]>
Commit | Line | Data |
---|---|---|
27da1343 | 1 | /* |
556009c5 | 2 | * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. |
27da1343 | 3 | * |
909f1a2e | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
27da1343 BK |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | ||
12 | #include <openssl/opensslconf.h> | |
13 | #include <openssl/crypto.h> | |
14 | #include <openssl/ocsp.h> | |
15 | #include <openssl/x509.h> | |
16 | #include <openssl/asn1.h> | |
17 | #include <openssl/pem.h> | |
18 | ||
19 | #include "testutil.h" | |
20 | ||
21 | static const char *certstr; | |
22 | static const char *privkeystr; | |
23 | ||
cb091295 | 24 | #ifndef OPENSSL_NO_OCSP |
27da1343 BK |
25 | static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) |
26 | { | |
27 | BIO *certbio, *keybio; | |
28 | X509 *cert = NULL; | |
29 | EVP_PKEY *key = NULL; | |
30 | ||
31 | if (!TEST_ptr(certbio = BIO_new_file(certstr, "r"))) | |
32 | return 0; | |
33 | cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); | |
34 | BIO_free(certbio); | |
35 | if (!TEST_ptr(keybio = BIO_new_file(privkeystr, "r"))) | |
36 | goto end; | |
37 | key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); | |
38 | BIO_free(keybio); | |
39 | if (!TEST_ptr(cert) || !TEST_ptr(key)) | |
40 | goto end; | |
41 | *cert_out = cert; | |
42 | *key_out = key; | |
43 | return 1; | |
44 | end: | |
45 | X509_free(cert); | |
46 | EVP_PKEY_free(key); | |
47 | return 0; | |
48 | } | |
49 | ||
5b3accde F |
50 | static int get_cert(X509 **cert_out) |
51 | { | |
52 | BIO *certbio; | |
53 | X509 *cert = NULL; | |
54 | ||
55 | if (!TEST_ptr(certbio = BIO_new_file(certstr, "r"))) | |
56 | return 0; | |
57 | cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); | |
58 | BIO_free(certbio); | |
59 | if (!TEST_ptr(cert)) | |
60 | goto end; | |
61 | *cert_out = cert; | |
62 | return 1; | |
63 | end: | |
64 | X509_free(cert); | |
65 | return 0; | |
66 | } | |
67 | ||
27da1343 BK |
68 | static OCSP_BASICRESP *make_dummy_resp(void) |
69 | { | |
70 | const unsigned char namestr[] = "openssl.example.com"; | |
71 | unsigned char keybytes[128] = {7}; | |
72 | OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); | |
b6306d80 BK |
73 | OCSP_BASICRESP *bs_out = NULL; |
74 | OCSP_CERTID *cid = NULL; | |
27da1343 BK |
75 | ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL)); |
76 | ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200); | |
77 | X509_NAME *name = X509_NAME_new(); | |
78 | ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); | |
79 | ASN1_INTEGER *serial = ASN1_INTEGER_new(); | |
80 | ||
ea809510 | 81 | if (!TEST_ptr(name) |
82 | || !TEST_ptr(key) | |
83 | || !TEST_ptr(serial) | |
180c8d7a | 84 | || !TEST_true(X509_NAME_add_entry_by_NID(name, NID_commonName, |
85 | MBSTRING_ASC, | |
86 | namestr, -1, -1, 1)) | |
87 | || !TEST_true(ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))) | |
88 | || !TEST_true(ASN1_INTEGER_set_uint64(serial, (uint64_t)1))) | |
b6306d80 | 89 | goto err; |
27da1343 BK |
90 | cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); |
91 | if (!TEST_ptr(bs) | |
92 | || !TEST_ptr(thisupd) | |
93 | || !TEST_ptr(nextupd) | |
94 | || !TEST_ptr(cid) | |
95 | || !TEST_true(OCSP_basic_add1_status(bs, cid, | |
96 | V_OCSP_CERTSTATUS_UNKNOWN, | |
97 | 0, NULL, thisupd, nextupd))) | |
b6306d80 BK |
98 | goto err; |
99 | bs_out = bs; | |
100 | bs = NULL; | |
101 | err: | |
27da1343 BK |
102 | ASN1_TIME_free(thisupd); |
103 | ASN1_TIME_free(nextupd); | |
104 | ASN1_BIT_STRING_free(key); | |
105 | ASN1_INTEGER_free(serial); | |
106 | OCSP_CERTID_free(cid); | |
b6306d80 | 107 | OCSP_BASICRESP_free(bs); |
27da1343 | 108 | X509_NAME_free(name); |
b6306d80 | 109 | return bs_out; |
27da1343 BK |
110 | } |
111 | ||
27da1343 BK |
112 | static int test_resp_signer(void) |
113 | { | |
b6306d80 | 114 | OCSP_BASICRESP *bs = NULL; |
27da1343 BK |
115 | X509 *signer = NULL, *tmp; |
116 | EVP_PKEY *key = NULL; | |
b6306d80 BK |
117 | STACK_OF(X509) *extra_certs = NULL; |
118 | int ret = 0; | |
27da1343 BK |
119 | |
120 | /* | |
121 | * Test a response with no certs at all; get the signer from the | |
122 | * extra certs given to OCSP_resp_get0_signer(). | |
123 | */ | |
124 | bs = make_dummy_resp(); | |
125 | extra_certs = sk_X509_new_null(); | |
126 | if (!TEST_ptr(bs) | |
127 | || !TEST_ptr(extra_certs) | |
128 | || !TEST_true(get_cert_and_key(&signer, &key)) | |
129 | || !TEST_true(sk_X509_push(extra_certs, signer)) | |
130 | || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), | |
131 | NULL, OCSP_NOCERTS))) | |
b6306d80 | 132 | goto err; |
27da1343 BK |
133 | if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs)) |
134 | || !TEST_int_eq(X509_cmp(tmp, signer), 0)) | |
b6306d80 | 135 | goto err; |
27da1343 BK |
136 | OCSP_BASICRESP_free(bs); |
137 | ||
138 | /* Do it again but include the signer cert */ | |
139 | bs = make_dummy_resp(); | |
140 | tmp = NULL; | |
141 | if (!TEST_ptr(bs) | |
142 | || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), | |
143 | NULL, 0))) | |
b6306d80 | 144 | goto err; |
27da1343 BK |
145 | if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL)) |
146 | || !TEST_int_eq(X509_cmp(tmp, signer), 0)) | |
b6306d80 BK |
147 | goto err; |
148 | ret = 1; | |
149 | err: | |
27da1343 BK |
150 | OCSP_BASICRESP_free(bs); |
151 | sk_X509_free(extra_certs); | |
152 | X509_free(signer); | |
153 | EVP_PKEY_free(key); | |
b6306d80 | 154 | return ret; |
27da1343 | 155 | } |
5b3accde F |
156 | |
157 | static int test_access_description(int testcase) | |
158 | { | |
159 | ACCESS_DESCRIPTION *ad = ACCESS_DESCRIPTION_new(); | |
160 | int ret = 0; | |
161 | ||
162 | if (!TEST_ptr(ad)) | |
163 | goto err; | |
164 | ||
165 | switch (testcase) { | |
166 | case 0: /* no change */ | |
167 | break; | |
168 | case 1: /* check and release current location */ | |
169 | if (!TEST_ptr(ad->location)) | |
170 | goto err; | |
171 | GENERAL_NAME_free(ad->location); | |
172 | ad->location = NULL; | |
173 | break; | |
174 | case 2: /* replace current location */ | |
175 | GENERAL_NAME_free(ad->location); | |
176 | ad->location = GENERAL_NAME_new(); | |
177 | if (!TEST_ptr(ad->location)) | |
178 | goto err; | |
179 | break; | |
180 | } | |
181 | ACCESS_DESCRIPTION_free(ad); | |
182 | ret = 1; | |
183 | err: | |
184 | return ret; | |
185 | } | |
186 | ||
187 | static int test_ocsp_url_svcloc_new(void) | |
188 | { | |
8cc86b81 | 189 | static const char *urls[] = { |
5b3accde F |
190 | "www.openssl.org", |
191 | "www.openssl.net", | |
192 | NULL | |
193 | }; | |
194 | ||
195 | X509 *issuer = NULL; | |
bbaeadb0 | 196 | X509_EXTENSION *ext = NULL; |
5b3accde F |
197 | int ret = 0; |
198 | ||
199 | if (!TEST_true(get_cert(&issuer))) | |
200 | goto err; | |
201 | ||
202 | /* | |
203 | * Test calling this ocsp method to catch any memory leak | |
204 | */ | |
205 | ext = OCSP_url_svcloc_new(X509_get_issuer_name(issuer), urls); | |
206 | if (!TEST_ptr(ext)) | |
207 | goto err; | |
208 | ||
209 | X509_EXTENSION_free(ext); | |
210 | ret = 1; | |
211 | err: | |
212 | X509_free(issuer); | |
213 | return ret; | |
214 | } | |
215 | ||
216 | #endif /* OPENSSL_NO_OCSP */ | |
27da1343 | 217 | |
a43ce58f SL |
218 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") |
219 | ||
27da1343 BK |
220 | int setup_tests(void) |
221 | { | |
8d242823 MC |
222 | if (!test_skip_common_options()) { |
223 | TEST_error("Error parsing test options\n"); | |
224 | return 0; | |
225 | } | |
226 | ||
27da1343 BK |
227 | if (!TEST_ptr(certstr = test_get_argument(0)) |
228 | || !TEST_ptr(privkeystr = test_get_argument(1))) | |
229 | return 0; | |
230 | #ifndef OPENSSL_NO_OCSP | |
231 | ADD_TEST(test_resp_signer); | |
5b3accde F |
232 | ADD_ALL_TESTS(test_access_description, 3); |
233 | ADD_TEST(test_ocsp_url_svcloc_new); | |
27da1343 BK |
234 | #endif |
235 | return 1; | |
236 | } |