tests/unit/unit1676.c - third_party/curl - Git at Google

 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
  *                             / __| | | | |_) | |
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at https://curl.se/docs/copyright.html.
  *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
  * furnished to do so, under the terms of the COPYING file.
  *
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
  * SPDX-License-Identifier: curl
  *
  ***************************************************************************/
 #include "unitcheck.h"
 #include "vtls/x509asn1.h"
 #include "vtls/vtls.h"

 static CURLcode test_unit1676(const char *arg)
 {
   UNITTEST_BEGIN_SIMPLE

 #if defined(USE_GNUTLS) || defined(USE_MBEDTLS) || defined(USE_RUSTLS) || \
   defined(USE_SCHANNEL)

   /*
    * Minimal DER-encoded X.509 certificate with a DH public key.
    * Hand-crafted to exercise the do_pubkey() dhpublicnumber branch.
    *
    * The DH parameters contain two distinct INTEGER values:
    *   p = 0x11 (renders as "17" via int2str decimal format)
    *   g = 0x22 (renders as "34")
    * The public key value is:
    *   pub_key = 0x33 (renders as "51")
    *
    * OID 1.2.840.10046.2.1 = dhpublicnumber
    */
   static const unsigned char cert[] = {
     0x30, 0x81, 0x85, 0x30, 0x72, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01,
     0x01, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
     0x01, 0x0B, 0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04,
     0x03, 0x0C, 0x04, 0x74, 0x65, 0x73, 0x74, 0x30, 0x1E, 0x17, 0x0D, 0x32,
     0x35, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A,
     0x17, 0x0D, 0x32, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30,
     0x30, 0x30, 0x5A, 0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
     0x04, 0x03, 0x0C, 0x04, 0x74, 0x65, 0x73, 0x74, 0x30, 0x19, 0x30, 0x11,
     0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3E, 0x02, 0x01, 0x30, 0x06, 0x02,
     0x01, 0x11, 0x02, 0x01, 0x22, 0x03, 0x04, 0x00, 0x02, 0x01, 0x33, 0x30,
     0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
     0x03, 0x02, 0x00, 0xFF
   };

   CURLcode result;
   const char *beg = (const char *)&cert[0];
   const char *end = (const char *)&cert[sizeof(cert)];
   struct Curl_easy *data;
   struct curl_slist *slist;
   const char *dhp_value = NULL;
   const char *dhg_value = NULL;
   const char *dhpk_value = NULL;

   if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
     curl_mfprintf(stderr, "curl_global_init() failed\n");
     return TEST_ERR_MAJOR_BAD;
   }

   data = curl_easy_init();
   if(!data) {
     curl_global_cleanup();
     return TEST_ERR_MAJOR_BAD;
   }

   data->set.ssl.certinfo = 1;
   result = Curl_ssl_init_certinfo(data, 1);
   if(result) {
     curl_easy_cleanup(data);
     curl_global_cleanup();
     return TEST_ERR_MAJOR_BAD;
   }

   result = Curl_extract_certinfo(data, 0, beg, end);
   fail_unless(result == CURLE_OK, "Curl_extract_certinfo returned error");
   if(result == CURLE_OK) {
     /* Walk certinfo entries to find dh(p), dh(g), and dh(pub_key) */
     for(slist = data->info.certs.certinfo[0]; slist; slist = slist->next) {
       if(strncmp(slist->data, "dh(p):", 6) == 0)
         dhp_value = slist->data + 6;
       else if(strncmp(slist->data, "dh(g):", 6) == 0)
         dhg_value = slist->data + 6;
       else if(strncmp(slist->data, "dh(pub_key):", 12) == 0)
         dhpk_value = slist->data + 12;
     }

     abort_unless(dhp_value != NULL, "dh(p) not found in certinfo");
     abort_unless(dhg_value != NULL, "dh(g) not found in certinfo");
     abort_unless(dhpk_value != NULL, "dh(pub_key) not found in certinfo");
     fail_if(strcmp(dhp_value, dhg_value) == 0,
             "dh(p) and dh(g) have the same value (bug: g re-reads p)");
     fail_unless(strcmp(dhp_value, "17") == 0, "dh(p) expected 17 (0x11)");
     fail_unless(strcmp(dhg_value, "34") == 0, "dh(g) expected 34 (0x22)");
     fail_unless(strcmp(dhpk_value, "51") == 0,
                 "dh(pub_key) expected 51 (0x33)");
   }

   curl_easy_cleanup(data);
   curl_global_cleanup();
 #else
   puts("not tested since Curl_extract_certinfo() is not built in");
 #endif
   UNITTEST_END_SIMPLE
 }
	/***************************************************************************
	* _ _ ____ _
	* Project ___\| \| \| \| _ \\| \|
	* / __\| \| \| \| \|_) \| \|
	* \| (__\| \|_\| \| _ <\| \|___
	* \___\|\___/\|_\| \_\_____\|
	*
	* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
	*
	* This software is licensed as described in the file COPYING, which
	* you should have received as part of this distribution. The terms
	* are also available at https://curl.se/docs/copyright.html.
	*
	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
	* copies of the Software, and permit persons to whom the Software is
	* furnished to do so, under the terms of the COPYING file.
	*
	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
	* KIND, either express or implied.
	*
	* SPDX-License-Identifier: curl
	*
	***************************************************************************/
	#include "unitcheck.h"
	#include "vtls/x509asn1.h"
	#include "vtls/vtls.h"

	static CURLcode test_unit1676(const char *arg)
	{
	UNITTEST_BEGIN_SIMPLE

	#if defined(USE_GNUTLS) \|\| defined(USE_MBEDTLS) \|\| defined(USE_RUSTLS) \|\| \
	defined(USE_SCHANNEL)

	/*
	* Minimal DER-encoded X.509 certificate with a DH public key.
	* Hand-crafted to exercise the do_pubkey() dhpublicnumber branch.
	*
	* The DH parameters contain two distinct INTEGER values:
	* p = 0x11 (renders as "17" via int2str decimal format)
	* g = 0x22 (renders as "34")
	* The public key value is:
	* pub_key = 0x33 (renders as "51")
	*
	* OID 1.2.840.10046.2.1 = dhpublicnumber
	*/
	static const unsigned char cert[] = {
	0x30, 0x81, 0x85, 0x30, 0x72, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01,
	0x01, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
	0x01, 0x0B, 0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04,
	0x03, 0x0C, 0x04, 0x74, 0x65, 0x73, 0x74, 0x30, 0x1E, 0x17, 0x0D, 0x32,
	0x35, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A,
	0x17, 0x0D, 0x32, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30,
	0x30, 0x30, 0x5A, 0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
	0x04, 0x03, 0x0C, 0x04, 0x74, 0x65, 0x73, 0x74, 0x30, 0x19, 0x30, 0x11,
	0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3E, 0x02, 0x01, 0x30, 0x06, 0x02,
	0x01, 0x11, 0x02, 0x01, 0x22, 0x03, 0x04, 0x00, 0x02, 0x01, 0x33, 0x30,
	0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
	0x03, 0x02, 0x00, 0xFF
	};

	CURLcode result;
	const char beg = (const char )&cert[0];
	const char end = (const char )&cert[sizeof(cert)];
	struct Curl_easy *data;
	struct curl_slist *slist;
	const char *dhp_value = NULL;
	const char *dhg_value = NULL;
	const char *dhpk_value = NULL;

	if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
	curl_mfprintf(stderr, "curl_global_init() failed\n");
	return TEST_ERR_MAJOR_BAD;
	}

	data = curl_easy_init();
	if(!data) {
	curl_global_cleanup();
	return TEST_ERR_MAJOR_BAD;
	}

	data->set.ssl.certinfo = 1;
	result = Curl_ssl_init_certinfo(data, 1);
	if(result) {
	curl_easy_cleanup(data);
	curl_global_cleanup();
	return TEST_ERR_MAJOR_BAD;
	}

	result = Curl_extract_certinfo(data, 0, beg, end);
	fail_unless(result == CURLE_OK, "Curl_extract_certinfo returned error");
	if(result == CURLE_OK) {
	/* Walk certinfo entries to find dh(p), dh(g), and dh(pub_key) */
	for(slist = data->info.certs.certinfo[0]; slist; slist = slist->next) {
	if(strncmp(slist->data, "dh(p):", 6) == 0)
	dhp_value = slist->data + 6;
	else if(strncmp(slist->data, "dh(g):", 6) == 0)
	dhg_value = slist->data + 6;
	else if(strncmp(slist->data, "dh(pub_key):", 12) == 0)
	dhpk_value = slist->data + 12;
	}

	abort_unless(dhp_value != NULL, "dh(p) not found in certinfo");
	abort_unless(dhg_value != NULL, "dh(g) not found in certinfo");
	abort_unless(dhpk_value != NULL, "dh(pub_key) not found in certinfo");
	fail_if(strcmp(dhp_value, dhg_value) == 0,
	"dh(p) and dh(g) have the same value (bug: g re-reads p)");
	fail_unless(strcmp(dhp_value, "17") == 0, "dh(p) expected 17 (0x11)");
	fail_unless(strcmp(dhg_value, "34") == 0, "dh(g) expected 34 (0x22)");
	fail_unless(strcmp(dhpk_value, "51") == 0,
	"dh(pub_key) expected 51 (0x33)");
	}

	curl_easy_cleanup(data);
	curl_global_cleanup();
	#else
	puts("not tested since Curl_extract_certinfo() is not built in");
	#endif
	UNITTEST_END_SIMPLE
	}