X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=test%2Fverify_extra_test.c;h=6cce626026ff07bd67de226deafbcb7c2d694df8;hb=2de64666a07cccf8477e6483de62ae31f463df64;hp=a0df29df17a6ecde3153a6c7f62dc28ae2c34ddc;hpb=a9c6d221055c3a85edb23b1364cd60baafed4b9f;p=openssl.git

diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
index a0df29df17..6cce626026 100644
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -1,13 +1,14 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/bio.h>
 #include <openssl/x509.h>
@@ -15,6 +16,13 @@
 #include <openssl/err.h>
 #include "testutil.h"
 
+DEFINE_STACK_OF(X509)
+
+static const char *roots_f;
+static const char *untrusted_f;
+static const char *bad_f;
+static const char *req_f;
+
 static STACK_OF(X509) *load_certs_from_file(const char *filename)
 {
     STACK_OF(X509) *certs;
@@ -83,9 +91,7 @@ static STACK_OF(X509) *load_certs_from_file(const char *filename)
  * CA=FALSE, and will therefore incorrectly verify bad
  *
  */
-static int test_alt_chains_cert_forgery(const char *roots_f,
-                                        const char *untrusted_f,
-                                        const char *bad_f)
+static int test_alt_chains_cert_forgery(void)
 {
     int ret = 0;
     int i;
@@ -136,14 +142,141 @@ static int test_alt_chains_cert_forgery(const char *roots_f,
     return ret;
 }
 
-int test_main(int argc, char **argv)
+static int test_store_ctx(void)
 {
-    if (argc != 4) {
-        TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
-        return EXIT_FAILURE;
+    X509_STORE_CTX *sctx = NULL;
+    X509 *x = NULL;
+    BIO *bio = NULL;
+    int testresult = 0, ret;
+
+    bio = BIO_new_file(bad_f, "r");
+    if (bio == NULL)
+        goto err;
+
+    x = PEM_read_bio_X509(bio, NULL, 0, NULL);
+    if (x == NULL)
+        goto err;
+
+    sctx = X509_STORE_CTX_new();
+    if (sctx == NULL)
+        goto err;
+
+    if (!X509_STORE_CTX_init(sctx, NULL, x, NULL))
+        goto err;
+
+    /* Verifying a cert where we have no trusted certs should fail */
+    ret = X509_verify_cert(sctx);
+
+    if (ret == 0) {
+        /* This is the result we were expecting: Test passed */
+        testresult = 1;
     }
 
-    if (!TEST_true(test_alt_chains_cert_forgery(argv[1], argv[2], argv[3])))
-        return EXIT_FAILURE;
-    return EXIT_SUCCESS;
+ err:
+    X509_STORE_CTX_free(sctx);
+    X509_free(x);
+    BIO_free(bio);
+    return testresult;
+}
+
+OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
+
+static int test_distinguishing_id(void)
+{
+    X509 *x = NULL;
+    BIO *bio = NULL;
+    int ret = 0;
+    ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
+    char *distid = "this is an ID";
+
+    bio = BIO_new_file(bad_f, "r");
+    if (bio == NULL)
+        goto err;
+
+    x = PEM_read_bio_X509(bio, NULL, 0, NULL);
+    if (x == NULL)
+        goto err;
+
+    v = ASN1_OCTET_STRING_new();
+    if (v == NULL)
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
+                               (int)strlen(distid))) {
+        ASN1_OCTET_STRING_free(v);
+        goto err;
+    }
+
+    X509_set0_distinguishing_id(x, v);
+
+    v2 = X509_get0_distinguishing_id(x);
+    if (!TEST_ptr(v2)
+            || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
+        goto err;
+
+    ret = 1;
+ err:
+    X509_free(x);
+    BIO_free(bio);
+    return ret;
+}
+
+static int test_req_distinguishing_id(void)
+{
+    X509_REQ *x = NULL;
+    BIO *bio = NULL;
+    int ret = 0;
+    ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
+    char *distid = "this is an ID";
+
+    bio = BIO_new_file(req_f, "r");
+    if (bio == NULL)
+        goto err;
+
+    x = PEM_read_bio_X509_REQ(bio, NULL, 0, NULL);
+    if (x == NULL)
+        goto err;
+
+    v = ASN1_OCTET_STRING_new();
+    if (v == NULL)
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(v, (unsigned char *)distid,
+                               (int)strlen(distid))) {
+        ASN1_OCTET_STRING_free(v);
+        goto err;
+    }
+
+    X509_REQ_set0_distinguishing_id(x, v);
+
+    v2 = X509_REQ_get0_distinguishing_id(x);
+    if (!TEST_ptr(v2)
+            || !TEST_int_eq(ASN1_OCTET_STRING_cmp(v, v2), 0))
+        goto err;
+
+    ret = 1;
+ err:
+    X509_REQ_free(x);
+    BIO_free(bio);
+    return ret;
+}
+
+int setup_tests(void)
+{
+    if (!test_skip_common_options()) {
+        TEST_error("Error parsing test options\n");
+        return 0;
+    }
+
+    if (!TEST_ptr(roots_f = test_get_argument(0))
+            || !TEST_ptr(untrusted_f = test_get_argument(1))
+            || !TEST_ptr(bad_f = test_get_argument(2))
+            || !TEST_ptr(req_f = test_get_argument(3)))
+        return 0;
+
+    ADD_TEST(test_alt_chains_cert_forgery);
+    ADD_TEST(test_store_ctx);
+    ADD_TEST(test_distinguishing_id);
+    ADD_TEST(test_req_distinguishing_id);
+    return 1;
 }