1 /*
2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* Internal tests for the x509 and x509v3 modules */
11
12 #include <stdio.h>
13 #include <string.h>
14
15 #include <openssl/x509.h>
16 #include <openssl/x509v3.h>
17 #include "testutil.h"
18 #include "internal/nelem.h"
19
20 /**********************************************************************
21 *
22 * Test of x509v3
23 *
24 ***/
25
26 #include "../crypto/x509/ext_dat.h"
27 #include "../crypto/x509/standard_exts.h"
28
test_standard_exts(void)29 static int test_standard_exts(void)
30 {
31 size_t i;
32 int prev = -1, good = 1;
33 const X509V3_EXT_METHOD **tmp;
34
35 tmp = standard_exts;
36 for (i = 0; i < OSSL_NELEM(standard_exts); i++, tmp++) {
37 if ((*tmp)->ext_nid < prev)
38 good = 0;
39 prev = (*tmp)->ext_nid;
40
41 }
42 if (!good) {
43 tmp = standard_exts;
44 TEST_error("Extensions out of order!");
45 for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
46 TEST_note("%d : %s", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
47 }
48 return good;
49 }
50
51 typedef struct {
52 const char *ipasc;
53 const char *data;
54 int length;
55 } IP_TESTDATA;
56
57 static IP_TESTDATA a2i_ipaddress_tests[] = {
58 {"127.0.0.1", "\x7f\x00\x00\x01", 4},
59 {"1.2.3.4", "\x01\x02\x03\x04", 4},
60 {"1.2.3.255", "\x01\x02\x03\xff", 4},
61 {"255.255.255.255", "\xff\xff\xff\xff", 4},
62
63 {"::", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16},
64 {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16},
65 {"::01", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16},
66 {"::0001", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16},
67 {"ffff::", "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16},
68 {"ffff::1", "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16},
69 {"1::2", "\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02", 16},
70 {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16},
71 {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16},
72 {"::1.2.3.4", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04", 16},
73 {"ffff:ffff:ffff:ffff:ffff:ffff:1.2.3.4", "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x02\x03\x04", 16},
74
75 {"1:1:1:1:1:1:1:1.test", NULL, 0},
76 {":::1", NULL, 0},
77 {"2001::123g", NULL, 0},
78
79 /* Too few IPv4 components. */
80 {"1", NULL, 0 },
81 {"1.", NULL, 0 },
82 {"1.2", NULL, 0 },
83 {"1.2.", NULL, 0 },
84 {"1.2.3", NULL, 0 },
85 {"1.2.3.", NULL, 0 },
86
87 /* Invalid embedded IPv4 address. */
88 {"::1.2.3", NULL, 0 },
89
90 /* IPv4 literals take the place of two IPv6 components. */
91 {"1:2:3:4:5:6:7:1.2.3.4", NULL, 0 },
92
93 /* '::' should have fewer than 16 components or it is redundant. */
94 {"1:2:3:4:5:6:7::8", NULL, 0 },
95
96 /* Embedded IPv4 addresses must be at the end. */
97 {"::1.2.3.4:1", NULL, 0 },
98
99 /* Too many components. */
100 {"1.2.3.4.5", NULL, 0 },
101 {"1:2:3:4:5:6:7:8:9", NULL, 0 },
102 {"1:2:3:4:5::6:7:8:9", NULL, 0 },
103
104 /* Stray whitespace or other invalid characters. */
105 {"1.2.3.4 ", NULL, 0 },
106 {"1.2.3 .4", NULL, 0 },
107 {"1.2.3. 4", NULL, 0 },
108 {" 1.2.3.4", NULL, 0 },
109 {"1.2.3.4.", NULL, 0 },
110 {"1.2.3.+4", NULL, 0 },
111 {"1.2.3.-4", NULL, 0 },
112 {"1.2.3.4.example.test", NULL, 0 },
113 {"::1 ", NULL, 0 },
114 {" ::1", NULL, 0 },
115 {":: 1", NULL, 0 },
116 {": :1", NULL, 0 },
117 {"1.2.3.nope", NULL, 0 },
118 {"::nope", NULL, 0 },
119
120 /* Components too large. */
121 {"1.2.3.256", NULL, 0}, /* Overflows when adding */
122 {"1.2.3.260", NULL, 0}, /* Overflows when multiplying by 10 */
123 {"1.2.3.999999999999999999999999999999999999999999", NULL, 0 },
124 {"::fffff", NULL, 0 },
125
126 /* Although not an overflow, more than four hex digits is an error. */
127 {"::00000", NULL, 0 },
128
129 /* Too many colons. */
130 {":::", NULL, 0 },
131 {"1:::", NULL, 0 },
132 {":::2", NULL, 0 },
133 {"1:::2", NULL, 0 },
134
135 /* Only one group of zeros may be elided. */
136 {"1::2::3", NULL, 0 },
137
138 /* We only support decimal. */
139 {"1.2.3.01", NULL, 0 },
140 {"1.2.3.0x1", NULL, 0 },
141
142 /* Random garbage. */
143 {"example.test", NULL, 0 },
144 {"", NULL, 0},
145 {" 1.2.3.4", NULL, 0},
146 {" 1.2.3.4 ", NULL, 0},
147 {"1.2.3.4.example.test", NULL, 0},
148 };
149
150
test_a2i_ipaddress(int idx)151 static int test_a2i_ipaddress(int idx)
152 {
153 int good = 1;
154 ASN1_OCTET_STRING *ip;
155 int len = a2i_ipaddress_tests[idx].length;
156
157 ip = a2i_IPADDRESS(a2i_ipaddress_tests[idx].ipasc);
158 if (len == 0) {
159 if (!TEST_ptr_null(ip)) {
160 good = 0;
161 TEST_note("'%s' should not be parsed as IP address", a2i_ipaddress_tests[idx].ipasc);
162 }
163 } else {
164 if (!TEST_ptr(ip)
165 || !TEST_int_eq(ASN1_STRING_length(ip), len)
166 || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len,
167 a2i_ipaddress_tests[idx].data, len)) {
168 good = 0;
169 }
170 }
171 ASN1_OCTET_STRING_free(ip);
172 return good;
173 }
174
setup_tests(void)175 int setup_tests(void)
176 {
177 ADD_TEST(test_standard_exts);
178 ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests));
179 return 1;
180 }
181
