wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor crltest.c to separate the test cases into individual functions.

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3327)
This commit is contained in:
Pauli 2017-04-27 14:08:31 +10:00 committed by Richard Levitte
parent 0918b94c9c
commit f5a140f7e9
1 changed files with 91 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

188
test/crltest.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -7,7 +7,6 @@
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "../e_os.h"
#include <string.h>
#include <openssl/bio.h>
@ -177,6 +176,12 @@ static const char *kUnknownCriticalCRL2[] = {
NULL
};
static const char **unknown_critical_crls[] = {
kUnknownCriticalCRL, kUnknownCriticalCRL2
};
static X509 *test_root = NULL;
static X509 *test_leaf = NULL;
/*
* Glue an array of strings together. Return a BIO and put the string
@ -242,29 +247,22 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
STACK_OF(X509) *roots = sk_X509_new_null();
int status = X509_V_ERR_UNSPECIFIED;
if (!TEST_ptr(ctx))
goto err;
if (!TEST_ptr(store))
goto err;
if (!TEST_ptr(param))
goto err;
if (!TEST_ptr(roots))
if (!TEST_ptr(ctx)
|| !TEST_ptr(store)
|| !TEST_ptr(param)
|| !TEST_ptr(roots))
goto err;
/* Create a stack; upref the cert because we free it below. */
X509_up_ref(root);
if (!TEST_true(sk_X509_push(roots, root)))
goto err;
if (!TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))
if (!TEST_true(sk_X509_push(roots, root))
|| !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))
goto err;
X509_STORE_CTX_set0_trusted_stack(ctx, roots);
X509_STORE_CTX_set0_crls(ctx, crls);
X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) {
TEST_info("set_time/get_time mismatch.");
if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME))
goto err;
}
X509_VERIFY_PARAM_set_depth(param, 16);
if (flags)
X509_VERIFY_PARAM_set_flags(param, flags);
@ -299,94 +297,90 @@ static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2)
return sk;
}
static int test_crl()
static int test_basic_crl(void)
{
X509 *root = X509_from_strings(kCRLTestRoot);
X509 *leaf = X509_from_strings(kCRLTestLeaf);
X509_CRL *basic_crl = CRL_from_strings(kBasicCRL);
X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL);
X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);
X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);
X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL);
X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2);
int status = 0;
int r;
if (!TEST_ptr(root))
goto err;
if (!TEST_ptr(leaf))
goto err;
if (!TEST_ptr(basic_crl))
goto err;
if (!TEST_ptr(revoked_crl))
goto err;
if (!TEST_ptr(bad_issuer_crl))
goto err;
if (!TEST_ptr(known_critical_crl))
goto err;
if (!TEST_ptr(unknown_critical_crl))
goto err;
if (!TEST_ptr(unknown_critical_crl2))
goto err;
if (verify(leaf, root, make_CRL_stack(basic_crl, NULL),
X509_V_FLAG_CRL_CHECK) != X509_V_OK) {
TEST_info("Cert with CRL didn't verify.");
goto err;
}
if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl),
X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) {
TEST_info("Revoked CRL wasn't checked.");
goto err;
}
if (verify(leaf, root, NULL,
X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {
TEST_info("CRLs were not required.");
goto err;
}
if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL),
X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {
TEST_info("Bad CRL issuer was unnoticed.");
goto err;
}
if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL),
X509_V_FLAG_CRL_CHECK) != X509_V_OK) {
TEST_info("CRL with known critical extension was rejected.");
goto err;
}
if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL),
X509_V_FLAG_CRL_CHECK) !=
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {
TEST_info("CRL with unknown critical extension was accepted.");
goto err;
}
if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL),
X509_V_FLAG_CRL_CHECK) !=
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {
TEST_info("CRL with unknown critical extension (2) was accepted.");
goto err;
}
status = 1;
err:
X509_free(root);
X509_free(leaf);
r = TEST_ptr(basic_crl)
&& TEST_ptr(revoked_crl)
&& TEST_int_eq(verify(test_leaf, test_root,
make_CRL_stack(basic_crl, NULL),
X509_V_FLAG_CRL_CHECK), X509_V_OK)
&& TEST_int_eq(verify(test_leaf, test_root,
make_CRL_stack(basic_crl, revoked_crl),
X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED);
X509_CRL_free(basic_crl);
X509_CRL_free(revoked_crl);
X509_CRL_free(bad_issuer_crl);
X509_CRL_free(known_critical_crl);
X509_CRL_free(unknown_critical_crl);
X509_CRL_free(unknown_critical_crl2);
return status;
return r;
}
void register_tests(void)
static int test_no_crl(void)
{
ADD_TEST(test_crl);
return TEST_int_eq(verify(test_leaf, test_root, NULL,
X509_V_FLAG_CRL_CHECK),
X509_V_ERR_UNABLE_TO_GET_CRL);
}
static int test_bad_issuer_crl(void)
{
X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);
int r;
r = TEST_ptr(bad_issuer_crl)
&& TEST_int_eq(verify(test_leaf, test_root,
make_CRL_stack(bad_issuer_crl, NULL),
X509_V_FLAG_CRL_CHECK),
X509_V_ERR_UNABLE_TO_GET_CRL);
X509_CRL_free(bad_issuer_crl);
return r;
}
static int test_known_critical_crl(void)
{
X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);
int r;
r = TEST_ptr(known_critical_crl)
&& TEST_int_eq(verify(test_leaf, test_root,
make_CRL_stack(known_critical_crl, NULL),
X509_V_FLAG_CRL_CHECK), X509_V_OK);
X509_CRL_free(known_critical_crl);
return r;
}
static int test_unknown_critical_crl(int n)
{
X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]);
int r;
r = TEST_ptr(unknown_critical_crl)
&& TEST_int_eq(verify(test_leaf, test_root,
make_CRL_stack(unknown_critical_crl, NULL),
X509_V_FLAG_CRL_CHECK),
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION);
X509_CRL_free(unknown_critical_crl);
return r;
}
int test_main(int argc, char *argv[])
{
int status = EXIT_FAILURE;
if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
|| !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf)))
goto err;
ADD_TEST(test_no_crl);
ADD_TEST(test_basic_crl);
ADD_TEST(test_bad_issuer_crl);
ADD_TEST(test_known_critical_crl);
ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));
status = run_tests(argv[0]);
err:
X509_free(test_root);
X509_free(test_leaf);
return status;
}