mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 04:53:52 +08:00
fe2a7341b5
Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19942)
262 lines
6.7 KiB
C
262 lines
6.7 KiB
C
/*
|
|
* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
|
|
#include "internal/nelem.h"
|
|
|
|
#include <openssl/pkcs12.h>
|
|
#include <openssl/x509.h>
|
|
#include <openssl/x509v3.h>
|
|
#include <openssl/pem.h>
|
|
|
|
#include "testutil.h"
|
|
#include "helpers/pkcs12.h"
|
|
|
|
static OSSL_LIB_CTX *testctx = NULL;
|
|
static OSSL_PROVIDER *nullprov = NULL;
|
|
|
|
static int test_null_args(void)
|
|
{
|
|
return TEST_false(PKCS12_parse(NULL, NULL, NULL, NULL, NULL));
|
|
}
|
|
|
|
static PKCS12 *PKCS12_load(const char *fpath)
|
|
{
|
|
BIO *bio = NULL;
|
|
PKCS12 *p12 = NULL;
|
|
|
|
bio = BIO_new_file(fpath, "rb");
|
|
if (!TEST_ptr(bio))
|
|
goto err;
|
|
|
|
p12 = PKCS12_init_ex(NID_pkcs7_data, testctx, "provider=default");
|
|
if (!TEST_ptr(p12))
|
|
goto err;
|
|
|
|
if (!TEST_true(p12 == d2i_PKCS12_bio(bio, &p12)))
|
|
goto err;
|
|
|
|
BIO_free(bio);
|
|
|
|
return p12;
|
|
|
|
err:
|
|
BIO_free(bio);
|
|
PKCS12_free(p12);
|
|
return NULL;
|
|
}
|
|
|
|
static const char *in_file = NULL;
|
|
static const char *in_pass = "";
|
|
static int has_key = 0;
|
|
static int has_cert = 0;
|
|
static int has_ca = 0;
|
|
static int pkcs12_parse_test(void)
|
|
{
|
|
int ret = 0;
|
|
PKCS12 *p12 = NULL;
|
|
EVP_PKEY *key = NULL;
|
|
X509 *cert = NULL;
|
|
STACK_OF(X509) *ca = NULL;
|
|
|
|
if (in_file != NULL) {
|
|
p12 = PKCS12_load(in_file);
|
|
if (!TEST_ptr(p12))
|
|
goto err;
|
|
|
|
if (!TEST_true(PKCS12_parse(p12, in_pass, &key, &cert, &ca)))
|
|
goto err;
|
|
|
|
if ((has_key && !TEST_ptr(key)) || (!has_key && !TEST_ptr_null(key)))
|
|
goto err;
|
|
if ((has_cert && !TEST_ptr(cert)) || (!has_cert && !TEST_ptr_null(cert)))
|
|
goto err;
|
|
if ((has_ca && !TEST_ptr(ca)) || (!has_ca && !TEST_ptr_null(ca)))
|
|
goto err;
|
|
}
|
|
|
|
ret = 1;
|
|
err:
|
|
PKCS12_free(p12);
|
|
EVP_PKEY_free(key);
|
|
X509_free(cert);
|
|
OSSL_STACK_OF_X509_free(ca);
|
|
return TEST_true(ret);
|
|
}
|
|
|
|
static int pkcs12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg)
|
|
{
|
|
int cb_ret = *((int*)cbarg);
|
|
return cb_ret;
|
|
}
|
|
|
|
static PKCS12 *pkcs12_create_ex2_setup(EVP_PKEY **key, X509 **cert, STACK_OF(X509) **ca)
|
|
{
|
|
PKCS12 *p12 = NULL;
|
|
p12 = PKCS12_load("out6.p12");
|
|
if (!TEST_ptr(p12))
|
|
goto err;
|
|
|
|
if (!TEST_true(PKCS12_parse(p12, "", key, cert, ca)))
|
|
goto err;
|
|
|
|
return p12;
|
|
err:
|
|
PKCS12_free(p12);
|
|
return NULL;
|
|
}
|
|
|
|
static int pkcs12_create_ex2_test(int test)
|
|
{
|
|
int ret = 0, cb_ret = 0;
|
|
PKCS12 *ptr = NULL, *p12 = NULL;
|
|
EVP_PKEY *key = NULL;
|
|
X509 *cert = NULL;
|
|
STACK_OF(X509) *ca = NULL;
|
|
|
|
p12 = pkcs12_create_ex2_setup(&key, &cert, &ca);
|
|
if (!TEST_ptr(p12))
|
|
goto err;
|
|
|
|
if (test == 0) {
|
|
/* Confirm PKCS12_create_ex2 returns NULL */
|
|
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
|
|
NULL, NULL, NID_undef, NID_undef,
|
|
0, 0, 0,
|
|
testctx, NULL,
|
|
NULL, NULL);
|
|
if (TEST_ptr(ptr))
|
|
goto err;
|
|
|
|
/* Can't proceed without a valid cert at least */
|
|
if (!TEST_ptr(cert))
|
|
goto err;
|
|
|
|
/* Specified call back called - return success */
|
|
cb_ret = 1;
|
|
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
|
|
cert, NULL, NID_undef, NID_undef,
|
|
0, 0, 0,
|
|
testctx, NULL,
|
|
pkcs12_create_cb, (void*)&cb_ret);
|
|
/* PKCS12 successfully created */
|
|
if (!TEST_ptr(ptr))
|
|
goto err;
|
|
} else if (test == 1) {
|
|
/* Specified call back called - return error*/
|
|
cb_ret = -1;
|
|
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
|
|
cert, NULL, NID_undef, NID_undef,
|
|
0, 0, 0,
|
|
testctx, NULL,
|
|
pkcs12_create_cb, (void*)&cb_ret);
|
|
/* PKCS12 not created */
|
|
if (TEST_ptr(ptr))
|
|
goto err;
|
|
} else if (test == 2) {
|
|
/* Specified call back called - return failure */
|
|
cb_ret = 0;
|
|
ptr = PKCS12_create_ex2(NULL, NULL, NULL,
|
|
cert, NULL, NID_undef, NID_undef,
|
|
0, 0, 0,
|
|
testctx, NULL,
|
|
pkcs12_create_cb, (void*)&cb_ret);
|
|
/* PKCS12 successfully created */
|
|
if (!TEST_ptr(ptr))
|
|
goto err;
|
|
}
|
|
|
|
ret = 1;
|
|
err:
|
|
PKCS12_free(p12);
|
|
PKCS12_free(ptr);
|
|
EVP_PKEY_free(key);
|
|
X509_free(cert);
|
|
OSSL_STACK_OF_X509_free(ca);
|
|
return TEST_true(ret);
|
|
}
|
|
|
|
typedef enum OPTION_choice {
|
|
OPT_ERR = -1,
|
|
OPT_EOF = 0,
|
|
OPT_IN_FILE,
|
|
OPT_IN_PASS,
|
|
OPT_IN_HAS_KEY,
|
|
OPT_IN_HAS_CERT,
|
|
OPT_IN_HAS_CA,
|
|
OPT_LEGACY,
|
|
OPT_TEST_ENUM
|
|
} OPTION_CHOICE;
|
|
|
|
const OPTIONS *test_get_options(void)
|
|
{
|
|
static const OPTIONS options[] = {
|
|
OPT_TEST_OPTIONS_DEFAULT_USAGE,
|
|
{ "in", OPT_IN_FILE, '<', "PKCS12 input file" },
|
|
{ "pass", OPT_IN_PASS, 's', "PKCS12 input file password" },
|
|
{ "has-key", OPT_IN_HAS_KEY, 'n', "Whether the input file does contain an user key" },
|
|
{ "has-cert", OPT_IN_HAS_CERT, 'n', "Whether the input file does contain an user certificate" },
|
|
{ "has-ca", OPT_IN_HAS_CA, 'n', "Whether the input file does contain other certificate" },
|
|
{ "legacy", OPT_LEGACY, '-', "Test the legacy APIs" },
|
|
{ NULL }
|
|
};
|
|
return options;
|
|
}
|
|
|
|
int setup_tests(void)
|
|
{
|
|
OPTION_CHOICE o;
|
|
|
|
while ((o = opt_next()) != OPT_EOF) {
|
|
switch (o) {
|
|
case OPT_IN_FILE:
|
|
in_file = opt_arg();
|
|
break;
|
|
case OPT_IN_PASS:
|
|
in_pass = opt_arg();
|
|
break;
|
|
case OPT_LEGACY:
|
|
break;
|
|
case OPT_IN_HAS_KEY:
|
|
has_key = opt_int_arg();
|
|
break;
|
|
case OPT_IN_HAS_CERT:
|
|
has_cert = opt_int_arg();
|
|
break;
|
|
case OPT_IN_HAS_CA:
|
|
has_ca = opt_int_arg();
|
|
break;
|
|
case OPT_TEST_CASES:
|
|
break;
|
|
default:
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
if (!test_get_libctx(&testctx, &nullprov, NULL, NULL, NULL)) {
|
|
OSSL_LIB_CTX_free(testctx);
|
|
testctx = NULL;
|
|
return 0;
|
|
}
|
|
|
|
ADD_TEST(test_null_args);
|
|
ADD_TEST(pkcs12_parse_test);
|
|
ADD_ALL_TESTS(pkcs12_create_ex2_test, 3);
|
|
return 1;
|
|
}
|
|
|
|
void cleanup_tests(void)
|
|
{
|
|
OSSL_LIB_CTX_free(testctx);
|
|
OSSL_PROVIDER_unload(nullprov);
|
|
}
|