[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Fri Apr 28 14:04:33 UTC 2017
The branch master has been updated
via f5a140f7e9d836ee8a75dbaac2f8ab3971c4db86 (commit)
from 0918b94c9c01307a1cc4cfc347d458827e30ffea (commit)
- Log -----------------------------------------------------------------
commit f5a140f7e9d836ee8a75dbaac2f8ab3971c4db86
Author: Pauli <paul.dale at oracle.com>
Date: Thu Apr 27 14:08:31 2017 +1000
Refactor crltest.c to separate the test cases into individual functions.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3327)
-----------------------------------------------------------------------
Summary of changes:
test/crltest.c | 174 ++++++++++++++++++++++++++++-----------------------------
1 file changed, 84 insertions(+), 90 deletions(-)
diff --git a/test/crltest.c b/test/crltest.c
index 790fc5f..048f67f 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,7 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-#include <stdio.h>
#include "../e_os.h"
#include <string.h>
#include <openssl/bio.h>
@@ -177,6 +176,12 @@ static const char *kUnknownCriticalCRL2[] = {
NULL
};
+static const char **unknown_critical_crls[] = {
+ kUnknownCriticalCRL, kUnknownCriticalCRL2
+};
+
+static X509 *test_root = NULL;
+static X509 *test_leaf = NULL;
/*
* Glue an array of strings together. Return a BIO and put the string
@@ -242,29 +247,22 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
STACK_OF(X509) *roots = sk_X509_new_null();
int status = X509_V_ERR_UNSPECIFIED;
- if (!TEST_ptr(ctx))
- goto err;
- if (!TEST_ptr(store))
- goto err;
- if (!TEST_ptr(param))
- goto err;
- if (!TEST_ptr(roots))
+ if (!TEST_ptr(ctx)
+ || !TEST_ptr(store)
+ || !TEST_ptr(param)
+ || !TEST_ptr(roots))
goto err;
/* Create a stack; upref the cert because we free it below. */
X509_up_ref(root);
- if (!TEST_true(sk_X509_push(roots, root)))
- goto err;
-
- if (!TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))
+ if (!TEST_true(sk_X509_push(roots, root))
+ || !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))
goto err;
X509_STORE_CTX_set0_trusted_stack(ctx, roots);
X509_STORE_CTX_set0_crls(ctx, crls);
X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
- if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) {
- TEST_info("set_time/get_time mismatch.");
+ if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME))
goto err;
- }
X509_VERIFY_PARAM_set_depth(param, 16);
if (flags)
X509_VERIFY_PARAM_set_flags(param, flags);
@@ -299,94 +297,90 @@ static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2)
return sk;
}
-static int test_crl()
+static int test_basic_crl(void)
{
- X509 *root = X509_from_strings(kCRLTestRoot);
- X509 *leaf = X509_from_strings(kCRLTestLeaf);
X509_CRL *basic_crl = CRL_from_strings(kBasicCRL);
X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL);
- X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);
- X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);
- X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL);
- X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2);
- int status = 0;
+ int r;
+
+ r = TEST_ptr(basic_crl)
+ && TEST_ptr(revoked_crl)
+ && TEST_int_eq(verify(test_leaf, test_root,
+ make_CRL_stack(basic_crl, NULL),
+ X509_V_FLAG_CRL_CHECK), X509_V_OK)
+ && TEST_int_eq(verify(test_leaf, test_root,
+ make_CRL_stack(basic_crl, revoked_crl),
+ X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED);
+ X509_CRL_free(basic_crl);
+ X509_CRL_free(revoked_crl);
+ return r;
+}
- if (!TEST_ptr(root))
- goto err;
- if (!TEST_ptr(leaf))
- goto err;
- if (!TEST_ptr(basic_crl))
- goto err;
- if (!TEST_ptr(revoked_crl))
- goto err;
- if (!TEST_ptr(bad_issuer_crl))
- goto err;
- if (!TEST_ptr(known_critical_crl))
- goto err;
- if (!TEST_ptr(unknown_critical_crl))
- goto err;
- if (!TEST_ptr(unknown_critical_crl2))
- goto err;
+static int test_no_crl(void)
+{
+ return TEST_int_eq(verify(test_leaf, test_root, NULL,
+ X509_V_FLAG_CRL_CHECK),
+ X509_V_ERR_UNABLE_TO_GET_CRL);
+}
- if (verify(leaf, root, make_CRL_stack(basic_crl, NULL),
- X509_V_FLAG_CRL_CHECK) != X509_V_OK) {
- TEST_info("Cert with CRL didn't verify.");
- goto err;
- }
+static int test_bad_issuer_crl(void)
+{
+ X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);
+ int r;
- if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl),
- X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) {
- TEST_info("Revoked CRL wasn't checked.");
- goto err;
- }
+ r = TEST_ptr(bad_issuer_crl)
+ && TEST_int_eq(verify(test_leaf, test_root,
+ make_CRL_stack(bad_issuer_crl, NULL),
+ X509_V_FLAG_CRL_CHECK),
+ X509_V_ERR_UNABLE_TO_GET_CRL);
+ X509_CRL_free(bad_issuer_crl);
+ return r;
+}
- if (verify(leaf, root, NULL,
- X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {
- TEST_info("CRLs were not required.");
- goto err;
- }
+static int test_known_critical_crl(void)
+{
+ X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);
+ int r;
- if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL),
- X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {
- TEST_info("Bad CRL issuer was unnoticed.");
- goto err;
- }
+ r = TEST_ptr(known_critical_crl)
+ && TEST_int_eq(verify(test_leaf, test_root,
+ make_CRL_stack(known_critical_crl, NULL),
+ X509_V_FLAG_CRL_CHECK), X509_V_OK);
+ X509_CRL_free(known_critical_crl);
+ return r;
+}
- if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL),
- X509_V_FLAG_CRL_CHECK) != X509_V_OK) {
- TEST_info("CRL with known critical extension was rejected.");
- goto err;
- }
+static int test_unknown_critical_crl(int n)
+{
+ X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]);
+ int r;
+
+ r = TEST_ptr(unknown_critical_crl)
+ && TEST_int_eq(verify(test_leaf, test_root,
+ make_CRL_stack(unknown_critical_crl, NULL),
+ X509_V_FLAG_CRL_CHECK),
+ X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION);
+ X509_CRL_free(unknown_critical_crl);
+ return r;
+}
- if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL),
- X509_V_FLAG_CRL_CHECK) !=
- X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {
- TEST_info("CRL with unknown critical extension was accepted.");
- goto err;
- }
+int test_main(int argc, char *argv[])
+{
+ int status = EXIT_FAILURE;
- if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL),
- X509_V_FLAG_CRL_CHECK) !=
- X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {
- TEST_info("CRL with unknown critical extension (2) was accepted.");
+ if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
+ || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf)))
goto err;
- }
- status = 1;
+ ADD_TEST(test_no_crl);
+ ADD_TEST(test_basic_crl);
+ ADD_TEST(test_bad_issuer_crl);
+ ADD_TEST(test_known_critical_crl);
+ ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));
+ status = run_tests(argv[0]);
err:
- X509_free(root);
- X509_free(leaf);
- X509_CRL_free(basic_crl);
- X509_CRL_free(revoked_crl);
- X509_CRL_free(bad_issuer_crl);
- X509_CRL_free(known_critical_crl);
- X509_CRL_free(unknown_critical_crl);
- X509_CRL_free(unknown_critical_crl2);
+ X509_free(test_root);
+ X509_free(test_leaf);
return status;
}
-
-void register_tests(void)
-{
- ADD_TEST(test_crl);
-}
More information about the openssl-commits
mailing list