2 * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/opensslconf.h>
13 #include <openssl/crypto.h>
14 #include <openssl/ocsp.h>
15 #include <openssl/x509.h>
16 #include <openssl/asn1.h>
17 #include <openssl/pem.h>
21 static const char *certstr
;
22 static const char *privkeystr
;
24 #ifndef OPENSSL_NO_OCSP
25 static int get_cert_and_key(X509
**cert_out
, EVP_PKEY
**key_out
)
27 BIO
*certbio
, *keybio
;
31 if (!TEST_ptr(certbio
= BIO_new_file(certstr
, "r")))
33 cert
= PEM_read_bio_X509(certbio
, NULL
, NULL
, NULL
);
35 if (!TEST_ptr(keybio
= BIO_new_file(privkeystr
, "r")))
37 key
= PEM_read_bio_PrivateKey(keybio
, NULL
, NULL
, NULL
);
39 if (!TEST_ptr(cert
) || !TEST_ptr(key
))
50 static int get_cert(X509
**cert_out
)
55 if (!TEST_ptr(certbio
= BIO_new_file(certstr
, "r")))
57 cert
= PEM_read_bio_X509(certbio
, NULL
, NULL
, NULL
);
68 static OCSP_BASICRESP
*make_dummy_resp(void)
70 const unsigned char namestr
[] = "openssl.example.com";
71 unsigned char keybytes
[128] = {7};
72 OCSP_BASICRESP
*bs
= OCSP_BASICRESP_new();
73 OCSP_BASICRESP
*bs_out
= NULL
;
74 OCSP_CERTID
*cid
= NULL
;
75 ASN1_TIME
*thisupd
= ASN1_TIME_set(NULL
, time(NULL
));
76 ASN1_TIME
*nextupd
= ASN1_TIME_set(NULL
, time(NULL
) + 200);
77 X509_NAME
*name
= X509_NAME_new();
78 ASN1_BIT_STRING
*key
= ASN1_BIT_STRING_new();
79 ASN1_INTEGER
*serial
= ASN1_INTEGER_new();
81 if (!X509_NAME_add_entry_by_NID(name
, NID_commonName
, MBSTRING_ASC
,
83 || !ASN1_BIT_STRING_set(key
, keybytes
, sizeof(keybytes
))
84 || !ASN1_INTEGER_set_uint64(serial
, (uint64_t)1))
86 cid
= OCSP_cert_id_new(EVP_sha256(), name
, key
, serial
);
91 || !TEST_true(OCSP_basic_add1_status(bs
, cid
,
92 V_OCSP_CERTSTATUS_UNKNOWN
,
93 0, NULL
, thisupd
, nextupd
)))
98 ASN1_TIME_free(thisupd
);
99 ASN1_TIME_free(nextupd
);
100 ASN1_BIT_STRING_free(key
);
101 ASN1_INTEGER_free(serial
);
102 OCSP_CERTID_free(cid
);
103 OCSP_BASICRESP_free(bs
);
104 X509_NAME_free(name
);
108 static int test_resp_signer(void)
110 OCSP_BASICRESP
*bs
= NULL
;
111 X509
*signer
= NULL
, *tmp
;
112 EVP_PKEY
*key
= NULL
;
113 STACK_OF(X509
) *extra_certs
= NULL
;
117 * Test a response with no certs at all; get the signer from the
118 * extra certs given to OCSP_resp_get0_signer().
120 bs
= make_dummy_resp();
121 extra_certs
= sk_X509_new_null();
123 || !TEST_ptr(extra_certs
)
124 || !TEST_true(get_cert_and_key(&signer
, &key
))
125 || !TEST_true(sk_X509_push(extra_certs
, signer
))
126 || !TEST_true(OCSP_basic_sign(bs
, signer
, key
, EVP_sha1(),
127 NULL
, OCSP_NOCERTS
)))
129 if (!TEST_true(OCSP_resp_get0_signer(bs
, &tmp
, extra_certs
))
130 || !TEST_int_eq(X509_cmp(tmp
, signer
), 0))
132 OCSP_BASICRESP_free(bs
);
134 /* Do it again but include the signer cert */
135 bs
= make_dummy_resp();
138 || !TEST_true(OCSP_basic_sign(bs
, signer
, key
, EVP_sha1(),
141 if (!TEST_true(OCSP_resp_get0_signer(bs
, &tmp
, NULL
))
142 || !TEST_int_eq(X509_cmp(tmp
, signer
), 0))
146 OCSP_BASICRESP_free(bs
);
147 sk_X509_free(extra_certs
);
153 static int test_access_description(int testcase
)
155 ACCESS_DESCRIPTION
*ad
= ACCESS_DESCRIPTION_new();
162 case 0: /* no change */
164 case 1: /* check and release current location */
165 if (!TEST_ptr(ad
->location
))
167 GENERAL_NAME_free(ad
->location
);
170 case 2: /* replace current location */
171 GENERAL_NAME_free(ad
->location
);
172 ad
->location
= GENERAL_NAME_new();
173 if (!TEST_ptr(ad
->location
))
177 ACCESS_DESCRIPTION_free(ad
);
183 static int test_ocsp_url_svcloc_new(void)
185 static const char * urls
[] = {
192 X509_EXTENSION
* ext
= NULL
;
195 if (!TEST_true(get_cert(&issuer
)))
199 * Test calling this ocsp method to catch any memory leak
201 ext
= OCSP_url_svcloc_new(X509_get_issuer_name(issuer
), urls
);
205 X509_EXTENSION_free(ext
);
212 #endif /* OPENSSL_NO_OCSP */
214 int setup_tests(void)
216 if (!TEST_ptr(certstr
= test_get_argument(0))
217 || !TEST_ptr(privkeystr
= test_get_argument(1)))
219 #ifndef OPENSSL_NO_OCSP
220 ADD_TEST(test_resp_signer
);
221 ADD_ALL_TESTS(test_access_description
, 3);
222 ADD_TEST(test_ocsp_url_svcloc_new
);