crltest.c@ 105945

最後變更在這個檔案從105945是 105945,由 vboxsync 提交於 2 月前
openssl-3.1.7: Applied and adjusted our OpenSSL changes to 3.1.7. bugref:10757
檔案大小: 15.9 KB

行
1	/*
2	* Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include "internal/nelem.h"
11	#include <string.h>
12	#include <openssl/bio.h>
13	#include <openssl/crypto.h>
14	#include <openssl/err.h>
15	#include <openssl/pem.h>
16	#include <openssl/x509.h>
17
18	#include "testutil.h"
19
20	#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */
21
22	static const char *kCRLTestRoot[] = {
23	"-----BEGIN CERTIFICATE-----\n",
24	"MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n",
25	"BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW\n",
26	"aWV3MRIwEAYDVQQKDAlCb3JpbmdTU0wwHhcNMTYwOTI2MTUwNjI2WhcNMjYwOTI0\n",
27	"MTUwNjI2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n",
28	"A1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJQm9yaW5nU1NMMIIBIjANBgkq\n",
29	"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16WiLWZuaymsD8n5SKPmxV1y6jjgr3B\n",
30	"S/dUBpbrzd1aeFzNlI8l2jfAnzUyp+I21RQ+nh/MhqjGElkTtK9xMn1Y+S9GMRh+\n",
31	"5R/Du0iCb1tCZIPY07Tgrb0KMNWe0v2QKVVruuYSgxIWodBfxlKO64Z8AJ5IbnWp\n",
32	"uRqO6rctN9qUoMlTIAB6dL4G0tDJ/PGFWOJYwOMEIX54bly2wgyYJVBKiRRt4f7n\n",
33	"8H922qmvPNA9idmX9G1VAtgV6x97XXi7ULORIQvn9lVQF6nTYDBJhyuPB+mLThbL\n",
34	"P2o9orxGx7aCtnnBZUIxUvHNOI0FaSaZH7Fi0xsZ/GkG2HZe7ImPJwIDAQABo1Aw\n",
35	"TjAdBgNVHQ4EFgQUWPt3N5cZ/CRvubbrkqfBnAqhq94wHwYDVR0jBBgwFoAUWPt3\n",
36	"N5cZ/CRvubbrkqfBnAqhq94wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\n",
37	"AQEAORu6M0MOwXy+3VEBwNilfTxyqDfruQsc1jA4PT8Oe8zora1WxE1JB4q2FJOz\n",
38	"EAuM3H/NXvEnBuN+ITvKZAJUfm4NKX97qmjMJwLKWe1gVv+VQTr63aR7mgWJReQN\n",
39	"XdMztlVeZs2dppV6uEg3ia1X0G7LARxGpA9ETbMyCpb39XxlYuTClcbA5ftDN99B\n",
40	"3Xg9KNdd++Ew22O3HWRDvdDpTO/JkzQfzi3sYwUtzMEonENhczJhGf7bQMmvL/w5\n",
41	"24Wxj4Z7KzzWIHsNqE/RIs6RV3fcW61j/mRgW2XyoWnMVeBzvcJr9NXp4VQYmFPw\n",
42	"amd8GKMZQvP0ufGnUn7D7uartA==\n",
43	"-----END CERTIFICATE-----\n",
44	NULL
45	};
46
47	static const char *kCRLTestLeaf[] = {
48	"-----BEGIN CERTIFICATE-----\n",
49	"MIIDkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCVVMx\n",
50	"EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEjAQ\n",
51	"BgNVBAoMCUJvcmluZ1NTTDAeFw0xNjA5MjYxNTA4MzFaFw0xNzA5MjYxNTA4MzFa\n",
52	"MEsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQKDAlC\n",
53	"b3JpbmdTU0wxEzARBgNVBAMMCmJvcmluZy5zc2wwggEiMA0GCSqGSIb3DQEBAQUA\n",
54	"A4IBDwAwggEKAoIBAQDc5v1S1M0W+QWM+raWfO0LH8uvqEwuJQgODqMaGnSlWUx9\n",
55	"8iQcnWfjyPja3lWg9K62hSOFDuSyEkysKHDxijz5R93CfLcfnVXjWQDJe7EJTTDP\n",
56	"ozEvxN6RjAeYv7CF000euYr3QT5iyBjg76+bon1p0jHZBJeNPP1KqGYgyxp+hzpx\n",
57	"e0gZmTlGAXd8JQK4v8kpdYwD6PPifFL/jpmQpqOtQmH/6zcLjY4ojmqpEdBqIKIX\n",
58	"+saA29hMq0+NK3K+wgg31RU+cVWxu3tLOIiesETkeDgArjWRS1Vkzbi4v9SJxtNu\n",
59	"OZuAxWiynRJw3JwH/OFHYZIvQqz68ZBoj96cepjPAgMBAAGjezB5MAkGA1UdEwQC\n",
60	"MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl\n",
61	"MB0GA1UdDgQWBBTGn0OVVh/aoYt0bvEKG+PIERqnDzAfBgNVHSMEGDAWgBRY+3c3\n",
62	"lxn8JG+5tuuSp8GcCqGr3jANBgkqhkiG9w0BAQsFAAOCAQEAd2nM8gCQN2Dc8QJw\n",
63	"XSZXyuI3DBGGCHcay/3iXu0JvTC3EiQo8J6Djv7WLI0N5KH8mkm40u89fJAB2lLZ\n",
64	"ShuHVtcC182bOKnePgwp9CNwQ21p0rDEu/P3X46ZvFgdxx82E9xLa0tBB8PiPDWh\n",
65	"lV16jbaKTgX5AZqjnsyjR5o9/mbZVupZJXx5Syq+XA8qiJfstSYJs4KyKK9UOjql\n",
66	"ICkJVKpi2ahDBqX4MOH4SLfzVk8pqSpviS6yaA1RXqjpkxiN45WWaXDldVHMSkhC\n",
67	"5CNXsXi4b1nAntu89crwSLA3rEwzCWeYj+BX7e1T9rr3oJdwOU/2KQtW1js1yQUG\n",
68	"tjJMFw==\n",
69	"-----END CERTIFICATE-----\n",
70	NULL
71	};
72
73	static const char *kBasicCRL[] = {
74	"-----BEGIN X509 CRL-----\n",
75	"MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
76	"CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
77	"Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoA4wDDAKBgNV\n",
78	"HRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAnrBKKgvd9x9zwK9rtUvVeFeJ7+LN\n",
79	"ZEAc+a5oxpPNEsJx6hXoApYEbzXMxuWBQoCs5iEBycSGudct21L+MVf27M38KrWo\n",
80	"eOkq0a2siqViQZO2Fb/SUFR0k9zb8xl86Zf65lgPplALun0bV/HT7MJcl04Tc4os\n",
81	"dsAReBs5nqTGNEd5AlC1iKHvQZkM//MD51DspKnDpsDiUVi54h9C1SpfZmX8H2Vv\n",
82	"diyu0fZ/bPAM3VAGawatf/SyWfBMyKpoPXEG39oAzmjjOj8en82psn7m474IGaho\n",
83	"/vBbhl1ms5qQiLYPjm4YELtnXQoFyC72tBjbdFd/ZE9k4CNKDbxFUXFbkw==\n",
84	"-----END X509 CRL-----\n",
85	NULL
86	};
87
88	static const char *kRevokedCRL[] = {
89	"-----BEGIN X509 CRL-----\n",
90	"MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
91	"CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
92	"Qm9yaW5nU1NMFw0xNjA5MjYxNTEyNDRaFw0xNjEwMjYxNTEyNDRaMBUwEwICEAAX\n",
93	"DTE2MDkyNjE1MTIyNlqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IB\n",
94	"AQCUGaM4DcWzlQKrcZvI8TMeR8BpsvQeo5BoI/XZu2a8h//PyRyMwYeaOM+3zl0d\n",
95	"sjgCT8b3C1FPgT+P2Lkowv7rJ+FHJRNQkogr+RuqCSPTq65ha4WKlRGWkMFybzVH\n",
96	"NloxC+aU3lgp/NlX9yUtfqYmJek1CDrOOGPrAEAwj1l/BUeYKNGqfBWYJQtPJu+5\n",
97	"OaSvIYGpETCZJscUWODmLEb/O3DM438vLvxonwGqXqS0KX37+CHpUlyhnSovxXxp\n",
98	"Pz4aF+L7OtczxL0GYtD2fR9B7TDMqsNmHXgQrixvvOY7MUdLGbd4RfJL3yA53hyO\n",
99	"xzfKY2TzxLiOmctG0hXFkH5J\n",
100	"-----END X509 CRL-----\n",
101	NULL
102	};
103
104	static const char *kInvalidCRL[] = {
105	"-----BEGIN X509 CRL-----\n",
106	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n",
107	"-----END X509 CRL-----\n",
108	NULL
109	};
110
111	static const char *kBadIssuerCRL[] = {
112	"-----BEGIN X509 CRL-----\n",
113	"MIIBwjCBqwIBATANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
114	"CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEWMBQGA1UECgwN\n",
115	"Tm90IEJvcmluZ1NTTBcNMTYwOTI2MTUxMjQ0WhcNMTYxMDI2MTUxMjQ0WjAVMBMC\n",
116	"AhAAFw0xNjA5MjYxNTEyMjZaoA4wDDAKBgNVHRQEAwIBAjANBgkqhkiG9w0BAQsF\n",
117	"AAOCAQEAlBmjOA3Fs5UCq3GbyPEzHkfAabL0HqOQaCP12btmvIf/z8kcjMGHmjjP\n",
118	"t85dHbI4Ak/G9wtRT4E/j9i5KML+6yfhRyUTUJKIK/kbqgkj06uuYWuFipURlpDB\n",
119	"cm81RzZaMQvmlN5YKfzZV/clLX6mJiXpNQg6zjhj6wBAMI9ZfwVHmCjRqnwVmCUL\n",
120	"TybvuTmkryGBqREwmSbHFFjg5ixG/ztwzON/Ly78aJ8Bql6ktCl9+/gh6VJcoZ0q\n",
121	"L8V8aT8+Ghfi+zrXM8S9BmLQ9n0fQe0wzKrDZh14EK4sb7zmOzFHSxm3eEXyS98g\n",
122	"Od4cjsc3ymNk88S4jpnLRtIVxZB+SQ==\n",
123	"-----END X509 CRL-----\n",
124	NULL
125	};
126
127	/*
128	* This is kBasicCRL but with a critical issuing distribution point
129	* extension.
130	*/
131	static const char *kKnownCriticalCRL[] = {
132	"-----BEGIN X509 CRL-----\n",
133	"MIIBujCBowIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
134	"CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
135	"Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCEwHzAKBgNV\n",
136	"HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wDQYJKoZIhvcNAQELBQADggEBAA+3\n",
137	"i+5e5Ub8sccfgOBs6WVJFI9c8gvJjrJ8/dYfFIAuCyeocs7DFXn1n13CRZ+URR/Q\n",
138	"mVWgU28+xeusuSPYFpd9cyYTcVyNUGNTI3lwgcE/yVjPaOmzSZKdPakApRxtpKKQ\n",
139	"NN/56aQz3bnT/ZSHQNciRB8U6jiD9V30t0w+FDTpGaG+7bzzUH3UVF9xf9Ctp60A\n",
140	"3mfLe0scas7owSt4AEFuj2SPvcE7yvdOXbu+IEv21cEJUVExJAbhvIweHXh6yRW+\n",
141	"7VVeiNzdIjkZjyTmAzoXGha4+wbxXyBRbfH+XWcO/H+8nwyG8Gktdu2QB9S9nnIp\n",
142	"o/1TpfOMSGhMyMoyPrk=\n",
143	"-----END X509 CRL-----\n",
144	NULL
145	};
146
147	/*
148	* kUnknownCriticalCRL is kBasicCRL but with an unknown critical extension.
149	*/
150	static const char *kUnknownCriticalCRL[] = {
151	"-----BEGIN X509 CRL-----\n",
152	"MIIBvDCBpQIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
153	"CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
154	"Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoCMwITAKBgNV\n",
155	"HRQEAwIBATATBgwqhkiG9xIEAYS3CQABAf8EADANBgkqhkiG9w0BAQsFAAOCAQEA\n",
156	"GvBP0xqL509InMj/3493YVRV+ldTpBv5uTD6jewzf5XdaxEQ/VjTNe5zKnxbpAib\n",
157	"Kf7cwX0PMSkZjx7k7kKdDlEucwVvDoqC+O9aJcqVmM6GDyNb9xENxd0XCXja6MZC\n",
158	"yVgP4AwLauB2vSiEprYJyI1APph3iAEeDm60lTXX/wBM/tupQDDujKh2GPyvBRfJ\n",
159	"+wEDwGg3ICwvu4gO4zeC5qnFR+bpL9t5tOMAQnVZ0NWv+k7mkd2LbHdD44dxrfXC\n",
160	"nhtfERx99SDmC/jtUAJrGhtCO8acr7exCeYcduN7KKCm91OeCJKK6OzWst0Og1DB\n",
161	"kwzzU2rL3G65CrZ7H0SZsQ==\n",
162	"-----END X509 CRL-----\n",
163	NULL
164	};
165
166	/*
167	* kUnknownCriticalCRL2 is kBasicCRL but with a critical issuing distribution
168	* point extension followed by an unknown critical extension
169	*/
170	static const char *kUnknownCriticalCRL2[] = {
171	"-----BEGIN X509 CRL-----\n",
172	"MIIBzzCBuAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n",
173	"CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzESMBAGA1UECgwJ\n",
174	"Qm9yaW5nU1NMFw0xNjA5MjYxNTEwNTVaFw0xNjEwMjYxNTEwNTVaoDYwNDAKBgNV\n",
175	"HRQEAwIBATARBgNVHRwBAf8EBzAFoQMBAf8wEwYMKoZIhvcSBAGEtwkAAQH/BAAw\n",
176	"DQYJKoZIhvcNAQELBQADggEBACTcpQC8jXL12JN5YzOcQ64ubQIe0XxRAd30p7qB\n",
177	"BTXGpgqBjrjxRfLms7EBYodEXB2oXMsDq3km0vT1MfYdsDD05S+SQ9CDsq/pUfaC\n",
178	"E2WNI5p8WircRnroYvbN2vkjlRbMd1+yNITohXYXCJwjEOAWOx3XIM10bwPYBv4R\n",
179	"rDobuLHoMgL3yHgMHmAkP7YpkBucNqeBV8cCdeAZLuhXFWi6yfr3r/X18yWbC/r2\n",
180	"2xXdkrSqXLFo7ToyP8YKTgiXpya4x6m53biEYwa2ULlas0igL6DK7wjYZX95Uy7H\n",
181	"GKljn9weIYiMPV/BzGymwfv2EW0preLwtyJNJPaxbdin6Jc=\n",
182	"-----END X509 CRL-----\n",
183	NULL
184	};
185
186	static const char **unknown_critical_crls[] = {
187	kUnknownCriticalCRL, kUnknownCriticalCRL2
188	};
189
190	static X509 *test_root = NULL;
191	static X509 *test_leaf = NULL;
192
193	/*
194	* Glue an array of strings together. Return a BIO and put the string
195	* into \|*out\| so we can free it.
196	*/
197	static BIO glue2bio(const char pem, char *out)
198	{
199	size_t s = 0;
200
201	*out = glue_strings(pem, &s);
202	return BIO_new_mem_buf(*out, s);
203	}
204
205	/*
206	* Create a CRL from an array of strings.
207	*/
208	static X509_CRL CRL_from_strings(const char *pem)
209	{
210	X509_CRL *crl;
211	char *p;
212	BIO *b = glue2bio(pem, &p);
213
214	if (b == NULL) {
215	OPENSSL_free(p);
216	return NULL;
217	}
218
219	crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL);
220
221	OPENSSL_free(p);
222	BIO_free(b);
223	return crl;
224	}
225
226	/*
227	* Create an X509 from an array of strings.
228	*/
229	static X509 X509_from_strings(const char *pem)
230	{
231	X509 *x;
232	char *p;
233	BIO *b = glue2bio(pem, &p);
234
235	if (b == NULL) {
236	OPENSSL_free(p);
237	return NULL;
238	}
239
240	x = PEM_read_bio_X509(b, NULL, NULL, NULL);
241
242	OPENSSL_free(p);
243	BIO_free(b);
244	return x;
245	}
246
247	/*
248	* Verify \|leaf\| certificate (chained up to \|root\|). \|crls\| if
249	* not NULL, is a list of CRLs to include in the verification. It is
250	* also free'd before returning, which is kinda yucky but convenient.
251	* Returns a value from X509_V_ERR_xxx or X509_V_OK.
252	*/
253	static int verify(X509 leaf, X509 root, STACK_OF(X509_CRL) *crls,
254	unsigned long flags)
255	{
256	X509_STORE_CTX *ctx = X509_STORE_CTX_new();
257	X509_STORE *store = X509_STORE_new();
258	X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
259	STACK_OF(X509) *roots = sk_X509_new_null();
260	int status = X509_V_ERR_UNSPECIFIED;
261
262	if (!TEST_ptr(ctx)
263	\|\| !TEST_ptr(store)
264	\|\| !TEST_ptr(param)
265	\|\| !TEST_ptr(roots))
266	goto err;
267
268	/* Create a stack; upref the cert because we free it below. */
269	X509_up_ref(root);
270	if (!TEST_true(sk_X509_push(roots, root))
271	\|\| !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))
272	goto err;
273	X509_STORE_CTX_set0_trusted_stack(ctx, roots);
274	X509_STORE_CTX_set0_crls(ctx, crls);
275	X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
276	if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), PARAM_TIME))
277	goto err;
278	X509_VERIFY_PARAM_set_depth(param, 16);
279	if (flags)
280	X509_VERIFY_PARAM_set_flags(param, flags);
281	X509_STORE_CTX_set0_param(ctx, param);
282	param = NULL;
283
284	ERR_clear_error();
285	status = X509_verify_cert(ctx) == 1 ? X509_V_OK
286	: X509_STORE_CTX_get_error(ctx);
287	err:
288	sk_X509_pop_free(roots, X509_free);
289	sk_X509_CRL_pop_free(crls, X509_CRL_free);
290	X509_VERIFY_PARAM_free(param);
291	X509_STORE_CTX_free(ctx);
292	X509_STORE_free(store);
293	return status;
294	}
295
296	/*
297	* Create a stack of CRL's. Upref each one because we call pop_free on
298	* the stack and need to keep the CRL's around until the test exits.
299	* Yes this crashes on malloc failure; it forces us to debug.
300	*/
301	static STACK_OF(X509_CRL) make_CRL_stack(X509_CRL x1, X509_CRL *x2)
302	{
303	STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
304
305	sk_X509_CRL_push(sk, x1);
306	X509_CRL_up_ref(x1);
307	if (x2 != NULL) {
308	sk_X509_CRL_push(sk, x2);
309	X509_CRL_up_ref(x2);
310	}
311	return sk;
312	}
313
314	static int test_basic_crl(void)
315	{
316	X509_CRL *basic_crl = CRL_from_strings(kBasicCRL);
317	X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL);
318	int r;
319
320	r = TEST_ptr(basic_crl)
321	&& TEST_ptr(revoked_crl)
322	&& TEST_int_eq(verify(test_leaf, test_root,
323	make_CRL_stack(basic_crl, NULL),
324	X509_V_FLAG_CRL_CHECK), X509_V_OK)
325	&& TEST_int_eq(verify(test_leaf, test_root,
326	make_CRL_stack(basic_crl, revoked_crl),
327	X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED);
328	X509_CRL_free(basic_crl);
329	X509_CRL_free(revoked_crl);
330	return r;
331	}
332
333	static int test_no_crl(void)
334	{
335	return TEST_int_eq(verify(test_leaf, test_root, NULL,
336	X509_V_FLAG_CRL_CHECK),
337	X509_V_ERR_UNABLE_TO_GET_CRL);
338	}
339
340	static int test_bad_issuer_crl(void)
341	{
342	X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);
343	int r;
344
345	r = TEST_ptr(bad_issuer_crl)
346	&& TEST_int_eq(verify(test_leaf, test_root,
347	make_CRL_stack(bad_issuer_crl, NULL),
348	X509_V_FLAG_CRL_CHECK),
349	X509_V_ERR_UNABLE_TO_GET_CRL);
350	X509_CRL_free(bad_issuer_crl);
351	return r;
352	}
353
354	static int test_known_critical_crl(void)
355	{
356	X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);
357	int r;
358
359	r = TEST_ptr(known_critical_crl)
360	&& TEST_int_eq(verify(test_leaf, test_root,
361	make_CRL_stack(known_critical_crl, NULL),
362	X509_V_FLAG_CRL_CHECK), X509_V_OK);
363	X509_CRL_free(known_critical_crl);
364	return r;
365	}
366
367	static int test_unknown_critical_crl(int n)
368	{
369	X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]);
370	int r;
371
372	r = TEST_ptr(unknown_critical_crl)
373	&& TEST_int_eq(verify(test_leaf, test_root,
374	make_CRL_stack(unknown_critical_crl, NULL),
375	X509_V_FLAG_CRL_CHECK),
376	X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION);
377	X509_CRL_free(unknown_critical_crl);
378	return r;
379	}
380
381	static int test_reuse_crl(int idx)
382	{
383	X509_CRL result, reused_crl = CRL_from_strings(kBasicCRL);
384	X509_CRL *addref_crl = NULL;
385	char *p = NULL;
386	BIO *b = NULL;
387	int r = 0;
388
389	if (!TEST_ptr(reused_crl))
390	goto err;
391
392	if (idx & 1) {
393	if (!TEST_true(X509_CRL_up_ref(reused_crl)))
394	goto err;
395	addref_crl = reused_crl;
396	}
397
398	idx >>= 1;
399	b = glue2bio(idx == 2 ? kRevokedCRL : kInvalidCRL + idx, &p);
400
401	if (!TEST_ptr(b))
402	goto err;
403
404	result = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL);
405
406	switch (idx) {
407	case 0: /* valid PEM + invalid DER */
408	if (!TEST_ptr_null(result)
409	\|\| !TEST_ptr_null(reused_crl))
410	goto err;
411	break;
412	case 1: /* invalid PEM */
413	if (!TEST_ptr_null(result)
414	\|\| !TEST_ptr(reused_crl))
415	goto err;
416	break;
417	case 2:
418	if (!TEST_ptr(result)
419	\|\| !TEST_ptr(reused_crl)
420	\|\| !TEST_ptr_eq(result, reused_crl))
421	goto err;
422	break;
423	}
424
425	r = 1;
426
427	err:
428	OPENSSL_free(p);
429	BIO_free(b);
430	X509_CRL_free(reused_crl);
431	X509_CRL_free(addref_crl);
432	return r;
433	}
434
435	int setup_tests(void)
436	{
437	if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
438	\|\| !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf)))
439	return 0;
440
441	ADD_TEST(test_no_crl);
442	ADD_TEST(test_basic_crl);
443	ADD_TEST(test_bad_issuer_crl);
444	ADD_TEST(test_known_critical_crl);
445	ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));
446	ADD_ALL_TESTS(test_reuse_crl, 6);
447	return 1;
448	}
449
450	void cleanup_tests(void)
451	{
452	X509_free(test_root);
453	X509_free(test_leaf);
454	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.7/test/crltest.c@ 105945

以其他格式下載: