Skip to content

Commit

Permalink
Add test for ASN1_item_verify()
Browse files Browse the repository at this point in the history 
This is a test for openssl#24575
Original idea by Theo Buehler.
  • Loading branch information
@t8m
t8m committed Jun 17, 2024
1 parent 22dff96 commit a2454bf
Showing 1 changed file with 82 additions and 0 deletions.
82 changes: 82 additions & 0 deletions test/x509_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,14 @@
* https://www.openssl.org/source/license.html
*/

#define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_get1/set1_RSA */

#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include "crypto/x509.h" /* x509_st definition */
#include "testutil.h"

static EVP_PKEY *pubkey = NULL;
Expand Down Expand Up @@ -114,6 +121,80 @@ static int test_x509_crl_tbs_cache(void)
return ret;
}

static const char *pss_cert = /* Self-signed cert with RSA-PSS signature */
"-----BEGIN CERTIFICATE-----\n"
"MIIDUDCCAgSgAwIBAgIBATBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA\n"
"oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwFjEUMBIGA1UEAwwL\n"
"Um9vdCBQU1MgQ0EwIBcNMjQwNjE3MDk1ODEyWhgPMjEyNDA2MTgwOTU4MTJaMBYx\n"
"FDASBgNVBAMMC1Jvb3QgUFNTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
"CgKCAQEA9usPd4aHT/mTbny6MFtaYApJdpA8DheiKY9PRRt22Lu1YIIxHpwS4Jdq\n"
"WW69XES7il4d4eaFl/6n+TGGy2UuOZYeU6fVQ5mxJHDCDiY/UF7/F0ZIt18uqLhY\n"
"FpBv2y+iLGXIp+TrhmJ3NFxBqew9xEYkT44Jgd6pE+w4KXhQ0aY8AIi+d4i1Rp1B\n"
"PIlgtbByjnI68HCELg6jkqlCb8NL9kEtoK/M9dK7Hvff8g9fabK8lKlbxKFcLUwn\n"
"nsI+UyjsCGktmQ5ukRjjNXHDcwPhE797A6UIC4mwXITwAEmSYZaOzcKr95pdfFB0\n"
"zqBujjv6LUsgaIvFcUOWBuRYs1NZfwIDAQABoz8wPTAPBgNVHRMBAf8EBTADAQH/\n"
"MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUIQoxipZ4v088BcQ7vOvM5PttO8IwQQYJ\n"
"KoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglg\n"
"hkgBZQMEAgEFAKIDAgEgA4IBAQBJn4U+nCFESbThSVRJk7ZtTdCM3W6fevfwKee+\n"
"r48dqt6KbGAePmqwHTCj8ZPpDO9TyoTpPAJ/lGgYYgBjSwTQyZCF0N6uSpka5x4y\n"
"mxJMqZioaJ5Ctnyea5JZewcBq4c8pQCwAOMruyE0NedXPk7fuGnLCSCoRGJT9Nil\n"
"y4YfaL7gRLx0tpdC62HBA5EdO+SbJF+A/ah+lMMvcObR16Q2M/wHBe2n5dvSiBgC\n"
"LK4PbDDhxIasB4LlpCAuIEPL+g9zhBQDbpO7L6v8v60AzEz0zJVF8o/jFWEpCUr+\n"
"VxplcyaW5+TTXZ4yCbUkc97zy5wxAuzE7IGj0Yt0NWspXRbk\n"
"-----END CERTIFICATE-----\n";

static int test_asn1_item_verify(void)
{
int ret = 0;
BIO *bio = NULL;
X509 *x509 = NULL;
const ASN1_BIT_STRING *sig = NULL;
const X509_ALGOR *alg = NULL;
EVP_PKEY *pkey;
#ifndef OPENSSL_NO_DEPRECATED_3_0
RSA *rsa = NULL;
#endif

if (!TEST_ptr(bio = BIO_new_mem_buf(pss_cert, -1))
|| !TEST_ptr(x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL))
|| !TEST_ptr(pkey = X509_get0_pubkey(x509)))
goto err;

#ifndef OPENSSL_NO_DEPRECATED_3_0
/* Issue #24575 requires legacy key but the test is useful anyway */
if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)))
goto err;

if (!TEST_int_gt(EVP_PKEY_set1_RSA(pkey, rsa), 0))
goto err;
#endif

X509_get0_signature(&sig, &alg, x509);

if (!TEST_int_gt(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),
(X509_ALGOR *)alg, (ASN1_BIT_STRING *)sig,
&x509->cert_info, pkey), 0))
goto err;

ERR_set_mark();
if (!TEST_int_lt(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),
(X509_ALGOR *)alg, (ASN1_BIT_STRING *)sig,
NULL, pkey), 0)) {
ERR_clear_last_mark();
goto err;
}
ERR_pop_to_mark();

ret = 1;

err:
#ifndef OPENSSL_NO_DEPRECATED_3_0
RSA_free(rsa);
#endif
BIO_free(bio);
return ret;
}

int setup_tests(void)
{
const unsigned char *p;
Expand All @@ -138,6 +219,7 @@ int setup_tests(void)

ADD_TEST(test_x509_tbs_cache);
ADD_TEST(test_x509_crl_tbs_cache);
ADD_TEST(test_asn1_item_verify);
return 1;
}

Expand Down

0 comments on commit a2454bf

Please sign in to comment.