1/*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 * https://www.openssl.org/source/license.html
8 * or in the file LICENSE in the source distribution.
9 */
10
11#include <stdio.h>
12#include <string.h>
13#include <errno.h>
14
15#include <openssl/x509.h>
16#include <openssl/pem.h>
17#include <openssl/conf.h>
18#include <openssl/err.h>
19#include "internal/nelem.h"
20#include "testutil.h"
21
22static int test_certs(int num)
23{
24    int c;
25    char *name = 0;
26    char *header = 0;
27    unsigned char *data = 0;
28    long len;
29    typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
30    typedef int (*i2d_X509_t)(const X509 *, unsigned char **);
31    int err = 0;
32    BIO *fp = BIO_new_file(test_get_argument(num), "r");
33
34    if (!TEST_ptr(fp))
35        return 0;
36
37    for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) {
38        const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0);
39        d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
40        i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
41        X509 *cert = NULL;
42        X509 *reuse = NULL;
43        const unsigned char *p = data;
44        unsigned char *buf = NULL;
45        unsigned char *bufp;
46        long enclen;
47
48        if (!trusted
49            && strcmp(name, PEM_STRING_X509) != 0
50            && strcmp(name, PEM_STRING_X509_OLD) != 0) {
51            TEST_error("unexpected PEM object: %s", name);
52            err = 1;
53            goto next;
54        }
55        cert = d2i(NULL, &p, len);
56
57        if (cert == NULL || (p - data) != len) {
58            TEST_error("error parsing input %s", name);
59            err = 1;
60            goto next;
61        }
62
63        /* Test traditional 2-pass encoding into caller allocated buffer */
64        enclen = i2d(cert, NULL);
65        if (len != enclen) {
66            TEST_error("encoded length %ld of %s != input length %ld",
67                       enclen, name, len);
68            err = 1;
69            goto next;
70        }
71        if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
72            TEST_perror("malloc");
73            err = 1;
74            goto next;
75        }
76        enclen = i2d(cert, &bufp);
77        if (len != enclen) {
78            TEST_error("encoded length %ld of %s != input length %ld",
79                       enclen, name, len);
80            err = 1;
81            goto next;
82        }
83        enclen = (long) (bufp - buf);
84        if (enclen != len) {
85            TEST_error("unexpected buffer position after encoding %s", name);
86            err = 1;
87            goto next;
88        }
89        if (memcmp(buf, data, len) != 0) {
90            TEST_error("encoded content of %s does not match input", name);
91            err = 1;
92            goto next;
93        }
94        p = buf;
95        reuse = d2i(NULL, &p, enclen);
96        if (reuse == NULL) {
97            TEST_error("second d2i call failed for %s", name);
98            err = 1;
99            goto next;
100        }
101        err = X509_cmp(reuse, cert);
102        if (err != 0) {
103            TEST_error("X509_cmp for %s resulted in %d", name, err);
104            err = 1;
105            goto next;
106        }
107        OPENSSL_free(buf);
108        buf = NULL;
109
110        /* Test 1-pass encoding into library allocated buffer */
111        enclen = i2d(cert, &buf);
112        if (len != enclen) {
113            TEST_error("encoded length %ld of %s != input length %ld",
114                       enclen, name, len);
115            err = 1;
116            goto next;
117        }
118        if (memcmp(buf, data, len) != 0) {
119            TEST_error("encoded content of %s does not match input", name);
120            err = 1;
121            goto next;
122        }
123
124        if (trusted) {
125            /* Encode just the cert and compare with initial encoding */
126            OPENSSL_free(buf);
127            buf = NULL;
128
129            /* Test 1-pass encoding into library allocated buffer */
130            enclen = i2d(cert, &buf);
131            if (enclen > len) {
132                TEST_error("encoded length %ld of %s > input length %ld",
133                           enclen, name, len);
134                err = 1;
135                goto next;
136            }
137            if (memcmp(buf, data, enclen) != 0) {
138                TEST_error("encoded cert content does not match input");
139                err = 1;
140                goto next;
141            }
142        }
143
144        /*
145         * If any of these were null, PEM_read() would have failed.
146         */
147    next:
148        X509_free(cert);
149        X509_free(reuse);
150        OPENSSL_free(buf);
151        OPENSSL_free(name);
152        OPENSSL_free(header);
153        OPENSSL_free(data);
154    }
155    BIO_free(fp);
156
157    if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
158        /* Reached end of PEM file */
159        if (c > 0) {
160            ERR_clear_error();
161            return 1;
162        }
163    }
164
165    /* Some other PEM read error */
166    return 0;
167}
168
169OPT_TEST_DECLARE_USAGE("certfile...\n")
170
171int setup_tests(void)
172{
173    size_t n;
174
175    if (!test_skip_common_options()) {
176        TEST_error("Error parsing test options\n");
177        return 0;
178    }
179
180    n = test_get_argument_count();
181    if (n == 0)
182        return 0;
183
184    ADD_ALL_TESTS(test_certs, (int)n);
185    return 1;
186}
187