1c7da899bSchristos /*
2f7bc30e0Schristos * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3c7da899bSchristos *
4*b0d17251Schristos * Licensed under the Apache License 2.0 (the "License");
5c7da899bSchristos * you may not use this file except in compliance with the License.
6c7da899bSchristos * You may obtain a copy of the License at
7c7da899bSchristos * https://www.openssl.org/source/license.html
8c7da899bSchristos * or in the file LICENSE in the source distribution.
9c7da899bSchristos */
10c7da899bSchristos
11c7da899bSchristos #include <stdio.h>
12c7da899bSchristos #include <string.h>
13c7da899bSchristos #include <errno.h>
14c7da899bSchristos
15c7da899bSchristos #include <openssl/x509.h>
16c7da899bSchristos #include <openssl/pem.h>
17c7da899bSchristos #include <openssl/conf.h>
18c7da899bSchristos #include <openssl/err.h>
1913d40330Schristos #include "internal/nelem.h"
2013d40330Schristos #include "testutil.h"
21c7da899bSchristos
test_certs(int num)2213d40330Schristos static int test_certs(int num)
23c7da899bSchristos {
2413d40330Schristos int c;
25c7da899bSchristos char *name = 0;
26c7da899bSchristos char *header = 0;
27c7da899bSchristos unsigned char *data = 0;
28c7da899bSchristos long len;
29c7da899bSchristos typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
30*b0d17251Schristos typedef int (*i2d_X509_t)(const X509 *, unsigned char **);
31c7da899bSchristos int err = 0;
3213d40330Schristos BIO *fp = BIO_new_file(test_get_argument(num), "r");
33c7da899bSchristos
3413d40330Schristos if (!TEST_ptr(fp))
3513d40330Schristos return 0;
3613d40330Schristos
3713d40330Schristos for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) {
3813d40330Schristos const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0);
39c7da899bSchristos d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
40c7da899bSchristos i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
41c7da899bSchristos X509 *cert = NULL;
42f7bc30e0Schristos X509 *reuse = NULL;
43c7da899bSchristos const unsigned char *p = data;
44c7da899bSchristos unsigned char *buf = NULL;
45c7da899bSchristos unsigned char *bufp;
46c7da899bSchristos long enclen;
47c7da899bSchristos
48c7da899bSchristos if (!trusted
49c7da899bSchristos && strcmp(name, PEM_STRING_X509) != 0
50c7da899bSchristos && strcmp(name, PEM_STRING_X509_OLD) != 0) {
5113d40330Schristos TEST_error("unexpected PEM object: %s", name);
52c7da899bSchristos err = 1;
53c7da899bSchristos goto next;
54c7da899bSchristos }
55c7da899bSchristos cert = d2i(NULL, &p, len);
56c7da899bSchristos
57c7da899bSchristos if (cert == NULL || (p - data) != len) {
5813d40330Schristos TEST_error("error parsing input %s", name);
59c7da899bSchristos err = 1;
60c7da899bSchristos goto next;
61c7da899bSchristos }
62c7da899bSchristos
63c7da899bSchristos /* Test traditional 2-pass encoding into caller allocated buffer */
64c7da899bSchristos enclen = i2d(cert, NULL);
65c7da899bSchristos if (len != enclen) {
6613d40330Schristos TEST_error("encoded length %ld of %s != input length %ld",
67c7da899bSchristos enclen, name, len);
68c7da899bSchristos err = 1;
69c7da899bSchristos goto next;
70c7da899bSchristos }
71c7da899bSchristos if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
7213d40330Schristos TEST_perror("malloc");
73c7da899bSchristos err = 1;
74c7da899bSchristos goto next;
75c7da899bSchristos }
76c7da899bSchristos enclen = i2d(cert, &bufp);
77c7da899bSchristos if (len != enclen) {
7813d40330Schristos TEST_error("encoded length %ld of %s != input length %ld",
79c7da899bSchristos enclen, name, len);
80c7da899bSchristos err = 1;
81c7da899bSchristos goto next;
82c7da899bSchristos }
83c7da899bSchristos enclen = (long) (bufp - buf);
84c7da899bSchristos if (enclen != len) {
8513d40330Schristos TEST_error("unexpected buffer position after encoding %s", name);
86c7da899bSchristos err = 1;
87c7da899bSchristos goto next;
88c7da899bSchristos }
89c7da899bSchristos if (memcmp(buf, data, len) != 0) {
9013d40330Schristos TEST_error("encoded content of %s does not match input", name);
91c7da899bSchristos err = 1;
92c7da899bSchristos goto next;
93c7da899bSchristos }
94b88c74d5Schristos p = buf;
95f7bc30e0Schristos reuse = d2i(NULL, &p, enclen);
96f7bc30e0Schristos if (reuse == NULL) {
97f7bc30e0Schristos TEST_error("second d2i call failed for %s", name);
98f7bc30e0Schristos err = 1;
99f7bc30e0Schristos goto next;
100f7bc30e0Schristos }
101f7bc30e0Schristos err = X509_cmp(reuse, cert);
102f7bc30e0Schristos if (err != 0) {
103f7bc30e0Schristos TEST_error("X509_cmp for %s resulted in %d", name, err);
104b88c74d5Schristos err = 1;
105b88c74d5Schristos goto next;
106b88c74d5Schristos }
107c7da899bSchristos OPENSSL_free(buf);
108c7da899bSchristos buf = NULL;
109c7da899bSchristos
110c7da899bSchristos /* Test 1-pass encoding into library allocated buffer */
111c7da899bSchristos enclen = i2d(cert, &buf);
112c7da899bSchristos if (len != enclen) {
11313d40330Schristos TEST_error("encoded length %ld of %s != input length %ld",
114c7da899bSchristos enclen, name, len);
115c7da899bSchristos err = 1;
116c7da899bSchristos goto next;
117c7da899bSchristos }
118c7da899bSchristos if (memcmp(buf, data, len) != 0) {
11913d40330Schristos TEST_error("encoded content of %s does not match input", name);
120c7da899bSchristos err = 1;
121c7da899bSchristos goto next;
122c7da899bSchristos }
123c7da899bSchristos
124c7da899bSchristos if (trusted) {
125c7da899bSchristos /* Encode just the cert and compare with initial encoding */
126c7da899bSchristos OPENSSL_free(buf);
127c7da899bSchristos buf = NULL;
128c7da899bSchristos
129c7da899bSchristos /* Test 1-pass encoding into library allocated buffer */
130c7da899bSchristos enclen = i2d(cert, &buf);
131c7da899bSchristos if (enclen > len) {
13213d40330Schristos TEST_error("encoded length %ld of %s > input length %ld",
133c7da899bSchristos enclen, name, len);
134c7da899bSchristos err = 1;
135c7da899bSchristos goto next;
136c7da899bSchristos }
137c7da899bSchristos if (memcmp(buf, data, enclen) != 0) {
13813d40330Schristos TEST_error("encoded cert content does not match input");
139c7da899bSchristos err = 1;
140c7da899bSchristos goto next;
141c7da899bSchristos }
142c7da899bSchristos }
143c7da899bSchristos
144c7da899bSchristos /*
145c7da899bSchristos * If any of these were null, PEM_read() would have failed.
146c7da899bSchristos */
147c7da899bSchristos next:
148c7da899bSchristos X509_free(cert);
149f7bc30e0Schristos X509_free(reuse);
150c7da899bSchristos OPENSSL_free(buf);
151c7da899bSchristos OPENSSL_free(name);
152c7da899bSchristos OPENSSL_free(header);
153c7da899bSchristos OPENSSL_free(data);
154c7da899bSchristos }
15513d40330Schristos BIO_free(fp);
156c7da899bSchristos
157c7da899bSchristos if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
158c7da899bSchristos /* Reached end of PEM file */
15913d40330Schristos if (c > 0) {
160c7da899bSchristos ERR_clear_error();
161c7da899bSchristos return 1;
162c7da899bSchristos }
163c7da899bSchristos }
164c7da899bSchristos
165c7da899bSchristos /* Some other PEM read error */
166c7da899bSchristos return 0;
167c7da899bSchristos }
168c7da899bSchristos
169*b0d17251Schristos OPT_TEST_DECLARE_USAGE("certfile...\n")
170*b0d17251Schristos
setup_tests(void)17113d40330Schristos int setup_tests(void)
172c7da899bSchristos {
173*b0d17251Schristos size_t n;
174c7da899bSchristos
175*b0d17251Schristos if (!test_skip_common_options()) {
176*b0d17251Schristos TEST_error("Error parsing test options\n");
17713d40330Schristos return 0;
178c7da899bSchristos }
179c7da899bSchristos
180*b0d17251Schristos n = test_get_argument_count();
181*b0d17251Schristos if (n == 0)
182*b0d17251Schristos return 0;
183*b0d17251Schristos
18413d40330Schristos ADD_ALL_TESTS(test_certs, (int)n);
18513d40330Schristos return 1;
186c7da899bSchristos }
187