| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | /* | 
|  | 2 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | 
|  | 3 | * | 
|  | 4 | * Licensed under the OpenSSL licenses, (the "License"); | 
|  | 5 | * you may not use this file except in compliance with the License. | 
|  | 6 | * You may obtain a copy of the License at | 
|  | 7 | * https://www.openssl.org/source/license.html | 
|  | 8 | * or in the file LICENSE in the source distribution. | 
|  | 9 | */ | 
|  | 10 |  | 
|  | 11 | #include <stdio.h> | 
|  | 12 | #include <string.h> | 
|  | 13 | #include <errno.h> | 
|  | 14 |  | 
|  | 15 | #include <openssl/x509.h> | 
|  | 16 | #include <openssl/pem.h> | 
|  | 17 | #include <openssl/conf.h> | 
|  | 18 | #include <openssl/err.h> | 
|  | 19 | #include "internal/nelem.h" | 
|  | 20 | #include "testutil.h" | 
|  | 21 |  | 
|  | 22 | static int test_certs(int num) | 
|  | 23 | { | 
|  | 24 | int c; | 
|  | 25 | char *name = 0; | 
|  | 26 | char *header = 0; | 
|  | 27 | unsigned char *data = 0; | 
|  | 28 | long len; | 
|  | 29 | typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); | 
|  | 30 | typedef int (*i2d_X509_t)(X509 *, unsigned char **); | 
|  | 31 | int err = 0; | 
|  | 32 | BIO *fp = BIO_new_file(test_get_argument(num), "r"); | 
|  | 33 |  | 
|  | 34 | if (!TEST_ptr(fp)) | 
|  | 35 | return 0; | 
|  | 36 |  | 
|  | 37 | for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) { | 
|  | 38 | const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0); | 
|  | 39 | d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509; | 
|  | 40 | i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509; | 
|  | 41 | X509 *cert = NULL; | 
|  | 42 | X509 *reuse = NULL; | 
|  | 43 | const unsigned char *p = data; | 
|  | 44 | unsigned char *buf = NULL; | 
|  | 45 | unsigned char *bufp; | 
|  | 46 | long enclen; | 
|  | 47 |  | 
|  | 48 | if (!trusted | 
|  | 49 | && strcmp(name, PEM_STRING_X509) != 0 | 
|  | 50 | && strcmp(name, PEM_STRING_X509_OLD) != 0) { | 
|  | 51 | TEST_error("unexpected PEM object: %s", name); | 
|  | 52 | err = 1; | 
|  | 53 | goto next; | 
|  | 54 | } | 
|  | 55 | cert = d2i(NULL, &p, len); | 
|  | 56 |  | 
|  | 57 | if (cert == NULL || (p - data) != len) { | 
|  | 58 | TEST_error("error parsing input %s", name); | 
|  | 59 | err = 1; | 
|  | 60 | goto next; | 
|  | 61 | } | 
|  | 62 |  | 
|  | 63 | /* Test traditional 2-pass encoding into caller allocated buffer */ | 
|  | 64 | enclen = i2d(cert, NULL); | 
|  | 65 | if (len != enclen) { | 
|  | 66 | TEST_error("encoded length %ld of %s != input length %ld", | 
|  | 67 | enclen, name, len); | 
|  | 68 | err = 1; | 
|  | 69 | goto next; | 
|  | 70 | } | 
|  | 71 | if ((buf = bufp = OPENSSL_malloc(len)) == NULL) { | 
|  | 72 | TEST_perror("malloc"); | 
|  | 73 | err = 1; | 
|  | 74 | goto next; | 
|  | 75 | } | 
|  | 76 | enclen = i2d(cert, &bufp); | 
|  | 77 | if (len != enclen) { | 
|  | 78 | TEST_error("encoded length %ld of %s != input length %ld", | 
|  | 79 | enclen, name, len); | 
|  | 80 | err = 1; | 
|  | 81 | goto next; | 
|  | 82 | } | 
|  | 83 | enclen = (long) (bufp - buf); | 
|  | 84 | if (enclen != len) { | 
|  | 85 | TEST_error("unexpected buffer position after encoding %s", name); | 
|  | 86 | err = 1; | 
|  | 87 | goto next; | 
|  | 88 | } | 
|  | 89 | if (memcmp(buf, data, len) != 0) { | 
|  | 90 | TEST_error("encoded content of %s does not match input", name); | 
|  | 91 | err = 1; | 
|  | 92 | goto next; | 
|  | 93 | } | 
|  | 94 | p = buf; | 
|  | 95 | reuse = d2i(NULL, &p, enclen); | 
|  | 96 | if (reuse == NULL) { | 
|  | 97 | TEST_error("second d2i call failed for %s", name); | 
|  | 98 | err = 1; | 
|  | 99 | goto next; | 
|  | 100 | } | 
|  | 101 | err = X509_cmp(reuse, cert); | 
|  | 102 | if (err != 0) { | 
|  | 103 | TEST_error("X509_cmp for %s resulted in %d", name, err); | 
|  | 104 | err = 1; | 
|  | 105 | goto next; | 
|  | 106 | } | 
|  | 107 | OPENSSL_free(buf); | 
|  | 108 | buf = NULL; | 
|  | 109 |  | 
|  | 110 | /* Test 1-pass encoding into library allocated buffer */ | 
|  | 111 | enclen = i2d(cert, &buf); | 
|  | 112 | if (len != enclen) { | 
|  | 113 | TEST_error("encoded length %ld of %s != input length %ld", | 
|  | 114 | enclen, name, len); | 
|  | 115 | err = 1; | 
|  | 116 | goto next; | 
|  | 117 | } | 
|  | 118 | if (memcmp(buf, data, len) != 0) { | 
|  | 119 | TEST_error("encoded content of %s does not match input", name); | 
|  | 120 | err = 1; | 
|  | 121 | goto next; | 
|  | 122 | } | 
|  | 123 |  | 
|  | 124 | if (trusted) { | 
|  | 125 | /* Encode just the cert and compare with initial encoding */ | 
|  | 126 | OPENSSL_free(buf); | 
|  | 127 | buf = NULL; | 
|  | 128 |  | 
|  | 129 | /* Test 1-pass encoding into library allocated buffer */ | 
|  | 130 | enclen = i2d(cert, &buf); | 
|  | 131 | if (enclen > len) { | 
|  | 132 | TEST_error("encoded length %ld of %s > input length %ld", | 
|  | 133 | enclen, name, len); | 
|  | 134 | err = 1; | 
|  | 135 | goto next; | 
|  | 136 | } | 
|  | 137 | if (memcmp(buf, data, enclen) != 0) { | 
|  | 138 | TEST_error("encoded cert content does not match input"); | 
|  | 139 | err = 1; | 
|  | 140 | goto next; | 
|  | 141 | } | 
|  | 142 | } | 
|  | 143 |  | 
|  | 144 | /* | 
|  | 145 | * If any of these were null, PEM_read() would have failed. | 
|  | 146 | */ | 
|  | 147 | next: | 
|  | 148 | X509_free(cert); | 
|  | 149 | X509_free(reuse); | 
|  | 150 | OPENSSL_free(buf); | 
|  | 151 | OPENSSL_free(name); | 
|  | 152 | OPENSSL_free(header); | 
|  | 153 | OPENSSL_free(data); | 
|  | 154 | } | 
|  | 155 | BIO_free(fp); | 
|  | 156 |  | 
|  | 157 | if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { | 
|  | 158 | /* Reached end of PEM file */ | 
|  | 159 | if (c > 0) { | 
|  | 160 | ERR_clear_error(); | 
|  | 161 | return 1; | 
|  | 162 | } | 
|  | 163 | } | 
|  | 164 |  | 
|  | 165 | /* Some other PEM read error */ | 
|  | 166 | return 0; | 
|  | 167 | } | 
|  | 168 |  | 
|  | 169 | int setup_tests(void) | 
|  | 170 | { | 
|  | 171 | size_t n = test_get_argument_count(); | 
|  | 172 |  | 
|  | 173 | if (n == 0) { | 
|  | 174 | TEST_error("usage: %s certfile...", test_get_program_name()); | 
|  | 175 | return 0; | 
|  | 176 | } | 
|  | 177 |  | 
|  | 178 | ADD_ALL_TESTS(test_certs, (int)n); | 
|  | 179 | return 1; | 
|  | 180 | } |