[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Fri Apr 28 14:04:33 UTC 2017


The branch master has been updated
       via  f5a140f7e9d836ee8a75dbaac2f8ab3971c4db86 (commit)
      from  0918b94c9c01307a1cc4cfc347d458827e30ffea (commit)


- Log -----------------------------------------------------------------
commit f5a140f7e9d836ee8a75dbaac2f8ab3971c4db86
Author: Pauli <paul.dale at oracle.com>
Date:   Thu Apr 27 14:08:31 2017 +1000

    Refactor crltest.c to separate the test cases into individual functions.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3327)

-----------------------------------------------------------------------

Summary of changes:
 test/crltest.c | 174 ++++++++++++++++++++++++++++-----------------------------
 1 file changed, 84 insertions(+), 90 deletions(-)

diff --git a/test/crltest.c b/test/crltest.c
index 790fc5f..048f67f 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,7 +7,6 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <stdio.h>
 #include "../e_os.h"
 #include <string.h>
 #include <openssl/bio.h>
@@ -177,6 +176,12 @@ static const char *kUnknownCriticalCRL2[] = {
     NULL
 };
 
+static const char **unknown_critical_crls[] = {
+    kUnknownCriticalCRL, kUnknownCriticalCRL2
+};
+
+static X509 *test_root = NULL;
+static X509 *test_leaf = NULL;
 
 /*
  * Glue an array of strings together.  Return a BIO and put the string
@@ -242,29 +247,22 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
     STACK_OF(X509) *roots = sk_X509_new_null();
     int status = X509_V_ERR_UNSPECIFIED;
 
-    if (!TEST_ptr(ctx))
-        goto err;
-    if (!TEST_ptr(store))
-        goto err;
-    if (!TEST_ptr(param))
-        goto err;
-    if (!TEST_ptr(roots))
+    if (!TEST_ptr(ctx)
+        || !TEST_ptr(store)
+        || !TEST_ptr(param)
+        || !TEST_ptr(roots))
         goto err;
 
     /* Create a stack; upref the cert because we free it below. */
     X509_up_ref(root);
-    if (!TEST_true(sk_X509_push(roots, root)))
-        goto err;
-
-    if (!TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))
+    if (!TEST_true(sk_X509_push(roots, root))
+        || !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))
         goto err;
     X509_STORE_CTX_set0_trusted_stack(ctx, roots);
     X509_STORE_CTX_set0_crls(ctx, crls);
     X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
-    if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) {
-        TEST_info("set_time/get_time mismatch.");
+    if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME))
         goto err;
-    }
     X509_VERIFY_PARAM_set_depth(param, 16);
     if (flags)
         X509_VERIFY_PARAM_set_flags(param, flags);
@@ -299,94 +297,90 @@ static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2)
     return sk;
 }
 
-static int test_crl()
+static int test_basic_crl(void)
 {
-    X509 *root = X509_from_strings(kCRLTestRoot);
-    X509 *leaf = X509_from_strings(kCRLTestLeaf);
     X509_CRL *basic_crl = CRL_from_strings(kBasicCRL);
     X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL);
-    X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);
-    X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);
-    X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL);
-    X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2);
-    int status = 0;
+    int r;
+
+    r = TEST_ptr(basic_crl)
+        && TEST_ptr(revoked_crl)
+        && TEST_int_eq(verify(test_leaf, test_root,
+                              make_CRL_stack(basic_crl, NULL),
+                              X509_V_FLAG_CRL_CHECK), X509_V_OK)
+        && TEST_int_eq(verify(test_leaf, test_root,
+                              make_CRL_stack(basic_crl, revoked_crl),
+                              X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED);
+    X509_CRL_free(basic_crl);
+    X509_CRL_free(revoked_crl);
+    return r;
+}
 
-    if (!TEST_ptr(root))
-        goto err;
-    if (!TEST_ptr(leaf))
-        goto err;
-    if (!TEST_ptr(basic_crl))
-        goto err;
-    if (!TEST_ptr(revoked_crl))
-        goto err;
-    if (!TEST_ptr(bad_issuer_crl))
-        goto err;
-    if (!TEST_ptr(known_critical_crl))
-        goto err;
-    if (!TEST_ptr(unknown_critical_crl))
-        goto err;
-    if (!TEST_ptr(unknown_critical_crl2))
-        goto err;
+static int test_no_crl(void)
+{
+    return TEST_int_eq(verify(test_leaf, test_root, NULL,
+                              X509_V_FLAG_CRL_CHECK),
+                       X509_V_ERR_UNABLE_TO_GET_CRL);
+}
 
-    if (verify(leaf, root, make_CRL_stack(basic_crl, NULL),
-               X509_V_FLAG_CRL_CHECK) != X509_V_OK) {
-        TEST_info("Cert with CRL didn't verify.");
-        goto err;
-    }
+static int test_bad_issuer_crl(void)
+{
+    X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);
+    int r;
 
-    if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl),
-               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) {
-        TEST_info("Revoked CRL wasn't checked.");
-        goto err;
-    }
+    r = TEST_ptr(bad_issuer_crl)
+        && TEST_int_eq(verify(test_leaf, test_root,
+                              make_CRL_stack(bad_issuer_crl, NULL),
+                              X509_V_FLAG_CRL_CHECK),
+                       X509_V_ERR_UNABLE_TO_GET_CRL);
+    X509_CRL_free(bad_issuer_crl);
+    return r;
+}
 
-    if (verify(leaf, root, NULL,
-               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {
-        TEST_info("CRLs were not required.");
-        goto err;
-    }
+static int test_known_critical_crl(void)
+{
+    X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);
+    int r;
 
-    if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL),
-               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {
-        TEST_info("Bad CRL issuer was unnoticed.");
-        goto err;
-    }
+    r = TEST_ptr(known_critical_crl)
+        && TEST_int_eq(verify(test_leaf, test_root,
+                              make_CRL_stack(known_critical_crl, NULL),
+                              X509_V_FLAG_CRL_CHECK), X509_V_OK);
+    X509_CRL_free(known_critical_crl);
+    return r;
+}
 
-    if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL),
-               X509_V_FLAG_CRL_CHECK) != X509_V_OK) {
-        TEST_info("CRL with known critical extension was rejected.");
-        goto err;
-    }
+static int test_unknown_critical_crl(int n)
+{
+    X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]);
+    int r;
+
+    r = TEST_ptr(unknown_critical_crl)
+        && TEST_int_eq(verify(test_leaf, test_root,
+                              make_CRL_stack(unknown_critical_crl, NULL),
+                              X509_V_FLAG_CRL_CHECK),
+                       X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION);
+    X509_CRL_free(unknown_critical_crl);
+    return r;
+}
 
-    if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL),
-               X509_V_FLAG_CRL_CHECK) !=
-            X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {
-        TEST_info("CRL with unknown critical extension was accepted.");
-        goto err;
-    }
+int test_main(int argc, char *argv[])
+{
+    int status = EXIT_FAILURE;
 
-    if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL),
-               X509_V_FLAG_CRL_CHECK) !=
-            X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {
-        TEST_info("CRL with unknown critical extension (2) was accepted.");
+    if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
+        || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf)))
         goto err;
-    }
 
-    status = 1;
+    ADD_TEST(test_no_crl);
+    ADD_TEST(test_basic_crl);
+    ADD_TEST(test_bad_issuer_crl);
+    ADD_TEST(test_known_critical_crl);
+    ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));
 
+    status = run_tests(argv[0]);
 err:
-    X509_free(root);
-    X509_free(leaf);
-    X509_CRL_free(basic_crl);
-    X509_CRL_free(revoked_crl);
-    X509_CRL_free(bad_issuer_crl);
-    X509_CRL_free(known_critical_crl);
-    X509_CRL_free(unknown_critical_crl);
-    X509_CRL_free(unknown_critical_crl2);
+    X509_free(test_root);
+    X509_free(test_leaf);
     return status;
 }
-
-void register_tests(void)
-{
-    ADD_TEST(test_crl);
-}


More information about the openssl-commits mailing list