root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

TEST: move cert, key, and CSR loading aux functions to new testutil/load.c 

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13762)
This commit is contained in:
Dr. David von Oheimb 2020-12-28 19:45:01 +01:00 committed by Dr. David von Oheimb
parent bf973d0697
commit 0b7368dda0
12 changed files with 139 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/build.info
View File

@ -20,7 +20,7 @@ IF[{- !$disabled{tests} -}]
LIBS{noinst,has_main}=libtestutil.a
SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output.c \
testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \
testutil/format_output.c \
testutil/format_output.c testutil/load.c \
testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \
testutil/options.c testutil/test_options.c testutil/provider.c \
testutil/apps_mem.c testutil/random.c $LIBAPPSSRC

10
test/cmp_client_test.c
View File

@ -226,7 +226,7 @@ static int test_exec_P10CR_ses(void)
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->req_type = OSSL_CMP_P10CR;
fixture->expected = 1;
if (!TEST_ptr(req = load_csr(pkcs10_f))
if (!TEST_ptr(req = load_csr_der(pkcs10_f))
|| !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) {
tear_down(fixture);
fixture = NULL;
@ -369,10 +369,10 @@ int setup_tests(void)
if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 5, USAGE))
return 0;
if (!TEST_ptr(server_key = load_pem_key(server_key_f, libctx))
|| !TEST_ptr(server_cert = load_pem_cert(server_cert_f, libctx))
|| !TEST_ptr(client_key = load_pem_key(client_key_f, libctx))
|| !TEST_ptr(client_cert = load_pem_cert(client_cert_f, libctx))
if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx))
|| !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))
|| !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx))
|| !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx))
|| !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
cleanup_tests();
return 0;

10
test/cmp_msg_test.c
View File

@ -226,7 +226,7 @@ static int test_cmp_create_p10cr(void)
fixture->bodytype = OSSL_CMP_PKIBODY_P10CR;
fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ;
fixture->expected = 1;
if (!TEST_ptr(p10cr = load_csr(pkcs10_f))
if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f))
|| !TEST_true(set1_newPkey(ctx, newkey))
|| !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) {
tear_down(fixture);
@ -504,8 +504,8 @@ static int test_cmp_pkimessage_create(int bodytype)
switch (fixture->bodytype = bodytype) {
case OSSL_CMP_PKIBODY_P10CR:
fixture->expected = 1;
if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx,
p10cr = load_csr(pkcs10_f)))) {
p10cr = load_csr_der(pkcs10_f);
if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, p10cr))) {
tear_down(fixture);
fixture = NULL;
}
@ -564,8 +564,8 @@ int setup_tests(void)
if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 3, USAGE))
return 0;
if (!TEST_ptr(newkey = load_pem_key(newkey_f, libctx))
|| !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx))
if (!TEST_ptr(newkey = load_pkey_pem(newkey_f, libctx))
|| !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))
|| !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
cleanup_tests();
return 0;

14
test/cmp_protect_test.c
View File

@ -541,21 +541,21 @@ int setup_tests(void)
if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
return 0;
if (!TEST_ptr(loadedkey = load_pem_key(server_key_f, libctx))
|| !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx)))
if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx))
|| !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx)))
return 0;
if (!TEST_ptr(loadedprivkey = load_pem_key(server_f, libctx)))
if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx)))
return 0;
if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
loadedpubkey = loadedprivkey;
if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f))
|| !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)))
return 0;
if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx))
|| !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx))
|| !TEST_ptr(root = load_pem_cert(root_f, libctx))
|| !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx)))
if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
|| !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
|| !TEST_ptr(root = load_cert_pem(root_f, libctx))
|| !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
return 0;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
return 0;

16
test/cmp_vfy_test.c
View File

@ -604,19 +604,19 @@ int setup_tests(void)
return 0;
/* Load certificates for cert chain */
if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx))
|| !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx))
|| !TEST_ptr(root = load_pem_cert(root_f, NULL))
|| !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx)))
if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
|| !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
|| !TEST_ptr(root = load_cert_pem(root_f, NULL))
|| !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
goto err;
if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f, libctx))
|| !TEST_ptr(instaca_cert = load_pem_cert(instaca_f, libctx)))
if (!TEST_ptr(insta_cert = load_cert_pem(instacert_f, libctx))
|| !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx)))
goto err;
/* Load certificates for message validation */
if (!TEST_ptr(srvcert = load_pem_cert(server_f, libctx))
|| !TEST_ptr(clcert = load_pem_cert(client_f, libctx)))
if (!TEST_ptr(srvcert = load_cert_pem(server_f, libctx))
|| !TEST_ptr(clcert = load_cert_pem(client_f, libctx)))
goto err;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
goto err;

42
test/helpers/cmp_testlib.c
View File

@ -12,36 +12,6 @@
#include "cmp_testlib.h"
#include <openssl/rsa.h> /* needed in case config no-deprecated */
EVP_PKEY *load_pem_key(const char *file, OSSL_LIB_CTX *libctx)
{
EVP_PKEY *key = NULL;
BIO *bio = NULL;
if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
return NULL;
if (TEST_int_gt(BIO_read_filename(bio, file), 0))
(void)TEST_ptr(key = PEM_read_bio_PrivateKey_ex(bio, NULL, NULL, NULL,
libctx, NULL));
BIO_free(bio);
return key;
}
X509 *load_pem_cert(const char *file, OSSL_LIB_CTX *libctx)
{
X509 *cert = NULL;
BIO *bio = NULL;
if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
return NULL;
if (TEST_int_gt(BIO_read_filename(bio, file), 0)
&& TEST_ptr(cert = X509_new_ex(libctx, NULL)))
(void)TEST_ptr(cert = PEM_read_bio_X509(bio, &cert, NULL, NULL));
BIO_free(bio);
return cert;
}
OSSL_CMP_MSG *load_pkimsg(const char *file)
{
OSSL_CMP_MSG *msg;
@ -50,18 +20,6 @@ OSSL_CMP_MSG *load_pkimsg(const char *file)
return msg;
}
X509_REQ *load_csr(const char *file)
{
X509_REQ *csr = NULL;
BIO *bio = NULL;
if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new_file(file, "rb")))
return NULL;
(void)TEST_ptr(csr = d2i_X509_REQ_bio(bio, NULL));
BIO_free(bio);
return csr;
}
/*
* Checks whether the syntax of msg conforms to ASN.1
*/

3
test/helpers/cmp_testlib.h
View File

@ -22,9 +22,6 @@
# ifndef OPENSSL_NO_CMP
# define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */
EVP_PKEY *load_pem_key(const char *file, OSSL_LIB_CTX *libctx);
X509 *load_pem_cert(const char *file, OSSL_LIB_CTX *libctx);
X509_REQ *load_csr(const char *file);
OSSL_CMP_MSG *load_pkimsg(const char *file);
int valid_asn1_encoding(const OSSL_CMP_MSG *msg);
int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2);

16
test/helpers/pkcs12.c
View File

@ -28,9 +28,6 @@ int write_files = 0;
* Local function declarations
*/
static X509 *load_cert(const unsigned char *bytes, int len);
static EVP_PKEY *load_pkey(const unsigned char *bytes, int len);
static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attrs);
static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac);
@ -47,7 +44,7 @@ static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_A
* Test data load functions
*/
static X509 *load_cert(const unsigned char *bytes, int len)
static X509 *load_cert_asn1(const unsigned char *bytes, int len)
{
X509 *cert = NULL;
@ -58,7 +55,7 @@ err:
return cert;
}
static EVP_PKEY *load_pkey(const unsigned char *bytes, int len)
static EVP_PKEY *load_pkey_asn1(const unsigned char *bytes, int len)
{
EVP_PKEY *pkey = NULL;
@ -69,7 +66,6 @@ err:
return pkey;
}
/* -------------------------------------------------------------------------
* PKCS12 builder
*/
@ -333,7 +329,7 @@ void add_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
if (!pb->success)
return;
cert = load_cert(bytes, len);
cert = load_cert_asn1(bytes, len);
if (!TEST_ptr(cert)) {
pb->success = 0;
return;
@ -368,7 +364,7 @@ void add_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
TEST_info("Adding key");
pkey = load_pkey(bytes, len);
pkey = load_pkey_asn1(bytes, len);
if (!TEST_ptr(pkey)) {
pb->success = 0;
return;
@ -511,7 +507,7 @@ void check_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
pb->success = 0;
goto err;
}
ref_x509 = load_cert(bytes, len);
ref_x509 = load_cert_asn1(bytes, len);
if (!TEST_false(X509_cmp(x509, ref_x509)))
pb->success = 0;
err:
@ -574,7 +570,7 @@ void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len,
}
/* PKEY compare returns 1 for match */
ref_pkey = load_pkey(bytes, len);
ref_pkey = load_pkey_asn1(bytes, len);
if (!TEST_true(EVP_PKEY_eq(pkey, ref_pkey)))
pb->success = 0;
err:

16
test/http_test.c
View File

@ -22,20 +22,6 @@ static X509 *x509 = NULL;
#define RPATH "path/any.crt"
static const char *rpath;
static X509 *load_pem_cert(const char *file)
{
X509 *cert = NULL;
BIO *bio = NULL;
if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
return NULL;
if (TEST_int_gt(BIO_read_filename(bio, file), 0))
(void)TEST_ptr(cert = PEM_read_bio_X509(bio, NULL, NULL, NULL));
BIO_free(bio);
return cert;
}
/*
* pretty trivial HTTP mock server:
* for POST, copy request headers+body from mem BIO 'in' as response to 'out'
@ -238,7 +224,7 @@ int setup_tests(void)
}
x509_it = ASN1_ITEM_rptr(X509);
if (!TEST_ptr((x509 = load_pem_cert(test_get_argument(0)))))
if (!TEST_ptr((x509 = load_cert_pem(test_get_argument(0), NULL))))
return 1;
ADD_TEST(test_http_url_dns);

7
test/testutil.h
View File

@ -16,6 +16,7 @@
# include <openssl/err.h>
# include <openssl/e_os2.h>
# include <openssl/bn.h>
# include <openssl/x509.h>
# include "opt.h"
/*-
@ -568,4 +569,10 @@ void test_random_seed(uint32_t sd);
/* Create a file path from a directory and a filename */
char *test_mk_file_path(const char *dir, const char *file);
EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx);
X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx);
X509 *load_cert_der(const unsigned char *bytes, int len);
STACK_OF(X509) *load_certs_pem(const char *file);
X509_REQ *load_csr_der(const char *file);
#endif /* OSSL_TESTUTIL_H */

97
test/testutil/load.c Normal file
View File

@ -0,0 +1,97 @@
/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include "../testutil.h"
X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx)
{
X509 *cert = NULL;
BIO *bio = NULL;
if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
return NULL;
if (TEST_int_gt(BIO_read_filename(bio, file), 0)
&& TEST_ptr(cert = X509_new_ex(libctx, NULL)))
(void)TEST_ptr(cert = PEM_read_bio_X509(bio, &cert, NULL, NULL));
BIO_free(bio);
return cert;
}
STACK_OF(X509) *load_certs_pem(const char *filename)
{
STACK_OF(X509) *certs;
BIO *bio;
X509 *x;
bio = BIO_new_file(filename, "r");
if (bio == NULL) {
return NULL;
}
certs = sk_X509_new_null();
if (certs == NULL) {
BIO_free(bio);
return NULL;
}
ERR_set_mark();
do {
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
if (x != NULL && !sk_X509_push(certs, x)) {
sk_X509_pop_free(certs, X509_free);
BIO_free(bio);
return NULL;
} else if (x == NULL) {
/*
* We probably just ran out of certs, so ignore any errors
* generated
*/
ERR_pop_to_mark();
}
} while (x != NULL);
BIO_free(bio);
return certs;
}
EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx)
{
EVP_PKEY *key = NULL;
BIO *bio = NULL;
if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
return NULL;
if (TEST_int_gt(BIO_read_filename(bio, file), 0))
(void)TEST_ptr(key = PEM_read_bio_PrivateKey_ex(bio, NULL, NULL, NULL,
libctx, NULL));
BIO_free(bio);
return key;
}
X509_REQ *load_csr_der(const char *file)
{
X509_REQ *csr = NULL;
BIO *bio = NULL;
if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new_file(file, "rb")))
return NULL;
(void)TEST_ptr(csr = d2i_X509_REQ_bio(bio, NULL));
BIO_free(bio);
return csr;
}

53
test/verify_extra_test.c
View File

@ -22,56 +22,7 @@ static const char *untrusted_f;
static const char *bad_f;
static const char *req_f;
static X509 *load_cert_from_file(const char *filename)
{
X509 *cert = NULL;
BIO *bio;
bio = BIO_new_file(filename, "r");
if (bio != NULL)
cert = PEM_read_bio_X509(bio, NULL, 0, NULL);
BIO_free(bio);
return cert;
}
static STACK_OF(X509) *load_certs_from_file(const char *filename)
{
STACK_OF(X509) *certs;
BIO *bio;
X509 *x;
bio = BIO_new_file(filename, "r");
if (bio == NULL) {
return NULL;
}
certs = sk_X509_new_null();
if (certs == NULL) {
BIO_free(bio);
return NULL;
}
ERR_set_mark();
do {
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
if (x != NULL && !sk_X509_push(certs, x)) {
sk_X509_pop_free(certs, X509_free);
BIO_free(bio);
return NULL;
} else if (x == NULL) {
/*
* We probably just ran out of certs, so ignore any errors
* generated
*/
ERR_pop_to_mark();
}
} while (x != NULL);
BIO_free(bio);
return certs;
}
#define load_cert_from_file(file) load_cert_pem(file, NULL)
/*
* Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
@ -122,7 +73,7 @@ static int test_alt_chains_cert_forgery(void)
if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM))
goto err;
untrusted = load_certs_from_file(untrusted_f);
untrusted = load_certs_pem(untrusted_f);
if ((x = load_cert_from_file(bad_f)) == NULL)
goto err;