xref: /freebsd/crypto/openssl/test/x509aux.c (revision f5f40dd63bc7acbb5312b26ac1ea1103c12352a6)
1 /*
2  * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  * https://www.openssl.org/source/license.html
8  * or in the file LICENSE in the source distribution.
9  */
10 
11 #include <stdio.h>
12 #include <string.h>
13 #include <errno.h>
14 
15 #include <openssl/x509.h>
16 #include <openssl/pem.h>
17 #include <openssl/conf.h>
18 #include <openssl/err.h>
19 #include "internal/nelem.h"
20 #include "testutil.h"
21 
22 static int test_certs(int num)
23 {
24     int c;
25     char *name = 0;
26     char *header = 0;
27     unsigned char *data = 0;
28     long len;
29     typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
30     typedef int (*i2d_X509_t)(const X509 *, unsigned char **);
31     int err = 0;
32     BIO *fp = BIO_new_file(test_get_argument(num), "r");
33 
34     if (!TEST_ptr(fp))
35         return 0;
36 
37     for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) {
38         const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0);
39         d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
40         i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
41         X509 *cert = NULL;
42         X509 *reuse = NULL;
43         const unsigned char *p = data;
44         unsigned char *buf = NULL;
45         unsigned char *bufp;
46         long enclen;
47 
48         if (!trusted
49             && strcmp(name, PEM_STRING_X509) != 0
50             && strcmp(name, PEM_STRING_X509_OLD) != 0) {
51             TEST_error("unexpected PEM object: %s", name);
52             err = 1;
53             goto next;
54         }
55         cert = d2i(NULL, &p, len);
56 
57         if (cert == NULL || (p - data) != len) {
58             TEST_error("error parsing input %s", name);
59             err = 1;
60             goto next;
61         }
62 
63         /* Test traditional 2-pass encoding into caller allocated buffer */
64         enclen = i2d(cert, NULL);
65         if (len != enclen) {
66             TEST_error("encoded length %ld of %s != input length %ld",
67                        enclen, name, len);
68             err = 1;
69             goto next;
70         }
71         if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
72             TEST_perror("malloc");
73             err = 1;
74             goto next;
75         }
76         enclen = i2d(cert, &bufp);
77         if (len != enclen) {
78             TEST_error("encoded length %ld of %s != input length %ld",
79                        enclen, name, len);
80             err = 1;
81             goto next;
82         }
83         enclen = (long) (bufp - buf);
84         if (enclen != len) {
85             TEST_error("unexpected buffer position after encoding %s", name);
86             err = 1;
87             goto next;
88         }
89         if (memcmp(buf, data, len) != 0) {
90             TEST_error("encoded content of %s does not match input", name);
91             err = 1;
92             goto next;
93         }
94         p = buf;
95         reuse = d2i(NULL, &p, enclen);
96         if (reuse == NULL) {
97             TEST_error("second d2i call failed for %s", name);
98             err = 1;
99             goto next;
100         }
101         err = X509_cmp(reuse, cert);
102         if (err != 0) {
103             TEST_error("X509_cmp for %s resulted in %d", name, err);
104             err = 1;
105             goto next;
106         }
107         OPENSSL_free(buf);
108         buf = NULL;
109 
110         /* Test 1-pass encoding into library allocated buffer */
111         enclen = i2d(cert, &buf);
112         if (len != enclen) {
113             TEST_error("encoded length %ld of %s != input length %ld",
114                        enclen, name, len);
115             err = 1;
116             goto next;
117         }
118         if (memcmp(buf, data, len) != 0) {
119             TEST_error("encoded content of %s does not match input", name);
120             err = 1;
121             goto next;
122         }
123 
124         if (trusted) {
125             /* Encode just the cert and compare with initial encoding */
126             OPENSSL_free(buf);
127             buf = NULL;
128 
129             /* Test 1-pass encoding into library allocated buffer */
130             enclen = i2d(cert, &buf);
131             if (enclen > len) {
132                 TEST_error("encoded length %ld of %s > input length %ld",
133                            enclen, name, len);
134                 err = 1;
135                 goto next;
136             }
137             if (memcmp(buf, data, enclen) != 0) {
138                 TEST_error("encoded cert content does not match input");
139                 err = 1;
140                 goto next;
141             }
142         }
143 
144         /*
145          * If any of these were null, PEM_read() would have failed.
146          */
147     next:
148         X509_free(cert);
149         X509_free(reuse);
150         OPENSSL_free(buf);
151         OPENSSL_free(name);
152         OPENSSL_free(header);
153         OPENSSL_free(data);
154     }
155     BIO_free(fp);
156 
157     if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
158         /* Reached end of PEM file */
159         if (c > 0) {
160             ERR_clear_error();
161             return 1;
162         }
163     }
164 
165     /* Some other PEM read error */
166     return 0;
167 }
168 
169 OPT_TEST_DECLARE_USAGE("certfile...\n")
170 
171 int setup_tests(void)
172 {
173     size_t n;
174 
175     if (!test_skip_common_options()) {
176         TEST_error("Error parsing test options\n");
177         return 0;
178     }
179 
180     n = test_get_argument_count();
181     if (n == 0)
182         return 0;
183 
184     ADD_ALL_TESTS(test_certs, (int)n);
185     return 1;
186 }
187