1 /* 2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <string.h> 11 #include <limits.h> 12 #include <openssl/store.h> 13 #include <openssl/ui.h> 14 #include "testutil.h" 15 16 #ifndef PATH_MAX 17 # if defined(_WIN32) && defined(_MAX_PATH) 18 # define PATH_MAX _MAX_PATH 19 # else 20 # define PATH_MAX 4096 21 # endif 22 #endif 23 24 typedef enum OPTION_choice { 25 OPT_ERR = -1, 26 OPT_EOF = 0, 27 OPT_INPUTDIR, 28 OPT_INFILE, 29 OPT_SM2FILE, 30 OPT_DATADIR, 31 OPT_TEST_ENUM 32 } OPTION_CHOICE; 33 34 static const char *inputdir = NULL; 35 static const char *infile = NULL; 36 static const char *sm2file = NULL; 37 static const char *datadir = NULL; 38 39 static int test_store_open(void) 40 { 41 int ret = 0; 42 OSSL_STORE_CTX *sctx = NULL; 43 OSSL_STORE_SEARCH *search = NULL; 44 UI_METHOD *ui_method = NULL; 45 char *input = test_mk_file_path(inputdir, infile); 46 47 ret = TEST_ptr(input) 48 && TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing")) 49 && TEST_ptr(ui_method= UI_create_method("DummyUI")) 50 && TEST_ptr(sctx = OSSL_STORE_open_ex(input, NULL, NULL, ui_method, 51 NULL, NULL, NULL, NULL)) 52 && TEST_false(OSSL_STORE_find(sctx, NULL)) 53 && TEST_true(OSSL_STORE_find(sctx, search)); 54 UI_destroy_method(ui_method); 55 OSSL_STORE_SEARCH_free(search); 56 OSSL_STORE_close(sctx); 57 OPENSSL_free(input); 58 return ret; 59 } 60 61 #ifndef OPENSSL_NO_WINSTORE 62 /* 63 * This is the one of the root certificate authorities from the 64 * microsoft cert store. We use it to extract the subject name 65 * so that we can search for it in the store 66 */ 67 static const unsigned char mscert[] = { 68 0x30, 0x82, 0x01, 0x3b, 0x30, 0x81, 0xee, 0xa0, 0x03, 0x02, 0x01, 0x02, 69 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x81, 70 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 71 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 72 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 73 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 74 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 75 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 76 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 77 0x6e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 78 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 79 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 80 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 81 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x35, 0x30, 82 0x34, 0x32, 0x39, 0x30, 0x35, 0x34, 0x33, 0x33, 0x30, 0x5a, 0x18, 0x0f, 83 0x32, 0x31, 0x32, 0x35, 0x30, 0x34, 0x32, 0x39, 0x30, 0x35, 0x34, 0x33, 84 0x33, 0x30, 0x5a, 0x30, 0x00, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 85 0x65, 0x70, 0x03, 0x21, 0x00, 0x21, 0x86, 0x38, 0x28, 0x7d, 0xad, 0x35, 86 0xad, 0xc3, 0x91, 0x07, 0x41, 0x65, 0x02, 0xe1, 0x72, 0x79, 0xf4, 0x0d, 87 0xd5, 0xe2, 0xbb, 0xba, 0xd8, 0x81, 0x06, 0xad, 0xa0, 0x7b, 0x2a, 0x41, 88 0x09, 0xa3, 0x02, 0x30, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 89 0x03, 0x41, 0x00, 0x2e, 0xbb, 0xb9, 0x55, 0x59, 0x24, 0xb0, 0xdb, 0x18, 90 0xd0, 0xb4, 0xa6, 0x8b, 0xa8, 0xbf, 0x4c, 0xbd, 0x83, 0x27, 0xe7, 0xc2, 91 0xc8, 0x13, 0xc2, 0x81, 0xbe, 0xdf, 0x04, 0x7b, 0x09, 0x87, 0x08, 0x53, 92 0x97, 0xd6, 0x7c, 0xb7, 0x6c, 0xa6, 0x78, 0x63, 0x3c, 0x27, 0x29, 0x81, 93 0x85, 0xd0, 0x73, 0x92, 0x2d, 0x5c, 0x33, 0x8e, 0x88, 0x18, 0x9b, 0x1c, 94 0xcf, 0xc3, 0x4a, 0xf0, 0x82, 0x05, 0x05 95 }; 96 #define TEST_CERT_LEN 1521 97 98 static int test_store_open_winstore(void) 99 { 100 int ret = 0; 101 OSSL_STORE_CTX *sctx = NULL; 102 OSSL_STORE_SEARCH *search = NULL; 103 UI_METHOD *ui_method = NULL; 104 OSSL_STORE_INFO *info = NULL; 105 X509* testcert = NULL; 106 const unsigned char* certptr = mscert; 107 108 /* 109 * Test the winstore, by opening it, searching for the MS root certificate 110 * and ensure that it was found. Note that we have to search by 111 * subject name, as winstore only allows searches by that method 112 */ 113 ret = TEST_ptr(testcert = d2i_X509(NULL, &certptr, TEST_CERT_LEN)) 114 && TEST_ptr(search = OSSL_STORE_SEARCH_by_name(X509_get_issuer_name(testcert))) 115 && TEST_ptr(ui_method = UI_create_method("DummyUI")) 116 && TEST_ptr(sctx = OSSL_STORE_open_ex("org.openssl.winstore:", NULL, 117 NULL, ui_method, NULL, NULL, 118 NULL, NULL)) 119 && TEST_true(OSSL_STORE_find(sctx, search)) 120 && TEST_ptr(info = OSSL_STORE_load(sctx)); 121 UI_destroy_method(ui_method); 122 OSSL_STORE_INFO_free(info); 123 OSSL_STORE_SEARCH_free(search); 124 OSSL_STORE_close(sctx); 125 X509_free(testcert); 126 return ret; 127 } 128 #endif 129 130 static int test_store_search_by_key_fingerprint_fail(void) 131 { 132 int ret; 133 OSSL_STORE_SEARCH *search = NULL; 134 135 ret = TEST_ptr_null(search = OSSL_STORE_SEARCH_by_key_fingerprint( 136 EVP_sha256(), NULL, 0)); 137 OSSL_STORE_SEARCH_free(search); 138 return ret; 139 } 140 141 static int get_params(const char *uri, const char *type) 142 { 143 EVP_PKEY *pkey = NULL; 144 OSSL_STORE_CTX *ctx = NULL; 145 OSSL_STORE_INFO *info; 146 int ret = 0; 147 148 ctx = OSSL_STORE_open_ex(uri, NULL, NULL, NULL, NULL, NULL, NULL, NULL); 149 if (!TEST_ptr(ctx)) 150 goto err; 151 152 while (!OSSL_STORE_eof(ctx) 153 && (info = OSSL_STORE_load(ctx)) != NULL 154 && pkey == NULL) { 155 if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PARAMS) { 156 pkey = OSSL_STORE_INFO_get1_PARAMS(info); 157 } 158 OSSL_STORE_INFO_free(info); 159 info = NULL; 160 } 161 162 if (pkey != NULL) 163 ret = EVP_PKEY_is_a(pkey, type); 164 EVP_PKEY_free(pkey); 165 166 err: 167 OSSL_STORE_close(ctx); 168 return ret; 169 } 170 171 static int test_store_get_params(int idx) 172 { 173 const char *type; 174 const char *urifmt; 175 char uri[PATH_MAX]; 176 177 switch (idx) { 178 #ifndef OPENSSL_NO_DH 179 case 0: 180 type = "DH"; 181 break; 182 case 1: 183 type = "DHX"; 184 break; 185 #else 186 case 0: 187 case 1: 188 return 1; 189 #endif 190 case 2: 191 #ifndef OPENSSL_NO_DSA 192 type = "DSA"; 193 break; 194 #else 195 return 1; 196 #endif 197 default: 198 TEST_error("Invalid test index"); 199 return 0; 200 } 201 202 urifmt = "%s/%s-params.pem"; 203 #ifdef __VMS 204 { 205 char datadir_end = datadir[strlen(datadir) - 1]; 206 207 if (datadir_end == ':' || datadir_end == ']' || datadir_end == '>') 208 urifmt = "%s%s-params.pem"; 209 } 210 #endif 211 if (!TEST_true(BIO_snprintf(uri, sizeof(uri), urifmt, datadir, type))) 212 return 0; 213 214 TEST_info("Testing uri: %s", uri); 215 if (!TEST_true(get_params(uri, type))) 216 return 0; 217 218 return 1; 219 } 220 221 /* 222 * This test verifies that calling OSSL_STORE_ATTACH does not set an 223 * "unregistered scheme" error when called. 224 */ 225 static int test_store_attach_unregistered_scheme(void) 226 { 227 int ret; 228 OSSL_STORE_CTX *store_ctx = NULL; 229 OSSL_PROVIDER *provider = NULL; 230 OSSL_LIB_CTX *libctx = NULL; 231 BIO *bio = NULL; 232 char *input = test_mk_file_path(inputdir, sm2file); 233 234 ret = TEST_ptr(input) 235 && TEST_ptr(libctx = OSSL_LIB_CTX_new()) 236 && TEST_ptr(provider = OSSL_PROVIDER_load(libctx, "default")) 237 && TEST_ptr(bio = BIO_new_file(input, "r")) 238 && TEST_ptr(store_ctx = OSSL_STORE_attach(bio, "file", libctx, NULL, 239 NULL, NULL, NULL, NULL, NULL)) 240 && TEST_int_ne(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OSSL_STORE) 241 && TEST_int_ne(ERR_GET_REASON(ERR_peek_error()), 242 OSSL_STORE_R_UNREGISTERED_SCHEME); 243 244 BIO_free(bio); 245 OSSL_STORE_close(store_ctx); 246 OSSL_PROVIDER_unload(provider); 247 OSSL_LIB_CTX_free(libctx); 248 OPENSSL_free(input); 249 return ret; 250 } 251 252 const OPTIONS *test_get_options(void) 253 { 254 static const OPTIONS test_options[] = { 255 OPT_TEST_OPTIONS_DEFAULT_USAGE, 256 { "dir", OPT_INPUTDIR, '/' }, 257 { "in", OPT_INFILE, '<' }, 258 { "sm2", OPT_SM2FILE, '<' }, 259 { "data", OPT_DATADIR, 's' }, 260 { NULL } 261 }; 262 return test_options; 263 } 264 265 int setup_tests(void) 266 { 267 OPTION_CHOICE o; 268 269 while ((o = opt_next()) != OPT_EOF) { 270 switch (o) { 271 case OPT_INPUTDIR: 272 inputdir = opt_arg(); 273 break; 274 case OPT_INFILE: 275 infile = opt_arg(); 276 break; 277 case OPT_SM2FILE: 278 sm2file = opt_arg(); 279 break; 280 case OPT_DATADIR: 281 datadir = opt_arg(); 282 break; 283 case OPT_TEST_CASES: 284 break; 285 default: 286 case OPT_ERR: 287 return 0; 288 } 289 } 290 291 if (datadir == NULL) { 292 TEST_error("No data directory specified"); 293 return 0; 294 } 295 if (inputdir == NULL) { 296 TEST_error("No input directory specified"); 297 return 0; 298 } 299 300 if (infile != NULL) 301 ADD_TEST(test_store_open); 302 #ifndef OPENSSL_NO_WINSTORE 303 ADD_TEST(test_store_open_winstore); 304 #endif 305 ADD_TEST(test_store_search_by_key_fingerprint_fail); 306 ADD_ALL_TESTS(test_store_get_params, 3); 307 if (sm2file != NULL) 308 ADD_TEST(test_store_attach_unregistered_scheme); 309 return 1; 310 } 311