1*4724848cSchristos /*
2*4724848cSchristos * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3*4724848cSchristos *
4*4724848cSchristos * Licensed under the OpenSSL licenses, (the "License");
5*4724848cSchristos * you may not use this file except in compliance with the License.
6*4724848cSchristos * You may obtain a copy of the License at
7*4724848cSchristos * https://www.openssl.org/source/license.html
8*4724848cSchristos * or in the file LICENSE in the source distribution.
9*4724848cSchristos */
10*4724848cSchristos
11*4724848cSchristos #include <stdio.h>
12*4724848cSchristos #include <string.h>
13*4724848cSchristos #include <errno.h>
14*4724848cSchristos
15*4724848cSchristos #include <openssl/x509.h>
16*4724848cSchristos #include <openssl/pem.h>
17*4724848cSchristos #include <openssl/conf.h>
18*4724848cSchristos #include <openssl/err.h>
19*4724848cSchristos #include "internal/nelem.h"
20*4724848cSchristos #include "testutil.h"
21*4724848cSchristos
test_certs(int num)22*4724848cSchristos static int test_certs(int num)
23*4724848cSchristos {
24*4724848cSchristos int c;
25*4724848cSchristos char *name = 0;
26*4724848cSchristos char *header = 0;
27*4724848cSchristos unsigned char *data = 0;
28*4724848cSchristos long len;
29*4724848cSchristos typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
30*4724848cSchristos typedef int (*i2d_X509_t)(X509 *, unsigned char **);
31*4724848cSchristos int err = 0;
32*4724848cSchristos BIO *fp = BIO_new_file(test_get_argument(num), "r");
33*4724848cSchristos
34*4724848cSchristos if (!TEST_ptr(fp))
35*4724848cSchristos return 0;
36*4724848cSchristos
37*4724848cSchristos for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) {
38*4724848cSchristos const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0);
39*4724848cSchristos d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
40*4724848cSchristos i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
41*4724848cSchristos X509 *cert = NULL;
42*4724848cSchristos X509 *reuse = NULL;
43*4724848cSchristos const unsigned char *p = data;
44*4724848cSchristos unsigned char *buf = NULL;
45*4724848cSchristos unsigned char *bufp;
46*4724848cSchristos long enclen;
47*4724848cSchristos
48*4724848cSchristos if (!trusted
49*4724848cSchristos && strcmp(name, PEM_STRING_X509) != 0
50*4724848cSchristos && strcmp(name, PEM_STRING_X509_OLD) != 0) {
51*4724848cSchristos TEST_error("unexpected PEM object: %s", name);
52*4724848cSchristos err = 1;
53*4724848cSchristos goto next;
54*4724848cSchristos }
55*4724848cSchristos cert = d2i(NULL, &p, len);
56*4724848cSchristos
57*4724848cSchristos if (cert == NULL || (p - data) != len) {
58*4724848cSchristos TEST_error("error parsing input %s", name);
59*4724848cSchristos err = 1;
60*4724848cSchristos goto next;
61*4724848cSchristos }
62*4724848cSchristos
63*4724848cSchristos /* Test traditional 2-pass encoding into caller allocated buffer */
64*4724848cSchristos enclen = i2d(cert, NULL);
65*4724848cSchristos if (len != enclen) {
66*4724848cSchristos TEST_error("encoded length %ld of %s != input length %ld",
67*4724848cSchristos enclen, name, len);
68*4724848cSchristos err = 1;
69*4724848cSchristos goto next;
70*4724848cSchristos }
71*4724848cSchristos if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
72*4724848cSchristos TEST_perror("malloc");
73*4724848cSchristos err = 1;
74*4724848cSchristos goto next;
75*4724848cSchristos }
76*4724848cSchristos enclen = i2d(cert, &bufp);
77*4724848cSchristos if (len != enclen) {
78*4724848cSchristos TEST_error("encoded length %ld of %s != input length %ld",
79*4724848cSchristos enclen, name, len);
80*4724848cSchristos err = 1;
81*4724848cSchristos goto next;
82*4724848cSchristos }
83*4724848cSchristos enclen = (long) (bufp - buf);
84*4724848cSchristos if (enclen != len) {
85*4724848cSchristos TEST_error("unexpected buffer position after encoding %s", name);
86*4724848cSchristos err = 1;
87*4724848cSchristos goto next;
88*4724848cSchristos }
89*4724848cSchristos if (memcmp(buf, data, len) != 0) {
90*4724848cSchristos TEST_error("encoded content of %s does not match input", name);
91*4724848cSchristos err = 1;
92*4724848cSchristos goto next;
93*4724848cSchristos }
94*4724848cSchristos p = buf;
95*4724848cSchristos reuse = d2i(NULL, &p, enclen);
96*4724848cSchristos if (reuse == NULL) {
97*4724848cSchristos TEST_error("second d2i call failed for %s", name);
98*4724848cSchristos err = 1;
99*4724848cSchristos goto next;
100*4724848cSchristos }
101*4724848cSchristos err = X509_cmp(reuse, cert);
102*4724848cSchristos if (err != 0) {
103*4724848cSchristos TEST_error("X509_cmp for %s resulted in %d", name, err);
104*4724848cSchristos err = 1;
105*4724848cSchristos goto next;
106*4724848cSchristos }
107*4724848cSchristos OPENSSL_free(buf);
108*4724848cSchristos buf = NULL;
109*4724848cSchristos
110*4724848cSchristos /* Test 1-pass encoding into library allocated buffer */
111*4724848cSchristos enclen = i2d(cert, &buf);
112*4724848cSchristos if (len != enclen) {
113*4724848cSchristos TEST_error("encoded length %ld of %s != input length %ld",
114*4724848cSchristos enclen, name, len);
115*4724848cSchristos err = 1;
116*4724848cSchristos goto next;
117*4724848cSchristos }
118*4724848cSchristos if (memcmp(buf, data, len) != 0) {
119*4724848cSchristos TEST_error("encoded content of %s does not match input", name);
120*4724848cSchristos err = 1;
121*4724848cSchristos goto next;
122*4724848cSchristos }
123*4724848cSchristos
124*4724848cSchristos if (trusted) {
125*4724848cSchristos /* Encode just the cert and compare with initial encoding */
126*4724848cSchristos OPENSSL_free(buf);
127*4724848cSchristos buf = NULL;
128*4724848cSchristos
129*4724848cSchristos /* Test 1-pass encoding into library allocated buffer */
130*4724848cSchristos enclen = i2d(cert, &buf);
131*4724848cSchristos if (enclen > len) {
132*4724848cSchristos TEST_error("encoded length %ld of %s > input length %ld",
133*4724848cSchristos enclen, name, len);
134*4724848cSchristos err = 1;
135*4724848cSchristos goto next;
136*4724848cSchristos }
137*4724848cSchristos if (memcmp(buf, data, enclen) != 0) {
138*4724848cSchristos TEST_error("encoded cert content does not match input");
139*4724848cSchristos err = 1;
140*4724848cSchristos goto next;
141*4724848cSchristos }
142*4724848cSchristos }
143*4724848cSchristos
144*4724848cSchristos /*
145*4724848cSchristos * If any of these were null, PEM_read() would have failed.
146*4724848cSchristos */
147*4724848cSchristos next:
148*4724848cSchristos X509_free(cert);
149*4724848cSchristos X509_free(reuse);
150*4724848cSchristos OPENSSL_free(buf);
151*4724848cSchristos OPENSSL_free(name);
152*4724848cSchristos OPENSSL_free(header);
153*4724848cSchristos OPENSSL_free(data);
154*4724848cSchristos }
155*4724848cSchristos BIO_free(fp);
156*4724848cSchristos
157*4724848cSchristos if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
158*4724848cSchristos /* Reached end of PEM file */
159*4724848cSchristos if (c > 0) {
160*4724848cSchristos ERR_clear_error();
161*4724848cSchristos return 1;
162*4724848cSchristos }
163*4724848cSchristos }
164*4724848cSchristos
165*4724848cSchristos /* Some other PEM read error */
166*4724848cSchristos return 0;
167*4724848cSchristos }
168*4724848cSchristos
setup_tests(void)169*4724848cSchristos int setup_tests(void)
170*4724848cSchristos {
171*4724848cSchristos size_t n = test_get_argument_count();
172*4724848cSchristos
173*4724848cSchristos if (n == 0) {
174*4724848cSchristos TEST_error("usage: %s certfile...", test_get_program_name());
175*4724848cSchristos return 0;
176*4724848cSchristos }
177*4724848cSchristos
178*4724848cSchristos ADD_ALL_TESTS(test_certs, (int)n);
179*4724848cSchristos return 1;
180*4724848cSchristos }
181