projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 27da1343 | 1 | /* |
| a43ce58f | 2 | * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. |
| 27da1343 | 3 | * |
| 909f1a2e | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 27da1343 BK |
5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at | |
| 7 | * https://www.openssl.org/source/license.html | |
| 8 | */ | |
| 9 | ||
| 10 | #include <string.h> | |
| 11 | ||
| 12 | #include <openssl/opensslconf.h> | |
| 13 | #include <openssl/crypto.h> | |
| 14 | #include <openssl/ocsp.h> | |
| 15 | #include <openssl/x509.h> | |
| 16 | #include <openssl/asn1.h> | |
| 17 | #include <openssl/pem.h> | |
| 18 | ||
| 19 | #include "testutil.h" | |
| 20 | ||
| 21 | static const char *certstr; | |
| 22 | static const char *privkeystr; | |
| 23 | ||
| cb091295 | 24 | #ifndef OPENSSL_NO_OCSP |
| 27da1343 BK |
25 | static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) |
| 26 | { | |
| 27 | BIO *certbio, *keybio; | |
| 28 | X509 *cert = NULL; | |
| 29 | EVP_PKEY *key = NULL; | |
| 30 | ||
| 31 | if (!TEST_ptr(certbio = BIO_new_file(certstr, "r"))) | |
| 32 | return 0; | |
| 33 | cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); | |
| 34 | BIO_free(certbio); | |
| 35 | if (!TEST_ptr(keybio = BIO_new_file(privkeystr, "r"))) | |
| 36 | goto end; | |
| 37 | key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); | |
| 38 | BIO_free(keybio); | |
| 39 | if (!TEST_ptr(cert) || !TEST_ptr(key)) | |
| 40 | goto end; | |
| 41 | *cert_out = cert; | |
| 42 | *key_out = key; | |
| 43 | return 1; | |
| 44 | end: | |
| 45 | X509_free(cert); | |
| 46 | EVP_PKEY_free(key); | |
| 47 | return 0; | |
| 48 | } | |
| 49 | ||
| 5b3accde F |
50 | static int get_cert(X509 **cert_out) |
| 51 | { | |
| 52 | BIO *certbio; | |
| 53 | X509 *cert = NULL; | |
| 54 | ||
| 55 | if (!TEST_ptr(certbio = BIO_new_file(certstr, "r"))) | |
| 56 | return 0; | |
| 57 | cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); | |
| 58 | BIO_free(certbio); | |
| 59 | if (!TEST_ptr(cert)) | |
| 60 | goto end; | |
| 61 | *cert_out = cert; | |
| 62 | return 1; | |
| 63 | end: | |
| 64 | X509_free(cert); | |
| 65 | return 0; | |
| 66 | } | |
| 67 | ||
| 27da1343 BK |
68 | static OCSP_BASICRESP *make_dummy_resp(void) |
| 69 | { | |
| 70 | const unsigned char namestr[] = "openssl.example.com"; | |
| 71 | unsigned char keybytes[128] = {7}; | |
| 72 | OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); | |
| b6306d80 BK |
73 | OCSP_BASICRESP *bs_out = NULL; |
| 74 | OCSP_CERTID *cid = NULL; | |
| 27da1343 BK |
75 | ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL)); |
| 76 | ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200); | |
| 77 | X509_NAME *name = X509_NAME_new(); | |
| 78 | ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); | |
| 79 | ASN1_INTEGER *serial = ASN1_INTEGER_new(); | |
| 80 | ||
| 81 | if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, | |
| 82 | namestr, -1, -1, 1) | |
| b6306d80 BK |
83 | || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)) |
| 84 | || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) | |
| 85 | goto err; | |
| 27da1343 BK |
86 | cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); |
| 87 | if (!TEST_ptr(bs) | |
| 88 | || !TEST_ptr(thisupd) | |
| 89 | || !TEST_ptr(nextupd) | |
| 90 | || !TEST_ptr(cid) | |
| 91 | || !TEST_true(OCSP_basic_add1_status(bs, cid, | |
| 92 | V_OCSP_CERTSTATUS_UNKNOWN, | |
| 93 | 0, NULL, thisupd, nextupd))) | |
| b6306d80 BK |
94 | goto err; |
| 95 | bs_out = bs; | |
| 96 | bs = NULL; | |
| 97 | err: | |
| 27da1343 BK |
98 | ASN1_TIME_free(thisupd); |
| 99 | ASN1_TIME_free(nextupd); | |
| 100 | ASN1_BIT_STRING_free(key); | |
| 101 | ASN1_INTEGER_free(serial); | |
| 102 | OCSP_CERTID_free(cid); | |
| b6306d80 | 103 | OCSP_BASICRESP_free(bs); |
| 27da1343 | 104 | X509_NAME_free(name); |
| b6306d80 | 105 | return bs_out; |
| 27da1343 BK |
106 | } |
| 107 | ||
| 27da1343 BK |
108 | static int test_resp_signer(void) |
| 109 | { | |
| b6306d80 | 110 | OCSP_BASICRESP *bs = NULL; |
| 27da1343 BK |
111 | X509 *signer = NULL, *tmp; |
| 112 | EVP_PKEY *key = NULL; | |
| b6306d80 BK |
113 | STACK_OF(X509) *extra_certs = NULL; |
| 114 | int ret = 0; | |
| 27da1343 BK |
115 | |
| 116 | /* | |
| 117 | * Test a response with no certs at all; get the signer from the | |
| 118 | * extra certs given to OCSP_resp_get0_signer(). | |
| 119 | */ | |
| 120 | bs = make_dummy_resp(); | |
| 121 | extra_certs = sk_X509_new_null(); | |
| 122 | if (!TEST_ptr(bs) | |
| 123 | || !TEST_ptr(extra_certs) | |
| 124 | || !TEST_true(get_cert_and_key(&signer, &key)) | |
| 125 | || !TEST_true(sk_X509_push(extra_certs, signer)) | |
| 126 | || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), | |
| 127 | NULL, OCSP_NOCERTS))) | |
| b6306d80 | 128 | goto err; |
| 27da1343 BK |
129 | if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs)) |
| 130 | || !TEST_int_eq(X509_cmp(tmp, signer), 0)) | |
| b6306d80 | 131 | goto err; |
| 27da1343 BK |
132 | OCSP_BASICRESP_free(bs); |
| 133 | ||
| 134 | /* Do it again but include the signer cert */ | |
| 135 | bs = make_dummy_resp(); | |
| 136 | tmp = NULL; | |
| 137 | if (!TEST_ptr(bs) | |
| 138 | || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), | |
| 139 | NULL, 0))) | |
| b6306d80 | 140 | goto err; |
| 27da1343 BK |
141 | if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL)) |
| 142 | || !TEST_int_eq(X509_cmp(tmp, signer), 0)) | |
| b6306d80 BK |
143 | goto err; |
| 144 | ret = 1; | |
| 145 | err: | |
| 27da1343 BK |
146 | OCSP_BASICRESP_free(bs); |
| 147 | sk_X509_free(extra_certs); | |
| 148 | X509_free(signer); | |
| 149 | EVP_PKEY_free(key); | |
| b6306d80 | 150 | return ret; |
| 27da1343 | 151 | } |
| 5b3accde F |
152 | |
| 153 | static int test_access_description(int testcase) | |
| 154 | { | |
| 155 | ACCESS_DESCRIPTION *ad = ACCESS_DESCRIPTION_new(); | |
| 156 | int ret = 0; | |
| 157 | ||
| 158 | if (!TEST_ptr(ad)) | |
| 159 | goto err; | |
| 160 | ||
| 161 | switch (testcase) { | |
| 162 | case 0: /* no change */ | |
| 163 | break; | |
| 164 | case 1: /* check and release current location */ | |
| 165 | if (!TEST_ptr(ad->location)) | |
| 166 | goto err; | |
| 167 | GENERAL_NAME_free(ad->location); | |
| 168 | ad->location = NULL; | |
| 169 | break; | |
| 170 | case 2: /* replace current location */ | |
| 171 | GENERAL_NAME_free(ad->location); | |
| 172 | ad->location = GENERAL_NAME_new(); | |
| 173 | if (!TEST_ptr(ad->location)) | |
| 174 | goto err; | |
| 175 | break; | |
| 176 | } | |
| 177 | ACCESS_DESCRIPTION_free(ad); | |
| 178 | ret = 1; | |
| 179 | err: | |
| 180 | return ret; | |
| 181 | } | |
| 182 | ||
| 183 | static int test_ocsp_url_svcloc_new(void) | |
| 184 | { | |
| 185 | static const char * urls[] = { | |
| 186 | "www.openssl.org", | |
| 187 | "www.openssl.net", | |
| 188 | NULL | |
| 189 | }; | |
| 190 | ||
| 191 | X509 *issuer = NULL; | |
| 192 | X509_EXTENSION * ext = NULL; | |
| 193 | int ret = 0; | |
| 194 | ||
| 195 | if (!TEST_true(get_cert(&issuer))) | |
| 196 | goto err; | |
| 197 | ||
| 198 | /* | |
| 199 | * Test calling this ocsp method to catch any memory leak | |
| 200 | */ | |
| 201 | ext = OCSP_url_svcloc_new(X509_get_issuer_name(issuer), urls); | |
| 202 | if (!TEST_ptr(ext)) | |
| 203 | goto err; | |
| 204 | ||
| 205 | X509_EXTENSION_free(ext); | |
| 206 | ret = 1; | |
| 207 | err: | |
| 208 | X509_free(issuer); | |
| 209 | return ret; | |
| 210 | } | |
| 211 | ||
| 212 | #endif /* OPENSSL_NO_OCSP */ | |
| 27da1343 | 213 | |
| a43ce58f SL |
214 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") |
| 215 | ||
| 27da1343 BK |
216 | int setup_tests(void) |
| 217 | { | |
| 218 | if (!TEST_ptr(certstr = test_get_argument(0)) | |
| 219 | || !TEST_ptr(privkeystr = test_get_argument(1))) | |
| 220 | return 0; | |
| 221 | #ifndef OPENSSL_NO_OCSP | |
| 222 | ADD_TEST(test_resp_signer); | |
| 5b3accde F |
223 | ADD_ALL_TESTS(test_access_description, 3); |
| 224 | ADD_TEST(test_ocsp_url_svcloc_new); | |
| 27da1343 BK |
225 | #endif |
| 226 | return 1; | |
| 227 | } |