From de844b83c11dcdd32e0d6d1bc81777bc60620c70 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Tue, 29 Sep 2015 04:54:23 +0000
Subject: Add an rfc5280 test suite to test x509_cmp_time. Note some of these
 will yet fail with the current libcrypto as the current X509_cmp_time is not
 RFC5280 compliant ok jsing@

---
 src/regress/lib/libcrypto/asn1/Makefile      |   4 +-
 src/regress/lib/libcrypto/asn1/rfc5280time.c | 360 +++++++++++++++++++++++++++
 2 files changed, 362 insertions(+), 2 deletions(-)
 create mode 100644 src/regress/lib/libcrypto/asn1/rfc5280time.c

diff --git a/src/regress/lib/libcrypto/asn1/Makefile b/src/regress/lib/libcrypto/asn1/Makefile
index f7a2df5459..d4da1bf7a9 100644
--- a/src/regress/lib/libcrypto/asn1/Makefile
+++ b/src/regress/lib/libcrypto/asn1/Makefile
@@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile,v 1.1 2015/09/25 16:12:30 jsing Exp $
+#	$OpenBSD: Makefile,v 1.2 2015/09/29 04:54:23 beck Exp $
 
 TESTS = \
-	asn1time
+	asn1time rfc5280time
 
 REGRESS_TARGETS= all_tests
 
diff --git a/src/regress/lib/libcrypto/asn1/rfc5280time.c b/src/regress/lib/libcrypto/asn1/rfc5280time.c
new file mode 100644
index 0000000000..b74c5668d7
--- /dev/null
+++ b/src/regress/lib/libcrypto/asn1/rfc5280time.c
@@ -0,0 +1,360 @@
+/* $OpenBSD: rfc5280time.c,v 1.1 2015/09/29 04:54:23 beck Exp $ */
+/*
+ * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2015 Bob Beck <beck@opebsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+#include <err.h>
+#include <stdio.h>
+#include <string.h>
+
+struct rfc5280_time_test {
+	const char *str;
+	const char *data;
+	time_t time;
+};
+
+struct rfc5280_time_test rfc5280_invtime_tests[] = {
+	{
+		.str = "",
+	},
+	{
+		.str = "2015",
+	},
+	{
+		.str = "201509",
+	},
+	{
+		.str = "20150923",
+	},
+	{
+		.str = "20150923032700",
+	},
+	{
+		/* UTC time must have seconds */
+		.str = "7001010000Z",
+	},
+	{
+		.str = "201509230327Z",
+	},
+	{
+		.str = "20150923032700.Z",
+	},
+	{
+		.str = "20150923032700.123",
+	},
+	{
+		.str = "20150923032700+1100Z",
+	},
+	{
+		.str = "20150923032700-11001",
+	},
+	{
+		/* UTC time cannot have fractional seconds. */
+		.str = "150923032700.123Z",
+	},
+	{
+		/* Gen time cannot have +- TZ. */
+		.str = "20150923032712+1115",
+	},
+	{
+		/* Gen time cannot have fractional seconds */
+		.str = "20150923032712.123Z",
+	},
+	{
+		.str = "aaaaaaaaaaaaaaZ",
+	},
+};
+
+struct rfc5280_time_test rfc5280_gentime_tests[] = {
+	{
+		.str = "19700101000000Z",
+		.data = "19700101000000Z",
+		.time = 0,
+	},
+	{
+		.str = "20150923032700Z",
+		.data = "20150923032700Z",
+		.time = 1442978820,
+	},
+	{
+		.str = "20150922162712Z",
+		.data = "20150922162712Z",
+		.time = 1442939232,
+	},
+	{
+		.str = "20150922161212Z",
+		.data = "20150922161212Z",
+		.time = 1442938332,
+	},
+	{
+		.str = "20150923032700Z",
+		.data = "20150923032700Z",
+		.time = 1442978820,
+	},
+	{
+		/* Biggest RFC 5280 time */
+		.str = "99991231235959Z",
+		.data = "99991231235959Z",
+		.time = 253402300799,
+	},
+	{
+		/* Smallest RFC 5280 time */
+		.str = "00000101000000Z",
+		.data = "00000101000000Z",
+		.time = -62167219200,
+	},
+};
+
+struct rfc5280_time_test rfc5280_utctime_tests[] = {
+	{
+		.str = "700101000000Z",
+		.data = "700101000000Z",
+		.time = 0,
+	},
+	{
+		.str = "150923032700Z",
+		.data = "150923032700Z",
+		.time = 1442978820,
+	},
+	{
+		.str = "150923102700Z",
+		.data = "150923102700Z",
+		.time = 1443004020,
+	},
+	{
+		.str = "150922162712Z",
+		.data = "150922162712Z",
+		.time = 1442939232,
+	},
+	{
+		.str = "140524144512Z",
+		.data = "140524144512Z",
+		.time = 1400942712,
+	},
+	{
+		.str = "240401144512Z",
+		.data = "240401144512Z",
+		.time = 1711982712,
+	},
+};
+
+#define N_INVTIME_TESTS \
+    (sizeof(rfc5280_invtime_tests) / sizeof(*rfc5280_invtime_tests))
+#define N_GENTIME_TESTS \
+    (sizeof(rfc5280_gentime_tests) / sizeof(*rfc5280_gentime_tests))
+#define N_UTCTIME_TESTS \
+    (sizeof(rfc5280_utctime_tests) / sizeof(*rfc5280_utctime_tests))
+
+static int
+asn1_compare_str(int test_no, struct asn1_string_st *asn1str, const char *str)
+{
+	int length = strlen(str);
+
+	if (asn1str->length != length) {
+		fprintf(stderr, "FAIL: test %i - string lengths differ "
+		    "(%i != %i)\n", test_no, asn1str->length, length);
+		return (1);
+	}
+	if (strncmp(asn1str->data, str, length) != 0) {
+		fprintf(stderr, "FAIL: test %i - strings differ "
+		    "('%s' != '%s')\n", test_no, asn1str->data, str);
+		return (1);
+	}
+
+	return (0);
+}
+
+static int
+rfc5280_invtime_test(int test_no, struct rfc5280_time_test *att)
+{
+	ASN1_GENERALIZEDTIME *gt = NULL;
+	ASN1_UTCTIME *ut = NULL;
+	ASN1_TIME *t = NULL;
+	int failure = 1;
+	time_t now = time(NULL);
+
+	if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
+		goto done;
+	if ((ut = ASN1_UTCTIME_new()) == NULL)
+		goto done;
+	if ((t = ASN1_TIME_new()) == NULL)
+		goto done;
+
+	if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 0) {
+		if (X509_cmp_time(gt, &now) != 0) {
+			fprintf(stderr, "FAIL: test %i - successfully parsed as GENTIME "
+			    "string '%s'\n", test_no, att->str);
+			goto done;
+		}
+	}
+	if (ASN1_UTCTIME_set_string(ut, att->str) != 0) {
+		if (X509_cmp_time(ut, &now) != 0) {
+			fprintf(stderr, "FAIL: test %i - successfully parsed as UTCTIME "
+			    "string '%s'\n", test_no, att->str);
+			goto done;
+		}
+	}
+	if (ASN1_UTCTIME_set_string(ut, att->str) != 0) {
+		if (X509_cmp_time(ut, &now) != 0) {
+			fprintf(stderr, "FAIL: test %i - successfully parsed as UTCTIME "
+			    "string '%s'\n", test_no, att->str);
+			goto done;
+		}
+	}
+
+	failure = 0;
+
+ done:
+	ASN1_GENERALIZEDTIME_free(gt);
+	ASN1_UTCTIME_free(ut);
+	ASN1_TIME_free(t);
+
+	return (failure);
+}
+
+static int
+rfc5280_gentime_test(int test_no, struct rfc5280_time_test *att)
+{
+	unsigned char *p = NULL;
+	ASN1_GENERALIZEDTIME *gt;
+	int failure = 1;
+	int i;
+
+	if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
+		goto done;
+
+	if (ASN1_GENERALIZEDTIME_set_string(gt, att->str) != 1) {
+		fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
+		    test_no, att->str);
+		goto done;
+	}
+	if (asn1_compare_str(test_no, gt, att->str) != 0)
+		goto done;
+
+	if ((i = X509_cmp_time(gt, &att->time) != -1)) {
+		fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
+		    test_no, i, att->time);
+		goto done;
+	}
+
+	att->time--;
+	if ((i = X509_cmp_time(gt, &att->time) != 1)) {
+		fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
+		    test_no, i, att->time);
+		goto done;
+	}
+	att->time++;
+
+	ASN1_GENERALIZEDTIME_free(gt);
+
+	if ((gt = ASN1_GENERALIZEDTIME_set(NULL, att->time)) == NULL) {
+		fprintf(stderr, "FAIL: test %i - failed to set time %lli\n",
+		    test_no, (long long)att->time);
+		goto done;
+	}
+	if (asn1_compare_str(test_no, gt, att->data) != 0)
+		goto done;
+
+	failure = 0;
+
+ done:
+	ASN1_GENERALIZEDTIME_free(gt);
+	free(p);
+
+	return (failure);
+}
+
+static int
+rfc5280_utctime_test(int test_no, struct rfc5280_time_test *att)
+{
+	unsigned char *p = NULL;
+	ASN1_UTCTIME *ut;
+	int failure = 1;
+	int i;
+
+	if ((ut = ASN1_UTCTIME_new()) == NULL)
+		goto done;
+
+	if (ASN1_UTCTIME_set_string(ut, att->str) != 1) {
+		fprintf(stderr, "FAIL: test %i - failed to set string '%s'\n",
+		    test_no, att->str);
+		goto done;
+	}
+	if (asn1_compare_str(test_no, ut, att->str) != 0)
+		goto done;
+
+	if ((i = X509_cmp_time(ut, &att->time) != -1)) {
+		fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
+		    test_no, i, att->time);
+		goto done;
+	}
+
+	att->time--;
+	if ((i = X509_cmp_time(ut, &att->time) != 1)) {
+		fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
+		    test_no, i, att->time);
+		goto done;
+	}
+	att->time++;
+
+	ASN1_UTCTIME_free(ut);
+
+	if ((ut = ASN1_UTCTIME_set(NULL, att->time)) == NULL) {
+		fprintf(stderr, "FAIL: test %i - failed to set time %lli\n",
+		    test_no, (long long)att->time);
+		goto done;
+	}
+	if (asn1_compare_str(test_no, ut, att->data) != 0)
+		goto done;
+
+	failure = 0;
+
+ done:
+	ASN1_UTCTIME_free(ut);
+	free(p);
+
+	return (failure);
+}
+
+int
+main(int argc, char **argv)
+{
+	struct rfc5280_time_test *att;
+	int failed = 0;
+	size_t i;
+
+	fprintf(stderr, "RFC5280 Invalid time tests...\n");
+	for (i = 0; i < N_INVTIME_TESTS; i++) {
+		att = &rfc5280_invtime_tests[i];
+		failed |= rfc5280_invtime_test(i, att);
+	}
+
+	fprintf(stderr, "RFC5280 GENERALIZEDTIME tests...\n");
+	for (i = 0; i < N_GENTIME_TESTS; i++) {
+		att = &rfc5280_gentime_tests[i];
+		failed |= rfc5280_gentime_test(i, att);
+	}
+
+	fprintf(stderr, "RFC5280 UTCTIME tests...\n");
+	for (i = 0; i < N_UTCTIME_TESTS; i++) {
+		att = &rfc5280_utctime_tests[i];
+		failed |= rfc5280_utctime_test(i, att);
+	}
+	return (failed);
+}
-- 
cgit v1.2.3-55-g6feb