x509aux.c 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. /*
  2. * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. * https://www.openssl.org/source/license.html
  8. * or in the file LICENSE in the source distribution.
  9. */
  10. #include <stdio.h>
  11. #include <string.h>
  12. #include <errno.h>
  13. #include <openssl/x509.h>
  14. #include <openssl/pem.h>
  15. #include <openssl/conf.h>
  16. #include <openssl/err.h>
  17. #include "internal/nelem.h"
  18. #include "testutil.h"
  19. static int test_certs(int num)
  20. {
  21. int c;
  22. char *name = 0;
  23. char *header = 0;
  24. unsigned char *data = 0;
  25. long len;
  26. typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
  27. typedef int (*i2d_X509_t)(const X509 *, unsigned char **);
  28. int err = 0;
  29. BIO *fp = BIO_new_file(test_get_argument(num), "r");
  30. if (!TEST_ptr(fp))
  31. return 0;
  32. for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) {
  33. const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0);
  34. d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
  35. i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
  36. X509 *cert = NULL;
  37. X509 *reuse = NULL;
  38. const unsigned char *p = data;
  39. unsigned char *buf = NULL;
  40. unsigned char *bufp;
  41. long enclen;
  42. if (!trusted
  43. && strcmp(name, PEM_STRING_X509) != 0
  44. && strcmp(name, PEM_STRING_X509_OLD) != 0) {
  45. TEST_error("unexpected PEM object: %s", name);
  46. err = 1;
  47. goto next;
  48. }
  49. cert = d2i(NULL, &p, len);
  50. if (cert == NULL || (p - data) != len) {
  51. TEST_error("error parsing input %s", name);
  52. err = 1;
  53. goto next;
  54. }
  55. /* Test traditional 2-pass encoding into caller allocated buffer */
  56. enclen = i2d(cert, NULL);
  57. if (len != enclen) {
  58. TEST_error("encoded length %ld of %s != input length %ld",
  59. enclen, name, len);
  60. err = 1;
  61. goto next;
  62. }
  63. if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
  64. TEST_perror("malloc");
  65. err = 1;
  66. goto next;
  67. }
  68. enclen = i2d(cert, &bufp);
  69. if (len != enclen) {
  70. TEST_error("encoded length %ld of %s != input length %ld",
  71. enclen, name, len);
  72. err = 1;
  73. goto next;
  74. }
  75. enclen = (long) (bufp - buf);
  76. if (enclen != len) {
  77. TEST_error("unexpected buffer position after encoding %s", name);
  78. err = 1;
  79. goto next;
  80. }
  81. if (memcmp(buf, data, len) != 0) {
  82. TEST_error("encoded content of %s does not match input", name);
  83. err = 1;
  84. goto next;
  85. }
  86. p = buf;
  87. reuse = d2i(NULL, &p, enclen);
  88. if (reuse == NULL) {
  89. TEST_error("second d2i call failed for %s", name);
  90. err = 1;
  91. goto next;
  92. }
  93. err = X509_cmp(reuse, cert);
  94. if (err != 0) {
  95. TEST_error("X509_cmp for %s resulted in %d", name, err);
  96. err = 1;
  97. goto next;
  98. }
  99. OPENSSL_free(buf);
  100. buf = NULL;
  101. /* Test 1-pass encoding into library allocated buffer */
  102. enclen = i2d(cert, &buf);
  103. if (len != enclen) {
  104. TEST_error("encoded length %ld of %s != input length %ld",
  105. enclen, name, len);
  106. err = 1;
  107. goto next;
  108. }
  109. if (memcmp(buf, data, len) != 0) {
  110. TEST_error("encoded content of %s does not match input", name);
  111. err = 1;
  112. goto next;
  113. }
  114. if (trusted) {
  115. /* Encode just the cert and compare with initial encoding */
  116. OPENSSL_free(buf);
  117. buf = NULL;
  118. /* Test 1-pass encoding into library allocated buffer */
  119. enclen = i2d(cert, &buf);
  120. if (enclen > len) {
  121. TEST_error("encoded length %ld of %s > input length %ld",
  122. enclen, name, len);
  123. err = 1;
  124. goto next;
  125. }
  126. if (memcmp(buf, data, enclen) != 0) {
  127. TEST_error("encoded cert content does not match input");
  128. err = 1;
  129. goto next;
  130. }
  131. }
  132. /*
  133. * If any of these were null, PEM_read() would have failed.
  134. */
  135. next:
  136. X509_free(cert);
  137. X509_free(reuse);
  138. OPENSSL_free(buf);
  139. OPENSSL_free(name);
  140. OPENSSL_free(header);
  141. OPENSSL_free(data);
  142. }
  143. BIO_free(fp);
  144. if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
  145. /* Reached end of PEM file */
  146. if (c > 0) {
  147. ERR_clear_error();
  148. return 1;
  149. }
  150. }
  151. /* Some other PEM read error */
  152. return 0;
  153. }
  154. OPT_TEST_DECLARE_USAGE("certfile...\n")
  155. int setup_tests(void)
  156. {
  157. size_t n;
  158. if (!test_skip_common_options()) {
  159. TEST_error("Error parsing test options\n");
  160. return 0;
  161. }
  162. n = test_get_argument_count();
  163. if (n == 0)
  164. return 0;
  165. ADD_ALL_TESTS(test_certs, (int)n);
  166. return 1;
  167. }