1 /*
2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <limits.h>
12 #include <openssl/store.h>
13 #include <openssl/ui.h>
14 #include "testutil.h"
15
16 #ifndef PATH_MAX
17 # if defined(_WIN32) && defined(_MAX_PATH)
18 # define PATH_MAX _MAX_PATH
19 # else
20 # define PATH_MAX 4096
21 # endif
22 #endif
23
24 typedef enum OPTION_choice {
25 OPT_ERR = -1,
26 OPT_EOF = 0,
27 OPT_INPUTDIR,
28 OPT_INFILE,
29 OPT_SM2FILE,
30 OPT_DATADIR,
31 OPT_TEST_ENUM
32 } OPTION_CHOICE;
33
34 static const char *inputdir = NULL;
35 static const char *infile = NULL;
36 static const char *sm2file = NULL;
37 static const char *datadir = NULL;
38
test_store_open(void)39 static int test_store_open(void)
40 {
41 int ret = 0;
42 OSSL_STORE_CTX *sctx = NULL;
43 OSSL_STORE_SEARCH *search = NULL;
44 UI_METHOD *ui_method = NULL;
45 char *input = test_mk_file_path(inputdir, infile);
46
47 ret = TEST_ptr(input)
48 && TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing"))
49 && TEST_ptr(ui_method= UI_create_method("DummyUI"))
50 && TEST_ptr(sctx = OSSL_STORE_open_ex(input, NULL, NULL, ui_method,
51 NULL, NULL, NULL, NULL))
52 && TEST_false(OSSL_STORE_find(sctx, NULL))
53 && TEST_true(OSSL_STORE_find(sctx, search));
54 UI_destroy_method(ui_method);
55 OSSL_STORE_SEARCH_free(search);
56 OSSL_STORE_close(sctx);
57 OPENSSL_free(input);
58 return ret;
59 }
60
61 #ifndef OPENSSL_NO_WINSTORE
62 /*
63 * This is the one of the root certificate authorities from the
64 * microsoft cert store. We use it to extract the subject name
65 * so that we can search for it in the store
66 */
67 static const unsigned char mscert[] = {
68 0x30, 0x82, 0x01, 0x3b, 0x30, 0x81, 0xee, 0xa0, 0x03, 0x02, 0x01, 0x02,
69 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x81,
70 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
71 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
72 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
73 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65,
74 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
75 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
76 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
77 0x6e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29,
78 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f,
79 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
80 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
81 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x35, 0x30,
82 0x34, 0x32, 0x39, 0x30, 0x35, 0x34, 0x33, 0x33, 0x30, 0x5a, 0x18, 0x0f,
83 0x32, 0x31, 0x32, 0x35, 0x30, 0x34, 0x32, 0x39, 0x30, 0x35, 0x34, 0x33,
84 0x33, 0x30, 0x5a, 0x30, 0x00, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b,
85 0x65, 0x70, 0x03, 0x21, 0x00, 0x21, 0x86, 0x38, 0x28, 0x7d, 0xad, 0x35,
86 0xad, 0xc3, 0x91, 0x07, 0x41, 0x65, 0x02, 0xe1, 0x72, 0x79, 0xf4, 0x0d,
87 0xd5, 0xe2, 0xbb, 0xba, 0xd8, 0x81, 0x06, 0xad, 0xa0, 0x7b, 0x2a, 0x41,
88 0x09, 0xa3, 0x02, 0x30, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
89 0x03, 0x41, 0x00, 0x2e, 0xbb, 0xb9, 0x55, 0x59, 0x24, 0xb0, 0xdb, 0x18,
90 0xd0, 0xb4, 0xa6, 0x8b, 0xa8, 0xbf, 0x4c, 0xbd, 0x83, 0x27, 0xe7, 0xc2,
91 0xc8, 0x13, 0xc2, 0x81, 0xbe, 0xdf, 0x04, 0x7b, 0x09, 0x87, 0x08, 0x53,
92 0x97, 0xd6, 0x7c, 0xb7, 0x6c, 0xa6, 0x78, 0x63, 0x3c, 0x27, 0x29, 0x81,
93 0x85, 0xd0, 0x73, 0x92, 0x2d, 0x5c, 0x33, 0x8e, 0x88, 0x18, 0x9b, 0x1c,
94 0xcf, 0xc3, 0x4a, 0xf0, 0x82, 0x05, 0x05
95 };
96 #define TEST_CERT_LEN 1521
97
test_store_open_winstore(void)98 static int test_store_open_winstore(void)
99 {
100 int ret = 0;
101 OSSL_STORE_CTX *sctx = NULL;
102 OSSL_STORE_SEARCH *search = NULL;
103 UI_METHOD *ui_method = NULL;
104 OSSL_STORE_INFO *info = NULL;
105 X509* testcert = NULL;
106 const unsigned char* certptr = mscert;
107
108 /*
109 * Test the winstore, by opening it, searching for the MS root certificate
110 * and ensure that it was found. Note that we have to search by
111 * subject name, as winstore only allows searches by that method
112 */
113 ret = TEST_ptr(testcert = d2i_X509(NULL, &certptr, TEST_CERT_LEN))
114 && TEST_ptr(search = OSSL_STORE_SEARCH_by_name(X509_get_issuer_name(testcert)))
115 && TEST_ptr(ui_method = UI_create_method("DummyUI"))
116 && TEST_ptr(sctx = OSSL_STORE_open_ex("org.openssl.winstore:", NULL,
117 NULL, ui_method, NULL, NULL,
118 NULL, NULL))
119 && TEST_true(OSSL_STORE_find(sctx, search))
120 && TEST_ptr(info = OSSL_STORE_load(sctx));
121 UI_destroy_method(ui_method);
122 OSSL_STORE_INFO_free(info);
123 OSSL_STORE_SEARCH_free(search);
124 OSSL_STORE_close(sctx);
125 X509_free(testcert);
126 return ret;
127 }
128 #endif
129
test_store_search_by_key_fingerprint_fail(void)130 static int test_store_search_by_key_fingerprint_fail(void)
131 {
132 int ret;
133 OSSL_STORE_SEARCH *search = NULL;
134
135 ret = TEST_ptr_null(search = OSSL_STORE_SEARCH_by_key_fingerprint(
136 EVP_sha256(), NULL, 0));
137 OSSL_STORE_SEARCH_free(search);
138 return ret;
139 }
140
get_params(const char * uri,const char * type)141 static int get_params(const char *uri, const char *type)
142 {
143 EVP_PKEY *pkey = NULL;
144 OSSL_STORE_CTX *ctx = NULL;
145 OSSL_STORE_INFO *info;
146 int ret = 0;
147
148 ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
149 if (!TEST_ptr(ctx))
150 goto err;
151
152 while (!OSSL_STORE_eof(ctx)
153 && (info = OSSL_STORE_load(ctx)) != NULL
154 && pkey == NULL) {
155 if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) {
156 pkey = OSSL_STORE_INFO_get1_PARAMS(info);
157 }
158 OSSL_STORE_INFO_free(info);
159 info = NULL;
160 }
161
162 if (pkey != NULL)
163 ret = EVP_PKEY_is_a(pkey, type);
164 EVP_PKEY_free(pkey);
165
166 err:
167 OSSL_STORE_close(ctx);
168 return ret;
169 }
170
test_store_get_params(int idx)171 static int test_store_get_params(int idx)
172 {
173 const char *type;
174 const char *urifmt;
175 char uri[PATH_MAX];
176
177 switch (idx) {
178 #ifndef OPENSSL_NO_DH
179 case 0:
180 type = "DH";
181 break;
182 case 1:
183 type = "DHX";
184 break;
185 #else
186 case 0:
187 case 1:
188 return 1;
189 #endif
190 case 2:
191 #ifndef OPENSSL_NO_DSA
192 type = "DSA";
193 break;
194 #else
195 return 1;
196 #endif
197 default:
198 TEST_error("Invalid test index");
199 return 0;
200 }
201
202 urifmt = "%s/%s-params.pem";
203 #ifdef __VMS
204 {
205 char datadir_end = datadir[strlen(datadir) - 1];
206
207 if (datadir_end == ':' || datadir_end == ']' || datadir_end == '>')
208 urifmt = "%s%s-params.pem";
209 }
210 #endif
211 if (!TEST_true(BIO_snprintf(uri, sizeof(uri), urifmt, datadir, type)))
212 return 0;
213
214 TEST_info("Testing uri: %s", uri);
215 if (!TEST_true(get_params(uri, type)))
216 return 0;
217
218 return 1;
219 }
220
221 /*
222 * This test verifies that calling OSSL_STORE_ATTACH does not set an
223 * "unregistered scheme" error when called.
224 */
test_store_attach_unregistered_scheme(void)225 static int test_store_attach_unregistered_scheme(void)
226 {
227 int ret;
228 OSSL_STORE_CTX *store_ctx = NULL;
229 OSSL_PROVIDER *provider = NULL;
230 OSSL_LIB_CTX *libctx = NULL;
231 BIO *bio = NULL;
232 char *input = test_mk_file_path(inputdir, sm2file);
233
234 ret = TEST_ptr(input)
235 && TEST_ptr(libctx = OSSL_LIB_CTX_new())
236 && TEST_ptr(provider = OSSL_PROVIDER_load(libctx, "default"))
237 && TEST_ptr(bio = BIO_new_file(input, "r"))
238 && TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL,
239 NULL, NULL, NULL, NULL, NULL))
240 && TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE)
241 && TEST_int_ne(ERR_GET_REASON(ERR_peek_error()),
242 OSSL_STORE_R_UNREGISTERED_SCHEME);
243
244 BIO_free(bio);
245 OSSL_STORE_close(store_ctx);
246 OSSL_PROVIDER_unload(provider);
247 OSSL_LIB_CTX_free(libctx);
248 OPENSSL_free(input);
249 return ret;
250 }
251
test_get_options(void)252 const OPTIONS *test_get_options(void)
253 {
254 static const OPTIONS test_options[] = {
255 OPT_TEST_OPTIONS_DEFAULT_USAGE,
256 { "dir", OPT_INPUTDIR, '/' },
257 { "in", OPT_INFILE, '<' },
258 { "sm2", OPT_SM2FILE, '<' },
259 { "data", OPT_DATADIR, 's' },
260 { NULL }
261 };
262 return test_options;
263 }
264
setup_tests(void)265 int setup_tests(void)
266 {
267 OPTION_CHOICE o;
268
269 while ((o = opt_next()) != OPT_EOF) {
270 switch (o) {
271 case OPT_INPUTDIR:
272 inputdir = opt_arg();
273 break;
274 case OPT_INFILE:
275 infile = opt_arg();
276 break;
277 case OPT_SM2FILE:
278 sm2file = opt_arg();
279 break;
280 case OPT_DATADIR:
281 datadir = opt_arg();
282 break;
283 case OPT_TEST_CASES:
284 break;
285 default:
286 case OPT_ERR:
287 return 0;
288 }
289 }
290
291 if (datadir == NULL) {
292 TEST_error("No data directory specified");
293 return 0;
294 }
295 if (inputdir == NULL) {
296 TEST_error("No input directory specified");
297 return 0;
298 }
299
300 if (infile != NULL)
301 ADD_TEST(test_store_open);
302 #ifndef OPENSSL_NO_WINSTORE
303 ADD_TEST(test_store_open_winstore);
304 #endif
305 ADD_TEST(test_store_search_by_key_fingerprint_fail);
306 ADD_ALL_TESTS(test_store_get_params, 3);
307 if (sm2file != NULL)
308 ADD_TEST(test_store_attach_unregistered_scheme);
309 return 1;
310 }
311