[thirdparty/openssl.git] / test / algorithmid_test.c

/*
 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/asn1.h>
#include <openssl/pem.h>
#include "internal/sizes.h"
#include "crypto/evp.h"
#include "testutil.h"

/* Collected arguments */
static const char *eecert_filename = NULL;  /* For test_x509_file() */
static const char *cacert_filename = NULL;  /* For test_x509_file() */
static const char *pubkey_filename = NULL;  /* For test_spki_file() */

#define ALGORITHMID_NAME "algorithm-id"

static int test_spki_aid(X509_PUBKEY *pubkey, const char *filename)
{
    const ASN1_OBJECT *oid;
    X509_ALGOR *alg = NULL;
    EVP_PKEY *pkey = NULL;
    EVP_KEYMGMT *keymgmt = NULL;
    void *keydata = NULL;
    char name[OSSL_MAX_NAME_SIZE] = "";
    unsigned char *algid_legacy = NULL;
    int algid_legacy_len = 0;
    static unsigned char algid_prov[OSSL_MAX_ALGORITHM_ID_SIZE];
    size_t algid_prov_len = 0;
    const OSSL_PARAM *gettable_params = NULL;
    OSSL_PARAM params[] = {
        OSSL_PARAM_octet_string(ALGORITHMID_NAME,
                                &algid_prov, sizeof(algid_prov)),
        OSSL_PARAM_END
    };
    int ret = 0;

    if (!TEST_true(X509_PUBKEY_get0_param(NULL, NULL, NULL, &alg, pubkey))
        || !TEST_ptr(pkey = X509_PUBKEY_get0(pubkey)))
        goto end;

    if (!TEST_int_ge(algid_legacy_len = i2d_X509_ALGOR(alg, &algid_legacy), 0))
        goto end;

    X509_ALGOR_get0(&oid, NULL, NULL, alg);
    if (!TEST_true(OBJ_obj2txt(name, sizeof(name), oid, 0)))
        goto end;

    /*
     * We use an internal functions to ensure we have a provided key.
     * Note that |keydata| should not be freed, as it's cached in |pkey|.
     * The |keymgmt|, however, should, as its reference count is incremented
     * in this function.
     */
    if ((keydata = evp_pkey_export_to_provider(pkey, NULL,
                                               &keymgmt, NULL)) == NULL) {
        TEST_info("The public key found in '%s' doesn't have provider support."
                  "  Skipping...",
                  filename);
        ret = 1;
        goto end;
    }

    if (!TEST_true(EVP_KEYMGMT_is_a(keymgmt, name))) {
        TEST_info("The AlgorithmID key type (%s) for the public key found in"
                  " '%s' doesn't match the key type of the extracted public"
                  " key.",
                  name, filename);
        ret = 1;
        goto end;
    }

    if (!TEST_ptr(gettable_params = EVP_KEYMGMT_gettable_params(keymgmt))
        || !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) {
        TEST_info("The %s provider keymgmt appears to lack support for algorithm-id."
                  "  Skipping...",
                  name);
        ret = 1;
        goto end;
    }

    algid_prov[0] = '\0';
    if (!TEST_true(evp_keymgmt_get_params(keymgmt, keydata, params)))
        goto end;
    algid_prov_len = params[0].return_size;

    /* We now have all the algorithm IDs we need, let's compare them */
    if (TEST_mem_eq(algid_legacy, algid_legacy_len,
                    algid_prov, algid_prov_len))
        ret = 1;

 end:
    EVP_KEYMGMT_free(keymgmt);
    OPENSSL_free(algid_legacy);
    return ret;
}

static int test_x509_spki_aid(X509 *cert, const char *filename)
{
    X509_PUBKEY *pubkey = X509_get_X509_PUBKEY(cert);

    return test_spki_aid(pubkey, filename);
}

/*
 * TODO
 * When we gain the ability to get an EVP_SIGNATURE with a complete signature
 * algorithm name (like "sha1WithRSAEncryption" or its corresponding OID in
 * text form, "1.2.840.113549.1.1.2"), we won't have to limit this test to
 * what we have in libcrypto's cross-reference db, i.e. won't have to call
 * OBJ_find_sigid_algs() to find out the EVP_PKEY_METHOD NID any more.
 * All we'd have to do is used OBJ_obj2txt() on an ASN1_OBJECT and pass the
 * result.
 */
static int test_x509_sig_aid(X509 *eecert, const char *ee_filename,
                             X509 *cacert, const char *ca_filename)
{
    const ASN1_OBJECT *sig_oid = NULL;
    const X509_ALGOR *alg = NULL;
    int sig_nid = NID_undef, dig_nid = NID_undef, pkey_nid = NID_undef;
    EVP_MD_CTX *mdctx = NULL;
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
    unsigned char *algid_legacy = NULL;
    int algid_legacy_len = 0;
    static unsigned char algid_prov[OSSL_MAX_ALGORITHM_ID_SIZE];
    size_t algid_prov_len = 0;
    const OSSL_PARAM *gettable_params = NULL;
    OSSL_PARAM params[] = {
        OSSL_PARAM_octet_string("algorithm-id",
                                &algid_prov, sizeof(algid_prov)),
        OSSL_PARAM_END
    };
    int ret = 0;

    X509_get0_signature(NULL, &alg, eecert);
    X509_ALGOR_get0(&sig_oid, NULL, NULL, alg);
    if (!TEST_int_eq(X509_ALGOR_cmp(alg, X509_get0_tbs_sigalg(eecert)), 0))
        goto end;
    if (!TEST_int_ne(sig_nid = OBJ_obj2nid(sig_oid), NID_undef)
        || !TEST_true(OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid))
        || !TEST_ptr(pkey = X509_get0_pubkey(cacert)))
        goto end;

    if (!TEST_true(EVP_PKEY_is_a(pkey, OBJ_nid2sn(pkey_nid)))) {
        TEST_info("The '%s' pubkey can't be used to verify the '%s' signature",
                  ca_filename, ee_filename);
        TEST_info("Signature algorithm is %s (pkey type %s, hash type %s)",
                  OBJ_nid2sn(sig_nid), OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid));
        TEST_info("Pkey key type is %s", EVP_PKEY_get0_type_name(pkey));
        goto end;
    }

    if (!TEST_int_ge(algid_legacy_len = i2d_X509_ALGOR(alg, &algid_legacy), 0))
        goto end;

    if (!TEST_ptr(mdctx = EVP_MD_CTX_new())
        || !TEST_true(EVP_DigestVerifyInit_ex(mdctx, &pctx,
                                              OBJ_nid2sn(dig_nid),
                                              NULL, NULL, pkey, NULL))) {
        TEST_info("Couldn't initialize a DigestVerify operation with "
                  "pkey type %s and hash type %s",
                  OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid));
        goto end;
    }

    if (!TEST_ptr(gettable_params = EVP_PKEY_CTX_gettable_params(pctx))
        || !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) {
        TEST_info("The %s provider keymgmt appears to lack support for algorithm-id"
                  "  Skipping...",
                  OBJ_nid2sn(pkey_nid));
        ret = 1;
        goto end;
    }

    algid_prov[0] = '\0';
    if (!TEST_true(EVP_PKEY_CTX_get_params(pctx, params)))
        goto end;
    algid_prov_len = params[0].return_size;

    /* We now have all the algorithm IDs we need, let's compare them */
    if (TEST_mem_eq(algid_legacy, algid_legacy_len,
                    algid_prov, algid_prov_len))
        ret = 1;

 end:
    EVP_MD_CTX_free(mdctx);
    /* pctx is free by EVP_MD_CTX_free() */
    OPENSSL_free(algid_legacy);
    return ret;
}

static int test_spki_file(void)
{
    X509_PUBKEY *pubkey = NULL;
    BIO *b = BIO_new_file(pubkey_filename, "r");
    int ret = 0;

    if (b == NULL) {
        TEST_error("Couldn't open '%s' for reading\n", pubkey_filename);
        TEST_openssl_errors();
        goto end;
    }

    if ((pubkey = PEM_read_bio_X509_PUBKEY(b, NULL, NULL, NULL)) == NULL) {
        TEST_error("'%s' doesn't appear to be a SubjectPublicKeyInfo in PEM format\n",
                   pubkey_filename);
        TEST_openssl_errors();
        goto end;
    }

    ret = test_spki_aid(pubkey, pubkey_filename);
 end:
    BIO_free(b);
    X509_PUBKEY_free(pubkey);
    return ret;
}

static int test_x509_files(void)
{
    X509 *eecert = NULL, *cacert = NULL;
    BIO *bee = NULL, *bca = NULL;
    int ret = 0;

    if ((bee = BIO_new_file(eecert_filename, "r")) == NULL) {
        TEST_error("Couldn't open '%s' for reading\n", eecert_filename);
        TEST_openssl_errors();
        goto end;
    }
    if ((bca = BIO_new_file(cacert_filename, "r")) == NULL) {
        TEST_error("Couldn't open '%s' for reading\n", cacert_filename);
        TEST_openssl_errors();
        goto end;
    }

    if ((eecert = PEM_read_bio_X509(bee, NULL, NULL, NULL)) == NULL) {
        TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
                   eecert_filename);
        TEST_openssl_errors();
        goto end;
    }
    if ((cacert = PEM_read_bio_X509(bca, NULL, NULL, NULL)) == NULL) {
        TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
                   cacert_filename);
        TEST_openssl_errors();
        goto end;
    }

    ret = test_x509_sig_aid(eecert, eecert_filename, cacert, cacert_filename)
        & test_x509_spki_aid(eecert, eecert_filename)
        & test_x509_spki_aid(cacert, cacert_filename);
 end:
    BIO_free(bee);
    BIO_free(bca);
    X509_free(eecert);
    X509_free(cacert);
    return ret;
}

typedef enum OPTION_choice {
    OPT_ERR = -1,
    OPT_EOF = 0,
    OPT_X509,
    OPT_SPKI,
    OPT_TEST_ENUM
} OPTION_CHOICE;

const OPTIONS *test_get_options(void)
{
    static const OPTIONS test_options[] = {
        OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file...\n"),
        { "x509", OPT_X509, '-', "Test X.509 certificates.  Requires two files" },
        { "spki", OPT_SPKI, '-', "Test public keys in SubjectPublicKeyInfo form.  Requires one file" },
        { OPT_HELP_STR, 1, '-',
          "file...\tFile(s) to run tests on.  All files must be PEM encoded.\n" },
        { NULL }
    };
    return test_options;
}

int setup_tests(void)
{
    OPTION_CHOICE o;
    int n, x509 = 0, spki = 0, testcount = 0;

    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_X509:
            x509 = 1;
            break;
        case OPT_SPKI:
            spki = 1;
            break;
        case OPT_TEST_CASES:
           break;
        default:
        case OPT_ERR:
            return 0;
        }
    }

    /* |testcount| adds all the given test types together */
    testcount = x509 + spki;

    if (testcount < 1)
        BIO_printf(bio_err, "No test type given\n");
    else if (testcount > 1)
        BIO_printf(bio_err, "Only one test type may be given\n");
    if (testcount != 1)
        return 0;

    n = test_get_argument_count();
    if (spki && n == 1) {
        pubkey_filename = test_get_argument(0);
    } else if (x509 && n == 2) {
        eecert_filename = test_get_argument(0);
        cacert_filename = test_get_argument(1);
    }

    if (spki && pubkey_filename == NULL) {
        BIO_printf(bio_err, "Missing -spki argument\n");
        return 0;
    } else if (x509 && (eecert_filename == NULL || cacert_filename == NULL)) {
        BIO_printf(bio_err, "Missing -x509 argument(s)\n");
        return 0;
    }

    if (x509)
        ADD_TEST(test_x509_files);
    if (spki)
        ADD_TEST(test_spki_file);
    return 1;
}
Commit	Line	Data
388eb0d9 RL	1	/*
	2	* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/asn1.h>
	11	#include <openssl/pem.h>
	12	#include "internal/sizes.h"
	13	#include "crypto/evp.h"
	14	#include "testutil.h"
	15
	16	/* Collected arguments */
	17	static const char eecert_filename = NULL; / For test_x509_file() */
	18	static const char cacert_filename = NULL; / For test_x509_file() */
	19	static const char pubkey_filename = NULL; / For test_spki_file() */
	20
	21	#define ALGORITHMID_NAME "algorithm-id"
	22
	23	static int test_spki_aid(X509_PUBKEY pubkey, const char filename)
	24	{
	25	const ASN1_OBJECT *oid;
	26	X509_ALGOR *alg = NULL;
	27	EVP_PKEY *pkey = NULL;
	28	EVP_KEYMGMT *keymgmt = NULL;
	29	void *keydata = NULL;
	30	char name[OSSL_MAX_NAME_SIZE] = "";
	31	unsigned char *algid_legacy = NULL;
	32	int algid_legacy_len = 0;
	33	static unsigned char algid_prov[OSSL_MAX_ALGORITHM_ID_SIZE];
	34	size_t algid_prov_len = 0;
	35	const OSSL_PARAM *gettable_params = NULL;
	36	OSSL_PARAM params[] = {
	37	OSSL_PARAM_octet_string(ALGORITHMID_NAME,
	38	&algid_prov, sizeof(algid_prov)),
	39	OSSL_PARAM_END
	40	};
	41	int ret = 0;
	42
	43	if (!TEST_true(X509_PUBKEY_get0_param(NULL, NULL, NULL, &alg, pubkey))
	44	\|\| !TEST_ptr(pkey = X509_PUBKEY_get0(pubkey)))
	45	goto end;
	46
	47	if (!TEST_int_ge(algid_legacy_len = i2d_X509_ALGOR(alg, &algid_legacy), 0))
	48	goto end;
	49
	50	X509_ALGOR_get0(&oid, NULL, NULL, alg);
	51	if (!TEST_true(OBJ_obj2txt(name, sizeof(name), oid, 0)))
	52	goto end;
	53
	54	/*
	55	* We use an internal functions to ensure we have a provided key.
	56	* Note that \|keydata\| should not be freed, as it's cached in \|pkey\|.
	57	* The \|keymgmt\|, however, should, as its reference count is incremented
	58	* in this function.
	59	*/
	60	if ((keydata = evp_pkey_export_to_provider(pkey, NULL,
	61	&keymgmt, NULL)) == NULL) {
	62	TEST_info("The public key found in '%s' doesn't have provider support."
	63	" Skipping...",
	64	filename);
65	ret = 1;
66	goto end;
67	}
68
69	if (!TEST_true(EVP_KEYMGMT_is_a(keymgmt, name))) {
70	TEST_info("The AlgorithmID key type (%s) for the public key found in"
71	" '%s' doesn't match the key type of the extracted public"
72	" key.",
73	name, filename);
74	ret = 1;
75	goto end;
76	}
77
78	if (!TEST_ptr(gettable_params = EVP_KEYMGMT_gettable_params(keymgmt))
79	\|\| !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) {
80	TEST_info("The %s provider keymgmt appears to lack support for algorithm-id."
81	" Skipping...",
82	name);
83	ret = 1;
84	goto end;
85	}
86
87	algid_prov[0] = '\0';
88	if (!TEST_true(evp_keymgmt_get_params(keymgmt, keydata, params)))
89	goto end;
90	algid_prov_len = params[0].return_size;
91
92	/* We now have all the algorithm IDs we need, let's compare them */
93	if (TEST_mem_eq(algid_legacy, algid_legacy_len,
94	algid_prov, algid_prov_len))
95	ret = 1;
96
97	end:
98	EVP_KEYMGMT_free(keymgmt);
99	OPENSSL_free(algid_legacy);
100	return ret;
101	}
102
103	static int test_x509_spki_aid(X509 cert, const char filename)
104	{
105	X509_PUBKEY *pubkey = X509_get_X509_PUBKEY(cert);
106
107	return test_spki_aid(pubkey, filename);
108	}
109
110	/*
111	* TODO
112	* When we gain the ability to get an EVP_SIGNATURE with a complete signature
113	* algorithm name (like "sha1WithRSAEncryption" or its corresponding OID in
114	* text form, "1.2.840.113549.1.1.2"), we won't have to limit this test to
115	* what we have in libcrypto's cross-reference db, i.e. won't have to call
116	* OBJ_find_sigid_algs() to find out the EVP_PKEY_METHOD NID any more.
117	* All we'd have to do is used OBJ_obj2txt() on an ASN1_OBJECT and pass the
118	* result.
119	*/
120	static int test_x509_sig_aid(X509 eecert, const char ee_filename,
121	X509 cacert, const char ca_filename)
122	{
123	const ASN1_OBJECT *sig_oid = NULL;
124	const X509_ALGOR *alg = NULL;
125	int sig_nid = NID_undef, dig_nid = NID_undef, pkey_nid = NID_undef;
126	EVP_MD_CTX *mdctx = NULL;
127	EVP_PKEY_CTX *pctx = NULL;
128	EVP_PKEY *pkey = NULL;
129	unsigned char *algid_legacy = NULL;
130	int algid_legacy_len = 0;
131	static unsigned char algid_prov[OSSL_MAX_ALGORITHM_ID_SIZE];
132	size_t algid_prov_len = 0;
133	const OSSL_PARAM *gettable_params = NULL;
134	OSSL_PARAM params[] = {
135	OSSL_PARAM_octet_string("algorithm-id",
136	&algid_prov, sizeof(algid_prov)),
137	OSSL_PARAM_END
138	};
139	int ret = 0;
140
141	X509_get0_signature(NULL, &alg, eecert);
142	X509_ALGOR_get0(&sig_oid, NULL, NULL, alg);
143	if (!TEST_int_eq(X509_ALGOR_cmp(alg, X509_get0_tbs_sigalg(eecert)), 0))
144	goto end;
145	if (!TEST_int_ne(sig_nid = OBJ_obj2nid(sig_oid), NID_undef)
146	\|\| !TEST_true(OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid))
147	\|\| !TEST_ptr(pkey = X509_get0_pubkey(cacert)))
148	goto end;
149
150	if (!TEST_true(EVP_PKEY_is_a(pkey, OBJ_nid2sn(pkey_nid)))) {
151	TEST_info("The '%s' pubkey can't be used to verify the '%s' signature",
152	ca_filename, ee_filename);
153	TEST_info("Signature algorithm is %s (pkey type %s, hash type %s)",
154	OBJ_nid2sn(sig_nid), OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid));
ddf0d149	155	TEST_info("Pkey key type is %s", EVP_PKEY_get0_type_name(pkey));
388eb0d9 RL	156	goto end;
	157	}
	158
	159	if (!TEST_int_ge(algid_legacy_len = i2d_X509_ALGOR(alg, &algid_legacy), 0))
	160	goto end;
	161
	162	if (!TEST_ptr(mdctx = EVP_MD_CTX_new())
	163	\|\| !TEST_true(EVP_DigestVerifyInit_ex(mdctx, &pctx,
	164	OBJ_nid2sn(dig_nid),
af6171b3	165	NULL, NULL, pkey, NULL))) {
388eb0d9 RL	166	TEST_info("Couldn't initialize a DigestVerify operation with "
	167	"pkey type %s and hash type %s",
	168	OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid));
	169	goto end;
	170	}
	171
	172	if (!TEST_ptr(gettable_params = EVP_PKEY_CTX_gettable_params(pctx))
	173	\|\| !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) {
	174	TEST_info("The %s provider keymgmt appears to lack support for algorithm-id"
	175	" Skipping...",
	176	OBJ_nid2sn(pkey_nid));
	177	ret = 1;
	178	goto end;
	179	}
	180
	181	algid_prov[0] = '\0';
	182	if (!TEST_true(EVP_PKEY_CTX_get_params(pctx, params)))
	183	goto end;
	184	algid_prov_len = params[0].return_size;
	185
	186	/* We now have all the algorithm IDs we need, let's compare them */
	187	if (TEST_mem_eq(algid_legacy, algid_legacy_len,
	188	algid_prov, algid_prov_len))
	189	ret = 1;
	190
	191	end:
	192	EVP_MD_CTX_free(mdctx);
	193	/* pctx is free by EVP_MD_CTX_free() */
	194	OPENSSL_free(algid_legacy);
	195	return ret;
	196	}
	197
	198	static int test_spki_file(void)
	199	{
	200	X509_PUBKEY *pubkey = NULL;
	201	BIO *b = BIO_new_file(pubkey_filename, "r");
	202	int ret = 0;
	203
	204	if (b == NULL) {
	205	TEST_error("Couldn't open '%s' for reading\n", pubkey_filename);
	206	TEST_openssl_errors();
	207	goto end;
	208	}
	209
	210	if ((pubkey = PEM_read_bio_X509_PUBKEY(b, NULL, NULL, NULL)) == NULL) {
	211	TEST_error("'%s' doesn't appear to be a SubjectPublicKeyInfo in PEM format\n",
	212	pubkey_filename);
	213	TEST_openssl_errors();
	214	goto end;
	215	}
	216
	217	ret = test_spki_aid(pubkey, pubkey_filename);
	218	end:
	219	BIO_free(b);
	220	X509_PUBKEY_free(pubkey);
	221	return ret;
	222	}
	223
	224	static int test_x509_files(void)
	225	{
	226	X509 eecert = NULL, cacert = NULL;
	227	BIO bee = NULL, bca = NULL;
	228	int ret = 0;
	229
230	if ((bee = BIO_new_file(eecert_filename, "r")) == NULL) {
231	TEST_error("Couldn't open '%s' for reading\n", eecert_filename);
232	TEST_openssl_errors();
233	goto end;
234	}
235	if ((bca = BIO_new_file(cacert_filename, "r")) == NULL) {
236	TEST_error("Couldn't open '%s' for reading\n", cacert_filename);
237	TEST_openssl_errors();
238	goto end;
239	}
240
241	if ((eecert = PEM_read_bio_X509(bee, NULL, NULL, NULL)) == NULL) {
242	TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
243	eecert_filename);
244	TEST_openssl_errors();
245	goto end;
246	}
247	if ((cacert = PEM_read_bio_X509(bca, NULL, NULL, NULL)) == NULL) {
248	TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
249	cacert_filename);
250	TEST_openssl_errors();
251	goto end;
252	}
253
254	ret = test_x509_sig_aid(eecert, eecert_filename, cacert, cacert_filename)
255	& test_x509_spki_aid(eecert, eecert_filename)
256	& test_x509_spki_aid(cacert, cacert_filename);
257	end:
258	BIO_free(bee);
259	BIO_free(bca);
260	X509_free(eecert);
261	X509_free(cacert);
262	return ret;
263	}
264
265	typedef enum OPTION_choice {
266	OPT_ERR = -1,
267	OPT_EOF = 0,
268	OPT_X509,
269	OPT_SPKI,
270	OPT_TEST_ENUM
271	} OPTION_CHOICE;
272
273	const OPTIONS *test_get_options(void)
274	{
275	static const OPTIONS test_options[] = {
276	OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file...\n"),
277	{ "x509", OPT_X509, '-', "Test X.509 certificates. Requires two files" },
278	{ "spki", OPT_SPKI, '-', "Test public keys in SubjectPublicKeyInfo form. Requires one file" },
279	{ OPT_HELP_STR, 1, '-',
280	"file...\tFile(s) to run tests on. All files must be PEM encoded.\n" },
281	{ NULL }
282	};
283	return test_options;
284	}
285
286	int setup_tests(void)
287	{
288	OPTION_CHOICE o;
289	int n, x509 = 0, spki = 0, testcount = 0;
290
291	while ((o = opt_next()) != OPT_EOF) {
292	switch (o) {
293	case OPT_X509:
294	x509 = 1;
295	break;
296	case OPT_SPKI:
297	spki = 1;
298	break;
299	case OPT_TEST_CASES:
300	break;
301	default:
302	case OPT_ERR:
303	return 0;
304	}
305	}
306
307	/* \|testcount\| adds all the given test types together */
308	testcount = x509 + spki;
309
310	if (testcount < 1)
311	BIO_printf(bio_err, "No test type given\n");
312	else if (testcount > 1)
313	BIO_printf(bio_err, "Only one test type may be given\n");
314	if (testcount != 1)
315	return 0;
316
317	n = test_get_argument_count();
318	if (spki && n == 1) {
319	pubkey_filename = test_get_argument(0);
320	} else if (x509 && n == 2) {
321	eecert_filename = test_get_argument(0);
322	cacert_filename = test_get_argument(1);
323	}
324
325	if (spki && pubkey_filename == NULL) {
326	BIO_printf(bio_err, "Missing -spki argument\n");
327	return 0;
328	} else if (x509 && (eecert_filename == NULL \|\| cacert_filename == NULL)) {
329	BIO_printf(bio_err, "Missing -x509 argument(s)\n");
330	return 0;
331	}
332
333	if (x509)
334	ADD_TEST(test_x509_files);
335	if (spki)
336	ADD_TEST(test_spki_file);
337	return 1;
338	}