diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-28 19:45:01 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-01-13 09:09:36 +0100 |
| commit | 0b7368dda011611855c66543f0b9c66b5bd646d1 (patch) | |
| tree | a74297439013b2802ac3ea0481f3ade51bccf605 | |
| parent | bf973d0697e61a44dc46d08b0421a08a8cb61887 (diff) | |
TEST: move cert, key, and CSR loading aux functions to new testutil/load.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13762)
| -rw-r--r-- | test/build.info | 2 | ||||
| -rw-r--r-- | test/cmp_client_test.c | 10 | ||||
| -rw-r--r-- | test/cmp_msg_test.c | 10 | ||||
| -rw-r--r-- | test/cmp_protect_test.c | 14 | ||||
| -rw-r--r-- | test/cmp_vfy_test.c | 16 | ||||
| -rw-r--r-- | test/helpers/cmp_testlib.c | 42 | ||||
| -rw-r--r-- | test/helpers/cmp_testlib.h | 3 | ||||
| -rw-r--r-- | test/helpers/pkcs12.c | 16 | ||||
| -rw-r--r-- | test/http_test.c | 16 | ||||
| -rw-r--r-- | test/testutil.h | 7 | ||||
| -rw-r--r-- | test/testutil/load.c | 97 | ||||
| -rw-r--r-- | test/verify_extra_test.c | 53 |
12 files changed, 139 insertions, 147 deletions
diff --git a/test/build.info b/test/build.info index 81f9b9cb66..a8f60c385b 100644 --- a/test/build.info +++ b/test/build.info @@ -20,7 +20,7 @@ IF[{- !$disabled{tests} -}] LIBS{noinst,has_main}=libtestutil.a SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output.c \ testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \ - testutil/format_output.c \ + testutil/format_output.c testutil/load.c \ testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \ testutil/options.c testutil/test_options.c testutil/provider.c \ testutil/apps_mem.c testutil/random.c $LIBAPPSSRC diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index efb185402b..e2c0ca5534 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -226,7 +226,7 @@ static int test_exec_P10CR_ses(void) SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_P10CR; fixture->expected = 1; - if (!TEST_ptr(req = load_csr(pkcs10_f)) + if (!TEST_ptr(req = load_csr_der(pkcs10_f)) || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) { tear_down(fixture); fixture = NULL; @@ -369,10 +369,10 @@ int setup_tests(void) if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 5, USAGE)) return 0; - if (!TEST_ptr(server_key = load_pem_key(server_key_f, libctx)) - || !TEST_ptr(server_cert = load_pem_cert(server_cert_f, libctx)) - || !TEST_ptr(client_key = load_pem_key(client_key_f, libctx)) - || !TEST_ptr(client_cert = load_pem_cert(client_cert_f, libctx)) + if (!TEST_ptr(server_key = load_pkey_pem(server_key_f, libctx)) + || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx)) + || !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx)) + || !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx)) || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) { cleanup_tests(); return 0; diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index 0b56d66d45..696679980f 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -226,7 +226,7 @@ static int test_cmp_create_p10cr(void) fixture->bodytype = OSSL_CMP_PKIBODY_P10CR; fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ; fixture->expected = 1; - if (!TEST_ptr(p10cr = load_csr(pkcs10_f)) + if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f)) || !TEST_true(set1_newPkey(ctx, newkey)) || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) { tear_down(fixture); @@ -504,8 +504,8 @@ static int test_cmp_pkimessage_create(int bodytype) switch (fixture->bodytype = bodytype) { case OSSL_CMP_PKIBODY_P10CR: fixture->expected = 1; - if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, - p10cr = load_csr(pkcs10_f)))) { + p10cr = load_csr_der(pkcs10_f); + if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, p10cr))) { tear_down(fixture); fixture = NULL; } @@ -564,8 +564,8 @@ int setup_tests(void) if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 3, USAGE)) return 0; - if (!TEST_ptr(newkey = load_pem_key(newkey_f, libctx)) - || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx)) + if (!TEST_ptr(newkey = load_pkey_pem(newkey_f, libctx)) + || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx)) || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) { cleanup_tests(); return 0; diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index d4acb716e7..cc8aabb14d 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -541,21 +541,21 @@ int setup_tests(void) if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE)) return 0; - if (!TEST_ptr(loadedkey = load_pem_key(server_key_f, libctx)) - || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx))) + if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx)) + || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))) return 0; - if (!TEST_ptr(loadedprivkey = load_pem_key(server_f, libctx))) + if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx))) return 0; if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) loadedpubkey = loadedprivkey; if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f)) || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))) return 0; - if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx)) - || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx)) - || !TEST_ptr(root = load_pem_cert(root_f, libctx)) - || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx))) + if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) + || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) + || !TEST_ptr(root = load_cert_pem(root_f, libctx)) + || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) return 0; if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) return 0; diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index d45c938335..646d1a9aa1 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -604,19 +604,19 @@ int setup_tests(void) return 0; /* Load certificates for cert chain */ - if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx)) - || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx)) - || !TEST_ptr(root = load_pem_cert(root_f, NULL)) - || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx))) + if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) + || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) + || !TEST_ptr(root = load_cert_pem(root_f, NULL)) + || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx))) goto err; - if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f, libctx)) - || !TEST_ptr(instaca_cert = load_pem_cert(instaca_f, libctx))) + if (!TEST_ptr(insta_cert = load_cert_pem(instacert_f, libctx)) + || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx))) goto err; /* Load certificates for message validation */ - if (!TEST_ptr(srvcert = load_pem_cert(server_f, libctx)) - || !TEST_ptr(clcert = load_pem_cert(client_f, libctx))) + if (!TEST_ptr(srvcert = load_cert_pem(server_f, libctx)) + || !TEST_ptr(clcert = load_cert_pem(client_f, libctx))) goto err; if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) goto err; diff --git a/test/helpers/cmp_testlib.c b/test/helpers/cmp_testlib.c index 627b73c3b1..3c58f69b0c 100644 --- a/test/helpers/cmp_testlib.c +++ b/test/helpers/cmp_testlib.c @@ -12,36 +12,6 @@ #include "cmp_testlib.h" #include <openssl/rsa.h> /* needed in case config no-deprecated */ -EVP_PKEY *load_pem_key(const char *file, OSSL_LIB_CTX *libctx) -{ - EVP_PKEY *key = NULL; - BIO *bio = NULL; - - if (!TEST_ptr(bio = BIO_new(BIO_s_file()))) - return NULL; - if (TEST_int_gt(BIO_read_filename(bio, file), 0)) - (void)TEST_ptr(key = PEM_read_bio_PrivateKey_ex(bio, NULL, NULL, NULL, - libctx, NULL)); - - BIO_free(bio); - return key; -} - -X509 *load_pem_cert(const char *file, OSSL_LIB_CTX *libctx) -{ - X509 *cert = NULL; - BIO *bio = NULL; - - if (!TEST_ptr(bio = BIO_new(BIO_s_file()))) - return NULL; - if (TEST_int_gt(BIO_read_filename(bio, file), 0) - && TEST_ptr(cert = X509_new_ex(libctx, NULL))) - (void)TEST_ptr(cert = PEM_read_bio_X509(bio, &cert, NULL, NULL)); - - BIO_free(bio); - return cert; -} - OSSL_CMP_MSG *load_pkimsg(const char *file) { OSSL_CMP_MSG *msg; @@ -50,18 +20,6 @@ OSSL_CMP_MSG *load_pkimsg(const char *file) return msg; } -X509_REQ *load_csr(const char *file) -{ - X509_REQ *csr = NULL; - BIO *bio = NULL; - - if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new_file(file, "rb"))) - return NULL; - (void)TEST_ptr(csr = d2i_X509_REQ_bio(bio, NULL)); - BIO_free(bio); - return csr; -} - /* * Checks whether the syntax of msg conforms to ASN.1 */ diff --git a/test/helpers/cmp_testlib.h b/test/helpers/cmp_testlib.h index 0bee099a67..b33c1b5400 100644 --- a/test/helpers/cmp_testlib.h +++ b/test/helpers/cmp_testlib.h @@ -22,9 +22,6 @@ # ifndef OPENSSL_NO_CMP # define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */ -EVP_PKEY *load_pem_key(const char *file, OSSL_LIB_CTX *libctx); -X509 *load_pem_cert(const char *file, OSSL_LIB_CTX *libctx); -X509_REQ *load_csr(const char *file); OSSL_CMP_MSG *load_pkimsg(const char *file); int valid_asn1_encoding(const OSSL_CMP_MSG *msg); int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2); diff --git a/test/helpers/pkcs12.c b/test/helpers/pkcs12.c index 6489609d25..1c3a80c5c6 100644 --- a/test/helpers/pkcs12.c +++ b/test/helpers/pkcs12.c @@ -28,9 +28,6 @@ int write_files = 0; * Local function declarations */ -static X509 *load_cert(const unsigned char *bytes, int len); -static EVP_PKEY *load_pkey(const unsigned char *bytes, int len); - static int add_attributes(PKCS12_SAFEBAG *bag, const PKCS12_ATTR *attrs); static void generate_p12(PKCS12_BUILDER *pb, const PKCS12_ENC *mac); @@ -47,7 +44,7 @@ static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_A * Test data load functions */ -static X509 *load_cert(const unsigned char *bytes, int len) +static X509 *load_cert_asn1(const unsigned char *bytes, int len) { X509 *cert = NULL; @@ -58,7 +55,7 @@ err: return cert; } -static EVP_PKEY *load_pkey(const unsigned char *bytes, int len) +static EVP_PKEY *load_pkey_asn1(const unsigned char *bytes, int len) { EVP_PKEY *pkey = NULL; @@ -69,7 +66,6 @@ err: return pkey; } - /* ------------------------------------------------------------------------- * PKCS12 builder */ @@ -333,7 +329,7 @@ void add_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, if (!pb->success) return; - cert = load_cert(bytes, len); + cert = load_cert_asn1(bytes, len); if (!TEST_ptr(cert)) { pb->success = 0; return; @@ -368,7 +364,7 @@ void add_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, TEST_info("Adding key"); - pkey = load_pkey(bytes, len); + pkey = load_pkey_asn1(bytes, len); if (!TEST_ptr(pkey)) { pb->success = 0; return; @@ -511,7 +507,7 @@ void check_certbag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, pb->success = 0; goto err; } - ref_x509 = load_cert(bytes, len); + ref_x509 = load_cert_asn1(bytes, len); if (!TEST_false(X509_cmp(x509, ref_x509))) pb->success = 0; err: @@ -574,7 +570,7 @@ void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, } /* PKEY compare returns 1 for match */ - ref_pkey = load_pkey(bytes, len); + ref_pkey = load_pkey_asn1(bytes, len); if (!TEST_true(EVP_PKEY_eq(pkey, ref_pkey))) pb->success = 0; err: diff --git a/test/http_test.c b/test/http_test.c index 437fca97dc..e95249d21b 100644 --- a/test/http_test.c +++ b/test/http_test.c @@ -22,20 +22,6 @@ static X509 *x509 = NULL; #define RPATH "path/any.crt" static const char *rpath; -static X509 *load_pem_cert(const char *file) -{ - X509 *cert = NULL; - BIO *bio = NULL; - - if (!TEST_ptr(bio = BIO_new(BIO_s_file()))) - return NULL; - if (TEST_int_gt(BIO_read_filename(bio, file), 0)) - (void)TEST_ptr(cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)); - - BIO_free(bio); - return cert; -} - /* * pretty trivial HTTP mock server: * for POST, copy request headers+body from mem BIO 'in' as response to 'out' @@ -238,7 +224,7 @@ int setup_tests(void) } x509_it = ASN1_ITEM_rptr(X509); - if (!TEST_ptr((x509 = load_pem_cert(test_get_argument(0))))) + if (!TEST_ptr((x509 = load_cert_pem(test_get_argument(0), NULL)))) return 1; ADD_TEST(test_http_url_dns); diff --git a/test/testutil.h b/test/testutil.h index 91e4d4bdd9..73e522a817 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -16,6 +16,7 @@ # include <openssl/err.h> # include <openssl/e_os2.h> # include <openssl/bn.h> +# include <openssl/x509.h> # include "opt.h" /*- @@ -568,4 +569,10 @@ void test_random_seed(uint32_t sd); /* Create a file path from a directory and a filename */ char *test_mk_file_path(const char *dir, const char *file); +EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx); +X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx); +X509 *load_cert_der(const unsigned char *bytes, int len); +STACK_OF(X509) *load_certs_pem(const char *file); +X509_REQ *load_csr_der(const char *file); + #endif /* OSSL_TESTUTIL_H */ diff --git a/test/testutil/load.c b/test/testutil/load.c new file mode 100644 index 0000000000..9b188eb8a6 --- /dev/null +++ b/test/testutil/load.c @@ -0,0 +1,97 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include <stdlib.h> + +#include <openssl/x509.h> +#include <openssl/pem.h> + +#include "../testutil.h" + +X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx) +{ + X509 *cert = NULL; + BIO *bio = NULL; + + if (!TEST_ptr(bio = BIO_new(BIO_s_file()))) + return NULL; + if (TEST_int_gt(BIO_read_filename(bio, file), 0) + && TEST_ptr(cert = X509_new_ex(libctx, NULL))) + (void)TEST_ptr(cert = PEM_read_bio_X509(bio, &cert, NULL, NULL)); + + BIO_free(bio); + return cert; +} + +STACK_OF(X509) *load_certs_pem(const char *filename) +{ + STACK_OF(X509) *certs; + BIO *bio; + X509 *x; + + bio = BIO_new_file(filename, "r"); + + if (bio == NULL) { + return NULL; + } + + certs = sk_X509_new_null(); + if (certs == NULL) { + BIO_free(bio); + return NULL; + } + + ERR_set_mark(); + do { + x = PEM_read_bio_X509(bio, NULL, 0, NULL); + if (x != NULL && !sk_X509_push(certs, x)) { + sk_X509_pop_free(certs, X509_free); + BIO_free(bio); + return NULL; + } else if (x == NULL) { + /* + * We probably just ran out of certs, so ignore any errors + * generated + */ + ERR_pop_to_mark(); + } + } while (x != NULL); + + BIO_free(bio); + + return certs; +} + +EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx) +{ + EVP_PKEY *key = NULL; + BIO *bio = NULL; + + if (!TEST_ptr(bio = BIO_new(BIO_s_file()))) + return NULL; + if (TEST_int_gt(BIO_read_filename(bio, file), 0)) + (void)TEST_ptr(key = PEM_read_bio_PrivateKey_ex(bio, NULL, NULL, NULL, + libctx, NULL)); + + BIO_free(bio); + return key; +} + +X509_REQ *load_csr_der(const char *file) +{ + X509_REQ *csr = NULL; + BIO *bio = NULL; + + if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new_file(file, "rb"))) + return NULL; + (void)TEST_ptr(csr = d2i_X509_REQ_bio(bio, NULL)); + BIO_free(bio); + return csr; +} diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 668b62d408..300cca3fe4 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -22,56 +22,7 @@ static const char *untrusted_f; static const char *bad_f; static const char *req_f; -static X509 *load_cert_from_file(const char *filename) -{ - X509 *cert = NULL; - BIO *bio; - - bio = BIO_new_file(filename, "r"); - if (bio != NULL) - cert = PEM_read_bio_X509(bio, NULL, 0, NULL); - BIO_free(bio); - return cert; -} - -static STACK_OF(X509) *load_certs_from_file(const char *filename) -{ - STACK_OF(X509) *certs; - BIO *bio; - X509 *x; - - bio = BIO_new_file(filename, "r"); - - if (bio == NULL) { - return NULL; - } - - certs = sk_X509_new_null(); - if (certs == NULL) { - BIO_free(bio); - return NULL; - } - - ERR_set_mark(); - do { - x = PEM_read_bio_X509(bio, NULL, 0, NULL); - if (x != NULL && !sk_X509_push(certs, x)) { - sk_X509_pop_free(certs, X509_free); - BIO_free(bio); - return NULL; - } else if (x == NULL) { - /* - * We probably just ran out of certs, so ignore any errors - * generated - */ - ERR_pop_to_mark(); - } - } while (x != NULL); - - BIO_free(bio); - - return certs; -} +#define load_cert_from_file(file) load_cert_pem(file, NULL) /* * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) @@ -122,7 +73,7 @@ static int test_alt_chains_cert_forgery(void) if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM)) goto err; - untrusted = load_certs_from_file(untrusted_f); + untrusted = load_certs_pem(untrusted_f); if ((x = load_cert_from_file(bad_f)) == NULL) goto err; |