diff options
Diffstat (limited to 'src/regress')
| -rw-r--r-- | src/regress/lib/libcrypto/x509/constraints.c | 54 |
1 files changed, 50 insertions, 4 deletions
diff --git a/src/regress/lib/libcrypto/x509/constraints.c b/src/regress/lib/libcrypto/x509/constraints.c index 8771367bd6..90b7ffbaeb 100644 --- a/src/regress/lib/libcrypto/x509/constraints.c +++ b/src/regress/lib/libcrypto/x509/constraints.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: constraints.c,v 1.15 2022/11/28 07:24:03 tb Exp $ */ | 1 | /* $OpenBSD: constraints.c,v 1.16 2023/09/29 15:53:59 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -154,6 +154,12 @@ unsigned char *invaliduri[] = { | |||
| 154 | "https://.www.openbsd.org/", | 154 | "https://.www.openbsd.org/", |
| 155 | "https://www.ope|nbsd.org%", | 155 | "https://www.ope|nbsd.org%", |
| 156 | "https://www.openbsd.org.#", | 156 | "https://www.openbsd.org.#", |
| 157 | "https://192.168.1.1./", | ||
| 158 | "https://192.168.1.1|/", | ||
| 159 | "https://.192.168.1.1/", | ||
| 160 | "https://192.168..1.1/", | ||
| 161 | "https://.2001:0DB8:AC10:FE01::/", | ||
| 162 | "https://.2001:0DB8:AC10:FE01::|/", | ||
| 157 | "///", | 163 | "///", |
| 158 | "//", | 164 | "//", |
| 159 | "/", | 165 | "/", |
| @@ -161,6 +167,15 @@ unsigned char *invaliduri[] = { | |||
| 161 | NULL, | 167 | NULL, |
| 162 | }; | 168 | }; |
| 163 | 169 | ||
| 170 | unsigned char *validuri[] = { | ||
| 171 | "https://www.openbsd.org/meep/meep/meep/", | ||
| 172 | "https://192.168.1.1/", | ||
| 173 | "https://2001:0DB8:AC10:FE01::/", | ||
| 174 | "https://192.168.1/", /* Not an IP, but valid component */ | ||
| 175 | "https://999.999.999.999/", /* Not an IP, but valid component */ | ||
| 176 | NULL, | ||
| 177 | }; | ||
| 178 | |||
| 164 | static int | 179 | static int |
| 165 | test_valid_hostnames(void) | 180 | test_valid_hostnames(void) |
| 166 | { | 181 | { |
| @@ -169,7 +184,7 @@ test_valid_hostnames(void) | |||
| 169 | for (i = 0; valid_hostnames[i] != NULL; i++) { | 184 | for (i = 0; valid_hostnames[i] != NULL; i++) { |
| 170 | CBS cbs; | 185 | CBS cbs; |
| 171 | CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i])); | 186 | CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i])); |
| 172 | if (!x509_constraints_valid_host(&cbs)) { | 187 | if (!x509_constraints_valid_host(&cbs, 0)) { |
| 173 | FAIL("Valid hostname '%s' rejected\n", | 188 | FAIL("Valid hostname '%s' rejected\n", |
| 174 | valid_hostnames[i]); | 189 | valid_hostnames[i]); |
| 175 | failure = 1; | 190 | failure = 1; |
| @@ -183,6 +198,7 @@ test_valid_hostnames(void) | |||
| 183 | goto done; | 198 | goto done; |
| 184 | } | 199 | } |
| 185 | } | 200 | } |
| 201 | |||
| 186 | done: | 202 | done: |
| 187 | return failure; | 203 | return failure; |
| 188 | } | 204 | } |
| @@ -202,6 +218,7 @@ test_valid_sandns_names(void) | |||
| 202 | goto done; | 218 | goto done; |
| 203 | } | 219 | } |
| 204 | } | 220 | } |
| 221 | |||
| 205 | done: | 222 | done: |
| 206 | return failure; | 223 | return failure; |
| 207 | } | 224 | } |
| @@ -221,6 +238,7 @@ test_valid_domain_constraints(void) | |||
| 221 | goto done; | 238 | goto done; |
| 222 | } | 239 | } |
| 223 | } | 240 | } |
| 241 | |||
| 224 | done: | 242 | done: |
| 225 | return failure; | 243 | return failure; |
| 226 | } | 244 | } |
| @@ -245,6 +263,7 @@ test_valid_mbox_names(void) | |||
| 245 | free(name.local); | 263 | free(name.local); |
| 246 | name.local = NULL; | 264 | name.local = NULL; |
| 247 | } | 265 | } |
| 266 | |||
| 248 | done: | 267 | done: |
| 249 | return failure; | 268 | return failure; |
| 250 | } | 269 | } |
| @@ -259,7 +278,7 @@ test_invalid_hostnames(void) | |||
| 259 | for (i = 0; invalid_hostnames[i] != NULL; i++) { | 278 | for (i = 0; invalid_hostnames[i] != NULL; i++) { |
| 260 | CBS_init(&cbs, invalid_hostnames[i], | 279 | CBS_init(&cbs, invalid_hostnames[i], |
| 261 | strlen(invalid_hostnames[i])); | 280 | strlen(invalid_hostnames[i])); |
| 262 | if (x509_constraints_valid_host(&cbs)) { | 281 | if (x509_constraints_valid_host(&cbs, 0)) { |
| 263 | FAIL("Invalid hostname '%s' accepted\n", | 282 | FAIL("Invalid hostname '%s' accepted\n", |
| 264 | invalid_hostnames[i]); | 283 | invalid_hostnames[i]); |
| 265 | failure = 1; | 284 | failure = 1; |
| @@ -267,7 +286,7 @@ test_invalid_hostnames(void) | |||
| 267 | } | 286 | } |
| 268 | } | 287 | } |
| 269 | CBS_init(&cbs, nulhost, strlen(nulhost) + 1); | 288 | CBS_init(&cbs, nulhost, strlen(nulhost) + 1); |
| 270 | if (x509_constraints_valid_host(&cbs)) { | 289 | if (x509_constraints_valid_host(&cbs, 0)) { |
| 271 | FAIL("hostname with NUL byte accepted\n"); | 290 | FAIL("hostname with NUL byte accepted\n"); |
| 272 | failure = 1; | 291 | failure = 1; |
| 273 | goto done; | 292 | goto done; |
| @@ -278,6 +297,7 @@ test_invalid_hostnames(void) | |||
| 278 | failure = 1; | 297 | failure = 1; |
| 279 | goto done; | 298 | goto done; |
| 280 | } | 299 | } |
| 300 | |||
| 281 | done: | 301 | done: |
| 282 | return failure; | 302 | return failure; |
| 283 | } | 303 | } |
| @@ -297,6 +317,7 @@ test_invalid_sandns_names(void) | |||
| 297 | goto done; | 317 | goto done; |
| 298 | } | 318 | } |
| 299 | } | 319 | } |
| 320 | |||
| 300 | done: | 321 | done: |
| 301 | return failure; | 322 | return failure; |
| 302 | } | 323 | } |
| @@ -321,6 +342,7 @@ test_invalid_mbox_names(void) | |||
| 321 | free(name.local); | 342 | free(name.local); |
| 322 | name.local = NULL; | 343 | name.local = NULL; |
| 323 | } | 344 | } |
| 345 | |||
| 324 | done: | 346 | done: |
| 325 | return failure; | 347 | return failure; |
| 326 | } | 348 | } |
| @@ -340,6 +362,7 @@ test_invalid_domain_constraints(void) | |||
| 340 | goto done; | 362 | goto done; |
| 341 | } | 363 | } |
| 342 | } | 364 | } |
| 365 | |||
| 343 | done: | 366 | done: |
| 344 | return failure; | 367 | return failure; |
| 345 | } | 368 | } |
| @@ -365,6 +388,27 @@ test_invalid_uri(void) | |||
| 365 | done: | 388 | done: |
| 366 | return failure; | 389 | return failure; |
| 367 | } | 390 | } |
| 391 | static int | ||
| 392 | test_valid_uri(void) | ||
| 393 | { | ||
| 394 | int j, failure = 0; | ||
| 395 | char *hostpart = NULL; | ||
| 396 | |||
| 397 | for (j = 0; validuri[j] != NULL; j++) { | ||
| 398 | if (x509_constraints_uri_host(validuri[j], | ||
| 399 | strlen(invaliduri[j]), &hostpart) == 0) { | ||
| 400 | FAIL("Valid URI '%s' NOT accepted\n", | ||
| 401 | validuri[j]); | ||
| 402 | failure = 1; | ||
| 403 | goto done; | ||
| 404 | } | ||
| 405 | free(hostpart); | ||
| 406 | hostpart = NULL; | ||
| 407 | } | ||
| 408 | |||
| 409 | done: | ||
| 410 | return failure; | ||
| 411 | } | ||
| 368 | 412 | ||
| 369 | static int | 413 | static int |
| 370 | test_constraints1(void) | 414 | test_constraints1(void) |
| @@ -513,6 +557,7 @@ test_constraints1(void) | |||
| 513 | failure = 1; | 557 | failure = 1; |
| 514 | goto done; | 558 | goto done; |
| 515 | } | 559 | } |
| 560 | |||
| 516 | done: | 561 | done: |
| 517 | return failure; | 562 | return failure; |
| 518 | } | 563 | } |
| @@ -531,6 +576,7 @@ main(int argc, char **argv) | |||
| 531 | failed |= test_valid_domain_constraints(); | 576 | failed |= test_valid_domain_constraints(); |
| 532 | failed |= test_invalid_domain_constraints(); | 577 | failed |= test_invalid_domain_constraints(); |
| 533 | failed |= test_invalid_uri(); | 578 | failed |= test_invalid_uri(); |
| 579 | failed |= test_valid_uri(); | ||
| 534 | failed |= test_constraints1(); | 580 | failed |= test_constraints1(); |
| 535 | 581 | ||
| 536 | return (failed); | 582 | return (failed); |