1 /*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 * https://www.openssl.org/source/license.html
8 * or in the file LICENSE in the source distribution.
9 */
10
11 #include <stdio.h>
12 #include <string.h>
13 #include <errno.h>
14
15 #include <openssl/x509.h>
16 #include <openssl/pem.h>
17 #include <openssl/conf.h>
18 #include <openssl/err.h>
19 #include "internal/nelem.h"
20 #include "testutil.h"
21
test_certs(int num)22 static int test_certs(int num)
23 {
24 int c;
25 char *name = 0;
26 char *header = 0;
27 unsigned char *data = 0;
28 long len;
29 typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
30 typedef int (*i2d_X509_t)(const X509 *, unsigned char **);
31 int err = 0;
32 BIO *fp = BIO_new_file(test_get_argument(num), "r");
33
34 if (!TEST_ptr(fp))
35 return 0;
36
37 for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) {
38 const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0);
39 d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
40 i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
41 X509 *cert = NULL;
42 X509 *reuse = NULL;
43 const unsigned char *p = data;
44 unsigned char *buf = NULL;
45 unsigned char *bufp;
46 long enclen;
47
48 if (!trusted
49 && strcmp(name, PEM_STRING_X509) != 0
50 && strcmp(name, PEM_STRING_X509_OLD) != 0) {
51 TEST_error("unexpected PEM object: %s", name);
52 err = 1;
53 goto next;
54 }
55 cert = d2i(NULL, &p, len);
56
57 if (cert == NULL || (p - data) != len) {
58 TEST_error("error parsing input %s", name);
59 err = 1;
60 goto next;
61 }
62
63 /* Test traditional 2-pass encoding into caller allocated buffer */
64 enclen = i2d(cert, NULL);
65 if (len != enclen) {
66 TEST_error("encoded length %ld of %s != input length %ld",
67 enclen, name, len);
68 err = 1;
69 goto next;
70 }
71 if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
72 TEST_perror("malloc");
73 err = 1;
74 goto next;
75 }
76 enclen = i2d(cert, &bufp);
77 if (len != enclen) {
78 TEST_error("encoded length %ld of %s != input length %ld",
79 enclen, name, len);
80 err = 1;
81 goto next;
82 }
83 enclen = (long) (bufp - buf);
84 if (enclen != len) {
85 TEST_error("unexpected buffer position after encoding %s", name);
86 err = 1;
87 goto next;
88 }
89 if (memcmp(buf, data, len) != 0) {
90 TEST_error("encoded content of %s does not match input", name);
91 err = 1;
92 goto next;
93 }
94 p = buf;
95 reuse = d2i(NULL, &p, enclen);
96 if (reuse == NULL) {
97 TEST_error("second d2i call failed for %s", name);
98 err = 1;
99 goto next;
100 }
101 err = X509_cmp(reuse, cert);
102 if (err != 0) {
103 TEST_error("X509_cmp for %s resulted in %d", name, err);
104 err = 1;
105 goto next;
106 }
107 OPENSSL_free(buf);
108 buf = NULL;
109
110 /* Test 1-pass encoding into library allocated buffer */
111 enclen = i2d(cert, &buf);
112 if (len != enclen) {
113 TEST_error("encoded length %ld of %s != input length %ld",
114 enclen, name, len);
115 err = 1;
116 goto next;
117 }
118 if (memcmp(buf, data, len) != 0) {
119 TEST_error("encoded content of %s does not match input", name);
120 err = 1;
121 goto next;
122 }
123
124 if (trusted) {
125 /* Encode just the cert and compare with initial encoding */
126 OPENSSL_free(buf);
127 buf = NULL;
128
129 /* Test 1-pass encoding into library allocated buffer */
130 enclen = i2d(cert, &buf);
131 if (enclen > len) {
132 TEST_error("encoded length %ld of %s > input length %ld",
133 enclen, name, len);
134 err = 1;
135 goto next;
136 }
137 if (memcmp(buf, data, enclen) != 0) {
138 TEST_error("encoded cert content does not match input");
139 err = 1;
140 goto next;
141 }
142 }
143
144 /*
145 * If any of these were null, PEM_read() would have failed.
146 */
147 next:
148 X509_free(cert);
149 X509_free(reuse);
150 OPENSSL_free(buf);
151 OPENSSL_free(name);
152 OPENSSL_free(header);
153 OPENSSL_free(data);
154 }
155 BIO_free(fp);
156
157 if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
158 /* Reached end of PEM file */
159 if (c > 0) {
160 ERR_clear_error();
161 return 1;
162 }
163 }
164
165 /* Some other PEM read error */
166 return 0;
167 }
168
169 OPT_TEST_DECLARE_USAGE("certfile...\n")
170
setup_tests(void)171 int setup_tests(void)
172 {
173 size_t n;
174
175 if (!test_skip_common_options()) {
176 TEST_error("Error parsing test options\n");
177 return 0;
178 }
179
180 n = test_get_argument_count();
181 if (n == 0)
182 return 0;
183
184 ADD_ALL_TESTS(test_certs, (int)n);
185 return 1;
186 }
187