Snap for 9412736 from 74fffc2ab64f903d4222243e16086a4bd7600935 to mainline-conscrypt-releaseaml_con_331413000aml_con_331411000android13-mainline-conscrypt-release

Change-Id: Ia69ab9c5a188a5ba3156bdc44820e163cdff54c7

7 files changed, 154 insertions, 11 deletions

diff --git a/Android.bp b/Android.bp
index bb3aa0dc..6868067c 100644
--- a/Android.bp
+++ b/Android.bp
@@ -488,14 +488,13 @@ cc_library_static {
 
     shared_libs: [
         "libcrypto",
-        "libssl",
     ],
 }
 
 // Tests
 cc_test {
     name: "boringssl_crypto_test",
-    test_config: "NativeTests.xml",
+    test_config: "CryptoNativeTests.xml",
     host_supported: false,
     per_testcase_directory: true,
     compile_multilib: "both",
@@ -524,7 +523,7 @@ cc_test {
 
 cc_test {
     name: "boringssl_ssl_test",
-    test_config: "NativeTests.xml",
+    test_config: "SslNativeTests.xml",
     host_supported: false,
     per_testcase_directory: true,
     compile_multilib: "both",
diff --git a/NativeTests.xml b/CryptoNativeTests.xml
index d3eb9444..0adc18f2 100644
--- a/NativeTests.xml
+++ b/CryptoNativeTests.xml
@@ -14,26 +14,19 @@
   ~ See the License for the specific language governing permissions and
   ~ limitations under the License.
   ~
-  ~ Re-runs a subset of MtsConscryptTestCases using Conscrypt's file-descriptor based
-  ~ implementation to ensure there are no regressions in this implementation before
-  ~ it is fully deprecated.
-  ~
-  ~ Apart from the include filters and SSLSocket implementation this test suite is
-  ~ identical to MtsConscryptTestCases.
+  ~ Native test configuration for boringssl_crypto_test.
   -->
 <configuration description="Configuration for BoringSSL native tests">
    <option name="test-suite-tag" value="mts-conscrypt" />
    <target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher">
        <option name="cleanup" value="true" />
        <option name="push" value="boringssl_crypto_test->/data/local/tmp/boringssl_crypto_test" />
-       <option name="push" value="boringssl_ssl_test->/data/local/tmp/boringssl_ssl_test" />
        <option name="append-bitness" value="true" />
    </target_preparer>
    <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/>
    <test class="com.android.tradefed.testtype.GTest" >
        <option name="native-test-device-path" value="/data/local/tmp" />
        <option name="module-name" value="boringssl_crypto_test" />
-       <option name="module-name" value="boringssl_ssl_test" />
        <option name="runtime-hint" value="10m" />
        <option name="native-test-timeout" value="600000" />
    </test>
diff --git a/SslNativeTests.xml b/SslNativeTests.xml
new file mode 100644
index 00000000..9257111d
--- /dev/null
+++ b/SslNativeTests.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (C) 2022 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~
+  ~ Native test configuration for boringssl_ssl_test.
+  -->
+<configuration description="Configuration for BoringSSL native tests">
+   <option name="test-suite-tag" value="mts-conscrypt" />
+   <target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher">
+       <option name="cleanup" value="true" />
+       <option name="push" value="boringssl_ssl_test->/data/local/tmp/boringssl_ssl_test" />
+       <option name="append-bitness" value="true" />
+   </target_preparer>
+   <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/>
+   <test class="com.android.tradefed.testtype.GTest" >
+       <option name="native-test-device-path" value="/data/local/tmp" />
+       <option name="module-name" value="boringssl_ssl_test" />
+       <option name="runtime-hint" value="10m" />
+       <option name="native-test-timeout" value="600000" />
+   </test>
+</configuration>
diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc
index ce70ae3b..379f26bc 100644
--- a/src/crypto/x509/x509_test.cc
+++ b/src/crypto/x509/x509_test.cc
@@ -1470,6 +1470,23 @@ TEST(X509Test, TestCRL) {
             Verify(leaf.get(), {root.get()}, {root.get()},
                    {algorithm_mismatch_crl2.get()}, X509_V_FLAG_CRL_CHECK));
 
+  // The CRL is valid for a month.
+  EXPECT_EQ(X509_V_ERR_CRL_HAS_EXPIRED,
+            Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
+                   X509_V_FLAG_CRL_CHECK, [](X509_VERIFY_PARAM *param) {
+                     X509_VERIFY_PARAM_set_time(
+                         param, kReferenceTime + 2 * 30 * 24 * 3600);
+                   }));
+
+  // X509_V_FLAG_NO_CHECK_TIME suppresses the validity check.
+  EXPECT_EQ(X509_V_OK,
+            Verify(leaf.get(), {root.get()}, {root.get()}, {basic_crl.get()},
+                   X509_V_FLAG_CRL_CHECK | X509_V_FLAG_NO_CHECK_TIME,
+                   [](X509_VERIFY_PARAM *param) {
+                     X509_VERIFY_PARAM_set_time(
+                         param, kReferenceTime + 2 * 30 * 24 * 3600);
+                   }));
+
   // Parsing kBadExtensionCRL should fail.
   EXPECT_FALSE(CRLFromPEM(kBadExtensionCRL));
 }
@@ -3551,6 +3568,95 @@ TEST(X509Test, TrustedFirst) {
              }));
 }
 
+// Test that notBefore and notAfter checks work correctly.
+TEST(X509Test, Expiry) {
+  bssl::UniquePtr<EVP_PKEY> key = PrivateKeyFromPEM(kP256Key);
+  ASSERT_TRUE(key);
+
+  // The following are measured in seconds relative to kReferenceTime. The
+  // validity periods are staggered so we can independently test both leaf and
+  // root time checks.
+  const time_t kSecondsInDay = 24 * 3600;
+  const time_t kRootStart = -30 * kSecondsInDay;
+  const time_t kIntermediateStart = -20 * kSecondsInDay;
+  const time_t kLeafStart = -10 * kSecondsInDay;
+  const time_t kIntermediateEnd = 10 * kSecondsInDay;
+  const time_t kLeafEnd = 20 * kSecondsInDay;
+  const time_t kRootEnd = 30 * kSecondsInDay;
+
+  bssl::UniquePtr<X509> root =
+      MakeTestCert("Root", "Root", key.get(), /*is_ca=*/true);
+  ASSERT_TRUE(root);
+  ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(root.get()), kReferenceTime,
+                            /*offset_day=*/0,
+                            /*offset_sec=*/kRootStart));
+  ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(root.get()), kReferenceTime,
+                            /*offset_day=*/0,
+                            /*offset_sec=*/kRootEnd));
+  ASSERT_TRUE(X509_sign(root.get(), key.get(), EVP_sha256()));
+
+  bssl::UniquePtr<X509> intermediate =
+      MakeTestCert("Root", "Intermediate", key.get(), /*is_ca=*/true);
+  ASSERT_TRUE(intermediate);
+  ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(intermediate.get()),
+                            kReferenceTime,
+                            /*offset_day=*/0,
+                            /*offset_sec=*/kIntermediateStart));
+  ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(intermediate.get()),
+                            kReferenceTime,
+                            /*offset_day=*/0,
+                            /*offset_sec=*/kIntermediateEnd));
+  ASSERT_TRUE(X509_sign(intermediate.get(), key.get(), EVP_sha256()));
+
+  bssl::UniquePtr<X509> leaf =
+      MakeTestCert("Intermediate", "Leaf", key.get(), /*is_ca=*/false);
+  ASSERT_TRUE(leaf);
+  ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notBefore(leaf.get()), kReferenceTime,
+                            /*offset_day=*/0,
+                            /*offset_sec=*/kLeafStart));
+  ASSERT_TRUE(ASN1_TIME_adj(X509_getm_notAfter(leaf.get()), kReferenceTime,
+                            /*offset_day=*/0,
+                            /*offset_sec=*/kLeafEnd));
+  ASSERT_TRUE(X509_sign(leaf.get(), key.get(), EVP_sha256()));
+
+  struct VerifyAt {
+    time_t time;
+    void operator()(X509_VERIFY_PARAM *param) const {
+      X509_VERIFY_PARAM_set_time(param, time);
+    }
+  };
+
+  for (bool check_time : {true, false}) {
+    SCOPED_TRACE(check_time);
+    unsigned long flags = check_time ? 0 : X509_V_FLAG_NO_CHECK_TIME;
+    int not_yet_valid = check_time ? X509_V_ERR_CERT_NOT_YET_VALID : X509_V_OK;
+    int has_expired = check_time ? X509_V_ERR_CERT_HAS_EXPIRED : X509_V_OK;
+
+    EXPECT_EQ(not_yet_valid,
+              Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+                     VerifyAt{kReferenceTime + kRootStart - 1}));
+    EXPECT_EQ(not_yet_valid,
+              Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+                     VerifyAt{kReferenceTime + kIntermediateStart - 1}));
+    EXPECT_EQ(not_yet_valid,
+              Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+                     VerifyAt{kReferenceTime + kLeafStart - 1}));
+
+    EXPECT_EQ(X509_V_OK, Verify(leaf.get(), {root.get()}, {intermediate.get()},
+                                {}, flags, VerifyAt{kReferenceTime}));
+
+    EXPECT_EQ(has_expired,
+              Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+                     VerifyAt{kReferenceTime + kRootEnd + 1}));
+    EXPECT_EQ(has_expired,
+              Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+                     VerifyAt{kReferenceTime + kIntermediateEnd + 1}));
+    EXPECT_EQ(has_expired,
+              Verify(leaf.get(), {root.get()}, {intermediate.get()}, {}, flags,
+                     VerifyAt{kReferenceTime + kLeafEnd + 1}));
+  }
+}
+
 // kConstructedBitString is an X.509 certificate where the signature is encoded
 // as a BER constructed BIT STRING. Note that, while OpenSSL's parser accepts
 // this input, it interprets the value incorrectly.
diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c
index f41ae6e1..7dcac260 100644
--- a/src/crypto/x509/x509_vfy.c
+++ b/src/crypto/x509/x509_vfy.c
@@ -1000,6 +1000,9 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
 {
     time_t *ptime;
     int i;
+    if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
+      return 1;
+    }
     if (notify)
         ctx->current_crl = crl;
     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
@@ -1743,6 +1746,9 @@ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
     time_t *ptime;
     int i;
 
+    if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
+      return 1;
+    }
     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
         ptime = &ctx->param->check_time;
     else
diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h
index 4d312c7e..608c6700 100644
--- a/src/include/openssl/x509.h
+++ b/src/include/openssl/x509.h
@@ -2071,6 +2071,10 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 // will force the behaviour to match that of previous versions.
 #define X509_V_FLAG_NO_ALT_CHAINS 0x100000
 
+// X509_V_FLAG_NO_CHECK_TIME disables all time checks in certificate
+// verification.
+#define X509_V_FLAG_NO_CHECK_TIME 0x200000
+
 #define X509_VP_FLAG_DEFAULT 0x1
 #define X509_VP_FLAG_OVERWRITE 0x2
 #define X509_VP_FLAG_RESET_FLAGS 0x4
diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc
index e2db5a4d..f07196cf 100644
--- a/src/ssl/ssl_test.cc
+++ b/src/ssl/ssl_test.cc
@@ -8064,6 +8064,8 @@ RVHWbCvFvNZAoWiIJ2z34RLGInyZvCZ8xLAvsuaWULDDaoeDl1M0t4Hm
   SSL_CTX_set_verify(client_ctx.get(),
                      SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                      nullptr);
+  X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(client_ctx.get()),
+                              X509_V_FLAG_NO_CHECK_TIME);
 
   struct TestCase {
     X509 *cert;