| /* |
| * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. |
| * |
| * Licensed under the OpenSSL licenses, (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * https://www.openssl.org/source/license.html |
| * or in the file LICENSE in the source distribution. |
| */ |
| |
| #include <stdio.h> |
| #include <string.h> |
| #include <errno.h> |
| |
| #include <openssl/x509.h> |
| #include <openssl/pem.h> |
| #include <openssl/conf.h> |
| #include <openssl/err.h> |
| |
| #include "../e_os.h" |
| |
| static const char *progname; |
| |
| static void test_usage(void) |
| { |
| fprintf(stderr, "usage: %s certfile\n", progname); |
| } |
| |
| static void print_errors(void) |
| { |
| unsigned long err; |
| char buffer[1024]; |
| const char *file; |
| const char *data; |
| int line; |
| int flags; |
| |
| while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { |
| ERR_error_string_n(err, buffer, sizeof(buffer)); |
| if (flags & ERR_TXT_STRING) |
| fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data); |
| else |
| fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line); |
| } |
| } |
| |
| static int test_certs(BIO *fp) |
| { |
| int count; |
| char *name = 0; |
| char *header = 0; |
| unsigned char *data = 0; |
| long len; |
| typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); |
| typedef int (*i2d_X509_t)(X509 *, unsigned char **); |
| int err = 0; |
| |
| for (count = 0; |
| !err && PEM_read_bio(fp, &name, &header, &data, &len); |
| ++count) { |
| int trusted = strcmp(name, PEM_STRING_X509_TRUSTED) == 0; |
| d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509; |
| i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509; |
| X509 *cert = NULL; |
| const unsigned char *p = data; |
| unsigned char *buf = NULL; |
| unsigned char *bufp; |
| long enclen; |
| |
| if (!trusted |
| && strcmp(name, PEM_STRING_X509) != 0 |
| && strcmp(name, PEM_STRING_X509_OLD) != 0) { |
| fprintf(stderr, "unexpected PEM object: %s\n", name); |
| err = 1; |
| goto next; |
| } |
| cert = d2i(NULL, &p, len); |
| |
| if (cert == NULL || (p - data) != len) { |
| fprintf(stderr, "error parsing input %s\n", name); |
| err = 1; |
| goto next; |
| } |
| |
| /* Test traditional 2-pass encoding into caller allocated buffer */ |
| enclen = i2d(cert, NULL); |
| if (len != enclen) { |
| fprintf(stderr, "encoded length %ld of %s != input length %ld\n", |
| enclen, name, len); |
| err = 1; |
| goto next; |
| } |
| if ((buf = bufp = OPENSSL_malloc(len)) == NULL) { |
| perror("malloc"); |
| err = 1; |
| goto next; |
| } |
| enclen = i2d(cert, &bufp); |
| if (len != enclen) { |
| fprintf(stderr, "encoded length %ld of %s != input length %ld\n", |
| enclen, name, len); |
| err = 1; |
| goto next; |
| } |
| enclen = (long) (bufp - buf); |
| if (enclen != len) { |
| fprintf(stderr, "unexpected buffer position after encoding %s\n", |
| name); |
| err = 1; |
| goto next; |
| } |
| if (memcmp(buf, data, len) != 0) { |
| fprintf(stderr, "encoded content of %s does not match input\n", |
| name); |
| err = 1; |
| goto next; |
| } |
| OPENSSL_free(buf); |
| buf = NULL; |
| |
| /* Test 1-pass encoding into library allocated buffer */ |
| enclen = i2d(cert, &buf); |
| if (len != enclen) { |
| fprintf(stderr, "encoded length %ld of %s != input length %ld\n", |
| enclen, name, len); |
| err = 1; |
| goto next; |
| } |
| if (memcmp(buf, data, len) != 0) { |
| fprintf(stderr, "encoded content of %s does not match input\n", |
| name); |
| err = 1; |
| goto next; |
| } |
| |
| if (trusted) { |
| /* Encode just the cert and compare with initial encoding */ |
| OPENSSL_free(buf); |
| buf = NULL; |
| |
| /* Test 1-pass encoding into library allocated buffer */ |
| enclen = i2d(cert, &buf); |
| if (enclen > len) { |
| fprintf(stderr, "encoded length %ld of %s > input length %ld\n", |
| enclen, name, len); |
| err = 1; |
| goto next; |
| } |
| if (memcmp(buf, data, enclen) != 0) { |
| fprintf(stderr, "encoded cert content does not match input\n"); |
| err = 1; |
| goto next; |
| } |
| } |
| |
| /* |
| * If any of these were null, PEM_read() would have failed. |
| */ |
| next: |
| X509_free(cert); |
| OPENSSL_free(buf); |
| OPENSSL_free(name); |
| OPENSSL_free(header); |
| OPENSSL_free(data); |
| } |
| |
| if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { |
| /* Reached end of PEM file */ |
| if (count > 0) { |
| ERR_clear_error(); |
| return 1; |
| } |
| } |
| |
| /* Some other PEM read error */ |
| print_errors(); |
| return 0; |
| } |
| |
| int main(int argc, char *argv[]) |
| { |
| BIO *bio_err; |
| const char *certfile; |
| const char *p; |
| int ret = 1; |
| |
| progname = argv[0]; |
| if (argc < 2) { |
| test_usage(); |
| EXIT(ret); |
| } |
| |
| bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); |
| |
| p = getenv("OPENSSL_DEBUG_MEMORY"); |
| if (p != NULL && strcmp(p, "on") == 0) |
| CRYPTO_set_mem_debug(1); |
| CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); |
| |
| while ((certfile = *++argv) != NULL) { |
| BIO *f = BIO_new_file(certfile, "r"); |
| int ok; |
| |
| if (f == NULL) { |
| fprintf(stderr, "%s: Error opening cert file: '%s': %s\n", |
| progname, certfile, strerror(errno)); |
| EXIT(ret); |
| } |
| ret = !(ok = test_certs(f)); |
| BIO_free(f); |
| |
| if (!ok) { |
| printf("%s ERROR\n", certfile); |
| ret = 1; |
| break; |
| } |
| printf("%s OK\n", certfile); |
| } |
| |
| #ifndef OPENSSL_NO_CRYPTO_MDEBUG |
| if (CRYPTO_mem_leaks(bio_err) <= 0) |
| ret = 1; |
| #endif |
| BIO_free(bio_err); |
| EXIT(ret); |
| } |
