X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fcrltest.c;h=048f67fec5731a81eaa5a7d6cce08f99d52a9946;hp=e633fd355c9e65024ba62c358271003ce2eb9bb3;hb=e2c1aa1ba3bc48eaaaed02c6a9a227d765e42fcb;hpb=2fae041d6c507315a619e2f29bff86e44cc1d0a1 diff --git a/test/crltest.c b/test/crltest.c index e633fd355c..048f67fec5 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,6 @@ * https://www.openssl.org/source/license.html */ -#include #include "../e_os.h" #include #include @@ -17,7 +16,6 @@ #include #include "testutil.h" -#include "test_main.h" #define PARAM_TIME 1474934400 /* Sep 27th, 2016 */ @@ -178,6 +176,12 @@ static const char *kUnknownCriticalCRL2[] = { NULL }; +static const char **unknown_critical_crls[] = { + kUnknownCriticalCRL, kUnknownCriticalCRL2 +}; + +static X509 *test_root = NULL; +static X509 *test_leaf = NULL; /* * Glue an array of strings together. Return a BIO and put the string @@ -243,29 +247,22 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, STACK_OF(X509) *roots = sk_X509_new_null(); int status = X509_V_ERR_UNSPECIFIED; - if (!TEST_ptr(ctx)) - goto err; - if (!TEST_ptr(store)) - goto err; - if (!TEST_ptr(param)) - goto err; - if (!TEST_ptr(roots)) + if (!TEST_ptr(ctx) + || !TEST_ptr(store) + || !TEST_ptr(param) + || !TEST_ptr(roots)) goto err; /* Create a stack; upref the cert because we free it below. */ X509_up_ref(root); - if (!TEST_true(sk_X509_push(roots, root))) - goto err; - - if (!TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL))) + if (!TEST_true(sk_X509_push(roots, root)) + || !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL))) goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); X509_VERIFY_PARAM_set_time(param, PARAM_TIME); - if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) { - TEST_info("set_time/get_time mismatch."); + if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) goto err; - } X509_VERIFY_PARAM_set_depth(param, 16); if (flags) X509_VERIFY_PARAM_set_flags(param, flags); @@ -300,94 +297,90 @@ static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2) return sk; } -static int test_crl() +static int test_basic_crl(void) { - X509 *root = X509_from_strings(kCRLTestRoot); - X509 *leaf = X509_from_strings(kCRLTestLeaf); X509_CRL *basic_crl = CRL_from_strings(kBasicCRL); X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL); - X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); - X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); - X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL); - X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2); - int status = 0; + int r; + + r = TEST_ptr(basic_crl) + && TEST_ptr(revoked_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(basic_crl, NULL), + X509_V_FLAG_CRL_CHECK), X509_V_OK) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(basic_crl, revoked_crl), + X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED); + X509_CRL_free(basic_crl); + X509_CRL_free(revoked_crl); + return r; +} - if (!TEST_ptr(root)) - goto err; - if (!TEST_ptr(leaf)) - goto err; - if (!TEST_ptr(basic_crl)) - goto err; - if (!TEST_ptr(revoked_crl)) - goto err; - if (!TEST_ptr(bad_issuer_crl)) - goto err; - if (!TEST_ptr(known_critical_crl)) - goto err; - if (!TEST_ptr(unknown_critical_crl)) - goto err; - if (!TEST_ptr(unknown_critical_crl2)) - goto err; +static int test_no_crl(void) +{ + return TEST_int_eq(verify(test_leaf, test_root, NULL, + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); +} - if (verify(leaf, root, make_CRL_stack(basic_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_OK) { - TEST_info("Cert with CRL didn't verify."); - goto err; - } +static int test_bad_issuer_crl(void) +{ + X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); + int r; - if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl), - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) { - TEST_info("Revoked CRL wasn't checked."); - goto err; - } + r = TEST_ptr(bad_issuer_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(bad_issuer_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); + X509_CRL_free(bad_issuer_crl); + return r; +} - if (verify(leaf, root, NULL, - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { - TEST_info("CRLs were not required."); - goto err; - } +static int test_known_critical_crl(void) +{ + X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); + int r; - if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { - TEST_info("Bad CRL issuer was unnoticed."); - goto err; - } + r = TEST_ptr(known_critical_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(known_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), X509_V_OK); + X509_CRL_free(known_critical_crl); + return r; +} - if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_OK) { - TEST_info("CRL with known critical extension was rejected."); - goto err; - } +static int test_unknown_critical_crl(int n) +{ + X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]); + int r; + + r = TEST_ptr(unknown_critical_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(unknown_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); + X509_CRL_free(unknown_critical_crl); + return r; +} - if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK) != - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { - TEST_info("CRL with unknown critical extension was accepted."); - goto err; - } +int test_main(int argc, char *argv[]) +{ + int status = EXIT_FAILURE; - if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL), - X509_V_FLAG_CRL_CHECK) != - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { - TEST_info("CRL with unknown critical extension (2) was accepted."); + if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) + || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf))) goto err; - } - status = 1; + ADD_TEST(test_no_crl); + ADD_TEST(test_basic_crl); + ADD_TEST(test_bad_issuer_crl); + ADD_TEST(test_known_critical_crl); + ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); + status = run_tests(argv[0]); err: - X509_free(root); - X509_free(leaf); - X509_CRL_free(basic_crl); - X509_CRL_free(revoked_crl); - X509_CRL_free(bad_issuer_crl); - X509_CRL_free(known_critical_crl); - X509_CRL_free(unknown_critical_crl); - X509_CRL_free(unknown_critical_crl2); + X509_free(test_root); + X509_free(test_leaf); return status; } - -void register_tests(void) -{ - ADD_TEST(test_crl); -}