X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2Fcrltest.c;h=738ca23ce571e667654091b8f238f6dfd2d52c6f;hp=d95f0608e392f4b55d02733c0489a6d4a8c1ef39;hb=cf72c7579201086cee303eadcb60bd28eff78dd9;hpb=2b40699082d1e5d0e94811542c4f0633ab2d5989 diff --git a/test/crltest.c b/test/crltest.c index d95f0608e3..738ca23ce5 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include -#include "../e_os.h" +#include "internal/nelem.h" #include #include #include @@ -17,7 +16,8 @@ #include #include "testutil.h" -#include "test_main.h" + +#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */ static const char *kCRLTestRoot[] = { "-----BEGIN CERTIFICATE-----\n", @@ -176,6 +176,12 @@ static const char *kUnknownCriticalCRL2[] = { NULL }; +static const char **unknown_critical_crls[] = { + kUnknownCriticalCRL, kUnknownCriticalCRL2 +}; + +static X509 *test_root = NULL; +static X509 *test_leaf = NULL; /* * Glue an array of strings together. Return a BIO and put the string @@ -241,23 +247,27 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, STACK_OF(X509) *roots = sk_X509_new_null(); int status = X509_V_ERR_UNSPECIFIED; - if (ctx == NULL || store == NULL || param == NULL || roots == NULL) + if (!TEST_ptr(ctx) + || !TEST_ptr(store) + || !TEST_ptr(param) + || !TEST_ptr(roots)) goto err; /* Create a stack; upref the cert because we free it below. */ X509_up_ref(root); - if (!sk_X509_push(roots, root)) - goto err; - - if (!X509_STORE_CTX_init(ctx, store, leaf, NULL)) + if (!TEST_true(sk_X509_push(roots, root)) + || !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL))) goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); - X509_VERIFY_PARAM_set_time(param, 1474934400 /* Sep 27th, 2016 */); + X509_VERIFY_PARAM_set_time(param, PARAM_TIME); + if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) + goto err; X509_VERIFY_PARAM_set_depth(param, 16); if (flags) X509_VERIFY_PARAM_set_flags(param, flags); X509_STORE_CTX_set0_param(ctx, param); + param = NULL; ERR_clear_error(); status = X509_verify_cert(ctx) == 1 ? X509_V_OK @@ -265,6 +275,7 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, err: sk_X509_pop_free(roots, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); + X509_VERIFY_PARAM_free(param); X509_STORE_CTX_free(ctx); X509_STORE_free(store); return status; @@ -288,85 +299,89 @@ static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2) return sk; } -static int test_crl() +static int test_basic_crl(void) { - X509 *root = X509_from_strings(kCRLTestRoot); - X509 *leaf = X509_from_strings(kCRLTestLeaf); X509_CRL *basic_crl = CRL_from_strings(kBasicCRL); X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL); - X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); - X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); - X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL); - X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2); - int status = 0; - - if (root == NULL || leaf == NULL || basic_crl == NULL - || revoked_crl == NULL || bad_issuer_crl == NULL - || known_critical_crl == NULL || unknown_critical_crl == NULL - || unknown_critical_crl2 == NULL) { - fprintf(stderr, "Failed to parse certificates and CRLs.\n"); - goto err; - } - - if (verify(leaf, root, make_CRL_stack(basic_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_OK) { - fprintf(stderr, "Cert with CRL didn't verify.\n"); - goto err; - } - - if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl), - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) { - fprintf(stderr, "Revoked CRL wasn't checked.\n"); - goto err; - } - - if (verify(leaf, root, NULL, - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { - fprintf(stderr, "CRLs were not required.\n"); - goto err; - } - - if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { - fprintf(stderr, "Bad CRL issuer was unnoticed.\n"); - goto err; - } + int r; + + r = TEST_ptr(basic_crl) + && TEST_ptr(revoked_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(basic_crl, NULL), + X509_V_FLAG_CRL_CHECK), X509_V_OK) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(basic_crl, revoked_crl), + X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED); + X509_CRL_free(basic_crl); + X509_CRL_free(revoked_crl); + return r; +} - if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_OK) { - fprintf(stderr, "CRL with known critical extension was rejected.\n"); - goto err; - } +static int test_no_crl(void) +{ + return TEST_int_eq(verify(test_leaf, test_root, NULL, + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); +} - if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK) != - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { - fprintf(stderr, "CRL with unknown critical extension was accepted.\n"); - goto err; - } +static int test_bad_issuer_crl(void) +{ + X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); + int r; - if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL), - X509_V_FLAG_CRL_CHECK) != - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { - fprintf(stderr, "CRL with unknown critical extension (2) was accepted.\n"); - goto err; - } + r = TEST_ptr(bad_issuer_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(bad_issuer_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); + X509_CRL_free(bad_issuer_crl); + return r; +} - status = 1; +static int test_known_critical_crl(void) +{ + X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); + int r; -err: - X509_free(root); - X509_free(leaf); - X509_CRL_free(basic_crl); - X509_CRL_free(revoked_crl); - X509_CRL_free(bad_issuer_crl); + r = TEST_ptr(known_critical_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(known_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), X509_V_OK); X509_CRL_free(known_critical_crl); + return r; +} + +static int test_unknown_critical_crl(int n) +{ + X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]); + int r; + + r = TEST_ptr(unknown_critical_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(unknown_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); X509_CRL_free(unknown_critical_crl); - X509_CRL_free(unknown_critical_crl2); - return status; + return r; +} + +int setup_tests(void) +{ + if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) + || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf))) + return 0; + + ADD_TEST(test_no_crl); + ADD_TEST(test_basic_crl); + ADD_TEST(test_bad_issuer_crl); + ADD_TEST(test_known_critical_crl); + ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); + return 1; } -void register_tests(void) +void cleanup_tests(void) { - ADD_TEST(test_crl); + X509_free(test_root); + X509_free(test_leaf); }