Add X509_REQ_add_extensions and to X509_REQ_add1_attr to DER cache test

These new tests won't bubble up a non-zero error exit code because other libcrypto bits still need to land first.
author: job <> 2023-04-28 13:48:38 +0000
committer: job <> 2023-04-28 13:48:38 +0000
commit: 896fc1b57fd38cb071389334aac7ea12d6dc91df (patch)
tree: 01df5afc826fa4fd8bdc36e1dcfc27fde8468c97 /src/regress/lib
parent: 0208c36b83f57b5ea0297d0fa4ae8778edb8e772 (diff)
download: openbsd-896fc1b57fd38cb071389334aac7ea12d6dc91df.tar.gz
openbsd-896fc1b57fd38cb071389334aac7ea12d6dc91df.tar.bz2
openbsd-896fc1b57fd38cb071389334aac7ea12d6dc91df.zip
1 files changed, 139 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/x509/x509_asn1.c b/src/regress/lib/libcrypto/x509/x509_asn1.c
index ed50bc6177..4daed41f1e 100644
--- a/src/regress/lib/libcrypto/x509/x509_asn1.c
+++ b/src/regress/lib/libcrypto/x509/x509_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_asn1.c,v 1.9 2023/04/26 22:05:36 job Exp $ */
+/* $OpenBSD: x509_asn1.c,v 1.10 2023/04/28 13:48:38 job Exp $ */
 /*
 * Copyright (c) 2023 Job Snijders <job@openbsd.org>
 *
@@ -44,6 +44,8 @@ static const struct fnnames {
        { "X509_CRL_set_issuer_name", X509_CRL_set_issuer_name },
        { "X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate },
        { "X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate },
+        { "X509_REQ_add_extensions", X509_REQ_add_extensions },
+        { "X509_REQ_add1_attr", X509_REQ_add1_attr },
        { NULL, NULL }
 };
@@ -383,12 +385,148 @@ test_x509_crl_setters(void)
        return failed;
 }
+static void
+x509_req_setup(unsigned char **der, unsigned char **der2, X509_REQ **xr,
+    long dersz, long *der2sz)
+{
+        const unsigned char *cpder;
+        cpder = *der;
+        if ((*xr = d2i_X509_REQ(NULL, &cpder, dersz)) == NULL)
+                errx(1, "d2i_X509");
+        if ((*der2sz = i2d_X509_REQ(*xr, der2)) <= 0)
+                errx(1, "i2d_X509");
+}
+static int
+x509_req_compare(char *f, X509_REQ *xr, const unsigned char *der, long dersz)
+{
+        unsigned char *der_test = NULL;
+        long der_testsz;
+        int rc = 0;
+        if ((der_testsz = i2d_X509_REQ(xr, &der_test)) <= 0)
+                errx(1, "i2d_X509_REQ");
+        if (dersz == der_testsz) {
+                if (memcmp(der, der_test, dersz) == 0) {
+                        warnx("%s() didn't invalidate DER cache", f);
+                        rc = 1;
+                } else
+                        warnx("%s() OK", f);
+        } else
+                warnx("%s() OK", f);
+        free(der_test);
+        return rc;
+}
+static void
+x509_req_cleanup(X509_REQ **xr, unsigned char **der)
+{
+        X509_REQ_free(*xr);
+        *xr = NULL;
+        free(*der);
+        *der = NULL;
+}
+static int
+test_x509_req_setters(void)
+{
+        EVP_PKEY *pkey = NULL;
+        EVP_PKEY_CTX *pkey_ctx = NULL;
+        X509_REQ *ar = NULL, *xr = NULL;
+        unsigned char *der = NULL, *der2 = NULL;
+        X509_NAME *xn;
+        ASN1_OCTET_STRING *aos;
+        X509_EXTENSION *xe;
+        STACK_OF(X509_EXTENSION) *exts = NULL;
+        ASN1_OBJECT *coid;
+        X509_ATTRIBUTE *xa;
+        long dersz, der2sz;
+        int failed = 0;
+        if ((xr = X509_REQ_new()) == NULL)
+                err(1, NULL);
+        if (!X509_REQ_set_version(xr, 0))
+                errx(1, "X509_REQ_set_version");
+        if ((xn = X509_NAME_new()) == NULL)
+                err(1, NULL);
+        if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, "NL", -1, -1, 0))
+                errx(1, "X509_NAME_add_entry_by_txt");
+        if (!X509_REQ_set_subject_name(xr, xn))
+                errx(1, "X509_REQ_set_subject_name");
+        X509_NAME_free(xn);
+        xn = NULL;
+        if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL)
+                errx(1, "EVP_PKEY_CTX_new_id");
+        if (EVP_PKEY_keygen_init(pkey_ctx) != 1)
+                errx(1, "EVP_PKEY_keygen_init");
+        if (EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, 2048) <= 0)
+                errx(1, "EVP_PKEY_CTX_set_rsa_keygen_bits");
+        if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0)
+                errx(1, "EVP_PKEY_keygen");
+        if (!X509_REQ_set_pubkey(xr, pkey))
+                errx(1, "X509_REQ_set_pubkey");
+        if (!X509_REQ_sign(xr, pkey, EVP_sha256()))
+                errx(1, "X509_REQ_sign");
+        if ((dersz = i2d_X509_REQ(xr, &der)) <= 0)
+                errx(1, "i2d_X509_REQ");
+        /* test X509_REQ_add_extensions */
+        x509_req_setup(&der, &der2, &ar, dersz, &der2sz);
+        if ((aos = ASN1_OCTET_STRING_new()) == NULL)
+                err(1, NULL);
+        ASN1_OCTET_STRING_set(aos, (unsigned char *)"DNS: test.nl",
+            strlen("DNS: test.nl"));
+        if ((xe = X509_EXTENSION_new()) == NULL)
+                err(1, NULL);
+        if (!X509_EXTENSION_create_by_NID(&xe, NID_subject_alt_name, 0, aos))
+                errx(1, "X509_EXTENSION_create_by_NID");
+        if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
+                errx(1, "sk_X509_EXTENSION_new_null");
+        sk_X509_EXTENSION_push(exts, xe);
+        if (!X509_REQ_add_extensions(ar, exts))
+                errx(1, "X509_REQ_add_extensions");
+        failed |= x509_req_compare("X509_REQ_add_extensions", ar, der2, der2sz);
+        x509_req_cleanup(&ar, &der2);
+        /* test X509_REQ_add1_attr */
+        x509_req_setup(&der, &der2, &ar, dersz, &der2sz);
+        if ((coid = OBJ_nid2obj(NID_pkcs7_data)) == NULL)
+                errx(1, "OBJ_nid2obj");
+        if ((xa = X509_ATTRIBUTE_create(NID_pkcs9_contentType, V_ASN1_OBJECT,
+            coid)) == NULL)
+                errx(1, "X509_ATTRIBUTE_create");
+        if (!X509_REQ_add1_attr(ar, xa))
+                errx(1, "X509_REQ_add1_attr");
+        failed |= x509_req_compare("X509_REQ_add1_attr", ar, der2, der2sz);
+        x509_req_cleanup(&ar, &der2);
+        ASN1_OCTET_STRING_free(aos);
+        X509_EXTENSION_free(xe);
+        X509_ATTRIBUTE_free(xa);
+        EVP_PKEY_free(pkey);
+        EVP_PKEY_CTX_free(pkey_ctx);
+        X509_REQ_free(ar);
+        X509_REQ_free(xr);
+        free(der);
+        free(der2);
+        return failed;
+}
 int main(void)
 {
        int failed = 0;
        failed |= test_x509_setters();
        /* failed |= */ test_x509_crl_setters();
+        /* failed |= */ test_x509_req_setters();
        return failed;
 }
author	job <>	2023-04-28 13:48:38 +0000
committer	job <>	2023-04-28 13:48:38 +0000
commit	896fc1b57fd38cb071389334aac7ea12d6dc91df (patch)
tree	01df5afc826fa4fd8bdc36e1dcfc27fde8468c97 /src/regress/lib
parent	0208c36b83f57b5ea0297d0fa4ae8778edb8e772 (diff)
download	openbsd-896fc1b57fd38cb071389334aac7ea12d6dc91df.tar.gz openbsd-896fc1b57fd38cb071389334aac7ea12d6dc91df.tar.bz2 openbsd-896fc1b57fd38cb071389334aac7ea12d6dc91df.zip

diff --git a/src/regress/lib/libcrypto/x509/x509_asn1.c b/src/regress/lib/libcrypto/x509/x509_asn1.c index ed50bc6177..4daed41f1e 100644 --- a/src/regress/lib/libcrypto/x509/x509_asn1.c +++ b/src/regress/lib/libcrypto/x509/x509_asn1.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_asn1.c,v 1.9 2023/04/26 22:05:36 job Exp $ */	1	/* $OpenBSD: x509_asn1.c,v 1.10 2023/04/28 13:48:38 job Exp $ */
2	/*	2	/*
3	* Copyright (c) 2023 Job Snijders <job@openbsd.org>	3	* Copyright (c) 2023 Job Snijders <job@openbsd.org>
4	*	4	*
@@ -44,6 +44,8 @@ static const struct fnnames {
44	{ "X509_CRL_set_issuer_name", X509_CRL_set_issuer_name },	44	{ "X509_CRL_set_issuer_name", X509_CRL_set_issuer_name },
45	{ "X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate },	45	{ "X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate },
46	{ "X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate },	46	{ "X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate },
		47	{ "X509_REQ_add_extensions", X509_REQ_add_extensions },
		48	{ "X509_REQ_add1_attr", X509_REQ_add1_attr },
47	{ NULL, NULL }	49	{ NULL, NULL }
48	};	50	};
49		51
@@ -383,12 +385,148 @@ test_x509_crl_setters(void)
383	return failed;	385	return failed;
384	}	386	}
385		387
		388	static void
		389	x509_req_setup(unsigned char der, unsigned char der2, X509_REQ **xr,
		390	long dersz, long *der2sz)
		391	{
		392	const unsigned char *cpder;
		393
		394	cpder = *der;
		395	if ((*xr = d2i_X509_REQ(NULL, &cpder, dersz)) == NULL)
		396	errx(1, "d2i_X509");
		397	if ((der2sz = i2d_X509_REQ(xr, der2)) <= 0)
		398	errx(1, "i2d_X509");
		399	}
		400
		401	static int
		402	x509_req_compare(char f, X509_REQ xr, const unsigned char *der, long dersz)
		403	{
		404	unsigned char *der_test = NULL;
		405	long der_testsz;
		406	int rc = 0;
		407
		408	if ((der_testsz = i2d_X509_REQ(xr, &der_test)) <= 0)
		409	errx(1, "i2d_X509_REQ");
		410
		411	if (dersz == der_testsz) {
		412	if (memcmp(der, der_test, dersz) == 0) {
		413	warnx("%s() didn't invalidate DER cache", f);
		414	rc = 1;
		415	} else
		416	warnx("%s() OK", f);
		417	} else
		418	warnx("%s() OK", f);
		419
		420	free(der_test);
		421	return rc;
		422	}
		423
		424	static void
		425	x509_req_cleanup(X509_REQ xr, unsigned char der)
		426	{
		427	X509_REQ_free(*xr);
		428	*xr = NULL;
		429	free(*der);
		430	*der = NULL;
		431	}
		432
		433	static int
		434	test_x509_req_setters(void)
		435	{
		436	EVP_PKEY *pkey = NULL;
		437	EVP_PKEY_CTX *pkey_ctx = NULL;
		438	X509_REQ ar = NULL, xr = NULL;
		439	unsigned char der = NULL, der2 = NULL;
		440	X509_NAME *xn;
		441	ASN1_OCTET_STRING *aos;
		442	X509_EXTENSION *xe;
		443	STACK_OF(X509_EXTENSION) *exts = NULL;
		444	ASN1_OBJECT *coid;
		445	X509_ATTRIBUTE *xa;
		446	long dersz, der2sz;
		447	int failed = 0;
		448
		449	if ((xr = X509_REQ_new()) == NULL)
		450	err(1, NULL);
		451
		452	if (!X509_REQ_set_version(xr, 0))
		453	errx(1, "X509_REQ_set_version");
		454
		455	if ((xn = X509_NAME_new()) == NULL)
		456	err(1, NULL);
		457	if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, "NL", -1, -1, 0))
		458	errx(1, "X509_NAME_add_entry_by_txt");
		459	if (!X509_REQ_set_subject_name(xr, xn))
		460	errx(1, "X509_REQ_set_subject_name");
		461	X509_NAME_free(xn);
		462	xn = NULL;
		463
		464	if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL)
		465	errx(1, "EVP_PKEY_CTX_new_id");
		466	if (EVP_PKEY_keygen_init(pkey_ctx) != 1)
		467	errx(1, "EVP_PKEY_keygen_init");
		468	if (EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, 2048) <= 0)
		469	errx(1, "EVP_PKEY_CTX_set_rsa_keygen_bits");
		470	if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0)
		471	errx(1, "EVP_PKEY_keygen");
		472	if (!X509_REQ_set_pubkey(xr, pkey))
		473	errx(1, "X509_REQ_set_pubkey");
		474
		475	if (!X509_REQ_sign(xr, pkey, EVP_sha256()))
		476	errx(1, "X509_REQ_sign");
		477	if ((dersz = i2d_X509_REQ(xr, &der)) <= 0)
		478	errx(1, "i2d_X509_REQ");
		479
		480	/* test X509_REQ_add_extensions */
		481	x509_req_setup(&der, &der2, &ar, dersz, &der2sz);
		482	if ((aos = ASN1_OCTET_STRING_new()) == NULL)
		483	err(1, NULL);
		484	ASN1_OCTET_STRING_set(aos, (unsigned char *)"DNS: test.nl",
		485	strlen("DNS: test.nl"));
		486	if ((xe = X509_EXTENSION_new()) == NULL)
		487	err(1, NULL);
		488	if (!X509_EXTENSION_create_by_NID(&xe, NID_subject_alt_name, 0, aos))
		489	errx(1, "X509_EXTENSION_create_by_NID");
		490	if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
		491	errx(1, "sk_X509_EXTENSION_new_null");
		492	sk_X509_EXTENSION_push(exts, xe);
		493	if (!X509_REQ_add_extensions(ar, exts))
		494	errx(1, "X509_REQ_add_extensions");
		495	failed \|= x509_req_compare("X509_REQ_add_extensions", ar, der2, der2sz);
		496	x509_req_cleanup(&ar, &der2);
		497
		498	/* test X509_REQ_add1_attr */
		499	x509_req_setup(&der, &der2, &ar, dersz, &der2sz);
		500	if ((coid = OBJ_nid2obj(NID_pkcs7_data)) == NULL)
		501	errx(1, "OBJ_nid2obj");
		502	if ((xa = X509_ATTRIBUTE_create(NID_pkcs9_contentType, V_ASN1_OBJECT,
		503	coid)) == NULL)
		504	errx(1, "X509_ATTRIBUTE_create");
		505	if (!X509_REQ_add1_attr(ar, xa))
		506	errx(1, "X509_REQ_add1_attr");
		507	failed \|= x509_req_compare("X509_REQ_add1_attr", ar, der2, der2sz);
		508	x509_req_cleanup(&ar, &der2);
		509
		510	ASN1_OCTET_STRING_free(aos);
		511	X509_EXTENSION_free(xe);
		512	X509_ATTRIBUTE_free(xa);
		513	EVP_PKEY_free(pkey);
		514	EVP_PKEY_CTX_free(pkey_ctx);
		515	X509_REQ_free(ar);
		516	X509_REQ_free(xr);
		517	free(der);
		518	free(der2);
		519
		520	return failed;
		521	}
		522
386	int main(void)	523	int main(void)
387	{	524	{
388	int failed = 0;	525	int failed = 0;
389		526
390	failed \|= test_x509_setters();	527	failed \|= test_x509_setters();
391	/* failed \|= */ test_x509_crl_setters();	528	/* failed \|= */ test_x509_crl_setters();
		529	/* failed \|= */ test_x509_req_setters();
392		530
393	return failed;	531	return failed;
394	}	532	}