Add X509_self_signed(), extending and improving documenation and tests

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)

2 files changed, 51 insertions, 24 deletions

diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t
index b8f4ab4312..6876870bbf 100644
--- a/test/recipes/70-test_verify_extra.t
+++ b/test/recipes/70-test_verify_extra.t
@@ -14,6 +14,7 @@ setup("test_verify_extra");
 plan tests => 1;
 
 ok(run(test(["verify_extra_test",
+             srctop_file("test", "certs", "rootCA.pem"),
              srctop_file("test", "certs", "roots.pem"),
              srctop_file("test", "certs", "untrusted.pem"),
              srctop_file("test", "certs", "bad.pem"),
diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
index 6cce626026..99a6361142 100644
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -18,11 +18,24 @@
 
 DEFINE_STACK_OF(X509)
 
+static const char *root_f;
 static const char *roots_f;
 static const char *untrusted_f;
 static const char *bad_f;
 static const char *req_f;
 
+static X509 *load_cert_from_file(const char *filename)
+{
+    X509 *cert = NULL;
+    BIO *bio;
+
+    bio = BIO_new_file(filename, "r");
+    if (bio != NULL)
+        cert = PEM_read_bio_X509(bio, NULL, 0, NULL);
+    BIO_free(bio);
+    return cert;
+}
+
 static STACK_OF(X509) *load_certs_from_file(const char *filename)
 {
     STACK_OF(X509) *certs;
@@ -97,7 +110,6 @@ static int test_alt_chains_cert_forgery(void)
     int i;
     X509 *x = NULL;
     STACK_OF(X509) *untrusted = NULL;
-    BIO *bio = NULL;
     X509_STORE_CTX *sctx = NULL;
     X509_STORE *store = NULL;
     X509_LOOKUP *lookup = NULL;
@@ -114,10 +126,7 @@ static int test_alt_chains_cert_forgery(void)
 
     untrusted = load_certs_from_file(untrusted_f);
 
-    if ((bio = BIO_new_file(bad_f, "r")) == NULL)
-        goto err;
-
-    if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
+    if ((x = load_cert_from_file(bad_f)) == NULL)
         goto err;
 
     sctx = X509_STORE_CTX_new();
@@ -136,7 +145,6 @@ static int test_alt_chains_cert_forgery(void)
  err:
     X509_STORE_CTX_free(sctx);
     X509_free(x);
-    BIO_free(bio);
     sk_X509_pop_free(untrusted, X509_free);
     X509_STORE_free(store);
     return ret;
@@ -146,14 +154,9 @@ static int test_store_ctx(void)
 {
     X509_STORE_CTX *sctx = NULL;
     X509 *x = NULL;
-    BIO *bio = NULL;
     int testresult = 0, ret;
 
-    bio = BIO_new_file(bad_f, "r");
-    if (bio == NULL)
-        goto err;
-
-    x = PEM_read_bio_X509(bio, NULL, 0, NULL);
+    x = load_cert_from_file(bad_f);
     if (x == NULL)
         goto err;
 
@@ -175,7 +178,6 @@ static int test_store_ctx(void)
  err:
     X509_STORE_CTX_free(sctx);
     X509_free(x);
-    BIO_free(bio);
     return testresult;
 }
 
@@ -184,16 +186,11 @@ OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
 static int test_distinguishing_id(void)
 {
     X509 *x = NULL;
-    BIO *bio = NULL;
     int ret = 0;
     ASN1_OCTET_STRING *v = NULL, *v2 = NULL;
     char *distid = "this is an ID";
 
-    bio = BIO_new_file(bad_f, "r");
-    if (bio == NULL)
-        goto err;
-
-    x = PEM_read_bio_X509(bio, NULL, 0, NULL);
+    x = load_cert_from_file(bad_f);
     if (x == NULL)
         goto err;
 
@@ -217,7 +214,6 @@ static int test_distinguishing_id(void)
     ret = 1;
  err:
     X509_free(x);
-    BIO_free(bio);
     return ret;
 }
 
@@ -261,6 +257,32 @@ static int test_req_distinguishing_id(void)
     return ret;
 }
 
+static int test_self_signed(const char *filename, int expected)
+{
+    X509 *cert;
+    int ret;
+
+    cert = load_cert_from_file(filename); /* may result in NULL */
+    ret = TEST_int_eq(X509_self_signed(cert, 1), expected);
+    X509_free(cert);
+    return ret;
+}
+
+static int test_self_signed_good(void)
+{
+    return test_self_signed(root_f, 1);
+}
+
+static int test_self_signed_bad(void)
+{
+    return test_self_signed(bad_f, 0);
+}
+
+static int test_self_signed_error(void)
+{
+    return test_self_signed("nonexistent file name", -1);
+}
+
 int setup_tests(void)
 {
     if (!test_skip_common_options()) {
@@ -268,15 +290,19 @@ int setup_tests(void)
         return 0;
     }
 
-    if (!TEST_ptr(roots_f = test_get_argument(0))
-            || !TEST_ptr(untrusted_f = test_get_argument(1))
-            || !TEST_ptr(bad_f = test_get_argument(2))
-            || !TEST_ptr(req_f = test_get_argument(3)))
+    if (!TEST_ptr(root_f = test_get_argument(0))
+            || !TEST_ptr(roots_f = test_get_argument(1))
+            || !TEST_ptr(untrusted_f = test_get_argument(2))
+            || !TEST_ptr(bad_f = test_get_argument(3))
+            || !TEST_ptr(req_f = test_get_argument(4)))
         return 0;
 
     ADD_TEST(test_alt_chains_cert_forgery);
     ADD_TEST(test_store_ctx);
     ADD_TEST(test_distinguishing_id);
     ADD_TEST(test_req_distinguishing_id);
+    ADD_TEST(test_self_signed_good);
+    ADD_TEST(test_self_signed_bad);
+    ADD_TEST(test_self_signed_error);
     return 1;
 }