ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1,
1), WOLFSSL_SUCCESS);
ExpectNotNull(x509 = X509_new());
ExpectIntEQ(X509_set_subject_name(NULL, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(X509_set_subject_name(x509, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(X509_set_subject_name(NULL, name),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
ExpectIntEQ(X509_set_issuer_name(NULL, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(X509_set_issuer_name(x509, NULL),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(X509_set_issuer_name(NULL, name),
WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
X509_free(x509);
X509_NAME_free(name);
#endif /* OPENSSL_ALL && !NO_CERTS */
return EXPECT_RESULT();
}
int test_wolfSSL_X509_set_notAfter(void)
{
EXPECT_DECLS;
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
&& !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
!defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\
!defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO)
/* Generalized time will overflow time_t if not long */
X509* x = NULL;
BIO* bio = NULL;
ASN1_TIME *asn_time = NULL;
ASN1_TIME *time_check = NULL;
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
int offset_day;
unsigned char buf[25];
time_t t;
/*
* Setup asn_time. APACHE HTTPD uses time(NULL)
*/
t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day;
offset_day = 7;
/*
* Free these.
*/
asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
ExpectNotNull(asn_time);
ExpectNotNull(x = X509_new());
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
/*
* Tests
*/
ExpectTrue(wolfSSL_X509_set_notAfter(x, asn_time));
/* time_check is simply (ANS1_TIME*)x->notAfter */
ExpectNotNull(time_check = X509_get_notAfter(x));
/* ANS1_TIME_check validates by checking if argument can be parsed */
ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
/* Convert to human readable format and compare to intended date */
ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1);
ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
ExpectIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0);
ExpectFalse(wolfSSL_X509_set_notAfter(NULL, NULL));
ExpectFalse(wolfSSL_X509_set_notAfter(x, NULL));
ExpectFalse(wolfSSL_X509_set_notAfter(NULL, asn_time));
/*
* Cleanup
*/
XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
X509_free(x);
BIO_free(bio);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_set_notBefore(void)
{
EXPECT_DECLS;
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
&& !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
!defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
X509* x = NULL;
BIO* bio = NULL;
ASN1_TIME *asn_time = NULL;
ASN1_TIME *time_check = NULL;
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
int offset_day;
unsigned char buf[25];
time_t t;
/*
* Setup asn_time. APACHE HTTPD uses time(NULL)
*/
t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day;
offset_day = 7;
/*
* Free these.
*/
asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
ExpectNotNull(asn_time);
ExpectNotNull(x = X509_new());
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
ExpectIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS);
/*
* Main Tests
*/
ExpectTrue(wolfSSL_X509_set_notBefore(x, asn_time));
/* time_check == (ANS1_TIME*)x->notBefore */
ExpectNotNull(time_check = X509_get_notBefore(x));
/* ANS1_TIME_check validates by checking if argument can be parsed */
ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
/* Convert to human readable format and compare to intended date */
ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1);
ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
ExpectIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0);
ExpectFalse(wolfSSL_X509_set_notBefore(NULL, NULL));
ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL));
ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time));
ExpectNull(X509_get_notBefore(NULL));
ExpectNull(X509_get_notAfter(NULL));
/*
* Cleanup
*/
XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
X509_free(x);
BIO_free(bio);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_set_version(void)
{
EXPECT_DECLS;
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
X509* x509 = NULL;
long v = 2L;
long maxInt = INT_MAX;
ExpectNotNull(x509 = X509_new());
/* These should pass. */
ExpectTrue(wolfSSL_X509_set_version(x509, v));
ExpectIntEQ(0, wolfSSL_X509_get_version(NULL));
ExpectIntEQ(v, wolfSSL_X509_get_version(x509));
/* Fail Case: When v(long) is greater than x509->version(int). */
v = maxInt+1;
ExpectFalse(wolfSSL_X509_set_version(x509, v));
ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE);
ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE);
ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE);
ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE);
/* Cleanup */
X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_get_serialNumber(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_FILESYSTEM)
ASN1_INTEGER* a = NULL;
BIGNUM* bn = NULL;
X509* x509 = NULL;
X509* empty = NULL;
char *serialHex = NULL;
byte serial[3];
int serialSz;
ExpectNotNull(empty = wolfSSL_X509_new());
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM));
ExpectNull(X509_get_serialNumber(NULL));
ExpectNotNull(X509_get_serialNumber(empty));
ExpectNotNull(a = X509_get_serialNumber(x509));
/* check on value of ASN1 Integer */
ExpectNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));
a = NULL;
/* test setting serial number and then retrieving it */
ExpectNotNull(a = ASN1_INTEGER_new());
ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1);
ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE);
ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE);
ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE);
ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL),
BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz),
BAD_FUNC_ARG);
ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL),
BAD_FUNC_ARG);
serialSz = 0;
ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
BUFFER_E);
ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz),
WOLFSSL_SUCCESS);
ExpectIntEQ(serialSz, 1);
serialSz = sizeof(serial);
ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
WOLFSSL_SUCCESS);
ExpectIntEQ(serialSz, 1);
ExpectIntEQ(serial[0], 3);
ASN1_INTEGER_free(a);
a = NULL;
/* test setting serial number with 0's in it */
serial[0] = 0x01;
serial[1] = 0x00;
serial[2] = 0x02;
ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new());
if (a != NULL) {
a->data[0] = ASN_INTEGER;
a->data[1] = sizeof(serial);
XMEMCPY(&a->data[2], serial, sizeof(serial));
a->length = sizeof(serial) + 2;
}
ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
XMEMSET(serial, 0, sizeof(serial));
serialSz = sizeof(serial);
ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
WOLFSSL_SUCCESS);
ExpectIntEQ(serialSz, 3);
ExpectIntEQ(serial[0], 0x01);
ExpectIntEQ(serial[1], 0x00);
ExpectIntEQ(serial[2], 0x02);
ASN1_INTEGER_free(a);
a = NULL;
X509_free(x509); /* free's a */
X509_free(empty);
ExpectNotNull(serialHex = BN_bn2hex(bn));
#ifndef WC_DISABLE_RADIX_ZERO_PAD
ExpectStrEQ(serialHex, "01");
#else
ExpectStrEQ(serialHex, "1");
#endif
OPENSSL_free(serialHex);
ExpectIntEQ(BN_get_word(bn), 1);
BN_free(bn);
/* hard test free'ing with dynamic buffer to make sure there is no leaks */
ExpectNotNull(a = ASN1_INTEGER_new());
if (a != NULL) {
ExpectNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
DYNAMIC_TYPE_OPENSSL));
a->isDynamic = 1;
ASN1_INTEGER_free(a);
}
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_get_tbs(void)
{
EXPECT_DECLS;
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
&& defined(OPENSSL_EXTRA)
WOLFSSL_X509* x509 = NULL;
const unsigned char* tbs;
int tbsSz;
ExpectNotNull(x509 = wolfSSL_X509_new());
ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
wolfSSL_X509_free(x509);
x509 = NULL;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile,
WOLFSSL_FILETYPE_PEM));
ExpectNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz));
ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, NULL));
ExpectNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
ExpectIntEQ(tbsSz, 1003);
wolfSSL_FreeX509(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_ext_get_critical_by_NID(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
WOLFSSL_X509* x509 = NULL;
ExpectNotNull(x509 = wolfSSL_X509_new());
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL,
WC_NID_basic_constraints), 0);
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_basic_constraints), 0);
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_subject_alt_name), 0);
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_authority_key_identifier), 0);
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_subject_key_identifier), 0);
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_key_usage), 0);
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_crl_distribution_points), 0);
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_ext_key_usage), 0);
#ifdef WOLFSSL_SEP
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_certificate_policies), 0);
#endif
ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509,
WC_NID_info_access), 0);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_CRL_distribution_points(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_FILESYSTEM)
WOLFSSL_X509* x509 = NULL;
const char* file = "./certs/client-crl-dist.pem";
ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL,
WC_NID_crl_distribution_points), 0);
ExpectNotNull(x509 = wolfSSL_X509_new());
ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
WC_NID_crl_distribution_points), 0);
wolfSSL_X509_free(x509);
x509 = NULL;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file,
WOLFSSL_FILETYPE_PEM));
ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509,
WC_NID_crl_distribution_points), 1);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_check_ip_asc(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
WOLFSSL_X509 *x509 = NULL;
WOLFSSL_X509 *empty = NULL;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
WOLFSSL_FILETYPE_PEM));
ExpectNotNull(empty = wolfSSL_X509_new());
#if 0
/* TODO: add cert gen for testing positive case */
ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
#endif
ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0);
ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0);
ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0);
wolfSSL_X509_free(empty);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_bad_altname(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
const unsigned char malformed_alt_name_cert[] = {
0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d,
0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31,
0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31,
0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32,
0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31,
0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61,
0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8,
0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec,
0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97,
0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5,
0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83,
0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd,
0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58,
0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e,
0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09,
0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58,
0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68,
0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38,
0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c,
0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b,
0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64,
0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60,
0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7,
0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb,
0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84,
0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99,
0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50,
0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d,
0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c,
0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82,
0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f,
0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72,
0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58,
0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b,
0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa,
0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb,
0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd,
0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7,
0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10,
0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda,
0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1,
0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b,
0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1,
0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91,
0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7,
0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93,
0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1,
0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04,
0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee,
0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5,
0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff,
0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40,
0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09,
0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34,
0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd
};
X509* x509 = NULL;
int certSize = (int)sizeof(malformed_alt_name_cert) / sizeof(unsigned char);
const char *name = "aaaaa";
int nameLen = (int)XSTRLEN(name);
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
malformed_alt_name_cert, certSize, SSL_FILETYPE_ASN1));
/* malformed_alt_name_cert has a malformed alternative
* name of "a*\0*". Ensure that it does not match "aaaaa" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1);
/* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */
ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), 1);
X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_name_match1(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
/* A certificate with the subject alternative name a* */
const unsigned char cert_der[] = {
0x30, 0x82, 0x03, 0xac, 0x30, 0x82, 0x02, 0x94, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x0f, 0xa5, 0x10, 0x85, 0xef, 0x58, 0x10, 0x59, 0xfc,
0x0f, 0x20, 0x1f, 0x53, 0xf5, 0x30, 0x39, 0x34, 0x49, 0x54, 0x05, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31,
0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33,
0x30, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x34,
0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x30,
0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63,
0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18,
0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf4, 0xca, 0x3d,
0xd4, 0xbc, 0x9b, 0xea, 0x74, 0xfe, 0x73, 0xf4, 0x16, 0x23, 0x0b, 0x4a,
0x09, 0x54, 0xf6, 0x7b, 0x10, 0x99, 0x11, 0x93, 0xb2, 0xdb, 0x4d, 0x7d,
0x23, 0xab, 0xf9, 0xcd, 0xf6, 0x54, 0xd4, 0xf6, 0x39, 0x57, 0xee, 0x97,
0xb2, 0xb9, 0xfc, 0x7e, 0x9c, 0xb3, 0xfb, 0x56, 0xb6, 0x84, 0xd6, 0x2d,
0x59, 0x1c, 0xed, 0xda, 0x9b, 0x19, 0xf5, 0x8a, 0xa7, 0x8a, 0x89, 0xd6,
0xa1, 0xc0, 0xe6, 0x16, 0xad, 0x04, 0xcf, 0x5a, 0x1f, 0xdf, 0x62, 0x6c,
0x68, 0x45, 0xe9, 0x55, 0x2e, 0x42, 0xa3, 0x1b, 0x3b, 0x86, 0x23, 0x22,
0xa1, 0x20, 0x48, 0xd1, 0x52, 0xc0, 0x8b, 0xab, 0xe2, 0x8a, 0x15, 0x68,
0xbd, 0x89, 0x6f, 0x9f, 0x45, 0x75, 0xb4, 0x27, 0xc1, 0x72, 0x41, 0xfd,
0x79, 0x89, 0xb0, 0x74, 0xa2, 0xe9, 0x61, 0x48, 0x4c, 0x54, 0xad, 0x6b,
0x61, 0xbf, 0x0e, 0x27, 0x58, 0xb4, 0xf6, 0x9c, 0x2c, 0x9f, 0xc2, 0x3e,
0x3b, 0xb3, 0x90, 0x41, 0xbc, 0x61, 0xcd, 0x01, 0x57, 0x90, 0x82, 0xec,
0x46, 0xba, 0x4f, 0x89, 0x8e, 0x7f, 0x49, 0x4f, 0x46, 0x69, 0x37, 0x8b,
0xa0, 0xba, 0x85, 0xe8, 0x42, 0xff, 0x9a, 0xa1, 0x53, 0x81, 0x5c, 0xf3,
0x8e, 0x85, 0x1c, 0xd4, 0x90, 0x60, 0xa0, 0x37, 0x59, 0x04, 0x65, 0xa6,
0xb5, 0x12, 0x00, 0xc3, 0x04, 0x51, 0xa7, 0x83, 0x96, 0x62, 0x3d, 0x49,
0x97, 0xe8, 0x6b, 0x9a, 0x5d, 0x51, 0x24, 0xee, 0xad, 0x45, 0x18, 0x0f,
0x3f, 0x97, 0xec, 0xdf, 0xcf, 0x42, 0x8a, 0x96, 0xc7, 0xd8, 0x82, 0x87,
0x7f, 0x57, 0x70, 0x22, 0xfb, 0x29, 0x3e, 0x3c, 0xa3, 0xc1, 0xd5, 0x71,
0xb3, 0x84, 0x06, 0x53, 0xa3, 0x86, 0x20, 0x35, 0xe3, 0x41, 0xb9, 0xd8,
0x00, 0x22, 0x4f, 0x6d, 0xe6, 0xfd, 0xf0, 0xf4, 0xa2, 0x39, 0x0a, 0x1a,
0x23, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x30, 0x30, 0x2e, 0x30, 0x0d,
0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x06, 0x30, 0x04, 0x82, 0x02, 0x61,
0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
0x45, 0x05, 0xf3, 0x4d, 0x3e, 0x7e, 0x9c, 0xf5, 0x08, 0xee, 0x2c, 0x13,
0x32, 0xe3, 0xf2, 0x14, 0xe8, 0x0e, 0x71, 0x21, 0x30, 0x0d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
0x82, 0x01, 0x01, 0x00, 0xa8, 0x28, 0xe5, 0x22, 0x65, 0xcf, 0x47, 0xfe,
0x82, 0x17, 0x99, 0x20, 0xdb, 0xb1, 0x57, 0xd4, 0x91, 0x1a, 0x83, 0xde,
0xc1, 0xaf, 0xc4, 0x1f, 0xfb, 0xa4, 0x6a, 0xad, 0xdc, 0x58, 0x72, 0xd9,
0x9b, 0xab, 0xa5, 0xbb, 0xf4, 0x98, 0xd4, 0xdf, 0x36, 0xcb, 0xb5, 0x78,
0xce, 0x4b, 0x25, 0x5b, 0x24, 0x92, 0xfe, 0xe8, 0xd4, 0xe4, 0xbd, 0x6f,
0x71, 0x1a, 0x81, 0x2a, 0x6f, 0x35, 0x93, 0xf7, 0xcc, 0xed, 0xe5, 0x06,
0xd2, 0x96, 0x41, 0xb5, 0xa9, 0x8a, 0xc0, 0xc9, 0x17, 0xe3, 0x13, 0x5e,
0x94, 0x5e, 0xfa, 0xfc, 0xf0, 0x00, 0x2e, 0xe1, 0xd8, 0x1b, 0x23, 0x3f,
0x7c, 0x4d, 0x9f, 0xfb, 0xb7, 0x95, 0xc1, 0x94, 0x7f, 0x7f, 0xb5, 0x4f,
0x93, 0x6d, 0xc3, 0x2b, 0xb2, 0x28, 0x36, 0xd2, 0x7c, 0x01, 0x3c, 0xae,
0x35, 0xdb, 0xc8, 0x95, 0x1b, 0x5f, 0x6c, 0x0f, 0x57, 0xb3, 0xcc, 0x97,
0x98, 0x80, 0x06, 0xaa, 0xe4, 0x93, 0x1f, 0xb7, 0xa0, 0x54, 0xf1, 0x4f,
0x6f, 0x11, 0xdf, 0xab, 0xd3, 0xbf, 0xf0, 0x3a, 0x81, 0x60, 0xaf, 0x7a,
0xf7, 0x09, 0xd5, 0xae, 0x0c, 0x7d, 0xae, 0x8d, 0x47, 0x06, 0xbe, 0x11,
0x6e, 0xf8, 0x7e, 0x49, 0xf8, 0xac, 0x24, 0x0a, 0x4b, 0xc2, 0xf6, 0xe8,
0x2c, 0xec, 0x35, 0xef, 0xa9, 0x13, 0xb8, 0xd2, 0x9c, 0x92, 0x61, 0x91,
0xec, 0x7b, 0x0c, 0xea, 0x9a, 0x71, 0x36, 0x15, 0x34, 0x2b, 0x7a, 0x25,
0xac, 0xfe, 0xc7, 0x26, 0x89, 0x70, 0x3e, 0x64, 0x68, 0x97, 0x4b, 0xaa,
0xc1, 0x24, 0x14, 0xbd, 0x45, 0x2f, 0xe0, 0xfe, 0xf4, 0x2b, 0x8e, 0x08,
0x3e, 0xe4, 0xb5, 0x3d, 0x5d, 0xf4, 0xc3, 0xd6, 0x9c, 0xb5, 0x33, 0x1b,
0x3b, 0xda, 0x6e, 0x99, 0x7b, 0x09, 0xd1, 0x30, 0x97, 0x23, 0x52, 0x6d,
0x1b, 0x71, 0x3a, 0xf4, 0x54, 0xf0, 0xe5, 0x9e
};
WOLFSSL_X509* x509 = NULL;
int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char));
const char *name1 = "aaaaa";
int nameLen1 = (int)(XSTRLEN(name1));
const char *name2 = "a";
int nameLen2 = (int)(XSTRLEN(name2));
const char *name3 = "abbbb";
int nameLen3 = (int)(XSTRLEN(name3));
const char *name4 = "bbb";
int nameLen4 = (int)(XSTRLEN(name4));
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
cert_der, certSize, WOLFSSL_FILETYPE_ASN1));
/* Ensure that "a*" matches "aaaaa" */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*" matches "a" */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*" matches "abbbb" */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*" does not match "bbb" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1);
/* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since
* 'a*' alt name does not have wildcard left-most */
/* Ensure that "a*" does not match "aaaaa" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*" does not match "a" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*" does not match "abbbb" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*" does not match "bbb" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_name_match2(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
/* A certificate with the subject alternative name a*b* */
const unsigned char cert_der[] = {
0x30, 0x82, 0x03, 0xae, 0x30, 0x82, 0x02, 0x96, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x41, 0x8c, 0x8b, 0xaa, 0x0e, 0xd8, 0x5a, 0xc0, 0x52,
0x46, 0x0e, 0xe5, 0xd8, 0xb9, 0x48, 0x93, 0x7e, 0x8a, 0x7c, 0x65, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31,
0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33,
0x30, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34,
0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x30,
0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63,
0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18,
0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x60, 0x80,
0xf3, 0xee, 0x19, 0xd2, 0xe4, 0x15, 0x94, 0x54, 0x12, 0x88, 0xee, 0xda,
0x11, 0x11, 0x87, 0x99, 0x88, 0xb3, 0x71, 0xc7, 0x97, 0x78, 0x1b, 0x57,
0x37, 0x1d, 0x0b, 0x1f, 0x2f, 0x2c, 0x35, 0x13, 0x75, 0xd3, 0x31, 0x3e,
0x6f, 0x80, 0x21, 0xa5, 0xa3, 0xad, 0x10, 0x81, 0xb6, 0x37, 0xd4, 0x55,
0x2e, 0xc1, 0xb8, 0x37, 0xa3, 0x3c, 0xe8, 0x81, 0x03, 0x3c, 0xda, 0x5f,
0x6f, 0x45, 0x32, 0x2b, 0x0e, 0x99, 0x27, 0xfd, 0xe5, 0x6c, 0x07, 0xd9,
0x4e, 0x0a, 0x8b, 0x23, 0x74, 0x96, 0x25, 0x97, 0xae, 0x6d, 0x19, 0xba,
0xbf, 0x0f, 0xc8, 0xa1, 0xe5, 0xea, 0xa8, 0x00, 0x09, 0xc3, 0x9a, 0xef,
0x09, 0x33, 0xc1, 0x33, 0x2e, 0x7b, 0x6d, 0xa7, 0x66, 0x87, 0xb6, 0x3a,
0xb9, 0xdb, 0x4c, 0x5e, 0xb5, 0x55, 0x69, 0x37, 0x17, 0x92, 0x1f, 0xe3,
0x53, 0x1a, 0x2d, 0x25, 0xd0, 0xcf, 0x72, 0x37, 0xc2, 0x89, 0x83, 0x78,
0xcf, 0xac, 0x2e, 0x46, 0x92, 0x5c, 0x4a, 0xba, 0x7d, 0xa0, 0x22, 0x34,
0xb1, 0x22, 0x26, 0x99, 0xda, 0xe8, 0x97, 0xe2, 0x0c, 0xd3, 0xbc, 0x97,
0x7e, 0xa8, 0xb9, 0xe3, 0xe2, 0x7f, 0x56, 0xef, 0x22, 0xee, 0x15, 0x95,
0xa6, 0xd1, 0xf4, 0xa7, 0xac, 0x4a, 0xab, 0xc1, 0x1a, 0xda, 0xc5, 0x5f,
0xa5, 0x5e, 0x2f, 0x15, 0x9c, 0x36, 0xbe, 0xd3, 0x47, 0xb6, 0x86, 0xb9,
0xc6, 0x59, 0x39, 0x36, 0xad, 0x84, 0x53, 0x95, 0x72, 0x91, 0x89, 0x51,
0x32, 0x77, 0xf1, 0xa5, 0x93, 0xfe, 0xf0, 0x41, 0x7c, 0x64, 0xf1, 0xb0,
0x8b, 0x81, 0x8d, 0x3a, 0x2c, 0x9e, 0xbe, 0x2e, 0x8b, 0xf7, 0x80, 0x63,
0x35, 0x32, 0xfa, 0x26, 0xe0, 0x63, 0xbf, 0x5e, 0xaf, 0xf0, 0x08, 0xe0,
0x80, 0x65, 0x38, 0xfa, 0x21, 0xaa, 0x91, 0x34, 0x48, 0x3d, 0x32, 0x5c,
0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f,
0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, 0x04, 0x61,
0x2a, 0x62, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
0x04, 0x14, 0x3d, 0x55, 0x74, 0xf8, 0x3a, 0x26, 0x03, 0x8c, 0x6a, 0x2e,
0x91, 0x0e, 0x18, 0x70, 0xb4, 0xa4, 0xcc, 0x04, 0x00, 0xd3, 0x30, 0x0d,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x3b, 0xff, 0x46, 0x0c, 0xb5,
0x21, 0xdc, 0xcf, 0x61, 0x9a, 0x25, 0x93, 0x99, 0x68, 0x2f, 0x16, 0x71,
0x15, 0x00, 0x5f, 0xb0, 0x9b, 0x43, 0x5c, 0x47, 0xe2, 0x8e, 0xc8, 0xea,
0xb3, 0x30, 0x4d, 0x87, 0x90, 0xcf, 0x24, 0x37, 0x5c, 0xfd, 0xc8, 0xc6,
0x09, 0x36, 0xb2, 0xfb, 0xfd, 0xc1, 0x82, 0x92, 0x77, 0x5b, 0x9d, 0xeb,
0xac, 0x47, 0xbc, 0xda, 0x7c, 0x89, 0x19, 0x03, 0x9e, 0xcd, 0x96, 0x2a,
0x90, 0x55, 0x23, 0x19, 0xac, 0x9d, 0x49, 0xfb, 0xa0, 0x31, 0x7d, 0x6b,
0x1a, 0x16, 0x13, 0xb1, 0xa9, 0xc9, 0xc4, 0xaf, 0xf1, 0xb4, 0xa7, 0x9b,
0x08, 0x64, 0x6a, 0x09, 0xcd, 0x4a, 0x03, 0x4c, 0x93, 0xb6, 0xcf, 0x29,
0xdb, 0x56, 0x88, 0x8e, 0xed, 0x08, 0x6d, 0x8d, 0x76, 0xa3, 0xd7, 0xc6,
0x69, 0xa1, 0xf5, 0xd2, 0xd0, 0x0a, 0x4b, 0xfa, 0x88, 0x66, 0x6c, 0xe5,
0x4a, 0xee, 0x13, 0xad, 0xad, 0x22, 0x25, 0x73, 0x39, 0x56, 0x74, 0x0e,
0xda, 0xcd, 0x35, 0x67, 0xe3, 0x81, 0x5c, 0xc5, 0xae, 0x3c, 0x4f, 0x47,
0x3e, 0x97, 0xde, 0xac, 0xf6, 0xe1, 0x26, 0xe2, 0xe0, 0x66, 0x48, 0x20,
0x7c, 0x02, 0x81, 0x3e, 0x7d, 0x34, 0xb7, 0x73, 0x3e, 0x2e, 0xd6, 0x20,
0x1c, 0xdf, 0xf1, 0xae, 0x86, 0x8b, 0xb2, 0xc2, 0x9b, 0x68, 0x9c, 0xf6,
0x1a, 0x5e, 0x30, 0x06, 0x39, 0x0a, 0x1f, 0x7b, 0xd7, 0x18, 0x4b, 0x06,
0x9d, 0xff, 0x84, 0x57, 0xcc, 0x92, 0xad, 0x81, 0x0a, 0x19, 0x11, 0xc4,
0xac, 0x59, 0x00, 0xe8, 0x5a, 0x70, 0x78, 0xd6, 0x9f, 0xe0, 0x82, 0x2a,
0x1f, 0x09, 0x36, 0x1c, 0x52, 0x98, 0xf7, 0x95, 0x8f, 0xf9, 0x48, 0x4f,
0x30, 0x52, 0xb5, 0xf3, 0x8d, 0x13, 0x93, 0x27, 0xbe, 0xb4, 0x75, 0x39,
0x65, 0xc6, 0x48, 0x4e, 0x32, 0xd7, 0xf4, 0xc3, 0x26, 0x8d
};
WOLFSSL_X509* x509 = NULL;
int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char));
const char *name1 = "ab";
int nameLen1 = (int)(XSTRLEN(name1));
const char *name2 = "acccbccc";
int nameLen2 = (int)(XSTRLEN(name2));
const char *name3 = "accb";
int nameLen3 = (int)(XSTRLEN(name3));
const char *name4 = "accda";
int nameLen4 = (int)(XSTRLEN(name4));
const char *name5 = "acc\0bcc";
int nameLen5 = 7;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
cert_der, certSize, WOLFSSL_FILETYPE_ASN1));
/* Ensure that "a*b*" matches "ab" */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*b*" matches "acccbccc" */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*b*" matches "accb" */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that "a*b*" does not match "accda" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since
* 'a*b*' alt name does not have wildcard left-most */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_FAILURE);
ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_FAILURE);
ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_FAILURE);
ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_FAILURE);
/* Ensure that "a*b*" matches "ab", testing openssl behavior replication
* on check len input handling, 0 for len is OK as it should then use
* strlen(name1) */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, 0,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Openssl also allows for len to include NULL terminator */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1 + 1,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that check string with NULL terminator in middle is
* rejected */
ExpectIntNE(wolfSSL_X509_check_host(x509, name5, nameLen5,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_name_match3(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
/* A certificate with the subject alternative name *.example.com */
const unsigned char cert_der[] = {
0x30, 0x82, 0x03, 0xb7, 0x30, 0x82, 0x02, 0x9f, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x59, 0xbb, 0xf6, 0xde, 0xb8, 0x3d, 0x0e, 0x8c, 0xe4,
0xbd, 0x98, 0xa3, 0xbe, 0x3e, 0x8f, 0xdc, 0xbd, 0x7f, 0xcc, 0xae, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31,
0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f,
0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e,
0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33,
0x31, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x34,
0x30, 0x35, 0x32, 0x39, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x30,
0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d,
0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63,
0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18,
0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x78, 0x16,
0x05, 0x65, 0xf2, 0x85, 0xf2, 0x61, 0x7f, 0xb1, 0x4d, 0x73, 0xe2, 0x82,
0xb5, 0x3d, 0xf7, 0x9d, 0x05, 0x65, 0xed, 0x9d, 0xc3, 0x29, 0x7a, 0x92,
0x2c, 0x06, 0x5f, 0xc8, 0x13, 0x55, 0x42, 0x4e, 0xbd, 0xe2, 0x56, 0x2a,
0x4b, 0xac, 0xe6, 0x1b, 0x10, 0xc9, 0xdb, 0x9a, 0x45, 0x36, 0xed, 0xf3,
0x26, 0x8c, 0x22, 0x88, 0x1e, 0x6d, 0x2b, 0x41, 0xfa, 0x0d, 0x43, 0x88,
0x88, 0xde, 0x8d, 0x2e, 0xca, 0x6e, 0x7c, 0x62, 0x66, 0x3e, 0xfa, 0x4e,
0x71, 0xea, 0x7d, 0x3b, 0x32, 0x33, 0x5c, 0x7a, 0x7e, 0xea, 0x74, 0xbd,
0xb6, 0x8f, 0x4c, 0x1c, 0x7a, 0x79, 0x94, 0xf1, 0xe8, 0x02, 0x67, 0x98,
0x25, 0xb4, 0x31, 0x80, 0xc1, 0xae, 0xbf, 0xef, 0xf2, 0x6c, 0x78, 0x42,
0xef, 0xb5, 0xc6, 0x01, 0x47, 0x79, 0x8d, 0x92, 0xce, 0xc1, 0xb5, 0x98,
0x76, 0xf0, 0x84, 0xa2, 0x53, 0x90, 0xe5, 0x39, 0xc7, 0xbd, 0xf2, 0xbb,
0xe3, 0x3f, 0x00, 0xf6, 0xf0, 0x46, 0x86, 0xee, 0x55, 0xbd, 0x2c, 0x1f,
0x97, 0x24, 0x7c, 0xbc, 0xda, 0x2f, 0x1b, 0x53, 0xef, 0x26, 0x56, 0xcc,
0xb7, 0xd8, 0xca, 0x17, 0x20, 0x4e, 0x62, 0x03, 0x66, 0x32, 0xb3, 0xd1,
0x71, 0x26, 0x6c, 0xff, 0xd1, 0x9e, 0x44, 0x86, 0x2a, 0xae, 0xba, 0x43,
0x00, 0x13, 0x7e, 0x50, 0xdd, 0x3e, 0x27, 0x39, 0x70, 0x1c, 0x0c, 0x0b,
0xe8, 0xa2, 0xae, 0x03, 0x09, 0x2e, 0xd8, 0x71, 0xee, 0x7b, 0x1a, 0x09,
0x2d, 0xe1, 0xd5, 0xde, 0xf5, 0xa3, 0x36, 0x77, 0x90, 0x97, 0x99, 0xd7,
0x6c, 0xb7, 0x5c, 0x9d, 0xf7, 0x7e, 0x41, 0x89, 0xfe, 0xe4, 0x08, 0xc6,
0x0b, 0xe4, 0x9b, 0x5f, 0x51, 0xa6, 0x08, 0xb8, 0x99, 0x81, 0xe9, 0xce,
0xb4, 0x2d, 0xb2, 0x92, 0x9f, 0xe5, 0x1a, 0x98, 0x76, 0x20, 0x70, 0x54,
0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x18,
0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x11, 0x30, 0x0f, 0x82, 0x0d, 0x2a,
0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x60,
0xd4, 0x26, 0xbb, 0xcc, 0x7c, 0x29, 0xa2, 0x88, 0x3c, 0x76, 0x7d, 0xb4,
0x86, 0x8b, 0x47, 0x64, 0x5b, 0x87, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
0x01, 0x01, 0x00, 0xc3, 0x0d, 0x03, 0x67, 0xbb, 0x47, 0x8b, 0xf3, 0x20,
0xdc, 0x7d, 0x2e, 0xe1, 0xd9, 0xf0, 0x01, 0xc4, 0x66, 0xc2, 0xe1, 0xcd,
0xc3, 0x4a, 0x72, 0xf0, 0x6e, 0x38, 0xcf, 0x63, 0x01, 0x96, 0x9e, 0x84,
0xb9, 0xce, 0x1d, 0xba, 0x4b, 0xe0, 0x70, 0x86, 0x2b, 0x5a, 0xab, 0xec,
0xbf, 0xc2, 0xaa, 0x64, 0xa2, 0x6c, 0xd2, 0x42, 0x52, 0xd4, 0xbe, 0x8a,
0xca, 0x9c, 0x03, 0xf3, 0xd6, 0x5f, 0xcd, 0x23, 0x9f, 0xf5, 0xa9, 0x04,
0x40, 0x5b, 0x66, 0x78, 0xc0, 0xac, 0xa1, 0xdb, 0x5d, 0xd1, 0x94, 0xfc,
0x47, 0x94, 0xf5, 0x45, 0xe3, 0x70, 0x13, 0x3f, 0x66, 0x6d, 0xdd, 0x73,
0x68, 0x68, 0xe2, 0xd2, 0x89, 0xcb, 0x7f, 0xc6, 0xca, 0xd6, 0x96, 0x0b,
0xcc, 0xdd, 0xa1, 0x74, 0xda, 0x33, 0xe8, 0x9e, 0xda, 0xb7, 0xd9, 0x12,
0xab, 0x85, 0x9d, 0x0c, 0xde, 0xa0, 0x7d, 0x7e, 0xa1, 0x91, 0xed, 0xe5,
0x32, 0x7c, 0xc5, 0xea, 0x1d, 0x4a, 0xb5, 0x38, 0x63, 0x17, 0xf3, 0x4f,
0x2c, 0x4a, 0x58, 0x86, 0x09, 0x33, 0x86, 0xc4, 0xe7, 0x56, 0x6f, 0x32,
0x71, 0xb7, 0xd0, 0x83, 0x12, 0x9e, 0x26, 0x0a, 0x3a, 0x45, 0xcb, 0xd7,
0x4e, 0xab, 0xa4, 0xc3, 0xee, 0x4c, 0xc0, 0x38, 0xa1, 0xfa, 0xba, 0xfa,
0xb7, 0x80, 0x69, 0x67, 0xa3, 0xef, 0x89, 0xba, 0xce, 0x89, 0x91, 0x3d,
0x6a, 0x76, 0xe9, 0x3b, 0x32, 0x86, 0x76, 0x85, 0x6b, 0x4f, 0x7f, 0xbc,
0x7a, 0x5b, 0x31, 0x92, 0x79, 0x35, 0xf8, 0xb9, 0xb1, 0xd7, 0xdb, 0xa9,
0x6a, 0x8a, 0x91, 0x60, 0x65, 0xd4, 0x76, 0x54, 0x55, 0x57, 0xb9, 0x35,
0xe0, 0xf5, 0xbb, 0x8f, 0xd4, 0x40, 0x75, 0xbb, 0x47, 0xa8, 0xf9, 0x0f,
0xea, 0xc9, 0x6e, 0x84, 0xd5, 0xf5, 0x58, 0x2d, 0xe5, 0x76, 0x7b, 0xdf,
0x97, 0x05, 0x5e, 0xaf, 0x50, 0xf5, 0x48
};
WOLFSSL_X509* x509 = NULL;
int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char));
const char *name1 = "foo.example.com";
int nameLen1 = (int)(XSTRLEN(name1));
const char *name2 = "x.y.example.com";
int nameLen2 = (int)(XSTRLEN(name2));
const char *name3 = "example.com";
int nameLen3 = (int)(XSTRLEN(name3));
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
cert_der, certSize, WOLFSSL_FILETYPE_ASN1));
/* Ensure that "*.example.com" matches "foo.example.com" */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that "*.example.com" does NOT match "x.y.example.com" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* Ensure that "*.example.com" does NOT match "example.com" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS);
/* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */
ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_SUCCESS);
/* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "x.y.example.com" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_SUCCESS);
/* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */
ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3,
WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY,
NULL), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_max_altnames(void)
{
EXPECT_DECLS;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
!defined(NO_RSA)
/* Only test if max alt names has not been modified */
#if WOLFSSL_MAX_ALT_NAMES <= 1024
WOLFSSL_CTX* ctx = NULL;
/* File contains a certificate encoded with 130 subject alternative names */
const char* over_max_altnames_cert = \
"./certs/test/cert-over-max-altnames.pem";
#ifndef NO_WOLFSSL_SERVER
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx,
over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE),
WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_max_name_constraints(void)
{
EXPECT_DECLS;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
!defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS)
/* Only test if max name constraints has not been modified */
#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128
WOLFSSL_CTX* ctx = NULL;
/* File contains a certificate with 130 name constraints */
const char* over_max_nc = "./certs/test/cert-over-max-nc.pem";
#ifndef NO_WOLFSSL_SERVER
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc,
NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_check_ca(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
WOLFSSL_X509 *x509 = NULL;
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
WOLFSSL_FILETYPE_PEM));
ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0);
ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1);
wolfSSL_X509_free(x509);
ExpectNotNull(x509 = wolfSSL_X509_new());
ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0);
if (x509 != NULL) {
x509->extKeyUsageCrit = 1;
}
ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_X509_get_signature_nid(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509* x509 = NULL;
ExpectIntEQ(X509_get_signature_nid(NULL), 0);
ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM));
ExpectIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption);
X509_free(x509);
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_X509_cmp(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
XFILE file1 = XBADFILE;
XFILE file2 = XBADFILE;
WOLFSSL_X509* cert1 = NULL;
WOLFSSL_X509* cert2 = NULL;
WOLFSSL_X509* empty = NULL;
ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) !=
XBADFILE);
ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
ExpectNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL));
if (file1 != XBADFILE)
fclose(file1);
if (file2 != XBADFILE)
fclose(file2);
ExpectNotNull(empty = wolfSSL_X509_new());
/* wolfSSL_X509_cmp() testing matching certs */
ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
/* wolfSSL_X509_cmp() testing mismatched certs */
ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
/* wolfSSL_X509_cmp() testing NULL, valid args */
ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2));
/* wolfSSL_X509_cmp() testing valid, NULL args */
ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL));
/* wolfSSL_X509_cmp() testing NULL, NULL args */
ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL));
/* wolfSSL_X509_cmp() testing empty cert */
ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2));
ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty));
wolfSSL_X509_free(empty);
wolfSSL_X509_free(cert2);
wolfSSL_X509_free(cert1);
#endif
return EXPECT_RESULT();
}
Reference in New Issue View Git Blame Copy Permalink