luna - wolfssl/tests/api/test_ossl

   1/* test_ossl_p7p12.c
   2 *
   3 * Copyright (C) 2006-2026 wolfSSL Inc.
   4 *
   5 * This file is part of wolfSSL.
   6 *
   7 * wolfSSL is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 3 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * wolfSSL is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20 */
  21
  22#include <tests/unit.h>
  23
  24#ifdef NO_INLINE
  25    #include <wolfssl/wolfcrypt/misc.h>
  26#else
  27    #define WOLFSSL_MISC_INCLUDED
  28    #include <wolfcrypt/src/misc.c>
  29#endif
  30
  31#include <wolfssl/openssl/pkcs7.h>
  32#include <wolfssl/openssl/pkcs12.h>
  33#include <wolfssl/openssl/pem.h>
  34#include <wolfssl/internal.h>
  35#include <tests/api/api.h>
  36#include <tests/api/test_ossl_p7p12.h>
  37
  38int test_wolfssl_PKCS7(void)
  39{
  40    EXPECT_DECLS;
  41#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \
  42    !defined(NO_RSA)
  43    PKCS7* pkcs7 = NULL;
  44    byte   data[FOURK_BUF];
  45    word32 len = sizeof(data);
  46    const byte*  p = data;
  47    byte   content[] = "Test data to encode.";
  48#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
  49    BIO*   bio = NULL;
  50    byte   key[sizeof(client_key_der_2048)];
  51    word32 keySz = (word32)sizeof(key);
  52    byte*  out = NULL;
  53#endif
  54
  55    ExpectIntGT((len = (word32)CreatePKCS7SignedData(data, (int)len, content,
  56        (word32)sizeof(content), 0, 0, 0, RSA_TYPE)), 0);
  57
  58    ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, (int)len));
  59    ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
  60    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
  61    ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
  62        PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
  63    PKCS7_free(pkcs7);
  64    pkcs7 = NULL;
  65
  66    /* fail case, without PKCS7_NOVERIFY */
  67    p = data;
  68    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
  69    ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
  70        0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
  71    PKCS7_free(pkcs7);
  72    pkcs7 = NULL;
  73
  74    /* success case, with PKCS7_NOVERIFY */
  75    p = data;
  76    ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len));
  77    ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
  78        PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
  79
  80#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
  81    /* test i2d */
  82    XMEMCPY(key, client_key_der_2048, keySz);
  83    if (pkcs7 != NULL) {
  84        pkcs7->privateKey = key;
  85        pkcs7->privateKeySz = (word32)sizeof(key);
  86        pkcs7->encryptOID = RSAk;
  87    #ifdef NO_SHA
  88        pkcs7->hashOID = SHA256h;
  89    #else
  90        pkcs7->hashOID = SHAh;
  91    #endif
  92    }
  93    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
  94    ExpectIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
  95#ifndef NO_ASN_TIME
  96    ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 655);
  97#else
  98    ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 625);
  99#endif
 100    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 101    BIO_free(bio);
 102#endif
 103
 104    PKCS7_free(NULL);
 105    PKCS7_free(pkcs7);
 106#endif
 107    return EXPECT_RESULT();
 108}
 109
 110int test_wolfSSL_PKCS7_certs(void)
 111{
 112    EXPECT_DECLS;
 113#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_BIO) && \
 114   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
 115    STACK_OF(X509)* sk = NULL;
 116    STACK_OF(X509_INFO)* info_sk = NULL;
 117    PKCS7 *p7 = NULL;
 118    BIO* bio = NULL;
 119    const byte* p = NULL;
 120    int buflen = 0;
 121    int i;
 122
 123    /* Test twice. Once with d2i and once without to test
 124     * that everything is free'd correctly. */
 125    for (i = 0; i < 2; i++) {
 126        ExpectNotNull(p7 = PKCS7_new());
 127        if (p7 != NULL) {
 128            p7->version = 1;
 129        #ifdef NO_SHA
 130            p7->hashOID = SHA256h;
 131        #else
 132            p7->hashOID = SHAh;
 133        #endif
 134        }
 135        ExpectNotNull(bio = BIO_new(BIO_s_file()));
 136        ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0);
 137        ExpectNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
 138        ExpectIntEQ(sk_X509_INFO_num(info_sk), 2);
 139        ExpectNotNull(sk = sk_X509_new_null());
 140        while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) {
 141            X509_INFO* info = NULL;
 142            ExpectNotNull(info = sk_X509_INFO_shift(info_sk));
 143            if (EXPECT_SUCCESS() && info != NULL) {
 144                ExpectIntGT(sk_X509_push(sk, info->x509), 0);
 145                info->x509 = NULL;
 146            }
 147            X509_INFO_free(info);
 148        }
 149        sk_X509_INFO_pop_free(info_sk, X509_INFO_free);
 150        info_sk = NULL;
 151        BIO_free(bio);
 152        bio = NULL;
 153        ExpectNotNull(bio = BIO_new(BIO_s_mem()));
 154        ExpectIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
 155        if ((sk != NULL) && ((p7 == NULL) || (bio == NULL))) {
 156            sk_X509_pop_free(sk, X509_free);
 157        }
 158        sk = NULL;
 159        ExpectIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);
 160
 161        if (i == 0) {
 162            PKCS7_free(p7);
 163            p7 = NULL;
 164            ExpectNotNull(d2i_PKCS7(&p7, &p, buflen));
 165            if (p7 != NULL) {
 166                /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate
 167                 * them */
 168                ((WOLFSSL_PKCS7*)p7)->certs = NULL;
 169            }
 170            /* PKCS7_free free's the certs */
 171            ExpectNotNull(wolfSSL_PKCS7_to_stack(p7));
 172        }
 173
 174        BIO_free(bio);
 175        bio = NULL;
 176        PKCS7_free(p7);
 177        p7 = NULL;
 178    }
 179#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
 180         !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
 181    return EXPECT_RESULT();
 182}
 183
 184int test_wolfSSL_PKCS7_sign(void)
 185{
 186    EXPECT_DECLS;
 187#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \
 188    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 189
 190    PKCS7* p7 = NULL;
 191    PKCS7* p7Ver = NULL;
 192    byte* out = NULL;
 193    byte* tmpPtr = NULL;
 194    int outLen = 0;
 195    int flags = 0;
 196    byte data[] = "Test data to encode.";
 197
 198    const char* cert = "./certs/server-cert.pem";
 199    const char* key  = "./certs/server-key.pem";
 200    const char* ca   = "./certs/ca-cert.pem";
 201
 202    WOLFSSL_BIO* certBio = NULL;
 203    WOLFSSL_BIO* keyBio = NULL;
 204    WOLFSSL_BIO* caBio = NULL;
 205    WOLFSSL_BIO* inBio = NULL;
 206    X509* signCert = NULL;
 207    EVP_PKEY* signKey = NULL;
 208    X509* caCert = NULL;
 209    X509_STORE* store = NULL;
 210#ifndef NO_PKCS7_STREAM
 211    int z;
 212    int ret;
 213#endif /* !NO_PKCS7_STREAM */
 214
 215    /* read signer cert/key into BIO */
 216    ExpectNotNull(certBio = BIO_new_file(cert, "r"));
 217    ExpectNotNull(keyBio = BIO_new_file(key, "r"));
 218    ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL));
 219    ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL));
 220
 221    /* read CA cert into store (for verify) */
 222    ExpectNotNull(caBio = BIO_new_file(ca, "r"));
 223    ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
 224    ExpectNotNull(store = X509_STORE_new());
 225    ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1);
 226
 227    /* data to be signed into BIO */
 228    ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
 229    ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
 230
 231    /* PKCS7_sign, bad args: signer NULL */
 232    ExpectNull(p7 = PKCS7_sign(NULL, signKey, NULL, inBio, 0));
 233    /* PKCS7_sign, bad args: signer key NULL */
 234    ExpectNull(p7 = PKCS7_sign(signCert, NULL, NULL, inBio, 0));
 235    /* PKCS7_sign, bad args: in data NULL without PKCS7_STREAM */
 236    ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, NULL, 0));
 237    /* PKCS7_sign, bad args: PKCS7_NOCERTS flag not supported */
 238    ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_NOCERTS));
 239    /* PKCS7_sign, bad args: PKCS7_PARTIAL flag not supported */
 240    ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_PARTIAL));
 241
 242    /* TEST SUCCESS: Not detached, not streaming, not MIME */
 243    {
 244        flags = PKCS7_BINARY;
 245        ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
 246        ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
 247
 248        /* verify with d2i_PKCS7 */
 249        tmpPtr = out;
 250        ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
 251        ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
 252        PKCS7_free(p7Ver);
 253        p7Ver = NULL;
 254
 255        /* verify with wc_PKCS7_VerifySignedData */
 256        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
 257        ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
 258        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0);
 259
 260    #ifndef NO_PKCS7_STREAM
 261        /* verify with wc_PKCS7_VerifySignedData streaming */
 262        wc_PKCS7_Free(p7Ver);
 263        p7Ver = NULL;
 264        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
 265        ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0);
 266        /* test for streaming */
 267        ret = -1;
 268        for (z = 0; z < outLen && ret != 0; z++) {
 269            ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
 270            if (ret < 0){
 271                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 272            }
 273        }
 274        ExpectIntEQ(ret, 0);
 275    #endif /* !NO_PKCS7_STREAM */
 276
 277        /* compare the signer found to expected signer */
 278        ExpectIntNE(p7Ver->verifyCertSz, 0);
 279        tmpPtr = NULL;
 280        ExpectIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz);
 281        ExpectIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0);
 282        XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL);
 283        tmpPtr = NULL;
 284
 285        wc_PKCS7_Free(p7Ver);
 286        p7Ver = NULL;
 287
 288        ExpectNotNull(out);
 289        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 290        out = NULL;
 291        PKCS7_free(p7);
 292        p7 = NULL;
 293    }
 294
 295    /* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg
 296     * tests for PKCS7_final() while we have a PKCS7 pointer to use */
 297    {
 298        /* re-populate input BIO, may have been consumed */
 299        BIO_free(inBio);
 300        inBio = NULL;
 301        ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
 302        ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
 303
 304        flags = PKCS7_BINARY | PKCS7_STREAM;
 305        ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
 306        ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1);
 307        ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
 308
 309        /* PKCS7_final, bad args: PKCS7 null */
 310        ExpectIntEQ(PKCS7_final(NULL, inBio, 0), 0);
 311        /* PKCS7_final, bad args: PKCS7 null */
 312        ExpectIntEQ(PKCS7_final(p7, NULL, 0), 0);
 313
 314        tmpPtr = out;
 315        ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
 316        ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
 317        PKCS7_free(p7Ver);
 318        p7Ver = NULL;
 319
 320        ExpectNotNull(out);
 321        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 322        out = NULL;
 323        PKCS7_free(p7);
 324        p7 = NULL;
 325    }
 326
 327    /* TEST SUCCESS: Detached, not streaming, not MIME */
 328    {
 329        /* re-populate input BIO, may have been consumed */
 330        BIO_free(inBio);
 331        inBio = NULL;
 332        ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
 333        ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
 334
 335        flags = PKCS7_BINARY | PKCS7_DETACHED;
 336        ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
 337        ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
 338        ExpectNotNull(out);
 339
 340        /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
 341        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
 342        if (p7Ver != NULL) {
 343            p7Ver->content = data;
 344            p7Ver->contentSz = sizeof(data);
 345        }
 346        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0);
 347        wc_PKCS7_Free(p7Ver);
 348        p7Ver = NULL;
 349
 350    #ifndef NO_PKCS7_STREAM
 351        /* verify with wc_PKCS7_VerifySignedData streaming */
 352        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
 353        if (p7Ver != NULL) {
 354            p7Ver->content = data;
 355            p7Ver->contentSz = sizeof(data);
 356        }
 357        /* test for streaming */
 358        if (EXPECT_SUCCESS()) {
 359            ret = -1;
 360            for (z = 0; z < outLen && ret != 0; z++) {
 361                ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
 362                if (ret < 0){
 363                    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 364                }
 365            }
 366            ExpectIntEQ(ret, 0);
 367        }
 368        wc_PKCS7_Free(p7Ver);
 369        p7Ver = NULL;
 370    #endif /* !NO_PKCS7_STREAM */
 371
 372        /* verify expected failure (NULL return) from d2i_PKCS7, it does not
 373         * yet support detached content */
 374        tmpPtr = out;
 375        ExpectNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen));
 376        PKCS7_free(p7Ver);
 377        p7Ver = NULL;
 378
 379        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 380        out = NULL;
 381        PKCS7_free(p7);
 382        p7 = NULL;
 383    }
 384
 385    /* TEST SUCCESS: Detached, streaming, not MIME */
 386    {
 387        /* re-populate input BIO, may have been consumed */
 388        BIO_free(inBio);
 389        inBio = NULL;
 390        ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
 391        ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
 392
 393        flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM;
 394        ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
 395        ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1);
 396        ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0);
 397
 398        /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */
 399        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
 400        if (p7Ver != NULL) {
 401            p7Ver->content = data;
 402            p7Ver->contentSz = sizeof(data);
 403        }
 404        ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0);
 405        wc_PKCS7_Free(p7Ver);
 406        p7Ver = NULL;
 407
 408        ExpectNotNull(out);
 409
 410    #ifndef NO_PKCS7_STREAM
 411        /* verify with wc_PKCS7_VerifySignedData streaming */
 412        ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId));
 413        if (p7Ver != NULL) {
 414            p7Ver->content = data;
 415            p7Ver->contentSz = sizeof(data);
 416        }
 417        /* test for streaming */
 418        if (EXPECT_SUCCESS()) {
 419            ret = -1;
 420            for (z = 0; z < outLen && ret != 0; z++) {
 421                ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1);
 422                if (ret < 0){
 423                    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
 424                }
 425            }
 426            ExpectIntEQ(ret, 0);
 427        }
 428        wc_PKCS7_Free(p7Ver);
 429        p7Ver = NULL;
 430    #endif /* !NO_PKCS7_STREAM */
 431
 432        XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 433        PKCS7_free(p7);
 434        p7 = NULL;
 435    }
 436
 437    X509_STORE_free(store);
 438    X509_free(caCert);
 439    X509_free(signCert);
 440    EVP_PKEY_free(signKey);
 441    BIO_free(inBio);
 442    BIO_free(keyBio);
 443    BIO_free(certBio);
 444    BIO_free(caBio);
 445#endif
 446    return EXPECT_RESULT();
 447}
 448
 449/* Regression test for CMS SignedData signer-identity forgery.
 450 *
 451 * The embedded DER is a CMS SignedData message crafted so that the
 452 * certificates SET contains two certificates:
 453 *   cert[0] = certs/ca-cert.pem (trusted wolfSSL CA; attacker does NOT hold
 454 *             its private key)
 455 *   cert[1] = a self-signed "attacker" P-256 certificate (attacker holds
 456 *             the private key)
 457 * The signerInfo sid names the attacker certificate, and the signature
 458 * was produced with the attacker's key over "Hello World".
 459 *
 460 * The bug that was present: wolfSSL_PKCS7_verify() iterated all bundled
 461 * certificates trying each public key against the signature. When the
 462 * attacker's key verified, it still reported cert[0] (the trusted CA cert,
 463 * via singleCert) as the signer, and chain validation therefore succeeded
 464 * on an unrelated trusted cert - a full signer-identity forgery.
 465 *
 466 * The expected, correct behavior: the CMS message is rejected because the
 467 * signer certificate named by the sid (the attacker cert) does not chain
 468 * to any certificate in the trust store. */
 469int test_wolfSSL_PKCS7_verify_signer_forgery(void)
 470{
 471    EXPECT_DECLS;
 472#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \
 473    !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_ECC)
 474    static const byte forgedSignedData[] = {
 475        0x30, 0x82, 0x07, 0x9c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
 476        0x01, 0x07, 0x02, 0xa0, 0x82, 0x07, 0x8d, 0x30, 0x82, 0x07, 0x89, 0x02,
 477        0x01, 0x01, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
 478        0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48,
 479        0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x0e, 0x04, 0x0c, 0x48, 0x65,
 480        0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x0a, 0xa0, 0x82,
 481        0x06, 0xab, 0x30, 0x82, 0x04, 0xff, 0x30, 0x82, 0x03, 0xe7, 0xa0, 0x03,
 482        0x02, 0x01, 0x02, 0x02, 0x14, 0x3f, 0x29, 0x11, 0x20, 0x57, 0x71, 0xe7,
 483        0x8e, 0xf9, 0x18, 0x0d, 0xca, 0x70, 0x4d, 0x5b, 0x15, 0x2a, 0x43, 0xd6,
 484        0x24, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
 485        0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06,
 486        0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e,
 487        0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61,
 488        0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
 489        0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f,
 490        0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f,
 491        0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b,
 492        0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67,
 493        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77,
 494        0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
 495        0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
 496        0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
 497        0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30,
 498        0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, 0x32, 0x30, 0x34,
 499        0x31, 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, 0x30, 0x39,
 500        0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x5a, 0x30, 0x81, 0x94, 0x31, 0x0b,
 501        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
 502        0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f,
 503        0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
 504        0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31,
 505        0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61,
 506        0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
 507        0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74,
 508        0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
 509        0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
 510        0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
 511        0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
 512        0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
 513        0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
 514        0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
 515        0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf,
 516        0x0c, 0xca, 0x2d, 0x14, 0xb2, 0x1e, 0x84, 0x42, 0x5b, 0xcd, 0x38, 0x1f,
 517        0x4a, 0xf2, 0x4d, 0x75, 0x10, 0xf1, 0xb6, 0x35, 0x9f, 0xdf, 0xca, 0x7d,
 518        0x03, 0x98, 0xd3, 0xac, 0xde, 0x03, 0x66, 0xee, 0x2a, 0xf1, 0xd8, 0xb0,
 519        0x7d, 0x6e, 0x07, 0x54, 0x0b, 0x10, 0x98, 0x21, 0x4d, 0x80, 0xcb, 0x12,
 520        0x20, 0xe7, 0xcc, 0x4f, 0xde, 0x45, 0x7d, 0xc9, 0x72, 0x77, 0x32, 0xea,
 521        0xca, 0x90, 0xbb, 0x69, 0x52, 0x10, 0x03, 0x2f, 0xa8, 0xf3, 0x95, 0xc5,
 522        0xf1, 0x8b, 0x62, 0x56, 0x1b, 0xef, 0x67, 0x6f, 0xa4, 0x10, 0x41, 0x95,
 523        0xad, 0x0a, 0x9b, 0xe3, 0xa5, 0xc0, 0xb0, 0xd2, 0x70, 0x76, 0x50, 0x30,
 524        0x5b, 0xa8, 0xe8, 0x08, 0x2c, 0x7c, 0xed, 0xa7, 0xa2, 0x7a, 0x8d, 0x38,
 525        0x29, 0x1c, 0xac, 0xc7, 0xed, 0xf2, 0x7c, 0x95, 0xb0, 0x95, 0x82, 0x7d,
 526        0x49, 0x5c, 0x38, 0xcd, 0x77, 0x25, 0xef, 0xbd, 0x80, 0x75, 0x53, 0x94,
 527        0x3c, 0x3d, 0xca, 0x63, 0x5b, 0x9f, 0x15, 0xb5, 0xd3, 0x1d, 0x13, 0x2f,
 528        0x19, 0xd1, 0x3c, 0xdb, 0x76, 0x3a, 0xcc, 0xb8, 0x7d, 0xc9, 0xe5, 0xc2,
 529        0xd7, 0xda, 0x40, 0x6f, 0xd8, 0x21, 0xdc, 0x73, 0x1b, 0x42, 0x2d, 0x53,
 530        0x9c, 0xfe, 0x1a, 0xfc, 0x7d, 0xab, 0x7a, 0x36, 0x3f, 0x98, 0xde, 0x84,
 531        0x7c, 0x05, 0x67, 0xce, 0x6a, 0x14, 0x38, 0x87, 0xa9, 0xf1, 0x8c, 0xb5,
 532        0x68, 0xcb, 0x68, 0x7f, 0x71, 0x20, 0x2b, 0xf5, 0xa0, 0x63, 0xf5, 0x56,
 533        0x2f, 0xa3, 0x26, 0xd2, 0xb7, 0x6f, 0xb1, 0x5a, 0x17, 0xd7, 0x38, 0x99,
 534        0x08, 0xfe, 0x93, 0x58, 0x6f, 0xfe, 0xc3, 0x13, 0x49, 0x08, 0x16, 0x0b,
 535        0xa7, 0x4d, 0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4e, 0x98, 0xed, 0x51,
 536        0x45, 0x1d, 0xb9, 0x04, 0xd9, 0x0b, 0xec, 0xd8, 0x28, 0xb3, 0x4b, 0xbd,
 537        0xed, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x45,
 538        0x30, 0x82, 0x01, 0x41, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
 539        0x16, 0x04, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f,
 540        0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0x30,
 541        0x81, 0xd4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xcc, 0x30, 0x81,
 542        0xc9, 0x80, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f,
 543        0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0xa1,
 544        0x81, 0x9a, 0xa4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09,
 545        0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
 546        0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74,
 547        0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
 548        0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30,
 549        0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74,
 550        0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
 551        0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e,
 552        0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f,
 553        0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e,
 554        0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
 555        0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
 556        0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
 557        0x82, 0x14, 0x3f, 0x29, 0x11, 0x20, 0x57, 0x71, 0xe7, 0x8e, 0xf9, 0x18,
 558        0x0d, 0xca, 0x70, 0x4d, 0x5b, 0x15, 0x2a, 0x43, 0xd6, 0x24, 0x30, 0x0c,
 559        0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
 560        0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82,
 561        0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
 562        0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
 563        0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
 564        0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
 565        0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
 566        0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x0f, 0xae, 0x89,
 567        0xd5, 0x68, 0xe4, 0x41, 0xf8, 0x9b, 0xe0, 0xc5, 0x61, 0x06, 0x57, 0xff,
 568        0xa0, 0x92, 0x0f, 0xb2, 0xed, 0xd3, 0x99, 0x5b, 0x99, 0x5e, 0x32, 0x7e,
 569        0x97, 0xc7, 0xaf, 0x6c, 0xfe, 0x8c, 0xa6, 0xae, 0x32, 0xa1, 0x0d, 0xca,
 570        0xcd, 0xfc, 0x18, 0xe5, 0xd1, 0xf8, 0x20, 0x5b, 0x5a, 0x38, 0x81, 0x46,
 571        0x5b, 0x48, 0x87, 0xa5, 0x3f, 0x3b, 0x7b, 0xc7, 0xea, 0xf5, 0x35, 0x29,
 572        0x31, 0x15, 0x39, 0x38, 0x5d, 0x48, 0xe6, 0x01, 0x81, 0x5c, 0x5e, 0x7c,
 573        0x10, 0xf5, 0x16, 0xe3, 0x59, 0xaf, 0x44, 0xc8, 0xb5, 0x8d, 0xc1, 0x32,
 574        0x23, 0xb3, 0xb8, 0x12, 0x6e, 0x5c, 0x8d, 0xe6, 0xc2, 0xd2, 0x41, 0x03,
 575        0xeb, 0x17, 0x42, 0xe2, 0x7f, 0xbc, 0x00, 0x5d, 0xa5, 0x31, 0xef, 0xc6,
 576        0x48, 0xee, 0xdb, 0xcc, 0xe0, 0xf1, 0x56, 0xf5, 0xd4, 0xca, 0x45, 0xa1,
 577        0x59, 0xb5, 0xe4, 0xd7, 0x60, 0x9c, 0x57, 0xe0, 0xa7, 0x5a, 0xf2, 0x35,
 578        0x1e, 0xa0, 0x22, 0xdb, 0x5e, 0x1c, 0x0c, 0x61, 0xbd, 0xa1, 0xc5, 0x7b,
 579        0x9f, 0x69, 0xf2, 0xd5, 0x95, 0xe2, 0xbc, 0x52, 0xb9, 0x1d, 0x9c, 0x2c,
 580        0xda, 0xb6, 0x73, 0x75, 0x4a, 0x84, 0xe5, 0x94, 0xb8, 0x19, 0x4d, 0xdd,
 581        0x70, 0xbd, 0x7f, 0x4c, 0xb9, 0x17, 0x6a, 0x58, 0x16, 0x89, 0x22, 0x44,
 582        0x37, 0x57, 0x55, 0x26, 0x42, 0xe3, 0xb7, 0xe5, 0xc7, 0x2b, 0x40, 0x0c,
 583        0xe9, 0xe4, 0x7f, 0x52, 0x75, 0xdf, 0x06, 0xc9, 0xfb, 0x01, 0x44, 0x34,
 584        0xac, 0x20, 0x3c, 0xb4, 0xbe, 0x2b, 0x3e, 0xef, 0x85, 0x38, 0x96, 0x5b,
 585        0x9b, 0x1e, 0x25, 0x86, 0x18, 0x4c, 0xa4, 0x06, 0x70, 0x06, 0x6a, 0xc8,
 586        0x4b, 0x6f, 0x5f, 0xc4, 0x05, 0x1f, 0x03, 0x62, 0x30, 0x11, 0x61, 0xbc,
 587        0xc1, 0x40, 0x31, 0x66, 0xdc, 0x64, 0xf0, 0x4f, 0x6b, 0xb9, 0xec, 0xc8,
 588        0x29, 0x30, 0x82, 0x01, 0xa4, 0x30, 0x82, 0x01, 0x49, 0xa0, 0x03, 0x02,
 589        0x01, 0x02, 0x02, 0x14, 0x62, 0x4d, 0x11, 0x9c, 0xcf, 0x5d, 0xe5, 0x71,
 590        0xa2, 0x82, 0xd9, 0x8f, 0xe0, 0x04, 0xb8, 0x5f, 0x0e, 0x4d, 0x07, 0xad,
 591        0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
 592        0x30, 0x27, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
 593        0x08, 0x61, 0x74, 0x74, 0x61, 0x63, 0x6b, 0x65, 0x72, 0x31, 0x12, 0x30,
 594        0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x75, 0x6e, 0x74, 0x72,
 595        0x75, 0x73, 0x74, 0x65, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x36, 0x30,
 596        0x34, 0x32, 0x31, 0x31, 0x31, 0x31, 0x36, 0x32, 0x38, 0x5a, 0x17, 0x0d,
 597        0x33, 0x36, 0x30, 0x34, 0x31, 0x38, 0x31, 0x31, 0x31, 0x36, 0x32, 0x38,
 598        0x5a, 0x30, 0x27, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03,
 599        0x0c, 0x08, 0x61, 0x74, 0x74, 0x61, 0x63, 0x6b, 0x65, 0x72, 0x31, 0x12,
 600        0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x75, 0x6e, 0x74,
 601        0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
 602        0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
 603        0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xae, 0xdb, 0xf7,
 604        0x3b, 0x7e, 0x82, 0x88, 0xfc, 0x1a, 0xfb, 0x86, 0x56, 0x83, 0x03, 0xdd,
 605        0x05, 0x14, 0x79, 0x51, 0x0f, 0x3c, 0x86, 0x85, 0x2d, 0xeb, 0x18, 0x17,
 606        0x20, 0x3b, 0x37, 0x6f, 0x7f, 0x78, 0x19, 0x3b, 0xf6, 0x71, 0xad, 0xc9,
 607        0x65, 0x81, 0x7e, 0xe0, 0xa9, 0x29, 0xdd, 0xfd, 0xf0, 0xff, 0x04, 0x7d,
 608        0x5a, 0x59, 0xd6, 0x6c, 0xe2, 0xde, 0xc5, 0xd5, 0xb6, 0x1f, 0x69, 0xd9,
 609        0x33, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
 610        0x04, 0x16, 0x04, 0x14, 0xf7, 0xab, 0x3f, 0x49, 0xcf, 0x7d, 0x48, 0x9c,
 611        0x04, 0x49, 0x1a, 0xac, 0x8f, 0x26, 0x16, 0x09, 0xa8, 0x2a, 0x74, 0xf5,
 612        0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
 613        0x14, 0xf7, 0xab, 0x3f, 0x49, 0xcf, 0x7d, 0x48, 0x9c, 0x04, 0x49, 0x1a,
 614        0xac, 0x8f, 0x26, 0x16, 0x09, 0xa8, 0x2a, 0x74, 0xf5, 0x30, 0x0f, 0x06,
 615        0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
 616        0x01, 0xff, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04,
 617        0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0x8d, 0xbf,
 618        0x36, 0xe5, 0x51, 0x9a, 0xde, 0xf4, 0x7f, 0xbf, 0xbd, 0x7f, 0x71, 0x66,
 619        0xc1, 0x67, 0xfa, 0x71, 0x0d, 0x79, 0xc6, 0x60, 0x3a, 0x6c, 0xeb, 0x43,
 620        0xc3, 0xf2, 0x5e, 0xe8, 0x74, 0xb6, 0x02, 0x21, 0x00, 0xfa, 0xdb, 0x40,
 621        0x47, 0x72, 0xf0, 0x15, 0x52, 0xc1, 0x78, 0x11, 0x6b, 0x76, 0xc5, 0x1f,
 622        0xcf, 0xb6, 0x09, 0x6d, 0x8f, 0xcb, 0x92, 0x2f, 0x1b, 0x3c, 0xc3, 0x28,
 623        0x48, 0x61, 0x0f, 0x60, 0x71, 0x31, 0x81, 0xa8, 0x30, 0x81, 0xa5, 0x02,
 624        0x01, 0x01, 0x30, 0x3f, 0x30, 0x27, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03,
 625        0x55, 0x04, 0x03, 0x0c, 0x08, 0x61, 0x74, 0x74, 0x61, 0x63, 0x6b, 0x65,
 626        0x72, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09,
 627        0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x02, 0x14, 0x62,
 628        0x4d, 0x11, 0x9c, 0xcf, 0x5d, 0xe5, 0x71, 0xa2, 0x82, 0xd9, 0x8f, 0xe0,
 629        0x04, 0xb8, 0x5f, 0x0e, 0x4d, 0x07, 0xad, 0x30, 0x0b, 0x06, 0x09, 0x60,
 630        0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x0a, 0x06, 0x08,
 631        0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x04, 0x46, 0x30, 0x44,
 632        0x02, 0x20, 0x22, 0x4a, 0x99, 0xb1, 0xbc, 0xa9, 0xee, 0x24, 0x60, 0x81,
 633        0xb9, 0x64, 0xba, 0x86, 0x00, 0xae, 0xb5, 0xd7, 0xb8, 0x72, 0xb9, 0x8c,
 634        0xb3, 0xe7, 0x78, 0x29, 0xdb, 0xa8, 0x27, 0xf7, 0x30, 0xf0, 0x02, 0x20,
 635        0x19, 0x2d, 0xd3, 0x17, 0x9a, 0xc1, 0xf9, 0xd2, 0x63, 0x92, 0x8e, 0x78,
 636        0xcc, 0xa4, 0x0b, 0x91, 0x12, 0xa5, 0xb2, 0xbc, 0x35, 0x87, 0x8e, 0x33,
 637        0xa7, 0xe0, 0x5e, 0xab, 0x95, 0xb2, 0x2a, 0xf4
 638    };
 639    PKCS7* p7 = NULL;
 640    X509_STORE* store = NULL;
 641    X509* caCert = NULL;
 642    WOLFSSL_BIO* caBio = NULL;
 643    const byte* p = forgedSignedData;
 644    const char* ca = "./certs/ca-cert.pem";
 645
 646    /* Load the same CA into the trust store that the attacker bundled at
 647     * cert[0] in the forged message. */
 648    ExpectNotNull(caBio = BIO_new_file(ca, "r"));
 649    ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
 650    ExpectNotNull(store = X509_STORE_new());
 651    ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1);
 652
 653    /* Parse the forged message. d2i_PKCS7 internally runs
 654     * wc_PKCS7_VerifySignedData, which must NOT accept the attacker's
 655     * signature under any bundled cert other than the one named by the
 656     * signerInfo sid. Since the sid names the attacker cert (which does
 657     * not chain to the trusted CA), the parse may succeed but verification
 658     * against the trust store must fail. */
 659    ExpectNotNull(p7 = d2i_PKCS7(NULL, &p, (int)sizeof(forgedSignedData)));
 660
 661    /* PKCS7_verify() MUST fail: the only certificate in the trust store
 662     * is the wolfSSL CA - it is bundled at cert[0] but did NOT sign this
 663     * message. The actual signer (the attacker's self-signed cert at
 664     * cert[1]) cannot chain to any trust anchor. */
 665    ExpectIntEQ(PKCS7_verify(p7, NULL, store, NULL, NULL, 0),
 666                WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
 667
 668    PKCS7_free(p7);
 669    X509_STORE_free(store);
 670    X509_free(caCert);
 671    BIO_free(caBio);
 672#endif
 673    return EXPECT_RESULT();
 674}
 675
 676/* Exercise the SignerInfo-sid binding enforcement end-to-end.
 677 *
 678 * For both supported sid encodings (v1 = IssuerAndSerialNumber, v3 =
 679 * SubjectKeyIdentifier), this builds a valid CMS SignedData message with
 680 * two certificates in the bundle:
 681 *   cert[0] = ca-cert (extra, non-signing)
 682 *   cert[1] = server-cert (actual signer)
 683 * and checks that:
 684 *   - parsing + signature verification succeeds,
 685 *   - chain validation against a trust store containing ca-cert succeeds,
 686 *   - PKCS7_get0_signers() returns the *signer* (server-cert), not the
 687 *     extra cert at cert[0] - which would be the pre-fix behavior and the
 688 *     core of the signer-identity forgery bug. */
 689int test_wolfSSL_PKCS7_verify_sid_binding(void)
 690{
 691    EXPECT_DECLS;
 692#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \
 693    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 694    const char* signerCertFile = "./certs/server-cert.pem";
 695    const char* signerKeyFile  = "./certs/server-key.pem";
 696    const char* caFile         = "./certs/ca-cert.pem";
 697    const byte  content[] = "sid-binding test content";
 698    /* Build both variants: default v1 (IssuerAndSerialNumber) and v3
 699     * (SubjectKeyIdentifier). */
 700    const int   sidTypes[2] = { CMS_ISSUER_AND_SERIAL_NUMBER, CMS_SKID };
 701    int         variant;
 702
 703    BIO* signerCertBio = NULL;
 704    BIO* caBio = NULL;
 705    X509* signerCertX509 = NULL;
 706    X509* caX509 = NULL;
 707    byte* signerCertDer = NULL;
 708    byte* caDer = NULL;
 709    byte* signerKey = NULL;
 710    int   signerCertDerSz = 0;
 711    int   caDerSz = 0;
 712    size_t signerKeySz = 0;
 713    XFILE keyFile = XBADFILE;
 714    WC_RNG rng;
 715    int rngInited = 0;
 716
 717    /* ---- Load signer cert + key and the CA cert. ---- */
 718    ExpectNotNull(signerCertBio = BIO_new_file(signerCertFile, "r"));
 719    ExpectNotNull(signerCertX509 = PEM_read_bio_X509(signerCertBio, NULL, 0,
 720                                                    NULL));
 721    ExpectIntGT(signerCertDerSz = i2d_X509(signerCertX509, &signerCertDer), 0);
 722
 723    ExpectNotNull(caBio = BIO_new_file(caFile, "r"));
 724    ExpectNotNull(caX509 = PEM_read_bio_X509(caBio, NULL, 0, NULL));
 725    ExpectIntGT(caDerSz = i2d_X509(caX509, &caDer), 0);
 726
 727    /* Slurp the DER private key straight from a PEM->DER round-trip via
 728     * wc_KeyPemToDer. The test only needs the bytes in a form
 729     * wc_PKCS7_EncodeSignedData can consume. */
 730    {
 731        long   filePemLen = 0;
 732        byte*  keyPem = NULL;
 733        int    derLen = 0;
 734
 735        ExpectTrue((keyFile = XFOPEN(signerKeyFile, "rb")) != XBADFILE);
 736        if (keyFile != XBADFILE) {
 737            (void)XFSEEK(keyFile, 0, XSEEK_END);
 738            filePemLen = XFTELL(keyFile);
 739            (void)XFSEEK(keyFile, 0, XSEEK_SET);
 740            ExpectIntGT(filePemLen, 0);
 741            keyPem = (byte*)XMALLOC((size_t)filePemLen, NULL,
 742                                    DYNAMIC_TYPE_TMP_BUFFER);
 743            ExpectNotNull(keyPem);
 744            if (keyPem != NULL) {
 745                ExpectIntEQ(XFREAD(keyPem, 1, (size_t)filePemLen, keyFile),
 746                            (size_t)filePemLen);
 747                /* First call sizes the output buffer. */
 748                derLen = wc_KeyPemToDer(keyPem, (word32)filePemLen, NULL, 0,
 749                                        NULL);
 750                ExpectIntGT(derLen, 0);
 751                if (derLen > 0) {
 752                    signerKey = (byte*)XMALLOC((size_t)derLen, NULL,
 753                                               DYNAMIC_TYPE_TMP_BUFFER);
 754                    ExpectNotNull(signerKey);
 755                    if (signerKey != NULL) {
 756                        derLen = wc_KeyPemToDer(keyPem, (word32)filePemLen,
 757                                                signerKey, (word32)derLen,
 758                                                NULL);
 759                        ExpectIntGT(derLen, 0);
 760                        signerKeySz = (size_t)derLen;
 761                    }
 762                }
 763            }
 764            XFREE(keyPem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 765            XFCLOSE(keyFile);
 766            keyFile = XBADFILE;
 767        }
 768    }
 769
 770    ExpectIntEQ(wc_InitRng(&rng), 0);
 771    if (EXPECT_SUCCESS())
 772        rngInited = 1;
 773
 774    for (variant = 0; variant < 2; variant++) {
 775        wc_PKCS7* p7Enc = NULL;
 776        byte      encoded[4096];
 777        int       encodedSz = 0;
 778        PKCS7*    p7Ver = NULL;
 779        X509_STORE* store = NULL;
 780        const byte* encodedPtr = NULL;
 781        STACK_OF(X509)* signers = NULL;
 782        X509* reportedSigner = NULL;
 783        byte* reportedSignerDer = NULL;
 784        int   reportedSignerDerSz = 0;
 785        X509* caForStore = NULL;
 786        BIO*  caForStoreBio = NULL;
 787
 788        /* ---- Encode: signer=server-cert, extra bundle cert=ca. ---- */
 789        ExpectNotNull(p7Enc = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID));
 790        ExpectIntEQ(wc_PKCS7_Init(p7Enc, HEAP_HINT, INVALID_DEVID), 0);
 791        ExpectIntEQ(wc_PKCS7_InitWithCert(p7Enc, signerCertDer,
 792                                          (word32)signerCertDerSz), 0);
 793        /* wc_PKCS7_AddCertificate prepends to the cert list - the encoded
 794         * SET therefore ends up [ca, signer], putting the actual signer
 795         * at index 1 and exercising the sid-selection path (cert[0] is
 796         * NOT the signer and must be skipped). */
 797        ExpectIntEQ(wc_PKCS7_AddCertificate(p7Enc, caDer, (word32)caDerSz), 0);
 798
 799        if (p7Enc != NULL) {
 800            p7Enc->content      = (byte*)content;
 801            p7Enc->contentSz    = (word32)sizeof(content);
 802            p7Enc->encryptOID   = RSAk;
 803            p7Enc->hashOID      = SHA256h;
 804            p7Enc->privateKey   = signerKey;
 805            p7Enc->privateKeySz = (word32)signerKeySz;
 806            p7Enc->rng          = &rng;
 807        }
 808
 809        ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(p7Enc, sidTypes[variant]),
 810                    0);
 811
 812        ExpectIntGT((encodedSz = wc_PKCS7_EncodeSignedData(p7Enc, encoded,
 813                                                           sizeof(encoded))),
 814                    0);
 815        wc_PKCS7_Free(p7Enc);
 816        p7Enc = NULL;
 817
 818        /* ---- Parse + verify through the OpenSSL compat layer. ---- */
 819        encodedPtr = encoded;
 820        ExpectNotNull(p7Ver = d2i_PKCS7(NULL, &encodedPtr, encodedSz));
 821
 822        /* Trust store holds only ca-cert. Reload it rather than reusing
 823         * caX509, since X509_STORE_free takes ownership-like semantics. */
 824        ExpectNotNull(caForStoreBio = BIO_new_file(caFile, "r"));
 825        ExpectNotNull(caForStore = PEM_read_bio_X509(caForStoreBio, NULL, 0,
 826                                                    NULL));
 827        ExpectNotNull(store = X509_STORE_new());
 828        ExpectIntEQ(X509_STORE_add_cert(store, caForStore), 1);
 829
 830        ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, 0), 1);
 831
 832        /* Snapshot the singleCert / verifyCert pointers and sizes after
 833         * PKCS7_verify has finished re-parsing the message. A buggy
 834         * implementation that passes &p7->pkcs7.singleCert (or verifyCert)
 835         * directly to wolfSSL_d2i_X509 permanently advances the struct
 836         * field, which corrupts it for any subsequent use - producing a
 837         * heap-OOB read on the next call since the size isn't advanced.
 838         * These pointers must stay exactly where they are across repeated
 839         * get0_signers calls. */
 840        if (p7Ver != NULL) {
 841            wc_PKCS7* wcP7 = &((WOLFSSL_PKCS7*)p7Ver)->pkcs7;
 842            byte*  singleBefore    = wcP7->singleCert;
 843            word32 singleSzBefore  = wcP7->singleCertSz;
 844            byte*  verifyBefore    = wcP7->verifyCert;
 845            word32 verifySzBefore  = wcP7->verifyCertSz;
 846            int    i;
 847
 848            /* Call get0_signers repeatedly. Each invocation must return
 849             * the correct cert and must not mutate singleCert/verifyCert.
 850             * Three iterations so the "second call reads past the end"
 851             * pattern (the exact OOB the reporter hit) is exercised. */
 852            for (i = 0; i < 3; i++) {
 853                ExpectNotNull(signers = PKCS7_get0_signers(p7Ver, NULL, 0));
 854                ExpectIntEQ(sk_X509_num(signers), 1);
 855                ExpectNotNull(reportedSigner = sk_X509_value(signers, 0));
 856                ExpectIntGT(reportedSignerDerSz = i2d_X509(reportedSigner,
 857                                                      &reportedSignerDer), 0);
 858                /* DER-compare: reportedSigner must equal server-cert and
 859                 * must NOT equal ca-cert (the pre-fix signer-confusion
 860                 * outcome). */
 861                ExpectIntEQ(reportedSignerDerSz, signerCertDerSz);
 862                if (reportedSignerDer != NULL && signerCertDer != NULL) {
 863                    ExpectIntEQ(XMEMCMP(reportedSignerDer, signerCertDer,
 864                                        (size_t)signerCertDerSz), 0);
 865                    if (reportedSignerDerSz == caDerSz) {
 866                        ExpectIntNE(XMEMCMP(reportedSignerDer, caDer,
 867                                            (size_t)caDerSz), 0);
 868                    }
 869                }
 870                XFREE(reportedSignerDer, NULL, DYNAMIC_TYPE_OPENSSL);
 871                reportedSignerDer = NULL;
 872                sk_X509_pop_free(signers, NULL);
 873                signers = NULL;
 874
 875                /* Struct fields must survive every call unchanged. */
 876                ExpectPtrEq(wcP7->singleCert,   singleBefore);
 877                ExpectIntEQ(wcP7->singleCertSz, singleSzBefore);
 878                ExpectPtrEq(wcP7->verifyCert,   verifyBefore);
 879                ExpectIntEQ(wcP7->verifyCertSz, verifySzBefore);
 880            }
 881        }
 882
 883        PKCS7_free(p7Ver);
 884        X509_STORE_free(store);
 885        X509_free(caForStore);
 886        BIO_free(caForStoreBio);
 887    }
 888
 889    if (rngInited)
 890        wc_FreeRng(&rng);
 891
 892    XFREE(signerKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 893    XFREE(signerCertDer, NULL, DYNAMIC_TYPE_OPENSSL);
 894    XFREE(caDer, NULL, DYNAMIC_TYPE_OPENSSL);
 895    X509_free(signerCertX509);
 896    X509_free(caX509);
 897    BIO_free(signerCertBio);
 898    BIO_free(caBio);
 899#endif
 900    return EXPECT_RESULT();
 901}
 902
 903int test_wolfSSL_PKCS7_SIGNED_new(void)
 904{
 905    EXPECT_DECLS;
 906#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
 907    PKCS7_SIGNED* pkcs7 = NULL;
 908
 909    ExpectNotNull(pkcs7 = PKCS7_SIGNED_new());
 910    ExpectIntEQ(pkcs7->contentOID, SIGNED_DATA);
 911
 912    PKCS7_SIGNED_free(pkcs7);
 913#endif
 914    return EXPECT_RESULT();
 915}
 916
 917int test_wolfSSL_PEM_write_bio_PKCS7(void)
 918{
 919    EXPECT_DECLS;
 920#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
 921    !defined(NO_BIO)
 922    PKCS7* pkcs7 = NULL;
 923    BIO* bio = NULL;
 924    const byte* cert_buf = NULL;
 925    int ret = 0;
 926    WC_RNG rng;
 927    const byte data[] = { /* Hello World */
 928        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
 929        0x72,0x6c,0x64
 930    };
 931#ifndef NO_RSA
 932    #if defined(USE_CERT_BUFFERS_2048)
 933        byte        key[sizeof(client_key_der_2048)];
 934        byte        cert[sizeof(client_cert_der_2048)];
 935        word32      keySz = (word32)sizeof(key);
 936        word32      certSz = (word32)sizeof(cert);
 937        XMEMSET(key, 0, keySz);
 938        XMEMSET(cert, 0, certSz);
 939        XMEMCPY(key, client_key_der_2048, keySz);
 940        XMEMCPY(cert, client_cert_der_2048, certSz);
 941    #elif defined(USE_CERT_BUFFERS_1024)
 942        byte        key[sizeof_client_key_der_1024];
 943        byte        cert[sizeof(sizeof_client_cert_der_1024)];
 944        word32      keySz = (word32)sizeof(key);
 945        word32      certSz = (word32)sizeof(cert);
 946        XMEMSET(key, 0, keySz);
 947        XMEMSET(cert, 0, certSz);
 948        XMEMCPY(key, client_key_der_1024, keySz);
 949        XMEMCPY(cert, client_cert_der_1024, certSz);
 950    #else
 951        unsigned char   cert[ONEK_BUF];
 952        unsigned char   key[ONEK_BUF];
 953        XFILE           fp = XBADFILE;
 954        int             certSz;
 955        int             keySz;
 956
 957        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
 958            XBADFILE);
 959        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
 960            fp), 0);
 961        if (fp != XBADFILE) {
 962            XFCLOSE(fp);
 963            fp = XBADFILE;
 964        }
 965
 966        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
 967            XBADFILE);
 968        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
 969            0);
 970        if (fp != XBADFILE) {
 971            XFCLOSE(fp);
 972            fp = XBADFILE;
 973        }
 974    #endif
 975#elif defined(HAVE_ECC)
 976    #if defined(USE_CERT_BUFFERS_256)
 977        unsigned char    cert[sizeof(cliecc_cert_der_256)];
 978        unsigned char    key[sizeof(ecc_clikey_der_256)];
 979        int              certSz = (int)sizeof(cert);
 980        int              keySz = (int)sizeof(key);
 981        XMEMSET(cert, 0, certSz);
 982        XMEMSET(key, 0, keySz);
 983        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
 984        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
 985    #else
 986        unsigned char   cert[ONEK_BUF];
 987        unsigned char   key[ONEK_BUF];
 988        XFILE           fp = XBADFILE;
 989        int             certSz, keySz;
 990
 991        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
 992            XBADFILE);
 993        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
 994            fp), 0);
 995        if (fp != XBADFILE) {
 996            XFCLOSE(fp);
 997            fp = XBADFILE;
 998        }
 999
1000        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
1001            XBADFILE);
1002        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
1003            0);
1004        if (fp != XBADFILE) {
1005            XFCLOSE(fp);
1006            fp = XBADFILE;
1007        }
1008    #endif
1009#else
1010    #error PKCS7 requires ECC or RSA
1011#endif
1012
1013    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
1014    /* initialize with DER encoded cert */
1015    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
1016
1017    /* init rng */
1018    XMEMSET(&rng, 0, sizeof(WC_RNG));
1019    ExpectIntEQ(wc_InitRng(&rng), 0);
1020
1021    if (pkcs7 != NULL) {
1022        pkcs7->rng = &rng;
1023        pkcs7->content   = (byte*)data; /* not used for ex */
1024        pkcs7->contentSz = (word32)sizeof(data);
1025        pkcs7->contentOID = SIGNED_DATA;
1026        pkcs7->privateKey = key;
1027        pkcs7->privateKeySz = (word32)sizeof(key);
1028        pkcs7->encryptOID = RSAk;
1029    #ifdef NO_SHA
1030        pkcs7->hashOID = SHA256h;
1031    #else
1032        pkcs7->hashOID = SHAh;
1033    #endif
1034        pkcs7->signedAttribs   = NULL;
1035        pkcs7->signedAttribsSz = 0;
1036    }
1037
1038    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
1039    /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
1040    ExpectIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
1041
1042    /* Read PKCS#7 PEM from BIO */
1043    ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
1044    ExpectIntGE(ret, 0);
1045
1046    BIO_free(bio);
1047    wc_PKCS7_Free(pkcs7);
1048    wc_FreeRng(&rng);
1049#endif
1050    return EXPECT_RESULT();
1051}
1052
1053int test_wolfSSL_PEM_write_bio_encryptedKey(void)
1054{
1055    EXPECT_DECLS;
1056#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
1057    defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
1058    defined(WOLFSSL_ENCRYPTED_KEYS) && \
1059    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
1060    !defined(NO_FILESYSTEM) && !defined(NO_BIO) && !defined(NO_CERTS) && \
1061    !defined(NO_DES3)
1062    RSA* rsaKey = NULL;
1063    RSA* retKey = NULL;
1064    const EVP_CIPHER *cipher = NULL;
1065    BIO* bio = NULL;
1066    BIO* retbio = NULL;
1067    byte* out;
1068    const char* password = "wolfssl";
1069    word32 passwordSz =(word32)XSTRLEN((char*)password);
1070    int membufSz = 0;
1071
1072#if defined(USE_CERT_BUFFERS_2048)
1073    const byte* key = client_key_der_2048;
1074    word32      keySz = sizeof_client_key_der_2048;
1075#elif defined(USE_CERT_BUFFERS_1024)
1076    const byte* key = client_key_der_1024;
1077    word32      keySz = sizeof_client_key_der_1024;
1078#endif
1079    /* Import Rsa Key */
1080    ExpectNotNull(rsaKey = wolfSSL_RSA_new());
1081    ExpectIntEQ(wolfSSL_RSA_LoadDer_ex(rsaKey, key, keySz,
1082                                        WOLFSSL_RSA_LOAD_PRIVATE), 1);
1083
1084    ExpectNotNull(cipher = EVP_des_ede3_cbc());
1085    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
1086    ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsaKey, cipher,
1087                                (byte*)password, passwordSz, NULL, NULL), 1);
1088    ExpectIntGT((membufSz = BIO_get_mem_data(bio, &out)), 0);
1089    ExpectNotNull(retbio = BIO_new_mem_buf(out, membufSz));
1090    ExpectNotNull((retKey = PEM_read_bio_RSAPrivateKey(retbio, NULL,
1091                                NULL, (void*)password)));
1092    if (bio != NULL) {
1093        BIO_free(bio);
1094    }
1095    if (retbio != NULL) {
1096        BIO_free(retbio);
1097    }
1098    if (retKey != NULL) {
1099        RSA_free(retKey);
1100    }
1101    if (rsaKey != NULL) {
1102        RSA_free(rsaKey);
1103    }
1104#endif
1105    return EXPECT_RESULT();
1106}
1107
1108/* // NOLINTBEGIN(clang-analyzer-unix.Stream) */
1109int test_wolfSSL_SMIME_read_PKCS7(void)
1110{
1111    EXPECT_DECLS;
1112#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
1113    !defined(NO_RSA) && !defined(NO_BIO) && defined(HAVE_SMIME)
1114    PKCS7* pkcs7 = NULL;
1115    BIO* bio = NULL;
1116    BIO* bcont = NULL;
1117    BIO* out = NULL;
1118    const byte* outBuf = NULL;
1119    int outBufLen = 0;
1120    static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n";
1121    XFILE smimeTestFile = XBADFILE;
1122
1123    ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "rb")) !=
1124        XBADFILE);
1125
1126    /* smime-test.p7s */
1127    bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
1128    ExpectNotNull(bio);
1129    ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
1130    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
1131    ExpectNotNull(pkcs7);
1132    ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
1133        PKCS7_NOVERIFY), SSL_SUCCESS);
1134    if (smimeTestFile != XBADFILE) {
1135        XFCLOSE(smimeTestFile);
1136        smimeTestFile = XBADFILE;
1137    }
1138    if (bcont) BIO_free(bcont);
1139    bcont = NULL;
1140    wolfSSL_PKCS7_free(pkcs7);
1141    pkcs7 = NULL;
1142
1143    /* smime-test-multipart.p7s */
1144    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "rb");
1145    ExpectFalse(smimeTestFile == XBADFILE);
1146    ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
1147    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
1148    ExpectNotNull(pkcs7);
1149    ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
1150        PKCS7_NOVERIFY), SSL_SUCCESS);
1151    if (smimeTestFile != XBADFILE) {
1152        XFCLOSE(smimeTestFile);
1153        smimeTestFile = XBADFILE;
1154    }
1155    if (bcont) BIO_free(bcont);
1156    bcont = NULL;
1157    wolfSSL_PKCS7_free(pkcs7);
1158    pkcs7 = NULL;
1159
1160    /* smime-test-multipart-badsig.p7s */
1161    smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s",
1162        "rb");
1163    ExpectFalse(smimeTestFile == XBADFILE);
1164    ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
1165    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
1166    ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */
1167    ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
1168        PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
1169    if (smimeTestFile != XBADFILE) {
1170        XFCLOSE(smimeTestFile);
1171        smimeTestFile = XBADFILE;
1172    }
1173    if (bcont) BIO_free(bcont);
1174    bcont = NULL;
1175    wolfSSL_PKCS7_free(pkcs7);
1176    pkcs7 = NULL;
1177
1178    /* smime-test-canon.p7s */
1179    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb");
1180    ExpectFalse(smimeTestFile == XBADFILE);
1181    ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
1182    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
1183    ExpectNotNull(pkcs7);
1184    ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL,
1185        PKCS7_NOVERIFY), SSL_SUCCESS);
1186    if (smimeTestFile != XBADFILE) {
1187        XFCLOSE(smimeTestFile);
1188        smimeTestFile = XBADFILE;
1189    }
1190    if (bcont) BIO_free(bcont);
1191   bcont = NULL;
1192    wolfSSL_PKCS7_free(pkcs7);
1193    pkcs7 = NULL;
1194
1195    /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */
1196    smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb");
1197    ExpectFalse(smimeTestFile == XBADFILE);
1198    ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
1199    pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
1200    ExpectNotNull(pkcs7);
1201    out = wolfSSL_BIO_new(BIO_s_mem());
1202    ExpectNotNull(out);
1203    ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out,
1204        PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS);
1205    ExpectIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0);
1206    /* Content-Type should not show up at beginning of output buffer */
1207    ExpectIntGT(outBufLen, XSTRLEN(contTypeText));
1208    ExpectIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0);
1209
1210    BIO_free(out);
1211    BIO_free(bio);
1212    if (bcont) BIO_free(bcont);
1213    wolfSSL_PKCS7_free(pkcs7);
1214#endif
1215    return EXPECT_RESULT();
1216}
1217/* // NOLINTEND(clang-analyzer-unix.Stream) */
1218
1219int test_wolfSSL_SMIME_write_PKCS7(void)
1220{
1221    EXPECT_DECLS;
1222#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_RSA) && \
1223    !defined(NO_BIO) && defined(HAVE_SMIME)
1224    PKCS7* p7 = NULL;
1225    PKCS7* p7Ver = NULL;
1226    int flags = 0;
1227    byte data[] = "Test data to encode.";
1228
1229    const char* cert = "./certs/server-cert.pem";
1230    const char* key  = "./certs/server-key.pem";
1231    const char* ca   = "./certs/ca-cert.pem";
1232
1233    WOLFSSL_BIO* certBio = NULL;
1234    WOLFSSL_BIO* keyBio  = NULL;
1235    WOLFSSL_BIO* caBio   = NULL;
1236    WOLFSSL_BIO* inBio   = NULL;
1237    WOLFSSL_BIO* outBio  = NULL;
1238    WOLFSSL_BIO* content = NULL;
1239    X509* signCert = NULL;
1240    EVP_PKEY* signKey = NULL;
1241    X509* caCert = NULL;
1242    X509_STORE* store = NULL;
1243
1244    /* read signer cert/key into BIO */
1245    ExpectNotNull(certBio = BIO_new_file(cert, "r"));
1246    ExpectNotNull(keyBio = BIO_new_file(key, "r"));
1247    ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL));
1248    ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL));
1249
1250    /* read CA cert into store (for verify) */
1251    ExpectNotNull(caBio = BIO_new_file(ca, "r"));
1252    ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL));
1253    ExpectNotNull(store = X509_STORE_new());
1254    ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1);
1255
1256
1257    /* generate and verify SMIME: not detached */
1258    {
1259        ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
1260        ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
1261
1262        flags = PKCS7_STREAM;
1263        ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
1264        ExpectNotNull(outBio = BIO_new(BIO_s_mem()));
1265        ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
1266
1267        /* bad arg: out NULL */
1268        ExpectIntEQ(SMIME_write_PKCS7(NULL, p7, inBio, flags), 0);
1269        /* bad arg: pkcs7 NULL */
1270        ExpectIntEQ(SMIME_write_PKCS7(outBio, NULL, inBio, flags), 0);
1271
1272        ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
1273        ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
1274
1275        BIO_free(content);
1276        content = NULL;
1277        BIO_free(inBio);
1278        inBio = NULL;
1279        BIO_free(outBio);
1280        outBio = NULL;
1281        PKCS7_free(p7Ver);
1282        p7Ver = NULL;
1283        PKCS7_free(p7);
1284        p7 = NULL;
1285    }
1286
1287    /* generate and verify SMIME: not detached, add Content-Type */
1288    {
1289        ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
1290        ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
1291
1292        flags = PKCS7_STREAM | PKCS7_TEXT;
1293        ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
1294        ExpectNotNull(outBio = BIO_new(BIO_s_mem()));
1295        ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
1296
1297        ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
1298        ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1);
1299
1300        BIO_free(content);
1301        content = NULL;
1302        BIO_free(inBio);
1303        inBio = NULL;
1304        BIO_free(outBio);
1305        outBio = NULL;
1306        PKCS7_free(p7Ver);
1307        p7Ver = NULL;
1308        PKCS7_free(p7);
1309        p7 = NULL;
1310    }
1311
1312    /* generate and verify SMIME: detached */
1313    {
1314        ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
1315        ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
1316
1317        flags = PKCS7_DETACHED | PKCS7_STREAM;
1318        ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
1319        ExpectNotNull(outBio = BIO_new(BIO_s_mem()));
1320        ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
1321
1322        ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
1323        ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1);
1324
1325        BIO_free(content);
1326        content = NULL;
1327        BIO_free(inBio);
1328        inBio = NULL;
1329        BIO_free(outBio);
1330        outBio = NULL;
1331        PKCS7_free(p7Ver);
1332        p7Ver = NULL;
1333        PKCS7_free(p7);
1334        p7 = NULL;
1335    }
1336
1337    /* generate and verify SMIME: PKCS7_TEXT to add Content-Type header */
1338    {
1339        ExpectNotNull(inBio = BIO_new(BIO_s_mem()));
1340        ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0);
1341
1342        flags = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_TEXT;
1343        ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags));
1344        ExpectNotNull(outBio = BIO_new(BIO_s_mem()));
1345        ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1);
1346
1347        ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content));
1348        ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1);
1349
1350        BIO_free(content);
1351        content = NULL;
1352        BIO_free(inBio);
1353        inBio = NULL;
1354        BIO_free(outBio);
1355        outBio = NULL;
1356        PKCS7_free(p7Ver);
1357        p7Ver = NULL;
1358        PKCS7_free(p7);
1359        p7 = NULL;
1360    }
1361
1362    X509_STORE_free(store);
1363    X509_free(caCert);
1364    X509_free(signCert);
1365    EVP_PKEY_free(signKey);
1366    BIO_free(keyBio);
1367    BIO_free(certBio);
1368    BIO_free(caBio);
1369#endif
1370    return EXPECT_RESULT();
1371}
1372
1373/* Testing functions dealing with PKCS12 parsing out X509 certs */
1374int test_wolfSSL_PKCS12(void)
1375{
1376    EXPECT_DECLS;
1377    /* .p12 file is encrypted with DES3 */
1378#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
1379                   * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
1380                   * Password Key
1381                   */
1382#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
1383    !defined(NO_STDIO_FILESYSTEM) && !defined(NO_TLS) && \
1384    !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
1385    !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO) && \
1386    defined(WOLFSSL_AES_256)
1387    byte buf[6000];
1388    char file[] = "./certs/test-servercert.p12";
1389    char order[] = "./certs/ecc-rsa-server.p12";
1390#ifdef WC_RC2
1391    char rc2p12[] = "./certs/test-servercert-rc2.p12";
1392#endif
1393    char pass[] = "a password";
1394    const char goodPsw[] = "wolfSSL test";
1395    const char badPsw[] = "bad";
1396#ifdef HAVE_ECC
1397    WOLFSSL_X509_NAME *subject = NULL;
1398    WOLFSSL_X509      *x509 = NULL;
1399#endif
1400    XFILE f = XBADFILE;
1401    int  bytes = 0, ret = 0, goodPswLen = 0, badPswLen = 0;
1402    WOLFSSL_BIO      *bio = NULL;
1403    WOLFSSL_EVP_PKEY *pkey = NULL;
1404    WC_PKCS12        *pkcs12 = NULL;
1405    WC_PKCS12        *pkcs12_2 = NULL;
1406    WOLFSSL_X509     *cert = NULL;
1407    WOLFSSL_X509     *tmp = NULL;
1408    WOLF_STACK_OF(WOLFSSL_X509) *ca = NULL;
1409#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
1410    || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
1411    WOLFSSL_CTX      *ctx = NULL;
1412    WOLFSSL          *ssl = NULL;
1413    WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
1414#endif
1415
1416    ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
1417    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
1418    if (f != XBADFILE) {
1419        XFCLOSE(f);
1420        f = XBADFILE;
1421    }
1422
1423    goodPswLen = (int)XSTRLEN(goodPsw);
1424    badPswLen = (int)XSTRLEN(badPsw);
1425
1426    ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
1427
1428    ExpectIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */
1429    ExpectNotNull(d2i_PKCS12_bio(bio, &pkcs12));
1430    ExpectNotNull(pkcs12);
1431    BIO_free(bio);
1432    bio = NULL;
1433
1434    /* check verify MAC directly */
1435    ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen), 1);
1436
1437    /* check verify MAC fail case directly */
1438    ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen), 0);
1439
1440    /* check verify MAC fail case */
1441    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0);
1442    ExpectNull(pkey);
1443    ExpectNull(cert);
1444
1445    /* check parse with no extra certs kept */
1446    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL),
1447        1);
1448    ExpectNotNull(pkey);
1449    ExpectNotNull(cert);
1450
1451    wolfSSL_EVP_PKEY_free(pkey);
1452    pkey = NULL;
1453    wolfSSL_X509_free(cert);
1454    cert = NULL;
1455
1456    /* check parse with extra certs kept */
1457    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
1458        1);
1459    ExpectNotNull(pkey);
1460    ExpectNotNull(cert);
1461    ExpectNotNull(ca);
1462
1463#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
1464    || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
1465
1466    /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
1467#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
1468#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
1469    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
1470#else
1471    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
1472#endif
1473    /* Copy stack structure */
1474    ExpectNotNull(tmp_ca = X509_chain_up_ref(ca));
1475    ExpectIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
1476    /* CTX now owns the tmp_ca stack structure */
1477    tmp_ca = NULL;
1478    ExpectIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
1479    ExpectNotNull(tmp_ca);
1480    ExpectIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
1481    /* Check that the main cert is also set */
1482    ExpectNotNull(SSL_CTX_get0_certificate(ctx));
1483    ExpectNotNull(ssl = SSL_new(ctx));
1484    ExpectNotNull(SSL_get_certificate(ssl));
1485    SSL_free(ssl);
1486    SSL_CTX_free(ctx);
1487    ctx = NULL;
1488#endif
1489#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
1490    /* should be 2 other certs on stack */
1491    ExpectNotNull(tmp = sk_X509_pop(ca));
1492    X509_free(tmp);
1493    ExpectNotNull(tmp = sk_X509_pop(ca));
1494    X509_free(tmp);
1495    ExpectNull(sk_X509_pop(ca));
1496
1497    EVP_PKEY_free(pkey);
1498    pkey = NULL;
1499    X509_free(cert);
1500    cert = NULL;
1501    sk_X509_pop_free(ca, X509_free);
1502    ca = NULL;
1503
1504    /* check PKCS12_create */
1505    ExpectNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0));
1506    ExpectIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
1507            SSL_SUCCESS);
1508    ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
1509                    -1, -1, 100, -1, 0)));
1510    EVP_PKEY_free(pkey);
1511    pkey = NULL;
1512    X509_free(cert);
1513    cert = NULL;
1514    sk_X509_pop_free(ca, NULL);
1515    ca = NULL;
1516
1517    ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
1518            SSL_SUCCESS);
1519    PKCS12_free(pkcs12_2);
1520    pkcs12_2 = NULL;
1521    ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
1522             NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
1523             NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
1524             2000, 1, 0)));
1525    EVP_PKEY_free(pkey);
1526    pkey = NULL;
1527    X509_free(cert);
1528    cert = NULL;
1529    sk_X509_pop_free(ca, NULL);
1530    ca = NULL;
1531
1532    /* convert to DER then back and parse */
1533    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
1534    ExpectIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
1535    PKCS12_free(pkcs12_2);
1536    pkcs12_2 = NULL;
1537
1538    ExpectNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
1539    BIO_free(bio);
1540    bio = NULL;
1541    ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
1542            SSL_SUCCESS);
1543
1544    /* should be 2 other certs on stack */
1545    ExpectNotNull(tmp = sk_X509_pop(ca));
1546    X509_free(tmp);
1547    ExpectNotNull(tmp = sk_X509_pop(ca));
1548    X509_free(tmp);
1549    ExpectNull(sk_X509_pop(ca));
1550
1551
1552#ifndef NO_RC4
1553    PKCS12_free(pkcs12_2);
1554    pkcs12_2 = NULL;
1555    ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL,
1556             NID_pbe_WithSHA1And128BitRC4,
1557             NID_pbe_WithSHA1And128BitRC4,
1558             2000, 1, 0)));
1559    EVP_PKEY_free(pkey);
1560    pkey = NULL;
1561    X509_free(cert);
1562    cert = NULL;
1563    sk_X509_pop_free(ca, NULL);
1564    ca = NULL;
1565
1566    ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
1567            SSL_SUCCESS);
1568
1569#endif /* NO_RC4 */
1570
1571    EVP_PKEY_free(pkey);
1572    pkey = NULL;
1573    X509_free(cert);
1574    cert = NULL;
1575    PKCS12_free(pkcs12);
1576    pkcs12 = NULL;
1577    PKCS12_free(pkcs12_2);
1578    pkcs12_2 = NULL;
1579    sk_X509_pop_free(ca, NULL);
1580    ca = NULL;
1581
1582#ifdef HAVE_ECC
1583    /* test order of parsing */
1584    ExpectTrue((f = XFOPEN(order, "rb")) != XBADFILE);
1585    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
1586    if (f != XBADFILE) {
1587        XFCLOSE(f);
1588        f = XBADFILE;
1589    }
1590
1591    ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
1592    ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
1593    ExpectIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
1594            WOLFSSL_SUCCESS);
1595
1596    /* check use of pkey after parse */
1597#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
1598    || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
1599#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
1600#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
1601    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
1602#else
1603    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
1604#endif
1605    ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
1606    SSL_CTX_free(ctx);
1607#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
1608#endif
1609
1610    ExpectNotNull(pkey);
1611    ExpectNotNull(cert);
1612    ExpectNotNull(ca);
1613
1614    /* compare subject lines of certificates */
1615    ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert));
1616    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
1617                SSL_FILETYPE_PEM));
1618    ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
1619            (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
1620    X509_free(x509);
1621    x509 = NULL;
1622
1623    /* test expected fail case */
1624    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
1625                SSL_FILETYPE_PEM));
1626    ExpectIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
1627            (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
1628    X509_free(x509);
1629    x509 = NULL;
1630    X509_free(cert);
1631    cert = NULL;
1632
1633    /* get subject line from ca stack */
1634    ExpectNotNull(cert = sk_X509_pop(ca));
1635    ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert));
1636
1637    /* compare subject from certificate in ca to expected */
1638    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
1639                SSL_FILETYPE_PEM));
1640    ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
1641            (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
1642
1643    /* modify case and compare subject from certificate in ca to expected.
1644     * The first bit of the name is:
1645     * /C=US/ST=Washington
1646     * So we'll change subject->name[1] to 'c' (lower case) */
1647    if (subject != NULL) {
1648        subject->name[1] = 'c';
1649        ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
1650            (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
1651    }
1652
1653    EVP_PKEY_free(pkey);
1654    pkey = NULL;
1655    X509_free(x509);
1656    x509 = NULL;
1657    X509_free(cert);
1658    cert = NULL;
1659    BIO_free(bio);
1660    bio = NULL;
1661    PKCS12_free(pkcs12);
1662    pkcs12 = NULL;
1663    sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */
1664    ca = NULL;
1665
1666    /* test order of parsing */
1667    ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
1668    ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
1669    if (f != XBADFILE) {
1670        XFCLOSE(f);
1671        f = XBADFILE;
1672    }
1673
1674    /* check verify MAC fail case */
1675    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0);
1676    ExpectNull(pkey);
1677    ExpectNull(cert);
1678
1679    /* check parse with no extra certs kept */
1680    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL),
1681        1);
1682    ExpectNotNull(pkey);
1683    ExpectNotNull(cert);
1684
1685    wolfSSL_EVP_PKEY_free(pkey);
1686    pkey = NULL;
1687    wolfSSL_X509_free(cert);
1688    cert = NULL;
1689
1690    /* check parse with extra certs kept */
1691    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
1692        1);
1693    ExpectNotNull(pkey);
1694    ExpectNotNull(cert);
1695    ExpectNotNull(ca);
1696
1697    wolfSSL_EVP_PKEY_free(pkey);
1698    pkey = NULL;
1699    wolfSSL_X509_free(cert);
1700    cert = NULL;
1701    sk_X509_pop_free(ca, NULL);
1702    ca = NULL;
1703
1704    PKCS12_free(pkcs12);
1705    pkcs12 = NULL;
1706#endif /* HAVE_ECC */
1707
1708#ifdef WC_RC2
1709    /* test PKCS#12 with RC2 encryption */
1710    ExpectTrue((f = XFOPEN(rc2p12, "rb")) != XBADFILE);
1711    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
1712    if (f != XBADFILE) {
1713        XFCLOSE(f);
1714        f = XBADFILE;
1715    }
1716
1717    ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
1718    ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
1719
1720    /* check verify MAC fail case */
1721    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0);
1722    ExpectNull(pkey);
1723    ExpectNull(cert);
1724
1725    /* check parse with not extra certs kept */
1726    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL),
1727        WOLFSSL_SUCCESS);
1728    ExpectNotNull(pkey);
1729    ExpectNotNull(cert);
1730
1731    wolfSSL_EVP_PKEY_free(pkey);
1732    pkey = NULL;
1733    wolfSSL_X509_free(cert);
1734    cert = NULL;
1735
1736    /* check parse with extra certs kept */
1737    ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
1738        WOLFSSL_SUCCESS);
1739    ExpectNotNull(pkey);
1740    ExpectNotNull(cert);
1741    ExpectNotNull(ca);
1742
1743    wolfSSL_EVP_PKEY_free(pkey);
1744    wolfSSL_X509_free(cert);
1745    sk_X509_pop_free(ca, NULL);
1746
1747    BIO_free(bio);
1748    bio = NULL;
1749    PKCS12_free(pkcs12);
1750    pkcs12 = NULL;
1751#endif /* WC_RC2 */
1752
1753    /* Test i2d_PKCS12_bio */
1754    ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
1755    ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
1756    if (f != XBADFILE)
1757        XFCLOSE(f);
1758
1759    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
1760
1761    ExpectIntEQ(ret = i2d_PKCS12_bio(bio, pkcs12), 1);
1762
1763    ExpectIntEQ(ret = i2d_PKCS12_bio(NULL, pkcs12), 0);
1764
1765    ExpectIntEQ(ret = i2d_PKCS12_bio(bio, NULL), 0);
1766
1767    PKCS12_free(pkcs12);
1768    BIO_free(bio);
1769
1770    (void)order;
1771#endif /* OPENSSL_EXTRA */
1772#endif /* HAVE_FIPS */
1773    return EXPECT_RESULT();
1774}
1775