Check self-signed certificate names and signatures

Check self-signed certificate names and signatures

Add unit tests for self-signed certificates with invalid name/sigs

BUG=607954
Committed: https://crrev.com/da42899529b15a0fa89a072c6e46c22c11292514
Cr-Commit-Position: refs/heads/master@{#396548}

[dadrian, 2016-05-20 17:40:47]

Description was changed from

==========
Check self-signed certificate names and signatures

Add unit tests for self-signed with invalid name/sigs

BUG=607954
==========

to

==========
Check self-signed certificate names and signatures

Add unit tests for self-signed certificates with invalid name/sigs

BUG=607954
==========

[dadrian, 2016-05-20 17:40:47]

dadrian@google.com changed reviewers:
+ estark@chromium.org, svaldez@chromium.org

[dadrian, 2016-05-20 17:42:03]

Adding estark@ and svaldez@ as initial reviewers, per request from estark@

[svaldez, 2016-05-20 17:54:53]

Some comments from a first pass.

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:475: if (X509_check_issued(cert.get(),
cert.get()) != X509_V_OK) {
Consider:
return X509_check_issued...

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_nss.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_nss.cc:288: SECComparison c =
Do name check after key check to match other implementations?

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_openssl.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_openssl.cc:465: if (X509_check_issued(cert_handle,
cert_handle) != X509_V_OK) {
Simplify to be the same as _ios comment.

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_win.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_win.cc:475: DWORD subject_size =
Don't know whether its worth it, though it might be cleaner to use
CertPrincipal.ParseDistinguishedName from x509_cert_types.

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/e...
File net/data/ssl/scripts/ee.cnf (right):

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/e...
net/data/ssl/scripts/ee.cnf:38: L  = Ann Arbor
I think its standard to use US/California/Mountain View for all test certs.

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:3: # Copyright 2013 The
Chromium Authors. All rights reserved.
2016

[estark, 2016-05-20 18:37:53]

Thanks! Totally didn't think about how gnarly the test data was going to be when
I suggested this as a "starter" bug, sorry about that.

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:471: if ((X509_verify(cert.get(),
scoped_key.get())) != 1) {
nit: as much as it pains me personally, use no curly brackets for single-line
bodies to be consistent with the rest of the file

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_openssl.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_openssl.cc:461: if (X509_verify(cert_handle,
scoped_key.get()) != 1) {
same nit about the curly braces

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:7: # This script generates a
set of test (end-entity, intermediate, root)
looks like this comment needs to be updated

[dadrian, 2016-05-20 19:01:22]

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:471: if ((X509_verify(cert.get(),
scoped_key.get())) != 1) {
On 2016/05/20 18:37:53, estark wrote:
> nit: as much as it pains me personally, use no curly brackets for single-line
> bodies to be consistent with the rest of the file

Done, though I wash my hands of all responsibility for goto-fail style bugs :)

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:475: if (X509_check_issued(cert.get(),
cert.get()) != X509_V_OK) {
On 2016/05/20 17:54:52, svaldez wrote:
> Consider:
> return X509_check_issued...

Done.

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_nss.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_nss.cc:288: SECComparison c =
On 2016/05/20 17:54:52, svaldez wrote:
> Do name check after key check to match other implementations?

Done.

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_openssl.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_openssl.cc:465: if (X509_check_issued(cert_handle,
cert_handle) != X509_V_OK) {
On 2016/05/20 17:54:52, svaldez wrote:
> Simplify to be the same as _ios comment.

Done.

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
File net/cert/x509_certificate_win.cc (right):

https://codereview.chromium.org/1988993002/diff/260001/net/cert/x509_certific...
net/cert/x509_certificate_win.cc:475: DWORD subject_size =
On 2016/05/20 17:54:52, svaldez wrote:
> Don't know whether its worth it, though it might be cleaner to use
> CertPrincipal.ParseDistinguishedName from x509_cert_types.

The CertPrincipal::Matches() function is explicitly listed as deprecated, and to
be removed.

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:3: # Copyright 2013 The
Chromium Authors. All rights reserved.
On 2016/05/20 17:54:53, svaldez wrote:
> 2016

Done.

https://codereview.chromium.org/1988993002/diff/260001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:7: # This script generates a
set of test (end-entity, intermediate, root)
On 2016/05/20 18:37:53, estark wrote:
> looks like this comment needs to be updated

Done.

[svaldez, 2016-05-23 20:36:51]

lgtm

[estark, 2016-05-24 03:40:17]

lgtm with one more nit

Ryan Sleevi's probably the best owner to review this, so go ahead and add him
when you're back.

https://codereview.chromium.org/1988993002/diff/300001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/300001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:471: if ((X509_verify(cert.get(),
scoped_key.get())) != 1)
nit: it looks like there's a superfluous pair of parens stuffed in here (around
the X509_verify call)

[svaldez, 2016-05-24 14:18:01]

https://codereview.chromium.org/1988993002/diff/300001/net/cert/x509_certific...
File net/cert/x509_certificate_nss.cc (right):

https://codereview.chromium.org/1988993002/diff/300001/net/cert/x509_certific...
net/cert/x509_certificate_nss.cc:294: return c == SECComparison::SECEqual;
nit: You could almost just combine these two lines and kill the local, though
not super important.

[dadrian, 2016-05-25 16:38:52]

dadrian@google.com changed reviewers:
+ rsleevi@chromium.org

[dadrian, 2016-05-25 16:38:53]

rsleevi@chromium.org: Please review changes to how self-signed certificates are
identified.

[Ryan Sleevi, 2016-05-26 07:57:09]

Emily: Curious your thoughts about doing the munging native (e.g. no need to
generate independent certificates)

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:473: // NOTE: x509_check_issued returns
X509_V_OK in case of success
You don't need this NOTE (X509_verify() was the weird API contract)

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_nss.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_nss.cc:293: SECComparison::SECEqual;
We don't tend to qualify enums - 

return CERT_CompareName(...) == SECEqual;

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_openssl.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_openssl.cc:464: // NOTE: x509_check_issued returns
X509_V_OK in case of success
ditto re: NOTE

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_win.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_win.cc:472: if (!valid_signature) {
no braces

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_win.cc:496: 0;
Lines 475-495 aren't needed -
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376028(v=vs.85).aspx

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/certifica...
File net/data/ssl/certificates/self-signed-invalid-name.pem (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/certifica...
net/data/ssl/certificates/self-signed-invalid-name.pem:20: -----END
CERTIFICATE-----
Include the -text output please

(Helps debug test failures w/o having to open the command-line)

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:13: }
The new files have been using "set -e" (yeah, welcome to Google, where things
are inconsistent)

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:46: # first four bytes of the
signature with the bytes 0xdead.
We try to avoid "we" in comments
(https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/NH-S6KCkr2M
for context)

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:62: | openssl x509 -inform DER
-outform PEM -out out/self-signed-invalid-sig.pem
Why do we need to generate a certificate file with the malformed signature? Why
can't we just munge the signature in the unittest - where we know exactly where
the signature is?

[estark, 2016-05-26 16:26:51]

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:473: // NOTE: x509_check_issued returns
X509_V_OK in case of success
On 2016/05/26 07:57:08, Ryan Sleevi wrote:
> You don't need this NOTE (X509_verify() was the weird API contract)

FWIW, I think BoringSSL actually just returns 0/1 from X509_verify. (...for now.
that might change.) So line 470 isn't exactly accurate anymore. Maybe it should
be changed to "Historically, OpenSSL's X509_verify returned..." or something
like that?

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:62: | openssl x509 -inform DER
-outform PEM -out out/self-signed-invalid-sig.pem
On 2016/05/26 07:57:08, Ryan Sleevi wrote:
> Why do we need to generate a certificate file with the malformed signature?
Why
> can't we just munge the signature in the unittest - where we know exactly
where
> the signature is?

Ahh, I didn't think of that, that does seem better. So you're suggesting read in
a certificate, mess with the signature, and then use
X509Certificate::CreateFromBytes()? When you say "we know exactly where the
signature is", do you mean hardcode the byte offset? Or is there a nicer way?

[Ryan Sleevi, 2016-05-26 16:34:56]

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:62: | openssl x509 -inform DER
-outform PEM -out out/self-signed-invalid-sig.pem
On 2016/05/26 16:26:51, estark wrote:
 > Ahh, I didn't think of that, that does seem better. So you're suggesting read
in
> a certificate, mess with the signature, and then use
> X509Certificate::CreateFromBytes()? When you say "we know exactly where the
> signature is", do you mean hardcode the byte offset? Or is there a nicer way?

Could use the ASN.1 parser we have and just skip to the offset. On the con side,
that's more work, and more native, on the plus side, it means less bash
scripting, less coupling to OpenSSL's text form, and less coreutils
dependencies. Mostly I mention it because when I wrote a lot of the original
bash scripts, I was using them in Windows in msys (because I'm weird like that
and because depot-tools includes msys)

I was thinking something like
https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/asn1_util...
in the _unittest.cc file to munge the data, and then CreateFromBytes.

My own gut take is that it'd be more maintainable, but I'm also looking to see
if there's disagreement, or if it's more work than I'm thinking, since it's just
more of a gut take.

[Ryan Sleevi, 2016-05-26 16:36:42]

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:473: // NOTE: x509_check_issued returns
X509_V_OK in case of success
On 2016/05/26 16:26:51, estark wrote:
> On 2016/05/26 07:57:08, Ryan Sleevi wrote:
> > You don't need this NOTE (X509_verify() was the weird API contract)
> 
> FWIW, I think BoringSSL actually just returns 0/1 from X509_verify. (...for
now.
> that might change.) So line 470 isn't exactly accurate anymore. Maybe it
should
> be changed to "Historically, OpenSSL's X509_verify returned..." or something
> like that?

If that's the case (and the API is fixed), we should remove both NOTEs. The NOTE
then was just "OpenSSL APIs are dumb" - if this was fixed in David's BoringSSL
burning run, then we should just "if (!X509_Verify())" and be done with it (and
remove the NOTE)

[dadrian, 2016-05-26 18:41:36]

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:62: | openssl x509 -inform DER
-outform PEM -out out/self-signed-invalid-sig.pem
On 2016/05/26 16:34:56, Ryan Sleevi (OOO til 6-6) wrote:
> On 2016/05/26 16:26:51, estark wrote:
>  > Ahh, I didn't think of that, that does seem better. So you're suggesting
read
> in
> > a certificate, mess with the signature, and then use
> > X509Certificate::CreateFromBytes()? When you say "we know exactly where the
> > signature is", do you mean hardcode the byte offset? Or is there a nicer
way?
> 
> Could use the ASN.1 parser we have and just skip to the offset. On the con
side,
> that's more work, and more native, on the plus side, it means less bash
> scripting, less coupling to OpenSSL's text form, and less coreutils
> dependencies. Mostly I mention it because when I wrote a lot of the original
> bash scripts, I was using them in Windows in msys (because I'm weird like that
> and because depot-tools includes msys)
> 
> I was thinking something like
>
https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/asn1_util...
> in the _unittest.cc file to munge the data, and then CreateFromBytes.
> 
> My own gut take is that it'd be more maintainable, but I'm also looking to see
> if there's disagreement, or if it's more work than I'm thinking, since it's
just
> more of a gut take.

I'm less familiar with Chrome development, so take what I say with a grain of
salt. However, in my experience outside of Chrome, having the actual
certificates for various error conditions written to disk, rather than
"ephemeral" certificates generated programmatically during the life of a test,
has always been more useful. For one, certificate files are easier to grok since
you can send them through `openssl x509 -text` or similar. Beyond that, since
it's physically impossible to write certificate-handling code correctly, when
you inevitably find bugs, they're easier to share across various parts of code
that touch certificates, and also easier to verify for (in)correctness.

[estark, 2016-05-27 00:59:13]

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:473: // NOTE: x509_check_issued returns
X509_V_OK in case of success
On 2016/05/26 16:36:41, Ryan Sleevi (OOO til 6-6) wrote:
> On 2016/05/26 16:26:51, estark wrote:
> > On 2016/05/26 07:57:08, Ryan Sleevi wrote:
> > > You don't need this NOTE (X509_verify() was the weird API contract)
> > 
> > FWIW, I think BoringSSL actually just returns 0/1 from X509_verify. (...for
> now.
> > that might change.) So line 470 isn't exactly accurate anymore. Maybe it
> should
> > be changed to "Historically, OpenSSL's X509_verify returned..." or something
> > like that?
> 
> If that's the case (and the API is fixed), we should remove both NOTEs. The
NOTE
> then was just "OpenSSL APIs are dumb" - if this was fixed in David's BoringSSL
> burning run, then we should just "if (!X509_Verify())" and be done with it
(and
> remove the NOTE)

I was thinking that we shouldn't remove the comment entirely because there's a
possibility that the BoringSSL API might change back because a caller in CT was
kind of depending on the weird -1/0 return values
(https://bugs.chromium.org/p/boringssl/issues/detail?id=18). Buuut, if and when
we change it back to -1/0/1, we're going to have to audit all the callers to
make sure that everything makes sense, so we can always change it back then. 
So, removing it and doing `if !X509_verify()` SGTM.

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:62: | openssl x509 -inform DER
-outform PEM -out out/self-signed-invalid-sig.pem
On 2016/05/26 18:41:36, dadrian wrote:
> On 2016/05/26 16:34:56, Ryan Sleevi (OOO til 6-6) wrote:
> > On 2016/05/26 16:26:51, estark wrote:
> >  > Ahh, I didn't think of that, that does seem better. So you're suggesting
> read
> > in
> > > a certificate, mess with the signature, and then use
> > > X509Certificate::CreateFromBytes()? When you say "we know exactly where
the
> > > signature is", do you mean hardcode the byte offset? Or is there a nicer
> way?
> > 
> > Could use the ASN.1 parser we have and just skip to the offset. On the con
> side,
> > that's more work, and more native, on the plus side, it means less bash
> > scripting, less coupling to OpenSSL's text form, and less coreutils
> > dependencies. Mostly I mention it because when I wrote a lot of the original
> > bash scripts, I was using them in Windows in msys (because I'm weird like
that
> > and because depot-tools includes msys)
> > 
> > I was thinking something like
> >
>
https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/asn1_util...
> > in the _unittest.cc file to munge the data, and then CreateFromBytes.
> > 
> > My own gut take is that it'd be more maintainable, but I'm also looking to
see
> > if there's disagreement, or if it's more work than I'm thinking, since it's
> just
> > more of a gut take.
> 
> I'm less familiar with Chrome development, so take what I say with a grain of
> salt. However, in my experience outside of Chrome, having the actual
> certificates for various error conditions written to disk, rather than
> "ephemeral" certificates generated programmatically during the life of a test,
> has always been more useful. For one, certificate files are easier to grok
since
> you can send them through `openssl x509 -text` or similar. Beyond that, since
> it's physically impossible to write certificate-handling code correctly, when
> you inevitably find bugs, they're easier to share across various parts of code
> that touch certificates, and also easier to verify for (in)correctness.

Hrm, I am struggling to come up with a strong opinion either way. The openssl
bash stuff is pretty gross -- no offense, David :) -- but I buy the argument
that it's handy to have the actual certificate file around to poke at.

[dadrian, 2016-05-27 01:05:03]

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_ios.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_ios.cc:473: // NOTE: x509_check_issued returns
X509_V_OK in case of success
On 2016/05/26 16:36:41, Ryan Sleevi (OOO til 6-6) wrote:
> On 2016/05/26 16:26:51, estark wrote:
> > On 2016/05/26 07:57:08, Ryan Sleevi wrote:
> > > You don't need this NOTE (X509_verify() was the weird API contract)
> > 
> > FWIW, I think BoringSSL actually just returns 0/1 from X509_verify. (...for
> now.
> > that might change.) So line 470 isn't exactly accurate anymore. Maybe it
> should
> > be changed to "Historically, OpenSSL's X509_verify returned..." or something
> > like that?
> 
> If that's the case (and the API is fixed), we should remove both NOTEs. The
NOTE
> then was just "OpenSSL APIs are dumb" - if this was fixed in David's BoringSSL
> burning run, then we should just "if (!X509_Verify())" and be done with it
(and
> remove the NOTE)

Done.

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_nss.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_nss.cc:293: SECComparison::SECEqual;
On 2016/05/26 07:57:08, Ryan Sleevi (OOO til 6-6) wrote:
> We don't tend to qualify enums - 
> 
> return CERT_CompareName(...) == SECEqual;

Done.

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_openssl.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_openssl.cc:464: // NOTE: x509_check_issued returns
X509_V_OK in case of success
On 2016/05/26 07:57:08, Ryan Sleevi (OOO til 6-6) wrote:
> ditto re: NOTE

Done.

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
File net/cert/x509_certificate_win.cc (right):

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_win.cc:472: if (!valid_signature) {
On 2016/05/26 07:57:08, Ryan Sleevi (OOO til 6-6) wrote:
> no braces

Done.

https://codereview.chromium.org/1988993002/diff/320001/net/cert/x509_certific...
net/cert/x509_certificate_win.cc:496: 0;
On 2016/05/26 07:57:08, Ryan Sleevi (OOO til 6-6) wrote:
> Lines 475-495 aren't needed -
>
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376028(v=vs.85).aspx
> 

Done. Not sure how I missed that function.

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/certifica...
File net/data/ssl/certificates/self-signed-invalid-name.pem (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/certifica...
net/data/ssl/certificates/self-signed-invalid-name.pem:20: -----END
CERTIFICATE-----
On 2016/05/26 07:57:08, Ryan Sleevi (OOO til 6-6) wrote:
> Include the -text output please
> 
> (Helps debug test failures w/o having to open the command-line)

Done.

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:13: }
On 2016/05/26 07:57:08, Ryan Sleevi (OOO til 6-6) wrote:
> The new files have been using "set -e" (yeah, welcome to Google, where things
> are inconsistent)

Done.

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:46: # first four bytes of the
signature with the bytes 0xdead.
On 2016/05/26 07:57:08, Ryan Sleevi (OOO til 6-6) wrote:
> We try to avoid "we" in comments
>
(https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/NH-S6KCkr2M
> for context)

Done.

[dadrian, 2016-05-27 01:22:57]

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
File net/data/ssl/scripts/generate-bad-self-signed.sh (right):

https://codereview.chromium.org/1988993002/diff/320001/net/data/ssl/scripts/g...
net/data/ssl/scripts/generate-bad-self-signed.sh:62: | openssl x509 -inform DER
-outform PEM -out out/self-signed-invalid-sig.pem
On 2016/05/27 00:59:13, estark wrote:
> On 2016/05/26 18:41:36, dadrian wrote:
> > On 2016/05/26 16:34:56, Ryan Sleevi (OOO til 6-6) wrote:
> > > On 2016/05/26 16:26:51, estark wrote:
> > >  > Ahh, I didn't think of that, that does seem better. So you're
suggesting
> > read
> > > in
> > > > a certificate, mess with the signature, and then use
> > > > X509Certificate::CreateFromBytes()? When you say "we know exactly where
> the
> > > > signature is", do you mean hardcode the byte offset? Or is there a nicer
> > way?
> > > 
> > > Could use the ASN.1 parser we have and just skip to the offset. On the con
> > side,
> > > that's more work, and more native, on the plus side, it means less bash
> > > scripting, less coupling to OpenSSL's text form, and less coreutils
> > > dependencies. Mostly I mention it because when I wrote a lot of the
original
> > > bash scripts, I was using them in Windows in msys (because I'm weird like
> that
> > > and because depot-tools includes msys)
> > > 
> > > I was thinking something like
> > >
> >
>
https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/asn1_util...
> > > in the _unittest.cc file to munge the data, and then CreateFromBytes.
> > > 
> > > My own gut take is that it'd be more maintainable, but I'm also looking to
> see
> > > if there's disagreement, or if it's more work than I'm thinking, since
it's
> > just
> > > more of a gut take.
> > 
> > I'm less familiar with Chrome development, so take what I say with a grain
of
> > salt. However, in my experience outside of Chrome, having the actual
> > certificates for various error conditions written to disk, rather than
> > "ephemeral" certificates generated programmatically during the life of a
test,
> > has always been more useful. For one, certificate files are easier to grok
> since
> > you can send them through `openssl x509 -text` or similar. Beyond that,
since
> > it's physically impossible to write certificate-handling code correctly,
when
> > you inevitably find bugs, they're easier to share across various parts of
code
> > that touch certificates, and also easier to verify for (in)correctness.
> 
> Hrm, I am struggling to come up with a strong opinion either way. The openssl
> bash stuff is pretty gross -- no offense, David :) -- but I buy the argument
> that it's handy to have the actual certificate file around to poke at.

OpenSSL anything is pretty gross. I'd argue that most people interacting with
the test certificates wouldn't have to touch it, though.

[Ryan Sleevi, 2016-05-27 04:28:30]

rsleevi@chromium.org changed reviewers:
+ eroman@chromium.org

[Ryan Sleevi, 2016-05-27 04:28:31]

Going OOO, so I'm going to defer the test bit to eroman, since he's looked
pretty heavily at our test side. I'm torn because I totes understand David's
points and would normally agree, but these both are one-off files, and more
inclined to KISS rather than bash it up. My main thinking is that it's easier to
in general for people to update the C++ code if it needs to change than to work
through the bash bits, and it's less dependent on how system openssl behaves or
if you have xxd. But if Eric's happy, go with it.

[eroman, 2016-05-27 07:59:37]

- I like that there are unit-tests

- I like that the tests are expressed as certificate files rather than requiring
C++ manipulations at test time.

- ... But I don't like the bash script


I am good with this change provided we can clean up the mechanism for mutating
the signature a bit.

How about just flipping a byte relative to the *end* of the file -- say the 4th
byte from the end. The signature is the final field in the certificate, so
corrupting it is just a matter of change something near the end of the DER.

This should address some of Ryan's concern, which I think was largely based on
the sorcery of using OpenSSL's text format, sed, and xxd to achieve that
manipulation.

On a personal note, I find the OpenSSL .cnf approach and command line flag
incantations to be extremely obtuse. I am also a hater of bash scripts. When I
was dealing with this to generate certificate chain test data, the only thing
that felt sane was to write simple python scripts, and wrap the OpenSSL magic
and generate appropriate .cnf file. For example:

https://code.google.com/p/chromium/codesearch#chromium/src/net/data/verify_ce...

https://code.google.com/p/chromium/codesearch#chromium/src/net/data/verify_ce...

I think it worked pretty well, and would be in favor (separate from this CL of
course) to use that approach and remove our dependence on bash all-together.

[dadrian, 2016-05-27 18:48:15]

On 2016/05/27 07:59:37, eroman wrote:
> - I like that there are unit-tests
> 
> - I like that the tests are expressed as certificate files rather than
requiring
> C++ manipulations at test time.
> 
> - ... But I don't like the bash script
> 
> 
> I am good with this change provided we can clean up the mechanism for mutating
> the signature a bit.
> 
> How about just flipping a byte relative to the *end* of the file -- say the
4th
> byte from the end. The signature is the final field in the certificate, so
> corrupting it is just a matter of change something near the end of the DER.
> 
> This should address some of Ryan's concern, which I think was largely based on
> the sorcery of using OpenSSL's text format, sed, and xxd to achieve that
> manipulation.
> 
> On a personal note, I find the OpenSSL .cnf approach and command line flag
> incantations to be extremely obtuse. I am also a hater of bash scripts. When I
> was dealing with this to generate certificate chain test data, the only thing
> that felt sane was to write simple python scripts, and wrap the OpenSSL magic
> and generate appropriate .cnf file. For example:
> 
>
https://code.google.com/p/chromium/codesearch#chromium/src/net/data/verify_ce...
> 
>
https://code.google.com/p/chromium/codesearch#chromium/src/net/data/verify_ce...
> 
> I think it worked pretty well, and would be in favor (separate from this CL of
> course) to use that approach and remove our dependence on bash all-together.

Unfortunately, I don't think there's a very nice way to modify specific byte
offsets in bash, but I gave it a shot. I don't think this is necessarily any
cleaner to read, but at least it doesn't require xxd or depend on the format of
`openssl -text`

[eroman, 2016-05-27 18:51:55]

On Fri, May 27, 2016 at 11:48 AM, <dadrian@google.com> wrote:

> On 2016/05/27 07:59:37, eroman wrote:
> > - I like that there are unit-tests
> >
> > - I like that the tests are expressed as certificate files rather than
> requiring
> > C++ manipulations at test time.
> >
> > - ... But I don't like the bash script
> >
> >
> > I am good with this change provided we can clean up the mechanism for
> mutating
> > the signature a bit.
> >
> > How about just flipping a byte relative to the *end* of the file -- say
> the
> 4th
> > byte from the end. The signature is the final field in the certificate,
> so
> > corrupting it is just a matter of change something near the end of the
> DER.
> >
> > This should address some of Ryan's concern, which I think was largely
> based on
> > the sorcery of using OpenSSL's text format, sed, and xxd to achieve that
> > manipulation.
> >
> > On a personal note, I find the OpenSSL .cnf approach and command line
> flag
> > incantations to be extremely obtuse. I am also a hater of bash scripts.
> When I
> > was dealing with this to generate certificate chain test data, the only
> thing
> > that felt sane was to write simple python scripts, and wrap the OpenSSL
> magic
> > and generate appropriate .cnf file. For example:
> >
> >
>
>
https://code.google.com/p/chromium/codesearch#chromium/src/net/data/verify_ce...
> >
> >
>
>
https://code.google.com/p/chromium/codesearch#chromium/src/net/data/verify_ce...
> >
> > I think it worked pretty well, and would be in favor (separate from this
> CL of
> > course) to use that approach and remove our dependence on bash
> all-together.
>
> Unfortunately, I don't think there's a very nice way to modify specific
> byte
> offsets in bash, but I gave it a shot. I don't think this is necessarily
> any
> cleaner to read, but at least it doesn't require xxd or depend on the
> format of
> `openssl -text`
>

I think that is an improvement.
LGTM.


>
> https://codereview.chromium.org/1988993002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

[eroman, 2016-05-27 18:55:08]

lgtm

[dadrian, 2016-05-27 19:01:32]

The CQ bit was checked by dadrian@google.com

[dadrian, 2016-05-27 19:01:33]

The patchset sent to the CQ was uploaded after l-g-t-m from
svaldez@chromium.org, estark@chromium.org
Link to the patchset: https://codereview.chromium.org/1988993002/#ps380001
(title: "Remove dependency on openssl -text format")

[commit-bot: I haz the power, 2016-05-27 19:02:10]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1988993002/380001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1988993002/380001

[commit-bot: I haz the power, 2016-05-27 20:11:29]

Description was changed from

==========
Check self-signed certificate names and signatures

Add unit tests for self-signed certificates with invalid name/sigs

BUG=607954
==========

to

==========
Check self-signed certificate names and signatures

Add unit tests for self-signed certificates with invalid name/sigs

BUG=607954
==========

[commit-bot: I haz the power, 2016-05-27 20:11:31]

Committed patchset #20 (id:380001)

[commit-bot: I haz the power, 2016-05-27 20:14:32]

Description was changed from

==========
Check self-signed certificate names and signatures

Add unit tests for self-signed certificates with invalid name/sigs

BUG=607954
==========

to

==========
Check self-signed certificate names and signatures

Add unit tests for self-signed certificates with invalid name/sigs

BUG=607954

Committed: https://crrev.com/da42899529b15a0fa89a072c6e46c22c11292514
Cr-Commit-Position: refs/heads/master@{#396548}
==========

[commit-bot: I haz the power, 2016-05-27 20:14:34]

Patchset 20 (id:??) landed as
https://crrev.com/da42899529b15a0fa89a072c6e46c22c11292514
Cr-Commit-Position: refs/heads/master@{#396548}