1 files changed, 171 insertions, 15 deletions
diff --git a/src/regress/lib/libcrypto/x509/x509_asn1.c b/src/regress/lib/libcrypto/x509/x509_asn1.c
index b6b251f104..ed50bc6177 100644
--- a/src/regress/lib/libcrypto/x509/x509_asn1.c
+++ b/src/regress/lib/libcrypto/x509/x509_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_asn1.c,v 1.8 2023/04/26 21:30:12 job Exp $ */
+/* $OpenBSD: x509_asn1.c,v 1.9 2023/04/26 22:05:36 job Exp $ */
 /*
 * Copyright (c) 2023 Job Snijders <job@openbsd.org>
 *
@@ -40,6 +40,10 @@ static const struct fnnames {
        { "X509_set_notBefore", X509_set_notBefore },
        { "X509_set_notAfter", X509_set_notAfter },
        { "X509_set_pubkey", X509_set_pubkey },
+        { "X509_CRL_set_version", X509_CRL_set_version },
+        { "X509_CRL_set_issuer_name", X509_CRL_set_issuer_name },
+        { "X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate },
+        { "X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate },
        { NULL, NULL }
 };
@@ -145,15 +149,91 @@ x509_compare(char *f, X509 *a, const unsigned char *der, long dersz)
        return rc;
 }
-int
+static void
-main(void)
+x509_crl_setup(unsigned char **der, unsigned char **der2, X509_CRL **xc,
+    long dersz, long *der2sz)
+{
+        const unsigned char *cpder;
+        cpder = *der;
+        if ((*xc = d2i_X509_CRL(NULL, &cpder, dersz)) == NULL)
+                errx(1, "d2i_X509");
+        if ((*der2sz = i2d_X509_CRL(*xc, der2)) <= 0)
+                errx(1, "i2d_X509");
+}
+static void
+x509_crl_cleanup(X509_CRL **xc, unsigned char **der)
+{
+        X509_CRL_free(*xc);
+        *xc = NULL;
+        free(*der);
+        *der = NULL;
+}
+static void
+x509_crl_set_name(int (*f)(X509_CRL *, X509_NAME *), X509_CRL **xc,
+    const unsigned char *n)
+{
+        X509_NAME *xn;
+        if ((xn = X509_NAME_new()) == NULL)
+                err(1, NULL);
+        if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, n, -1, -1, 0))
+                errx(1, "X509_NAME_add_entry_by_txt");
+        if (!f(*xc, xn))
+                lookup_and_err(f);
+        X509_NAME_free(xn);
+}
+static void
+x509_crl_set_time(int (*f)(X509_CRL *, const ASN1_TIME *), X509_CRL **xc, int t)
+{
+        ASN1_TIME *at;
+        if ((at = ASN1_TIME_new()) == NULL)
+                err(1, NULL);
+        if ((at = X509_gmtime_adj(NULL, t)) == NULL)
+                errx(1, "X509_gmtime_adj");
+        if (!f(*xc, at))
+                lookup_and_err(f);
+        ASN1_TIME_free(at);
+}
+static int
+x509_crl_compare(char *f, X509_CRL *ac, const unsigned char *der, long dersz)
+{
+        unsigned char *der_test = NULL;
+        long der_testsz;
+        int rc = 0;
+        if ((der_testsz = i2d_X509_CRL(ac, &der_test)) <= 0)
+                errx(1, "i2d_X509_CRL");
+        if (dersz == der_testsz) {
+                if (memcmp(der, der_test, dersz) == 0) {
+                        warnx("%s() didn't invalidate DER cache", f);
+                        rc = 1;
+                } else
+                        warnx("%s() OK", f);
+        } else
+                warnx("%s() OK", f);
+        free(der_test);
+        return rc;
+}
+static int
+test_x509_setters(void)
 {
        EVP_PKEY *pkey = NULL;
        EVP_PKEY_CTX *pkey_ctx = NULL;
        X509 *a, *x;
        unsigned char *der = NULL, *der2 = NULL;
        long dersz, der2sz;
-        int ret = 0;
+        int failed = 0;
        if ((x = X509_new()) == NULL)
                err(1, NULL);
@@ -185,37 +265,37 @@ main(void)
        x509_setup(&der, &der2, &a, dersz, &der2sz);
        if (!X509_set_version(a, 2))
                errx(1, "X509_set_version");
-        ret += x509_compare("X509_set_version", a, der2, der2sz);
+        failed |= x509_compare("X509_set_version", a, der2, der2sz);
        x509_cleanup(&a, &der2);
        /* test X509_set_serialNumber */
        x509_setup(&der, &der2, &a, dersz, &der2sz);
        x509_set_integer(X509_set_serialNumber, &a, 2);
-        ret += x509_compare("X509_set_serialNumber", a, der2, der2sz);
+        failed |= x509_compare("X509_set_serialNumber", a, der2, der2sz);
        x509_cleanup(&a, &der2);
        /* test X509_set_issuer_name */
        x509_setup(&der, &der2, &a, dersz, &der2sz);
        x509_set_name(X509_set_issuer_name, &a, "DE");
-        ret += x509_compare("X509_set_issuer_name", a, der2, der2sz);
+        failed |= x509_compare("X509_set_issuer_name", a, der2, der2sz);
        x509_cleanup(&a, &der2);
        /* test X509_set_subject_name */
        x509_setup(&der, &der2, &a, dersz, &der2sz);
        x509_set_name(X509_set_subject_name, &a, "FR");
-        ret += x509_compare("X509_set_subject_name", a, der2, der2sz);
+        failed |= x509_compare("X509_set_subject_name", a, der2, der2sz);
        x509_cleanup(&a, &der2);
        /* test X509_set_notBefore */
        x509_setup(&der, &der2, &a, dersz, &der2sz);
        x509_set_time(X509_set_notBefore, &a, 120);
-        ret += x509_compare("X509_set_notBefore", a, der2, der2sz);
+        failed |= x509_compare("X509_set_notBefore", a, der2, der2sz);
        x509_cleanup(&a, &der2);
        /* test X509_set_notAfter */
        x509_setup(&der, &der2, &a, dersz, &der2sz);
        x509_set_time(X509_set_notAfter, &a, 180);
-        ret += x509_compare("X509_set_notAfter", a, der2, der2sz);
+        failed |= x509_compare("X509_set_notAfter", a, der2, der2sz);
        x509_cleanup(&a, &der2);
        /* test X509_set_pubkey */
@@ -226,13 +306,89 @@ main(void)
                errx(1, "X509_set_pubkey");
        EVP_PKEY_CTX_free(pkey_ctx);
        EVP_PKEY_free(pkey);
-        ret += x509_compare("X509_set_pubkey", a, der2, der2sz);
+        pkey_ctx = NULL;
-        x509_cleanup(&a, &der2);
+        pkey = NULL;
+        failed |= x509_compare("X509_set_pubkey", a, der2, der2sz);
+        x509_cleanup(&a, &der2);
        X509_free(x);
        free(der);
-        if (ret)
+        return failed;
-                return 1;
+}
-        return 0;
+static int
+test_x509_crl_setters(void)
+{
+        EVP_PKEY *pkey = NULL;
+        EVP_PKEY_CTX *pkey_ctx = NULL;
+        X509_CRL *ac, *xc;
+        unsigned char *der = NULL, *der2 = NULL;
+        long dersz, der2sz;
+        int failed = 0;
+        if ((xc = X509_CRL_new()) == NULL)
+                err(1, NULL);
+        if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL)
+                errx(1, "EVP_PKEY_CTX_new_id");
+        if (EVP_PKEY_keygen_init(pkey_ctx) != 1)
+                errx(1, "EVP_PKEY_keygen_init");
+        if (EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, 2048) <= 0)
+                errx(1, "EVP_PKEY_CTX_set_rsa_keygen_bits");
+        if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0)
+                errx(1, "EVP_PKEY_keygen");
+        x509_crl_set_time(X509_CRL_set_lastUpdate, &xc, 0);
+        x509_crl_set_time(X509_CRL_set_nextUpdate, &xc, 60);
+        x509_crl_set_name(X509_CRL_set_issuer_name, &xc, "NL");
+        // one time creation of the original DER
+        if (!X509_CRL_sign(xc, pkey, EVP_sha256()))
+                errx(1, "X509_CRL_sign");
+        EVP_PKEY_free(pkey);
+        EVP_PKEY_CTX_free(pkey_ctx);
+        if ((dersz = i2d_X509_CRL(xc, &der)) <= 0)
+                errx(1, "i2d_X509_CRL");
+        /* test X509_CRL_set_version */
+        x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
+        if (!X509_CRL_set_version(ac, 1))
+                errx(1, "X509_CRL_set_version");
+        failed |= x509_crl_compare("X509_CRL_set_version", ac, der2, der2sz);
+        x509_crl_cleanup(&ac, &der2);
+        /* test X509_CRL_set_issuer_name */
+        x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
+        x509_crl_set_name(X509_CRL_set_issuer_name, &ac, "DE");
+        failed |= x509_crl_compare("X509_CRL_set_issuer_name", ac, der2,
+            der2sz);
+        x509_crl_cleanup(&ac, &der2);
+        /* test X509_CRL_set_lastUpdate */
+        x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
+        x509_crl_set_time(X509_CRL_set_lastUpdate, &ac, 120);
+        failed |= x509_crl_compare("X509_set_notBefore", ac, der2, der2sz);
+        x509_crl_cleanup(&ac, &der2);
+        /* test X509_CRL_set_nextUpdate */
+        x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
+        x509_crl_set_time(X509_CRL_set_nextUpdate, &ac, 180);
+        failed |= x509_crl_compare("X509_set_notAfter", ac, der2, der2sz);
+        x509_crl_cleanup(&ac, &der2);
+        X509_CRL_free(xc);
+        free(der);
+        return failed;
+}
+int main(void)
+{
+        int failed = 0;
+        failed |= test_x509_setters();
+        /* failed |= */ test_x509_crl_setters();
+        return failed;
 }

diff --git a/src/regress/lib/libcrypto/x509/x509_asn1.c b/src/regress/lib/libcrypto/x509/x509_asn1.c index b6b251f104..ed50bc6177 100644 --- a/src/regress/lib/libcrypto/x509/x509_asn1.c +++ b/src/regress/lib/libcrypto/x509/x509_asn1.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_asn1.c,v 1.8 2023/04/26 21:30:12 job Exp $ */	1	/* $OpenBSD: x509_asn1.c,v 1.9 2023/04/26 22:05:36 job Exp $ */
2	/*	2	/*
3	* Copyright (c) 2023 Job Snijders <job@openbsd.org>	3	* Copyright (c) 2023 Job Snijders <job@openbsd.org>
4	*	4	*
@@ -40,6 +40,10 @@ static const struct fnnames {
40	{ "X509_set_notBefore", X509_set_notBefore },	40	{ "X509_set_notBefore", X509_set_notBefore },
41	{ "X509_set_notAfter", X509_set_notAfter },	41	{ "X509_set_notAfter", X509_set_notAfter },
42	{ "X509_set_pubkey", X509_set_pubkey },	42	{ "X509_set_pubkey", X509_set_pubkey },
		43	{ "X509_CRL_set_version", X509_CRL_set_version },
		44	{ "X509_CRL_set_issuer_name", X509_CRL_set_issuer_name },
		45	{ "X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate },
		46	{ "X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate },
43	{ NULL, NULL }	47	{ NULL, NULL }
44	};	48	};
45		49
@@ -145,15 +149,91 @@ x509_compare(char f, X509 a, const unsigned char *der, long dersz)
145	return rc;	149	return rc;
146	}	150	}
147		151
148	int	152	static void
149	main(void)	153	x509_crl_setup(unsigned char der, unsigned char der2, X509_CRL **xc,
		154	long dersz, long *der2sz)
		155	{
		156	const unsigned char *cpder;
		157
		158	cpder = *der;
		159	if ((*xc = d2i_X509_CRL(NULL, &cpder, dersz)) == NULL)
		160	errx(1, "d2i_X509");
		161	if ((der2sz = i2d_X509_CRL(xc, der2)) <= 0)
		162	errx(1, "i2d_X509");
		163	}
		164
		165	static void
		166	x509_crl_cleanup(X509_CRL xc, unsigned char der)
		167	{
		168	X509_CRL_free(*xc);
		169	*xc = NULL;
		170	free(*der);
		171	*der = NULL;
		172	}
		173
		174	static void
		175	x509_crl_set_name(int (f)(X509_CRL , X509_NAME ), X509_CRL *xc,
		176	const unsigned char *n)
		177	{
		178	X509_NAME *xn;
		179
		180	if ((xn = X509_NAME_new()) == NULL)
		181	err(1, NULL);
		182	if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, n, -1, -1, 0))
		183	errx(1, "X509_NAME_add_entry_by_txt");
		184	if (!f(*xc, xn))
		185	lookup_and_err(f);
		186
		187	X509_NAME_free(xn);
		188	}
		189
		190	static void
		191	x509_crl_set_time(int (f)(X509_CRL , const ASN1_TIME ), X509_CRL *xc, int t)
		192	{
		193	ASN1_TIME *at;
		194
		195	if ((at = ASN1_TIME_new()) == NULL)
		196	err(1, NULL);
		197	if ((at = X509_gmtime_adj(NULL, t)) == NULL)
		198	errx(1, "X509_gmtime_adj");
		199	if (!f(*xc, at))
		200	lookup_and_err(f);
		201
		202	ASN1_TIME_free(at);
		203	}
		204
		205	static int
		206	x509_crl_compare(char f, X509_CRL ac, const unsigned char *der, long dersz)
		207	{
		208	unsigned char *der_test = NULL;
		209	long der_testsz;
		210	int rc = 0;
		211
		212	if ((der_testsz = i2d_X509_CRL(ac, &der_test)) <= 0)
		213	errx(1, "i2d_X509_CRL");
		214
		215	if (dersz == der_testsz) {
		216	if (memcmp(der, der_test, dersz) == 0) {
		217	warnx("%s() didn't invalidate DER cache", f);
		218	rc = 1;
		219	} else
		220	warnx("%s() OK", f);
		221	} else
		222	warnx("%s() OK", f);
		223
		224	free(der_test);
		225	return rc;
		226	}
		227
		228	static int
		229	test_x509_setters(void)
150	{	230	{
151	EVP_PKEY *pkey = NULL;	231	EVP_PKEY *pkey = NULL;
152	EVP_PKEY_CTX *pkey_ctx = NULL;	232	EVP_PKEY_CTX *pkey_ctx = NULL;
153	X509 a, x;	233	X509 a, x;
154	unsigned char der = NULL, der2 = NULL;	234	unsigned char der = NULL, der2 = NULL;
155	long dersz, der2sz;	235	long dersz, der2sz;
156	int ret = 0;	236	int failed = 0;
157		237
158	if ((x = X509_new()) == NULL)	238	if ((x = X509_new()) == NULL)
159	err(1, NULL);	239	err(1, NULL);
@@ -185,37 +265,37 @@ main(void)
185	x509_setup(&der, &der2, &a, dersz, &der2sz);	265	x509_setup(&der, &der2, &a, dersz, &der2sz);
186	if (!X509_set_version(a, 2))	266	if (!X509_set_version(a, 2))
187	errx(1, "X509_set_version");	267	errx(1, "X509_set_version");
188	ret += x509_compare("X509_set_version", a, der2, der2sz);	268	failed \|= x509_compare("X509_set_version", a, der2, der2sz);
189	x509_cleanup(&a, &der2);	269	x509_cleanup(&a, &der2);
190		270
191	/* test X509_set_serialNumber */	271	/* test X509_set_serialNumber */
192	x509_setup(&der, &der2, &a, dersz, &der2sz);	272	x509_setup(&der, &der2, &a, dersz, &der2sz);
193	x509_set_integer(X509_set_serialNumber, &a, 2);	273	x509_set_integer(X509_set_serialNumber, &a, 2);
194	ret += x509_compare("X509_set_serialNumber", a, der2, der2sz);	274	failed \|= x509_compare("X509_set_serialNumber", a, der2, der2sz);
195	x509_cleanup(&a, &der2);	275	x509_cleanup(&a, &der2);
196		276
197	/* test X509_set_issuer_name */	277	/* test X509_set_issuer_name */
198	x509_setup(&der, &der2, &a, dersz, &der2sz);	278	x509_setup(&der, &der2, &a, dersz, &der2sz);
199	x509_set_name(X509_set_issuer_name, &a, "DE");	279	x509_set_name(X509_set_issuer_name, &a, "DE");
200	ret += x509_compare("X509_set_issuer_name", a, der2, der2sz);	280	failed \|= x509_compare("X509_set_issuer_name", a, der2, der2sz);
201	x509_cleanup(&a, &der2);	281	x509_cleanup(&a, &der2);
202		282
203	/* test X509_set_subject_name */	283	/* test X509_set_subject_name */
204	x509_setup(&der, &der2, &a, dersz, &der2sz);	284	x509_setup(&der, &der2, &a, dersz, &der2sz);
205	x509_set_name(X509_set_subject_name, &a, "FR");	285	x509_set_name(X509_set_subject_name, &a, "FR");
206	ret += x509_compare("X509_set_subject_name", a, der2, der2sz);	286	failed \|= x509_compare("X509_set_subject_name", a, der2, der2sz);
207	x509_cleanup(&a, &der2);	287	x509_cleanup(&a, &der2);
208		288
209	/* test X509_set_notBefore */	289	/* test X509_set_notBefore */
210	x509_setup(&der, &der2, &a, dersz, &der2sz);	290	x509_setup(&der, &der2, &a, dersz, &der2sz);
211	x509_set_time(X509_set_notBefore, &a, 120);	291	x509_set_time(X509_set_notBefore, &a, 120);
212	ret += x509_compare("X509_set_notBefore", a, der2, der2sz);	292	failed \|= x509_compare("X509_set_notBefore", a, der2, der2sz);
213	x509_cleanup(&a, &der2);	293	x509_cleanup(&a, &der2);
214		294
215	/* test X509_set_notAfter */	295	/* test X509_set_notAfter */
216	x509_setup(&der, &der2, &a, dersz, &der2sz);	296	x509_setup(&der, &der2, &a, dersz, &der2sz);
217	x509_set_time(X509_set_notAfter, &a, 180);	297	x509_set_time(X509_set_notAfter, &a, 180);
218	ret += x509_compare("X509_set_notAfter", a, der2, der2sz);	298	failed \|= x509_compare("X509_set_notAfter", a, der2, der2sz);
219	x509_cleanup(&a, &der2);	299	x509_cleanup(&a, &der2);
220		300
221	/* test X509_set_pubkey */	301	/* test X509_set_pubkey */
@@ -226,13 +306,89 @@ main(void)
226	errx(1, "X509_set_pubkey");	306	errx(1, "X509_set_pubkey");
227	EVP_PKEY_CTX_free(pkey_ctx);	307	EVP_PKEY_CTX_free(pkey_ctx);
228	EVP_PKEY_free(pkey);	308	EVP_PKEY_free(pkey);
229	ret += x509_compare("X509_set_pubkey", a, der2, der2sz);	309	pkey_ctx = NULL;
230	x509_cleanup(&a, &der2);	310	pkey = NULL;
		311	failed \|= x509_compare("X509_set_pubkey", a, der2, der2sz);
231		312
		313	x509_cleanup(&a, &der2);
232	X509_free(x);	314	X509_free(x);
233	free(der);	315	free(der);
234		316
235	if (ret)	317	return failed;
236	return 1;	318	}
237	return 0;	319
		320	static int
		321	test_x509_crl_setters(void)
		322	{
		323	EVP_PKEY *pkey = NULL;
		324	EVP_PKEY_CTX *pkey_ctx = NULL;
		325	X509_CRL ac, xc;
		326	unsigned char der = NULL, der2 = NULL;
		327	long dersz, der2sz;
		328	int failed = 0;
		329
		330	if ((xc = X509_CRL_new()) == NULL)
		331	err(1, NULL);
		332
		333	if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL)
		334	errx(1, "EVP_PKEY_CTX_new_id");
		335	if (EVP_PKEY_keygen_init(pkey_ctx) != 1)
		336	errx(1, "EVP_PKEY_keygen_init");
		337	if (EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, 2048) <= 0)
		338	errx(1, "EVP_PKEY_CTX_set_rsa_keygen_bits");
		339	if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0)
		340	errx(1, "EVP_PKEY_keygen");
		341
		342	x509_crl_set_time(X509_CRL_set_lastUpdate, &xc, 0);
		343	x509_crl_set_time(X509_CRL_set_nextUpdate, &xc, 60);
		344	x509_crl_set_name(X509_CRL_set_issuer_name, &xc, "NL");
		345
		346	// one time creation of the original DER
		347	if (!X509_CRL_sign(xc, pkey, EVP_sha256()))
		348	errx(1, "X509_CRL_sign");
		349	EVP_PKEY_free(pkey);
		350	EVP_PKEY_CTX_free(pkey_ctx);
		351	if ((dersz = i2d_X509_CRL(xc, &der)) <= 0)
		352	errx(1, "i2d_X509_CRL");
		353
		354	/* test X509_CRL_set_version */
		355	x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
		356	if (!X509_CRL_set_version(ac, 1))
		357	errx(1, "X509_CRL_set_version");
		358	failed \|= x509_crl_compare("X509_CRL_set_version", ac, der2, der2sz);
		359	x509_crl_cleanup(&ac, &der2);
		360
		361	/* test X509_CRL_set_issuer_name */
		362	x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
		363	x509_crl_set_name(X509_CRL_set_issuer_name, &ac, "DE");
		364	failed \|= x509_crl_compare("X509_CRL_set_issuer_name", ac, der2,
		365	der2sz);
		366	x509_crl_cleanup(&ac, &der2);
		367
		368	/* test X509_CRL_set_lastUpdate */
		369	x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
		370	x509_crl_set_time(X509_CRL_set_lastUpdate, &ac, 120);
		371	failed \|= x509_crl_compare("X509_set_notBefore", ac, der2, der2sz);
		372	x509_crl_cleanup(&ac, &der2);
		373
		374	/* test X509_CRL_set_nextUpdate */
		375	x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
		376	x509_crl_set_time(X509_CRL_set_nextUpdate, &ac, 180);
		377	failed \|= x509_crl_compare("X509_set_notAfter", ac, der2, der2sz);
		378	x509_crl_cleanup(&ac, &der2);
		379
		380	X509_CRL_free(xc);
		381	free(der);
		382
		383	return failed;
		384	}
		385
		386	int main(void)
		387	{
		388	int failed = 0;
		389
		390	failed \|= test_x509_setters();
		391	/* failed \|= */ test_x509_crl_setters();
		392
		393	return failed;
238	}	394	}