|
Packit |
c4476c |
/*
|
|
Packit |
c4476c |
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* Licensed under the OpenSSL licenses, (the "License");
|
|
Packit |
c4476c |
* you may not use this file except in compliance with the License.
|
|
Packit |
c4476c |
* You may obtain a copy of the License at
|
|
Packit |
c4476c |
* https://www.openssl.org/source/license.html
|
|
Packit |
c4476c |
* or in the file LICENSE in the source distribution.
|
|
Packit |
c4476c |
*/
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <stdio.h>
|
|
Packit |
c4476c |
#include <string.h>
|
|
Packit |
c4476c |
#include <errno.h>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <openssl/x509.h>
|
|
Packit |
c4476c |
#include <openssl/pem.h>
|
|
Packit |
c4476c |
#include <openssl/conf.h>
|
|
Packit |
c4476c |
#include <openssl/err.h>
|
|
Packit |
c4476c |
#include "internal/nelem.h"
|
|
Packit |
c4476c |
#include "testutil.h"
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
static int test_certs(int num)
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
int c;
|
|
Packit |
c4476c |
char *name = 0;
|
|
Packit |
c4476c |
char *header = 0;
|
|
Packit |
c4476c |
unsigned char *data = 0;
|
|
Packit |
c4476c |
long len;
|
|
Packit |
c4476c |
typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
|
|
Packit |
c4476c |
typedef int (*i2d_X509_t)(X509 *, unsigned char **);
|
|
Packit |
c4476c |
int err = 0;
|
|
Packit |
c4476c |
BIO *fp = BIO_new_file(test_get_argument(num), "r");
|
|
Packit |
c4476c |
X509 *reuse = NULL;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (!TEST_ptr(fp))
|
|
Packit |
c4476c |
return 0;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len;; ++c) {
|
|
Packit |
c4476c |
const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
|
|
Packit |
c4476c |
i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
|
|
Packit |
c4476c |
X509 *cert = NULL;
|
|
Packit |
c4476c |
const unsigned char *p = data;
|
|
Packit |
c4476c |
unsigned char *buf = NULL;
|
|
Packit |
c4476c |
unsigned char *bufp;
|
|
Packit |
c4476c |
long enclen;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (!trusted
|
|
Packit |
c4476c |
&& strcmp(name, PEM_STRING_X509) != 0
|
|
Packit |
c4476c |
&& strcmp(name, PEM_STRING_X509_OLD) != 0) {
|
|
Packit |
c4476c |
TEST_error("unexpected PEM object: %s", name);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
cert = d2i(NULL, &p, len);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (cert == NULL || (p - data) != len) {
|
|
Packit |
c4476c |
TEST_error("error parsing input %s", name);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* Test traditional 2-pass encoding into caller allocated buffer */
|
|
Packit |
c4476c |
enclen = i2d(cert, NULL);
|
|
Packit |
c4476c |
if (len != enclen) {
|
|
Packit |
c4476c |
TEST_error("encoded length %ld of %s != input length %ld",
|
|
Packit |
c4476c |
enclen, name, len);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
|
|
Packit |
c4476c |
TEST_perror("malloc");
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
enclen = i2d(cert, &bufp);
|
|
Packit |
c4476c |
if (len != enclen) {
|
|
Packit |
c4476c |
TEST_error("encoded length %ld of %s != input length %ld",
|
|
Packit |
c4476c |
enclen, name, len);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
enclen = (long) (bufp - buf);
|
|
Packit |
c4476c |
if (enclen != len) {
|
|
Packit |
c4476c |
TEST_error("unexpected buffer position after encoding %s", name);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
if (memcmp(buf, data, len) != 0) {
|
|
Packit |
c4476c |
TEST_error("encoded content of %s does not match input", name);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
p = buf;
|
|
Packit |
c4476c |
reuse = d2i(&reuse, &p, enclen);
|
|
Packit |
c4476c |
if (reuse == NULL || X509_cmp (reuse, cert)) {
|
|
Packit |
c4476c |
TEST_error("X509_cmp does not work with %s", name);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
OPENSSL_free(buf);
|
|
Packit |
c4476c |
buf = NULL;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* Test 1-pass encoding into library allocated buffer */
|
|
Packit |
c4476c |
enclen = i2d(cert, &buf;;
|
|
Packit |
c4476c |
if (len != enclen) {
|
|
Packit |
c4476c |
TEST_error("encoded length %ld of %s != input length %ld",
|
|
Packit |
c4476c |
enclen, name, len);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
if (memcmp(buf, data, len) != 0) {
|
|
Packit |
c4476c |
TEST_error("encoded content of %s does not match input", name);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (trusted) {
|
|
Packit |
c4476c |
/* Encode just the cert and compare with initial encoding */
|
|
Packit |
c4476c |
OPENSSL_free(buf);
|
|
Packit |
c4476c |
buf = NULL;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* Test 1-pass encoding into library allocated buffer */
|
|
Packit |
c4476c |
enclen = i2d(cert, &buf;;
|
|
Packit |
c4476c |
if (enclen > len) {
|
|
Packit |
c4476c |
TEST_error("encoded length %ld of %s > input length %ld",
|
|
Packit |
c4476c |
enclen, name, len);
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
if (memcmp(buf, data, enclen) != 0) {
|
|
Packit |
c4476c |
TEST_error("encoded cert content does not match input");
|
|
Packit |
c4476c |
err = 1;
|
|
Packit |
c4476c |
goto next;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/*
|
|
Packit |
c4476c |
* If any of these were null, PEM_read() would have failed.
|
|
Packit |
c4476c |
*/
|
|
Packit |
c4476c |
next:
|
|
Packit |
c4476c |
X509_free(cert);
|
|
Packit |
c4476c |
OPENSSL_free(buf);
|
|
Packit |
c4476c |
OPENSSL_free(name);
|
|
Packit |
c4476c |
OPENSSL_free(header);
|
|
Packit |
c4476c |
OPENSSL_free(data);
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
BIO_free(fp);
|
|
Packit |
c4476c |
X509_free(reuse);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
|
|
Packit |
c4476c |
/* Reached end of PEM file */
|
|
Packit |
c4476c |
if (c > 0) {
|
|
Packit |
c4476c |
ERR_clear_error();
|
|
Packit |
c4476c |
return 1;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* Some other PEM read error */
|
|
Packit |
c4476c |
return 0;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int setup_tests(void)
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
size_t n = test_get_argument_count();
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
if (n == 0) {
|
|
Packit |
c4476c |
TEST_error("usage: %s certfile...", test_get_program_name());
|
|
Packit |
c4476c |
return 0;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
ADD_ALL_TESTS(test_certs, (int)n);
|
|
Packit |
c4476c |
return 1;
|
|
Packit |
c4476c |
}
|