diff options
Diffstat (limited to 'openssl-1.1.0h/test/ocspapitest.c')
-rw-r--r-- | openssl-1.1.0h/test/ocspapitest.c | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/openssl-1.1.0h/test/ocspapitest.c b/openssl-1.1.0h/test/ocspapitest.c new file mode 100644 index 0000000..42befe7 --- /dev/null +++ b/openssl-1.1.0h/test/ocspapitest.c @@ -0,0 +1,168 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> + +#include <openssl/opensslconf.h> +#include <openssl/crypto.h> +#include <openssl/ocsp.h> +#include <openssl/x509.h> +#include <openssl/asn1.h> +#include <openssl/pem.h> + +#include "testutil.h" + +static const char *certstr; +static const char *privkeystr; + +#ifndef OPENSSL_NO_OCSP +static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) +{ + BIO *certbio, *keybio; + X509 *cert = NULL; + EVP_PKEY *key = NULL; + + if ((certbio = BIO_new_file(certstr, "r")) == NULL) + return 0; + cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); + BIO_free(certbio); + if ((keybio = BIO_new_file(privkeystr, "r")) == NULL) + goto end; + key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); + BIO_free(keybio); + if (cert == NULL || key == NULL) + goto end; + *cert_out = cert; + *key_out = key; + return 1; + end: + X509_free(cert); + EVP_PKEY_free(key); + return 0; +} + +static OCSP_BASICRESP *make_dummy_resp(void) +{ + const unsigned char namestr[] = "openssl.example.com"; + unsigned char keybytes[128] = {7}; + OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); + OCSP_BASICRESP *bs_out = NULL; + OCSP_CERTID *cid = NULL; + ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL)); + ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200); + X509_NAME *name = X509_NAME_new(); + ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + + if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, + namestr, -1, -1, 1) + || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)) + || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) + goto err; + cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); + if (bs == NULL + || thisupd == NULL + || nextupd == NULL + || cid == NULL + || !OCSP_basic_add1_status(bs, cid, + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, thisupd, nextupd)) + goto err; + bs_out = bs; + bs = NULL; + err: + ASN1_TIME_free(thisupd); + ASN1_TIME_free(nextupd); + ASN1_BIT_STRING_free(key); + ASN1_INTEGER_free(serial); + OCSP_CERTID_free(cid); + OCSP_BASICRESP_free(bs); + X509_NAME_free(name); + return bs_out; +} + +static int test_resp_signer(void) +{ + OCSP_BASICRESP *bs = NULL; + X509 *signer = NULL, *tmp; + EVP_PKEY *key = NULL; + STACK_OF(X509) *extra_certs = NULL; + int ret = 0; + + /* + * Test a response with no certs at all; get the signer from the + * extra certs given to OCSP_resp_get0_signer(). + */ + bs = make_dummy_resp(); + extra_certs = sk_X509_new_null(); + if (bs == NULL + || extra_certs == NULL + || !get_cert_and_key(&signer, &key) + || !sk_X509_push(extra_certs, signer) + || !OCSP_basic_sign(bs, signer, key, EVP_sha1(), + NULL, OCSP_NOCERTS)) + goto err; + if (!OCSP_resp_get0_signer(bs, &tmp, extra_certs) + || X509_cmp(tmp, signer) != 0) + goto err; + OCSP_BASICRESP_free(bs); + + /* Do it again but include the signer cert */ + bs = make_dummy_resp(); + tmp = NULL; + if (bs == NULL + || !OCSP_basic_sign(bs, signer, key, EVP_sha1(), + NULL, 0)) + goto err; + if (!OCSP_resp_get0_signer(bs, &tmp, NULL) + || X509_cmp(tmp, signer) != 0) + goto err; + ret = 1; + err: + OCSP_BASICRESP_free(bs); + sk_X509_free(extra_certs); + X509_free(signer); + EVP_PKEY_free(key); + return ret; +} +#endif + +int main(int argc, char *argv[]) +{ + int testresult = 1; + BIO *err = NULL; + + if (argc != 3) { + printf("Invalid argument count\n"); + return 1; + } + if ((certstr = argv[1]) == NULL + || (privkeystr = argv[2]) == NULL) + return 1; + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +#ifndef OPENSSL_NO_OCSP + ADD_TEST(test_resp_signer); +#endif + testresult = run_tests(argv[0]); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks(err) <= 0) + testresult = 1; +#endif + BIO_free(err); + + if (!testresult) + printf("PASS\n"); + + return testresult; +} |