X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Focspapitest.c;h=9e8c30625996a0c17b36c0286472e8a21ae06d28;hp=e76f724343346054487aaf5a4ed4ce9c3e301873;hb=HEAD;hpb=27da13430bfb3c178716cec10e8d5d6134e54f90 diff --git a/test/ocspapitest.c b/test/ocspapitest.c index e76f724343..13026d6b4a 100644 --- a/test/ocspapitest.c +++ b/test/ocspapitest.c @@ -1,7 +1,7 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -21,6 +21,7 @@ static const char *certstr; static const char *privkeystr; +#ifndef OPENSSL_NO_OCSP static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) { BIO *certbio, *keybio; @@ -46,23 +47,46 @@ static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) return 0; } +static int get_cert(X509 **cert_out) +{ + BIO *certbio; + X509 *cert = NULL; + + if (!TEST_ptr(certbio = BIO_new_file(certstr, "r"))) + return 0; + cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); + BIO_free(certbio); + if (!TEST_ptr(cert)) + goto end; + *cert_out = cert; + return 1; + end: + X509_free(cert); + return 0; +} + static OCSP_BASICRESP *make_dummy_resp(void) { const unsigned char namestr[] = "openssl.example.com"; unsigned char keybytes[128] = {7}; OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); - OCSP_CERTID *cid; + OCSP_BASICRESP *bs_out = NULL; + OCSP_CERTID *cid = NULL; ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL)); ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200); X509_NAME *name = X509_NAME_new(); ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); ASN1_INTEGER *serial = ASN1_INTEGER_new(); - if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, - namestr, -1, -1, 1) - || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes) - || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1))) - return NULL; + if (!TEST_ptr(name) + || !TEST_ptr(key) + || !TEST_ptr(serial) + || !TEST_true(X509_NAME_add_entry_by_NID(name, NID_commonName, + MBSTRING_ASC, + namestr, -1, -1, 1)) + || !TEST_true(ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))) + || !TEST_true(ASN1_INTEGER_set_uint64(serial, (uint64_t)1))) + goto err; cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); if (!TEST_ptr(bs) || !TEST_ptr(thisupd) @@ -71,23 +95,27 @@ static OCSP_BASICRESP *make_dummy_resp(void) || !TEST_true(OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_UNKNOWN, 0, NULL, thisupd, nextupd))) - return NULL; + goto err; + bs_out = bs; + bs = NULL; + err: ASN1_TIME_free(thisupd); ASN1_TIME_free(nextupd); ASN1_BIT_STRING_free(key); ASN1_INTEGER_free(serial); OCSP_CERTID_free(cid); + OCSP_BASICRESP_free(bs); X509_NAME_free(name); - return bs; + return bs_out; } -#ifndef OPENSSL_NO_OCSP static int test_resp_signer(void) { - OCSP_BASICRESP *bs; + OCSP_BASICRESP *bs = NULL; X509 *signer = NULL, *tmp; EVP_PKEY *key = NULL; - STACK_OF(X509) *extra_certs; + STACK_OF(X509) *extra_certs = NULL; + int ret = 0; /* * Test a response with no certs at all; get the signer from the @@ -101,10 +129,10 @@ static int test_resp_signer(void) || !TEST_true(sk_X509_push(extra_certs, signer)) || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), NULL, OCSP_NOCERTS))) - return 0; + goto err; if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs)) || !TEST_int_eq(X509_cmp(tmp, signer), 0)) - return 0; + goto err; OCSP_BASICRESP_free(bs); /* Do it again but include the signer cert */ @@ -113,25 +141,96 @@ static int test_resp_signer(void) if (!TEST_ptr(bs) || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), NULL, 0))) - return 0; + goto err; if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL)) || !TEST_int_eq(X509_cmp(tmp, signer), 0)) - return 0; + goto err; + ret = 1; + err: OCSP_BASICRESP_free(bs); sk_X509_free(extra_certs); X509_free(signer); EVP_PKEY_free(key); - return 1; + return ret; } -#endif + +static int test_access_description(int testcase) +{ + ACCESS_DESCRIPTION *ad = ACCESS_DESCRIPTION_new(); + int ret = 0; + + if (!TEST_ptr(ad)) + goto err; + + switch (testcase) { + case 0: /* no change */ + break; + case 1: /* check and release current location */ + if (!TEST_ptr(ad->location)) + goto err; + GENERAL_NAME_free(ad->location); + ad->location = NULL; + break; + case 2: /* replace current location */ + GENERAL_NAME_free(ad->location); + ad->location = GENERAL_NAME_new(); + if (!TEST_ptr(ad->location)) + goto err; + break; + } + ACCESS_DESCRIPTION_free(ad); + ret = 1; +err: + return ret; +} + +static int test_ocsp_url_svcloc_new(void) +{ + static const char *urls[] = { + "www.openssl.org", + "www.openssl.net", + NULL + }; + + X509 *issuer = NULL; + X509_EXTENSION *ext = NULL; + int ret = 0; + + if (!TEST_true(get_cert(&issuer))) + goto err; + + /* + * Test calling this ocsp method to catch any memory leak + */ + ext = OCSP_url_svcloc_new(X509_get_issuer_name(issuer), urls); + if (!TEST_ptr(ext)) + goto err; + + X509_EXTENSION_free(ext); + ret = 1; +err: + X509_free(issuer); + return ret; +} + +#endif /* OPENSSL_NO_OCSP */ + +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") int setup_tests(void) { + if (!test_skip_common_options()) { + TEST_error("Error parsing test options\n"); + return 0; + } + if (!TEST_ptr(certstr = test_get_argument(0)) || !TEST_ptr(privkeystr = test_get_argument(1))) return 0; #ifndef OPENSSL_NO_OCSP ADD_TEST(test_resp_signer); + ADD_ALL_TESTS(test_access_description, 3); + ADD_TEST(test_ocsp_url_svcloc_new); #endif return 1; }