]>
Commit | Line | Data |
---|---|---|
27da1343 BK |
1 | /* |
2 | * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | ||
12 | #include <openssl/opensslconf.h> | |
13 | #include <openssl/crypto.h> | |
14 | #include <openssl/ocsp.h> | |
15 | #include <openssl/x509.h> | |
16 | #include <openssl/asn1.h> | |
17 | #include <openssl/pem.h> | |
18 | ||
19 | #include "testutil.h" | |
20 | ||
21 | static const char *certstr; | |
22 | static const char *privkeystr; | |
23 | ||
cb091295 | 24 | #ifndef OPENSSL_NO_OCSP |
27da1343 BK |
25 | static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) |
26 | { | |
27 | BIO *certbio, *keybio; | |
28 | X509 *cert = NULL; | |
29 | EVP_PKEY *key = NULL; | |
30 | ||
31 | if (!TEST_ptr(certbio = BIO_new_file(certstr, "r"))) | |
32 | return 0; | |
33 | cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); | |
34 | BIO_free(certbio); | |
35 | if (!TEST_ptr(keybio = BIO_new_file(privkeystr, "r"))) | |
36 | goto end; | |
37 | key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); | |
38 | BIO_free(keybio); | |
39 | if (!TEST_ptr(cert) || !TEST_ptr(key)) | |
40 | goto end; | |
41 | *cert_out = cert; | |
42 | *key_out = key; | |
43 | return 1; | |
44 | end: | |
45 | X509_free(cert); | |
46 | EVP_PKEY_free(key); | |
47 | return 0; | |
48 | } | |
49 | ||
50 | static OCSP_BASICRESP *make_dummy_resp(void) | |
51 | { | |
52 | const unsigned char namestr[] = "openssl.example.com"; | |
53 | unsigned char keybytes[128] = {7}; | |
54 | OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); | |
b6306d80 BK |
55 | OCSP_BASICRESP *bs_out = NULL; |
56 | OCSP_CERTID *cid = NULL; | |
27da1343 BK |
57 | ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL)); |
58 | ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200); | |
59 | X509_NAME *name = X509_NAME_new(); | |
60 | ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); | |
61 | ASN1_INTEGER *serial = ASN1_INTEGER_new(); | |
62 | ||
63 | if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, | |
64 | namestr, -1, -1, 1) | |
b6306d80 BK |
65 | || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)) |
66 | || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) | |
67 | goto err; | |
27da1343 BK |
68 | cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); |
69 | if (!TEST_ptr(bs) | |
70 | || !TEST_ptr(thisupd) | |
71 | || !TEST_ptr(nextupd) | |
72 | || !TEST_ptr(cid) | |
73 | || !TEST_true(OCSP_basic_add1_status(bs, cid, | |
74 | V_OCSP_CERTSTATUS_UNKNOWN, | |
75 | 0, NULL, thisupd, nextupd))) | |
b6306d80 BK |
76 | goto err; |
77 | bs_out = bs; | |
78 | bs = NULL; | |
79 | err: | |
27da1343 BK |
80 | ASN1_TIME_free(thisupd); |
81 | ASN1_TIME_free(nextupd); | |
82 | ASN1_BIT_STRING_free(key); | |
83 | ASN1_INTEGER_free(serial); | |
84 | OCSP_CERTID_free(cid); | |
b6306d80 | 85 | OCSP_BASICRESP_free(bs); |
27da1343 | 86 | X509_NAME_free(name); |
b6306d80 | 87 | return bs_out; |
27da1343 BK |
88 | } |
89 | ||
27da1343 BK |
90 | static int test_resp_signer(void) |
91 | { | |
b6306d80 | 92 | OCSP_BASICRESP *bs = NULL; |
27da1343 BK |
93 | X509 *signer = NULL, *tmp; |
94 | EVP_PKEY *key = NULL; | |
b6306d80 BK |
95 | STACK_OF(X509) *extra_certs = NULL; |
96 | int ret = 0; | |
27da1343 BK |
97 | |
98 | /* | |
99 | * Test a response with no certs at all; get the signer from the | |
100 | * extra certs given to OCSP_resp_get0_signer(). | |
101 | */ | |
102 | bs = make_dummy_resp(); | |
103 | extra_certs = sk_X509_new_null(); | |
104 | if (!TEST_ptr(bs) | |
105 | || !TEST_ptr(extra_certs) | |
106 | || !TEST_true(get_cert_and_key(&signer, &key)) | |
107 | || !TEST_true(sk_X509_push(extra_certs, signer)) | |
108 | || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), | |
109 | NULL, OCSP_NOCERTS))) | |
b6306d80 | 110 | goto err; |
27da1343 BK |
111 | if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs)) |
112 | || !TEST_int_eq(X509_cmp(tmp, signer), 0)) | |
b6306d80 | 113 | goto err; |
27da1343 BK |
114 | OCSP_BASICRESP_free(bs); |
115 | ||
116 | /* Do it again but include the signer cert */ | |
117 | bs = make_dummy_resp(); | |
118 | tmp = NULL; | |
119 | if (!TEST_ptr(bs) | |
120 | || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), | |
121 | NULL, 0))) | |
b6306d80 | 122 | goto err; |
27da1343 BK |
123 | if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL)) |
124 | || !TEST_int_eq(X509_cmp(tmp, signer), 0)) | |
b6306d80 BK |
125 | goto err; |
126 | ret = 1; | |
127 | err: | |
27da1343 BK |
128 | OCSP_BASICRESP_free(bs); |
129 | sk_X509_free(extra_certs); | |
130 | X509_free(signer); | |
131 | EVP_PKEY_free(key); | |
b6306d80 | 132 | return ret; |
27da1343 BK |
133 | } |
134 | #endif | |
135 | ||
136 | int setup_tests(void) | |
137 | { | |
138 | if (!TEST_ptr(certstr = test_get_argument(0)) | |
139 | || !TEST_ptr(privkeystr = test_get_argument(1))) | |
140 | return 0; | |
141 | #ifndef OPENSSL_NO_OCSP | |
142 | ADD_TEST(test_resp_signer); | |
143 | #endif | |
144 | return 1; | |
145 | } |