openssl/SOURCES/openssl-1.1.1-CVE-2020-1971.patch
2021-09-09 23:19:25 +00:00

714 lines
22 KiB
Diff

diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 613f9ae713..cc0a59ca4c 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -49,6 +49,7 @@ static const ERR_STRING_DATA ASN1_str_functs[] = {
"asn1_item_embed_d2i"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0),
"asn1_item_embed_new"},
+ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0),
"asn1_item_flags_i2d"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"},
@@ -160,6 +161,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = {
"asn1 sig parse error"},
{ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"},
{ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"},
{ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
"bmpstring is wrong length"},
{ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"},
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 2332b204ed..1021705f43 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -182,6 +182,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
tag, aclass, opt, ctx);
case ASN1_ITYPE_MSTRING:
+ /*
+ * It never makes sense for multi-strings to have implicit tagging, so
+ * if tag != -1, then this looks like an error in the template.
+ */
+ if (tag != -1) {
+ ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE);
+ goto err;
+ }
+
p = *in;
/* Just read in tag and class */
ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
@@ -199,6 +208,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
goto err;
}
+
/* Check tag matches bit map */
if (!(ASN1_tag2bit(otag) & it->utype)) {
/* If OPTIONAL, assume this is OK */
@@ -215,6 +225,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
case ASN1_ITYPE_CHOICE:
+ /*
+ * It never makes sense for CHOICE types to have implicit tagging, so
+ * if tag != -1, then this looks like an error in the template.
+ */
+ if (tag != -1) {
+ ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE);
+ goto err;
+ }
+
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;
if (*pval) {
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index d600c7a538..52a051d5b1 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -103,9 +103,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
case ASN1_ITYPE_MSTRING:
+ /*
+ * It never makes sense for multi-strings to have implicit tagging, so
+ * if tag != -1, then this looks like an error in the template.
+ */
+ if (tag != -1) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
+ return -1;
+ }
return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
case ASN1_ITYPE_CHOICE:
+ /*
+ * It never makes sense for CHOICE types to have implicit tagging, so
+ * if tag != -1, then this looks like an error in the template.
+ */
+ if (tag != -1) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
+ return -1;
+ }
if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
return 0;
i = asn1_get_choice_selector(pval, it);
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 0b5873ebbc..815460b24f 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -36,6 +36,7 @@ ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp
ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup
ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i
ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new
+ASN1_F_ASN1_ITEM_EX_I2D:144:ASN1_item_ex_i2d
ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d
ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio
ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp
@@ -1771,6 +1772,7 @@ ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error
ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error
ASN1_R_AUX_ERROR:100:aux error
ASN1_R_BAD_OBJECT_HEADER:102:bad object header
+ASN1_R_BAD_TEMPLATE:230:bad template
ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length
ASN1_R_BN_LIB:105:bn lib
ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index 23e3bc4565..6f0a347cce 100644
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -22,8 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
ASN1_SEQUENCE(EDIPARTYNAME) = {
- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+ /* DirectoryString is a CHOICE type so use explicit tagging */
+ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
} ASN1_SEQUENCE_END(EDIPARTYNAME)
IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
@@ -57,6 +58,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
(char *)a);
}
+static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
+{
+ int res;
+
+ if (a == NULL || b == NULL) {
+ /*
+ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
+ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
+ */
+ return -1;
+ }
+ if (a->nameAssigner == NULL && b->nameAssigner != NULL)
+ return -1;
+ if (a->nameAssigner != NULL && b->nameAssigner == NULL)
+ return 1;
+ /* If we get here then both have nameAssigner set, or both unset */
+ if (a->nameAssigner != NULL) {
+ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
+ if (res != 0)
+ return res;
+ }
+ /*
+ * partyName is required, so these should never be NULL. We treat it in
+ * the same way as the a == NULL || b == NULL case above
+ */
+ if (a->partyName == NULL || b->partyName == NULL)
+ return -1;
+
+ return ASN1_STRING_cmp(a->partyName, b->partyName);
+}
+
/* Returns 0 if they are equal, != 0 otherwise. */
int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
{
@@ -66,8 +98,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
return -1;
switch (a->type) {
case GEN_X400:
+ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+ break;
+
case GEN_EDIPARTY:
- result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
break;
case GEN_OTHERNAME:
@@ -114,8 +149,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
{
switch (type) {
case GEN_X400:
+ a->d.x400Address = value;
+ break;
+
case GEN_EDIPARTY:
- a->d.other = value;
+ a->d.ediPartyName = value;
break;
case GEN_OTHERNAME:
@@ -149,8 +187,10 @@ void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype)
*ptype = a->type;
switch (a->type) {
case GEN_X400:
+ return a->d.x400Address;
+
case GEN_EDIPARTY:
- return a->d.other;
+ return a->d.ediPartyName;
case GEN_OTHERNAME:
return a->d.otherName;
diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h
index faed5a5518..e1ad1fefec 100644
--- a/include/openssl/asn1err.h
+++ b/include/openssl/asn1err.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_ASN1ERR_H
# define HEADER_ASN1ERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# ifdef __cplusplus
extern "C"
@@ -53,6 +51,7 @@ int ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_ITEM_DUP 191
# define ASN1_F_ASN1_ITEM_EMBED_D2I 120
# define ASN1_F_ASN1_ITEM_EMBED_NEW 121
+# define ASN1_F_ASN1_ITEM_EX_I2D 144
# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118
# define ASN1_F_ASN1_ITEM_I2D_BIO 192
# define ASN1_F_ASN1_ITEM_I2D_FP 193
@@ -145,6 +144,7 @@ int ERR_load_ASN1_strings(void);
# define ASN1_R_ASN1_SIG_PARSE_ERROR 204
# define ASN1_R_AUX_ERROR 100
# define ASN1_R_BAD_OBJECT_HEADER 102
+# define ASN1_R_BAD_TEMPLATE 230
# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
# define ASN1_R_BN_LIB 105
# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c
index 369023d5f1..94a22c6682 100644
--- a/test/asn1_decode_test.c
+++ b/test/asn1_decode_test.c
@@ -160,6 +160,41 @@ static int test_uint64(void)
return 1;
}
+typedef struct {
+ ASN1_STRING *invalidDirString;
+} INVALIDTEMPLATE;
+
+ASN1_SEQUENCE(INVALIDTEMPLATE) = {
+ /*
+ * DirectoryString is a CHOICE type so it must use explicit tagging -
+ * but we deliberately use implicit here, which makes this template invalid.
+ */
+ ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
+} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
+
+/* Empty sequence for invalid template test */
+static unsigned char t_invalid_template[] = {
+ 0x30, 0x03, /* SEQUENCE tag + length */
+ 0x0c, 0x01, 0x41 /* UTF8String, length 1, "A" */
+};
+
+static int test_invalid_template(void)
+{
+ const unsigned char *p = t_invalid_template;
+ INVALIDTEMPLATE *tmp = d2i_INVALIDTEMPLATE(NULL, &p,
+ sizeof(t_invalid_template));
+
+ /* We expect a NULL pointer return */
+ if (TEST_ptr_null(tmp))
+ return 1;
+
+ INVALIDTEMPLATE_free(tmp);
+ return 0;
+}
+
int setup_tests(void)
{
#if OPENSSL_API_COMPAT < 0x10200000L
@@ -169,5 +204,6 @@ int setup_tests(void)
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
ADD_TEST(test_uint64);
+ ADD_TEST(test_invalid_template);
return 1;
}
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index ed920a4d66..afbd18be6f 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -856,6 +856,38 @@ static int test_uint64(void)
return test_intern(&uint64_test_package);
}
+typedef struct {
+ ASN1_STRING *invalidDirString;
+} INVALIDTEMPLATE;
+
+ASN1_SEQUENCE(INVALIDTEMPLATE) = {
+ /*
+ * DirectoryString is a CHOICE type so it must use explicit tagging -
+ * but we deliberately use implicit here, which makes this template invalid.
+ */
+ ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
+} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
+
+static int test_invalid_template(void)
+{
+ INVALIDTEMPLATE *temp = INVALIDTEMPLATE_new();
+ int ret;
+
+ if (!TEST_ptr(temp))
+ return 0;
+
+ ret = i2d_INVALIDTEMPLATE(temp, NULL);
+
+ INVALIDTEMPLATE_free(temp);
+
+ /* We expect the i2d operation to fail */
+ return ret < 0;
+}
+
+
int setup_tests(void)
{
#if OPENSSL_API_COMPAT < 0x10200000L
@@ -866,5 +898,6 @@ int setup_tests(void)
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
ADD_TEST(test_uint64);
+ ADD_TEST(test_invalid_template);
return 1;
}
diff --git a/test/v3nametest.c b/test/v3nametest.c
index 86f3829aed..4c8af92ce9 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -359,8 +359,352 @@ static int call_run_cert(int i)
return failed == 0;
}
+struct gennamedata {
+ const unsigned char der[22];
+ size_t derlen;
+} gennames[] = {
+ {
+ /*
+ * [0] {
+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+ * [0] {
+ * SEQUENCE {}
+ * }
+ * }
+ */
+ {
+ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
+ },
+ 21
+ }, {
+ /*
+ * [0] {
+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+ * [0] {
+ * [APPLICATION 0] {}
+ * }
+ * }
+ */
+ {
+ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
+ },
+ 21
+ }, {
+ /*
+ * [0] {
+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+ * [0] {
+ * UTF8String { "a" }
+ * }
+ * }
+ */
+ {
+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
+ },
+ 22
+ }, {
+ /*
+ * [0] {
+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
+ * [0] {
+ * UTF8String { "a" }
+ * }
+ * }
+ */
+ {
+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
+ },
+ 22
+ }, {
+ /*
+ * [0] {
+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+ * [0] {
+ * UTF8String { "b" }
+ * }
+ * }
+ */
+ {
+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
+ },
+ 22
+ }, {
+ /*
+ * [0] {
+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+ * [0] {
+ * BOOLEAN { TRUE }
+ * }
+ * }
+ */
+ {
+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
+ },
+ 22
+ }, {
+ /*
+ * [0] {
+ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+ * [0] {
+ * BOOLEAN { FALSE }
+ * }
+ * }
+ */
+ {
+ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
+ },
+ 22
+ }, {
+ /* [1 PRIMITIVE] { "a" } */
+ {
+ 0x81, 0x01, 0x61
+ },
+ 3
+ }, {
+ /* [1 PRIMITIVE] { "b" } */
+ {
+ 0x81, 0x01, 0x62
+ },
+ 3
+ }, {
+ /* [2 PRIMITIVE] { "a" } */
+ {
+ 0x82, 0x01, 0x61
+ },
+ 3
+ }, {
+ /* [2 PRIMITIVE] { "b" } */
+ {
+ 0x82, 0x01, 0x62
+ },
+ 3
+ }, {
+ /*
+ * [4] {
+ * SEQUENCE {
+ * SET {
+ * SEQUENCE {
+ * # commonName
+ * OBJECT_IDENTIFIER { 2.5.4.3 }
+ * UTF8String { "a" }
+ * }
+ * }
+ * }
+ * }
+ */
+ {
+ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0c, 0x01, 0x61
+ },
+ 16
+ }, {
+ /*
+ * [4] {
+ * SEQUENCE {
+ * SET {
+ * SEQUENCE {
+ * # commonName
+ * OBJECT_IDENTIFIER { 2.5.4.3 }
+ * UTF8String { "b" }
+ * }
+ * }
+ * }
+ * }
+ */
+ {
+ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0c, 0x01, 0x62
+ },
+ 16
+ }, {
+ /*
+ * [5] {
+ * [1] {
+ * UTF8String { "a" }
+ * }
+ * }
+ */
+ {
+ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
+ },
+ 7
+ }, {
+ /*
+ * [5] {
+ * [1] {
+ * UTF8String { "b" }
+ * }
+ * }
+ */
+ {
+ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
+ },
+ 7
+ }, {
+ /*
+ * [5] {
+ * [0] {
+ * UTF8String {}
+ * }
+ * [1] {
+ * UTF8String { "a" }
+ * }
+ * }
+ */
+ {
+ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
+ },
+ 11
+ }, {
+ /*
+ * [5] {
+ * [0] {
+ * UTF8String { "a" }
+ * }
+ * [1] {
+ * UTF8String { "a" }
+ * }
+ * }
+ */
+ {
+ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
+ 0x61
+ },
+ 12
+ }, {
+ /*
+ * [5] {
+ * [0] {
+ * UTF8String { "b" }
+ * }
+ * [1] {
+ * UTF8String { "a" }
+ * }
+ * }
+ */
+ {
+ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
+ 0x61
+ },
+ 12
+ }, {
+ /* [6 PRIMITIVE] { "a" } */
+ {
+ 0x86, 0x01, 0x61
+ },
+ 3
+ }, {
+ /* [6 PRIMITIVE] { "b" } */
+ {
+ 0x86, 0x01, 0x62
+ },
+ 3
+ }, {
+ /* [7 PRIMITIVE] { `11111111` } */
+ {
+ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11
+ },
+ 6
+ }, {
+ /* [7 PRIMITIVE] { `22222222`} */
+ {
+ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22
+ },
+ 6
+ }, {
+ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
+ {
+ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
+ },
+ 18
+ }, {
+ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
+ {
+ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
+ },
+ 18
+ }, {
+ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
+ {
+ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
+ 0xb7, 0x09, 0x02, 0x01
+ },
+ 15
+ }, {
+ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
+ {
+ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
+ 0xb7, 0x09, 0x02, 0x02
+ },
+ 15
+ }
+};
+
+static int test_GENERAL_NAME_cmp(void)
+{
+ size_t i, j;
+ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
+ * OSSL_NELEM(gennames));
+ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
+ * OSSL_NELEM(gennames));
+ int testresult = 0;
+
+ if (!TEST_ptr(namesa) || !TEST_ptr(namesb))
+ goto end;
+
+ for (i = 0; i < OSSL_NELEM(gennames); i++) {
+ const unsigned char *derp = gennames[i].der;
+
+ /*
+ * We create two versions of each GENERAL_NAME so that we ensure when
+ * we compare them they are always different pointers.
+ */
+ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
+ derp = gennames[i].der;
+ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
+ if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i]))
+ goto end;
+ }
+
+ /* Every name should be equal to itself and not equal to any others. */
+ for (i = 0; i < OSSL_NELEM(gennames); i++) {
+ for (j = 0; j < OSSL_NELEM(gennames); j++) {
+ if (i == j) {
+ if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
+ goto end;
+ } else {
+ if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
+ goto end;
+ }
+ }
+ }
+ testresult = 1;
+
+ end:
+ for (i = 0; i < OSSL_NELEM(gennames); i++) {
+ if (namesa != NULL)
+ GENERAL_NAME_free(namesa[i]);
+ if (namesb != NULL)
+ GENERAL_NAME_free(namesb[i]);
+ }
+ OPENSSL_free(namesa);
+ OPENSSL_free(namesb);
+
+ return testresult;
+}
+
int setup_tests(void)
{
ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns));
+ ADD_TEST(test_GENERAL_NAME_cmp);
return 1;
}