summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2020-10-08 14:38:09 +0000
committertb <>2020-10-08 14:38:09 +0000
commitd34cc4d51a5ecac75fd18530fd156259025d9041 (patch)
treead5e3a72c258463e5fe45e9d027c65c771379c6e
parent38143581c8470c54df27367a2c94b9a7c506a683 (diff)
downloadopenbsd-d34cc4d51a5ecac75fd18530fd156259025d9041.tar.gz
openbsd-d34cc4d51a5ecac75fd18530fd156259025d9041.tar.bz2
openbsd-d34cc4d51a5ecac75fd18530fd156259025d9041.zip
Read cert.pem once and reuse it instead of reading it twice per test cert
chain. It only takes a few dozens of ms to read it, but doing this 7290 times adds up to a few minutes run time. This way, the test completes in a handful of seconds. Diagnosed by jsing, ok beck
Diffstat
-rw-r--r--src/regress/lib/libcrypto/x509/bettertls/verify.c28
1 files changed, 10 insertions, 18 deletions
diff --git a/src/regress/lib/libcrypto/x509/bettertls/verify.c b/src/regress/lib/libcrypto/x509/bettertls/verify.c
index ba76cc20fd..c139c183e5 100644
--- a/src/regress/lib/libcrypto/x509/bettertls/verify.c
+++ b/src/regress/lib/libcrypto/x509/bettertls/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.6 2020/10/03 15:19:47 tb Exp $ */ 1/* $OpenBSD: verify.c,v 1.7 2020/10/08 14:38:09 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -98,14 +98,12 @@ verify_cert_cb(int ok, X509_STORE_CTX *xsc)
98} 98}
99 99
100static void 100static void
101verify_cert(const char *roots_file, const char *bundle_file, 101verify_cert(X509_STORE *store, const char *roots_file, const char *bundle_file,
102 const char *cert_file, int *ip, int *dns) 102 const char *cert_file, int *ip, int *dns)
103{ 103{
104 STACK_OF(X509) *roots = NULL, *bundle = NULL, *cert = NULL; 104 STACK_OF(X509) *roots = NULL, *bundle = NULL, *cert = NULL;
105 X509_STORE_CTX *xsc = NULL; 105 X509_STORE_CTX *xsc = NULL;
106 X509_STORE *store = NULL;
107 X509_STORE_CTX *xscip = NULL; 106 X509_STORE_CTX *xscip = NULL;
108 X509_STORE *storeip = NULL;
109 X509_VERIFY_PARAM *param, *paramip; 107 X509_VERIFY_PARAM *param, *paramip;
110 X509 *leaf = NULL; 108 X509 *leaf = NULL;
111 unsigned long flags, flagsip; 109 unsigned long flags, flagsip;
@@ -125,16 +123,11 @@ verify_cert(const char *roots_file, const char *bundle_file,
125 if ((xsc = X509_STORE_CTX_new()) == NULL) 123 if ((xsc = X509_STORE_CTX_new()) == NULL)
126 errx(1, "X509_STORE_CTX"); 124 errx(1, "X509_STORE_CTX");
127 125
128 if ((store = X509_STORE_new()) == NULL)
129 errx(1, "X509_STORE");
130
131 if (!X509_STORE_CTX_init(xsc, store, leaf, bundle)) { 126 if (!X509_STORE_CTX_init(xsc, store, leaf, bundle)) {
132 ERR_print_errors_fp(stderr); 127 ERR_print_errors_fp(stderr);
133 errx(1, "failed to init store context"); 128 errx(1, "failed to init store context");
134 } 129 }
135 130
136 X509_STORE_set_default_paths(store);
137
138 if (verbose) 131 if (verbose)
139 X509_STORE_CTX_set_verify_cb(xsc, verify_cert_cb); 132 X509_STORE_CTX_set_verify_cb(xsc, verify_cert_cb);
140 133
@@ -156,16 +149,11 @@ verify_cert(const char *roots_file, const char *bundle_file,
156 if ((xscip = X509_STORE_CTX_new()) == NULL) 149 if ((xscip = X509_STORE_CTX_new()) == NULL)
157 errx(1, "X509_STORE_CTX"); 150 errx(1, "X509_STORE_CTX");
158 151
159 if ((storeip = X509_STORE_new()) == NULL) 152 if (!X509_STORE_CTX_init(xscip, store, leaf, bundle)) {
160 errx(1, "X509_STORE");
161
162 if (!X509_STORE_CTX_init(xscip, storeip, leaf, bundle)) {
163 ERR_print_errors_fp(stderr); 153 ERR_print_errors_fp(stderr);
164 errx(1, "failed to init store context"); 154 errx(1, "failed to init store context");
165 } 155 }
166 156
167 X509_STORE_set_default_paths(storeip);
168
169 if (verbose) 157 if (verbose)
170 X509_STORE_CTX_set_verify_cb(xscip, verify_cert_cb); 158 X509_STORE_CTX_set_verify_cb(xscip, verify_cert_cb);
171 159
@@ -186,8 +174,6 @@ verify_cert(const char *roots_file, const char *bundle_file,
186 sk_X509_pop_free(roots, X509_free); 174 sk_X509_pop_free(roots, X509_free);
187 sk_X509_pop_free(bundle, X509_free); 175 sk_X509_pop_free(bundle, X509_free);
188 sk_X509_pop_free(cert, X509_free); 176 sk_X509_pop_free(cert, X509_free);
189 X509_STORE_free(store);
190 X509_STORE_free(storeip);
191 X509_STORE_CTX_free(xsc); 177 X509_STORE_CTX_free(xsc);
192 X509_STORE_CTX_free(xscip); 178 X509_STORE_CTX_free(xscip);
193 X509_free(leaf); 179 X509_free(leaf);
@@ -196,9 +182,14 @@ verify_cert(const char *roots_file, const char *bundle_file,
196static void 182static void
197bettertls_cert_test(const char *certs_path) 183bettertls_cert_test(const char *certs_path)
198{ 184{
185 X509_STORE *store;
199 char *roots_file, *bundle_file, *cert_file; 186 char *roots_file, *bundle_file, *cert_file;
200 int i; 187 int i;
201 188
189 if ((store = X509_STORE_new()) == NULL)
190 errx(1, "X509_STORE_new");
191
192 X509_STORE_set_default_paths(store);
202 193
203 if (asprintf(&roots_file, "%s/root.crt", certs_path) == -1) 194 if (asprintf(&roots_file, "%s/root.crt", certs_path) == -1)
204 errx(1, "asprintf"); 195 errx(1, "asprintf");
@@ -214,7 +205,7 @@ bettertls_cert_test(const char *certs_path)
214 break; 205 break;
215 if (stat(bundle_file, &sb) == -1) 206 if (stat(bundle_file, &sb) == -1)
216 break; 207 break;
217 verify_cert(roots_file, bundle_file, cert_file, &ip, &dns); 208 verify_cert(store, roots_file, bundle_file, cert_file, &ip, &dns);
218 /* Mmm. json. with my avocado toast */ 209 /* Mmm. json. with my avocado toast */
219 if (i > 1 && json) 210 if (i > 1 && json)
220 fprintf(stdout, ","); 211 fprintf(stdout, ",");
@@ -229,6 +220,7 @@ bettertls_cert_test(const char *certs_path)
229 free(cert_file); 220 free(cert_file);
230 } 221 }
231 free(roots_file); 222 free(roots_file);
223 X509_STORE_free(store);
232} 224}
233 225
234int 226int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 19:40:51 +0000