diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-22 14:16:56 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-04-08 15:18:58 +0200 |
commit | c1fd710297a21336ec0410fe86784c322945b805 (patch) | |
tree | a03b44f007e132f873630fab2bb36d153d92a8d2 /test | |
parent | 321ac1f2973c01f4a4a2719e4400c26ff01c3231 (diff) |
d2i_PrivateKey{,_ex}() and PEM_X509_INFO_read_bio_ex(): Fix handling of RSA/DSA/EC private key
This is needed to correct d2i_PrivateKey() after it was changed by commit 576892d78f80cf9a.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14647)
Diffstat (limited to 'test')
-rw-r--r-- | test/certs/ec_privkey_with_chain.pem | 74 | ||||
-rw-r--r-- | test/recipes/60-test_x509_check_cert_pkey.t | 45 | ||||
-rw-r--r-- | test/x509_check_cert_pkey_test.c | 42 |
3 files changed, 146 insertions, 15 deletions
diff --git a/test/certs/ec_privkey_with_chain.pem b/test/certs/ec_privkey_with_chain.pem new file mode 100644 index 0000000000..fcdf42a121 --- /dev/null +++ b/test/certs/ec_privkey_with_chain.pem @@ -0,0 +1,74 @@ +Private Key for CN=Ca-ENROLLMENT-INTERMEDIATE-3 +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIFGgYhBJYVKeQgTP0hsIv3NGTcG1+dooIFdRbEbCWrUvoAoGCCqGSM49 +AwEHoUQDQgAEYJfmnfC2iI6xjUarHNOY5TbNFD8MZVdb1PszPdbeuGs7hgiEcSWI +hRjawFslN3XiubZeMPtN5nX8vudvtnNYVA== +-----END EC PRIVATE KEY----- + +Subject: CN=Ca-ENROLLMENT-INTERMEDIATE-3 +Issuer: CN=Ca-ENROLLMENT-INTERMEDIATE-2 +Valid from Thu Sep 03 10:45:37 CEST 2020 to Sun Sep 01 10:45:37 CEST 2030 +Serial: 1599122797485 +-----BEGIN CERTIFICATE----- +MIIB3zCCAYWgAwIBAgIGAXRTJXOtMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHENh +LUVOUk9MTE1FTlQtSU5URVJNRURJQVRFLTIwHhcNMjAwOTAzMDg0NTM3WhcNMzAw +OTAxMDg0NTM3WjAnMSUwIwYDVQQDDBxDYS1FTlJPTExNRU5ULUlOVEVSTUVESUFU +RS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYJfmnfC2iI6xjUarHNOY5TbN +FD8MZVdb1PszPdbeuGs7hgiEcSWIhRjawFslN3XiubZeMPtN5nX8vudvtnNYVKOB +nDCBmTAdBgNVHQ4EFgQUpdEIxYuP40cHdbcVTKRsT5/1PEMwVAYDVR0jBE0wS4AU +TfcTbSV0o6Zwb+Rg0fvscn3R97WhK6QpMCcxJTAjBgNVBAMMHENhLUVOUk9MTE1F +TlQtSU5URVJNRURJQVRFLTGCBgF0UyVzpDASBgNVHRMBAf8ECDAGAQH/AgECMA4G +A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiEAmIyD1fuTtMTuJwSccOg2 +jR+7HX67yTx1ozZOOrAsdBACIAo14mDvZYrFUke3r69690gCbiNUEQgbhIwCLYTQ +2qbo +-----END CERTIFICATE----- + +Subject: CN=Ca-ENROLLMENT-INTERMEDIATE-2 +Issuer: CN=Ca-ENROLLMENT-INTERMEDIATE-1 +Valid from Thu Sep 03 10:45:37 CEST 2020 to Sun Sep 01 10:45:37 CEST 2030 +Serial: 1599122797476 +-----BEGIN CERTIFICATE----- +MIIB1jCCAXugAwIBAgIGAXRTJXOkMAoGCCqGSM49BAMCMCcxJTAjBgNVBAMMHENh +LUVOUk9MTE1FTlQtSU5URVJNRURJQVRFLTEwHhcNMjAwOTAzMDg0NTM3WhcNMzAw +OTAxMDg0NTM3WjAnMSUwIwYDVQQDDBxDYS1FTlJPTExNRU5ULUlOVEVSTUVESUFU +RS0yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEU4USFKQ1laHIiT1hC+ynawpl +GFrEqt51RroMKIJclV+y+V8PQIAOAIMIDvpuxmDsnLr/I1QZO5Ui8pZdX379F6OB +kjCBjzAdBgNVHQ4EFgQUTfcTbSV0o6Zwb+Rg0fvscn3R97UwSgYDVR0jBEMwQYAU +HSCEFJcZjBVN6QtcmyGcFap0KR2hIaQfMB0xGzAZBgNVBAMMEkNhLUVOUk9MTE1F +TlQtUk9PVIIGAXRTJXOfMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQD +AgGGMAoGCCqGSM49BAMCA0kAMEYCIQC8F6GxJoW9XiD8m/rEECipJntU3iVNstHk +Mdyx/wWvEAIhAIbw3IddLmt4dt1ce+sweFzrYSuGMH3LVSoIs6XhRqHx +-----END CERTIFICATE----- + +Subject: CN=Ca-ENROLLMENT-INTERMEDIATE-1 +Issuer: CN=Ca-ENROLLMENT-ROOT +Valid from Thu Sep 03 10:45:37 CEST 2020 to Sun Sep 01 10:45:37 CEST 2030 +Serial: 1599122797471 +-----BEGIN CERTIFICATE----- +MIIByjCCAXGgAwIBAgIGAXRTJXOfMAoGCCqGSM49BAMCMB0xGzAZBgNVBAMMEkNh +LUVOUk9MTE1FTlQtUk9PVDAeFw0yMDA5MDMwODQ1MzdaFw0zMDA5MDEwODQ1Mzda +MCcxJTAjBgNVBAMMHENhLUVOUk9MTE1FTlQtSU5URVJNRURJQVRFLTEwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAR9uWgfHScQFcB87LaQKvSFPhngP4hHIsFdh5cY +7ji2HYNfrkl2uWLKJfMiOFT06c1byplGzyj0ju8VWNV5Tee7o4GSMIGPMB0GA1Ud +DgQWBBQdIIQUlxmMFU3pC1ybIZwVqnQpHTBKBgNVHSMEQzBBgBScYjWnQ+g/rclT +YjwpMptoEfes3KEhpB8wHTEbMBkGA1UEAwwSQ2EtRU5ST0xMTUVOVC1ST09UggYB +dFMlc5owEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZI +zj0EAwIDRwAwRAIgRXLkNZAXLbhCyyL4614DuSm++fJ90A9JPU/uVpivz+MCIGlR +G8F6eiU7ZeKPr/JON1BxLRXBZyI+Pfidj06Zvfvx +-----END CERTIFICATE----- + +Subject: CN=Ca-ENROLLMENT-ROOT +Issuer: CN=Ca-ENROLLMENT-ROOT +Valid from Thu Sep 03 10:45:37 CEST 2020 to Sun Sep 01 10:45:37 CEST 2030 +Serial: 1599122797466 +-----BEGIN CERTIFICATE----- +MIIBczCCARmgAwIBAgIGAXRTJXOaMAoGCCqGSM49BAMCMB0xGzAZBgNVBAMMEkNh +LUVOUk9MTE1FTlQtUk9PVDAeFw0yMDA5MDMwODQ1MzdaFw0zMDA5MDEwODQ1Mzda +MB0xGzAZBgNVBAMMEkNhLUVOUk9MTE1FTlQtUk9PVDBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABJd2nkxUVJqZ0NkEloOc3I7atQvkYmHg7UAOXp/QtwusVXfgG5lZ +5qLayDuxlQNgcBDMilKBMnB2SNT+/IcQwEyjRTBDMB0GA1UdDgQWBBScYjWnQ+g/ +rclTYjwpMptoEfes3DASBgNVHRMBAf8ECDAGAQH/AgEKMA4GA1UdDwEB/wQEAwIB +hjAKBggqhkjOPQQDAgNIADBFAiEAqGN70wgX6B1KU++k2inz04EPRTRqk5KLxHaW +1jBXCbwCIGTNjmSi5J2mp+RL5UCP0ji41uPtwENC4mX4hJ+pOMIa +-----END CERTIFICATE----- + diff --git a/test/recipes/60-test_x509_check_cert_pkey.t b/test/recipes/60-test_x509_check_cert_pkey.t index b6011ef764..2c0f2e4009 100644 --- a/test/recipes/60-test_x509_check_cert_pkey.t +++ b/test/recipes/60-test_x509_check_cert_pkey.t @@ -12,35 +12,52 @@ use OpenSSL::Test::Utils; setup("test_x509_check_cert_pkey"); -plan tests => 6; +plan tests => 9; + +sub src_file { + return srctop_file("test", "certs", shift); +} + +sub test_PEM_X509_INFO_read { + my $file = shift; + my $num = shift; + ok(run(test(["x509_check_cert_pkey_test", src_file($file), $num])), + "test_PEM_X509_INFO_read $file"); +} # rsa ok(run(test(["x509_check_cert_pkey_test", - srctop_file("test", "certs", "servercert.pem"), - srctop_file("test", "certs", "serverkey.pem"), "cert", "ok"]))); + src_file("servercert.pem"), + src_file("serverkey.pem"), "cert", "ok"]))); # mismatched rsa ok(run(test(["x509_check_cert_pkey_test", - srctop_file("test", "certs", "servercert.pem"), - srctop_file("test", "certs", "wrongkey.pem"), "cert", "failed"]))); + src_file("servercert.pem"), + src_file("wrongkey.pem"), "cert", "failed"]))); SKIP: { skip "DSA disabled", 1, if disabled("dsa"); # dsa ok(run(test(["x509_check_cert_pkey_test", - srctop_file("test", "certs", "server-dsa-cert.pem"), - srctop_file("test", "certs", "server-dsa-key.pem"), "cert", "ok"]))); + src_file("server-dsa-cert.pem"), + src_file("server-dsa-key.pem"), "cert", "ok"]))); } # ecc SKIP: { - skip "EC disabled", 1 if disabled("ec"); + skip "EC disabled", 2 if disabled("ec"); ok(run(test(["x509_check_cert_pkey_test", - srctop_file("test", "certs", "server-ecdsa-cert.pem"), - srctop_file("test", "certs", "server-ecdsa-key.pem"), "cert", "ok"]))); + src_file("server-ecdsa-cert.pem"), + src_file("server-ecdsa-key.pem"), "cert", "ok"]))); + + test_PEM_X509_INFO_read("ec_privkey_with_chain.pem", "5"); + } # certificate request (rsa) ok(run(test(["x509_check_cert_pkey_test", - srctop_file("test", "certs", "x509-check.csr"), - srctop_file("test", "certs", "x509-check-key.pem"), "req", "ok"]))); + src_file("x509-check.csr"), + src_file("x509-check-key.pem"), "req", "ok"]))); # mismatched certificate request (rsa) ok(run(test(["x509_check_cert_pkey_test", - srctop_file("test", "certs", "x509-check.csr"), - srctop_file("test", "certs", "wrongkey.pem"), "req", "failed"]))); + src_file("x509-check.csr"), + src_file("wrongkey.pem"), "req", "failed"]))); + +test_PEM_X509_INFO_read("root-cert.pem", "1"); +test_PEM_X509_INFO_read("cyrillic_crl.utf8", "1"); diff --git a/test/x509_check_cert_pkey_test.c b/test/x509_check_cert_pkey_test.c index cf26ed9228..3e075e9bbe 100644 --- a/test/x509_check_cert_pkey_test.c +++ b/test/x509_check_cert_pkey_test.c @@ -106,15 +106,47 @@ failed: return ret; } +static const char *file; /* path of a cert/CRL/key file in PEM format */ +static const char *num; /* expected number of certs/CRLs/keys included */ + +static int test_PEM_X509_INFO_read_bio(void) +{ + BIO *in; + STACK_OF(X509_INFO) *sk; + X509_INFO *it; + int i, count = 0; + int expected = 0; + + if (!TEST_ptr((in = BIO_new_file(file, "r")))) + return 0; + sk = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); + BIO_free(in); + sscanf(num, "%d", &expected); + for (i = 0; i < sk_X509_INFO_num(sk); i++) { + it = sk_X509_INFO_value(sk, i); + if (it->x509 != NULL) + count++; + if (it->crl != NULL) + count++; + if (it->x_pkey != NULL) + count++; + } + sk_X509_INFO_pop_free(sk, X509_INFO_free); + return TEST_int_eq(count, expected); +} + const OPTIONS *test_get_options(void) { enum { OPT_TEST_ENUM }; static const OPTIONS test_options[] = { - OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("cert key type expected\n"), + OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("cert key type expected\n" + " or [options] file num\n"), { OPT_HELP_STR, 1, '-', "cert\tcertificate or CSR filename in PEM\n" }, { OPT_HELP_STR, 1, '-', "key\tprivate key filename in PEM\n" }, { OPT_HELP_STR, 1, '-', "type\t\tvalue must be 'cert' or 'req'\n" }, { OPT_HELP_STR, 1, '-', "expected\tthe expected return value, either 'ok' or 'failed'\n" }, + { OPT_HELP_STR, 1, '-', "file\tPEM format file containing certs, keys, and/OR CRLs\n" }, + { OPT_HELP_STR, 1, '-', "num\texpected number of credentials to be loaded from file\n" }, { NULL } }; return test_options; @@ -127,6 +159,14 @@ int setup_tests(void) return 0; } + if (test_get_argument_count() == 2) { + if (!TEST_ptr(file = test_get_argument(0)) + || !TEST_ptr(num = test_get_argument(1))) + return 0; + ADD_TEST(test_PEM_X509_INFO_read_bio); + return 1; + } + if (!TEST_ptr(c = test_get_argument(0)) || !TEST_ptr(k = test_get_argument(1)) || !TEST_ptr(t = test_get_argument(2)) |