From 383df620bf63ab567a79d8ed2742d1a439ca07a1 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 15 Dec 2020 15:10:44 +0100
Subject: [PATCH] Add CSR test with Extension Request attribute

---
 certs/csr.ext.der | Bin 0 -> 566 bytes
 certs/include.am  |   3 ++-
 tests/api.c       |  42 ++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 certs/csr.ext.der

diff --git a/certs/csr.ext.der b/certs/csr.ext.der
new file mode 100644
index 0000000000000000000000000000000000000000..fd39dea6cdd75a5a6c6adb827222a03a72b243d3
GIT binary patch
literal 566
zcmXqLVlpylVw}yy$ZQ~DC}beO#vIDR%)^<JpPZPJkzZV5&^X_KmyJ`a&7<u*FC!x(
zD+6<5FM~m2CsSi1!{bvHslVsAEmPXKPkc`R^S={C#mdJL8MldP9L)d0H|OXfar1Ax
zOVr&&E-nzfRchCrn&J1anoFBggSCDI|0Jf}HhH(JzLqU~7y8U5tk7@43z>c4d^5jJ
z3}{t)x6PDoYfx+V;kw_<zwGbnUXd)@r{tCMeiBop!jo-(UnK4;m?ojh#LURRxS;W_
zfjr!Woa}}|!UCS|&ZYVlem*Ap2Kwdx>G=kYI}s}Q3>#M)G_EjcoC@@;tRPEcuR&v1
zJIfj&6Q*{SdIko@CV`~<q~ydBz2wZ|<b1v4{M;sitjt`XAd-kMJctm2R58SW59BO<
zM#ldvEX+)-50HbO8x;JF44eta7Fl26YJThfSjy<rp03xcTbtXWW(VCl735Isa&b~e
zTrx}5=lXX!TPH0ri9VP<Lp*#Z%PfO3uY*%7(z)kbaZcOACc(Jx!p-KJkHzNiifPCc
zshjn>XltB{-p!>pE@_ANDEFoq{}R1o|1IxQ*3}Q^6WR2WYK~`x&q@>IJ?VP{0RA%8
ArvLx|

literal 0
HcmV?d00001

diff --git a/certs/include.am b/certs/include.am
index 7d613b9ef..c7e70ad1a 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -55,7 +55,8 @@ EXTRA_DIST += \
 	     certs/client-cert-ext.pem \
 	     certs/csr.attr.der \
 	     certs/csr.dsa.pem \
-	     certs/csr.signed.der
+	     certs/csr.signed.der \
+	     certs/csr.ext.der
 
 EXTRA_DIST += \
 	     certs/ca-key.der \
diff --git a/tests/api.c b/tests/api.c
index 630dce6e3..5e55bdc1d 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -38183,11 +38183,13 @@ static void test_wolfSSL_X509_CRL(void)
 static void test_wolfSSL_d2i_X509_REQ(void)
 {
 #if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
-    /* ./certs/csr.signed.der and ./certs/csr.attr.der were
+    /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
      * generated by libest
-     * ./certs/csr.attr.der contains sample attributes */
+     * ./certs/csr.attr.der contains sample attributes
+     * ./certs/csr.ext.der contains sample extensions */
     const char* csrFile = "./certs/csr.signed.der";
     const char* csrPopFile = "./certs/csr.attr.der";
+    const char* csrExtFile = "./certs/csr.ext.der";
     /* ./certs/csr.dsa.pem is generated using
      * openssl req -newkey dsa:certs/dsaparams.pem \
      *     -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
@@ -38249,6 +38251,42 @@ static void test_wolfSSL_d2i_X509_REQ(void)
         AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
 #endif
 
+        X509_free(req);
+        BIO_free(bio);
+        EVP_PKEY_free(pub_key);
+    }
+    {
+#ifdef OPENSSL_ALL
+        X509_ATTRIBUTE* attr;
+        ASN1_TYPE *at;
+#endif
+        AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
+        /* This CSR contains an Extension Request attribute so
+         * we test extension parsing in a CSR attribute here. */
+        AssertNotNull(d2i_X509_REQ_bio(bio, &req));
+
+        /*
+         * Extract the public key from the CSR
+         */
+        AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
+
+        /*
+         * Verify the signature in the CSR
+         */
+        AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
+
+#ifdef OPENSSL_ALL
+        /*
+         * Obtain the challenge password from the CSR
+         */
+        AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
+                NID_pkcs9_challengePassword);
+        AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
+        AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
+        AssertNotNull(at->value.asn1_string);
+        AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
+#endif
+
         X509_free(req);
         BIO_free(bio);
         EVP_PKEY_free(pub_key);