/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <stdio.h>
#include <string.h>
+#include <openssl/rand.h>
#include <openssl/asn1t.h>
#include "internal/numbers.h"
-#include "test_main.h"
#include "testutil.h"
#ifdef __GNUC__
static unsigned char t_one[] = {
0x01
};
+static unsigned char t_one_neg[] = {
+ 0xff
+};
+static unsigned char t_minus_256[] = {
+ 0xff, 0x00
+};
static unsigned char t_longundef[] = {
0x7f, 0xff, 0xff, 0xff
};
CUSTOM_DATA(t_zero),
CUSTOM_DATA(t_longundef),
CUSTOM_DATA(t_one),
+ CUSTOM_DATA(t_one_neg),
+ CUSTOM_DATA(t_minus_256),
CUSTOM_DATA(t_9bytes_1),
CUSTOM_DATA(t_8bytes_1),
CUSTOM_DATA(t_8bytes_2),
* A structure to collect all test information in. There MUST be one instance
* of this for each test
*/
-typedef int i2d_fn(void **a, unsigned char **pp);
+typedef int i2d_fn(void *a, unsigned char **pp);
typedef void *d2i_fn(void **a, unsigned char **pp, long length);
typedef void ifree_fn(void *a);
typedef struct {
- char *name;
+ ASN1_ITEM_EXP *asn1_type;
+ const char *name;
int skip; /* 1 if this package should be skipped */
/* An array of structures to compare decoded custom data with */
{ 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
{ 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
+ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
};
static TEST_PACKAGE long_test_package_32bit = {
- "LONG", sizeof(long) != 4,
+ ASN1_ITEM_ref(ASN1_LONG_DATA), "LONG", sizeof(long) != 4,
long_expected_32bit,
sizeof(long_expected_32bit), sizeof(long_expected_32bit[0]),
long_encdec_data_32bit,
{ 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
{ 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
+ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_SUCCESS(LONG_MAX, LONG_MAX), /* t_8bytes_2 */
};
static TEST_PACKAGE long_test_package_64bit = {
- "LONG", sizeof(long) != 8,
+ ASN1_ITEM_ref(ASN1_LONG_DATA), "LONG", sizeof(long) != 8,
long_expected_64bit,
sizeof(long_expected_64bit), sizeof(long_expected_64bit[0]),
long_encdec_data_64bit,
ASN1_SEQUENCE(ASN1_INT32_DATA) = {
ASN1_SIMPLE(ASN1_INT32_DATA, success, ASN1_FBOOLEAN),
- ASN1_SIMPLE(ASN1_INT32_DATA, test_int32, INT32),
- ASN1_EXP_OPT(ASN1_INT32_DATA, test_zint32, ZINT32, 0)
+ ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32),
+ ASN1_EXP_OPT_EMBED(ASN1_INT32_DATA, test_zint32, ZINT32, 0)
} static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
+ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
};
static TEST_PACKAGE int32_test_package = {
- "INT32", 0,
+ ASN1_ITEM_ref(ASN1_INT32_DATA), "INT32", 0,
int32_expected, sizeof(int32_expected), sizeof(int32_expected[0]),
int32_encdec_data, sizeof(int32_encdec_data), sizeof(int32_encdec_data[0]),
(i2d_fn *)i2d_ASN1_INT32_DATA, (d2i_fn *)d2i_ASN1_INT32_DATA,
ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
ASN1_SIMPLE(ASN1_UINT32_DATA, success, ASN1_FBOOLEAN),
- ASN1_SIMPLE(ASN1_UINT32_DATA, test_uint32, UINT32),
- ASN1_EXP_OPT(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0)
+ ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32),
+ ASN1_EXP_OPT_EMBED(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0)
} static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */
+ CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
};
static TEST_PACKAGE uint32_test_package = {
- "UINT32", 0,
+ ASN1_ITEM_ref(ASN1_UINT32_DATA), "UINT32", 0,
uint32_expected, sizeof(uint32_expected), sizeof(uint32_expected[0]),
uint32_encdec_data, sizeof(uint32_encdec_data), sizeof(uint32_encdec_data[0]),
(i2d_fn *)i2d_ASN1_UINT32_DATA, (d2i_fn *)d2i_ASN1_UINT32_DATA,
ASN1_SEQUENCE(ASN1_INT64_DATA) = {
ASN1_SIMPLE(ASN1_INT64_DATA, success, ASN1_FBOOLEAN),
- ASN1_SIMPLE(ASN1_INT64_DATA, test_int64, INT64),
- ASN1_EXP_OPT(ASN1_INT64_DATA, test_zint64, ZINT64, 0)
+ ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64),
+ ASN1_EXP_OPT_EMBED(ASN1_INT64_DATA, test_zint64, ZINT64, 0)
} static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
+ CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
- CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_1 */
+ CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 (too large positive) */
CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_4_neg */
CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */
CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
- CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_4_neg */
+ CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
};
static ASN1_INT64_DATA int64_encdec_data[] = {
};
static TEST_PACKAGE int64_test_package = {
- "INT64", 0,
+ ASN1_ITEM_ref(ASN1_INT64_DATA), "INT64", 0,
int64_expected, sizeof(int64_expected), sizeof(int64_expected[0]),
int64_encdec_data, sizeof(int64_encdec_data), sizeof(int64_encdec_data[0]),
(i2d_fn *)i2d_ASN1_INT64_DATA, (d2i_fn *)d2i_ASN1_INT64_DATA,
ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
ASN1_SIMPLE(ASN1_UINT64_DATA, success, ASN1_FBOOLEAN),
- ASN1_SIMPLE(ASN1_UINT64_DATA, test_uint64, UINT64),
- ASN1_EXP_OPT(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0)
+ ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64),
+ ASN1_EXP_OPT_EMBED(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0)
} static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */
+ CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
- CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_1 */
+ CUSTOM_EXPECTED_SUCCESS((uint64_t)INT64_MAX+1, (uint64_t)INT64_MAX+1),
+ /* t_8bytes_1 */
CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
};
static TEST_PACKAGE uint64_test_package = {
- "UINT64", 0,
+ ASN1_ITEM_ref(ASN1_UINT64_DATA), "UINT64", 0,
uint64_expected, sizeof(uint64_expected), sizeof(uint64_expected[0]),
uint64_encdec_data, sizeof(uint64_encdec_data), sizeof(uint64_encdec_data[0]),
(i2d_fn *)i2d_ASN1_UINT64_DATA, (d2i_fn *)d2i_ASN1_UINT64_DATA,
return ret;
}
+/*
+ * do_encode returns a tristate:
+ *
+ * -1 Couldn't encode
+ * 0 encoded DER wasn't what was expected (failure)
+ * 1 encoded DER was what was expected (success)
+ */
+static int do_encode(EXPECTED *input,
+ const unsigned char *expected, size_t expected_len,
+ const TEST_PACKAGE *package)
+{
+ unsigned char *data = NULL;
+ int len;
+ int ret = 0;
+
+ len = package->i2d(input, &data);
+ if (len < 0)
+ return -1;
+
+ if ((size_t)len != expected_len
+ || memcmp(data, expected, expected_len) != 0) {
+ if (input->success == 0) {
+ ret = 1;
+ ERR_clear_error();
+ } else {
+ ret = 0;
+ }
+ } else {
+ ret = 1;
+ }
+
+ OPENSSL_free(data);
+ return ret;
+}
+
/* Do an encode/decode round trip */
static int do_enc_dec(EXPECTED *bytes, long nbytes,
const TEST_PACKAGE *package)
if (pp != NULL) {
if (lenbytes == 1) {
- *(*pp)++ = len;
+ *(*pp)++ = (unsigned char)len;
} else {
- *(*pp)++ = lenbytes - 1;
+ *(*pp)++ = (unsigned char)(lenbytes - 1);
if (lenbytes == 2) {
- *(*pp)++ = 0x80 | len;
+ *(*pp)++ = (unsigned char)(0x80 | len);
} else {
- *(*pp)++ = 0x80 | (len >> 8);
- *(*pp)++ = len & 0xff;
+ *(*pp)++ = (unsigned char)(0x80 | (len >> 8));
+ *(*pp)++ = (unsigned char)(len);
}
}
}
return lenbytes;
}
-/* Attempt to decode a custom encoding of the test structure */
-static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
- const EXPECTED *expected, size_t expected_size,
- const TEST_PACKAGE *package)
+static size_t make_custom_der(const TEST_CUSTOM_DATA *custom_data,
+ unsigned char **encoding, int explicit_default)
{
- size_t firstbytes, secondbytes, secondbytesinner, seqbytes;
+ size_t firstbytes, secondbytes = 0, secondbytesinner = 0, seqbytes;
const unsigned char t_true[] = { V_ASN1_BOOLEAN, 0x01, 0xff };
- unsigned char *encoding, *p = NULL;
- int ret;
+ unsigned char *p = NULL;
+ size_t i;
/*
* The first item is just an INTEGER tag, INTEGER length and INTEGER content
1 + der_encode_length(custom_data->nbytes1, NULL)
+ custom_data->nbytes1;
- /*
- * The second item is an explicit tag, content length, INTEGER tag,
- * INTEGER length, INTEGER bytes
- */
- secondbytesinner =
- 1 + der_encode_length(custom_data->nbytes2, NULL)
- + custom_data->nbytes2;
- secondbytes =
- 1 + der_encode_length(secondbytesinner, NULL) + secondbytesinner;
+ for (i = custom_data->nbytes2; i > 0; i--) {
+ if (custom_data->bytes2[i - 1] != '\0')
+ break;
+ }
+ if (explicit_default || i > 0) {
+ /*
+ * The second item is an explicit tag, content length, INTEGER tag,
+ * INTEGER length, INTEGER bytes
+ */
+ secondbytesinner =
+ 1 + der_encode_length(custom_data->nbytes2, NULL)
+ + custom_data->nbytes2;
+ secondbytes =
+ 1 + der_encode_length(secondbytesinner, NULL) + secondbytesinner;
+ }
/*
* The whole sequence is the sequence tag, content length, BOOLEAN true
1 + der_encode_length(sizeof(t_true) + firstbytes + secondbytes, NULL)
+ sizeof(t_true) + firstbytes + secondbytes;
- encoding = p = OPENSSL_malloc(seqbytes);
- if (encoding == NULL)
- return -1;
+ *encoding = p = OPENSSL_malloc(seqbytes);
+ if (*encoding == NULL)
+ return 0;
/* Sequence tag */
*p++ = 0x30;
memcpy(p, custom_data->bytes1, custom_data->nbytes1);
p += custom_data->nbytes1;
- /* Second INTEGER item (optional) */
- /* Start with the explicit optional tag */
- *p++ = 0xa0;
- der_encode_length(secondbytesinner, &p);
- *p++ = V_ASN1_INTEGER;
- der_encode_length(custom_data->nbytes2, &p);
- memcpy(p, custom_data->bytes2, custom_data->nbytes2);
- p += custom_data->nbytes2;
+ if (secondbytes > 0) {
+ /* Second INTEGER item (optional) */
+ /* Start with the explicit optional tag */
+ *p++ = 0xa0;
+ der_encode_length(secondbytesinner, &p);
+ *p++ = V_ASN1_INTEGER;
+ der_encode_length(custom_data->nbytes2, &p);
+ memcpy(p, custom_data->bytes2, custom_data->nbytes2);
+ p += custom_data->nbytes2;
+ }
+
+ OPENSSL_assert(seqbytes == (size_t)(p - *encoding));
+
+ return seqbytes;
+}
+
+/* Attempt to decode a custom encoding of the test structure */
+static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
+ const EXPECTED *expected, size_t expected_size,
+ const TEST_PACKAGE *package)
+{
+ unsigned char *encoding = NULL;
+ /*
+ * We force the defaults to be explicitly encoded to make sure we test
+ * for defaults that shouldn't be present (i.e. we check for failure)
+ */
+ size_t encoding_length = make_custom_der(custom_data, &encoding, 1);
+ int ret;
- OPENSSL_assert(seqbytes == (size_t)(p - encoding));
+ if (encoding_length == 0)
+ return -1;
- ret = do_decode(encoding, seqbytes, expected, expected_size, package);
+ ret = do_decode(encoding, encoding_length, expected, expected_size,
+ package);
OPENSSL_free(encoding);
return ret;
}
+/* Attempt to encode the test structure and compare it to custom DER */
+static int do_encode_custom(EXPECTED *input,
+ const TEST_CUSTOM_DATA *custom_data,
+ const TEST_PACKAGE *package)
+{
+ unsigned char *expected = NULL;
+ size_t expected_length = make_custom_der(custom_data, &expected, 0);
+ int ret;
+
+ if (expected_length == 0)
+ return -1;
+
+ ret = do_encode(input, expected, expected_length, package);
+ OPENSSL_free(expected);
+
+ return ret;
+}
+
+static int do_print_item(const TEST_PACKAGE *package)
+{
+#define DATA_BUF_SIZE 256
+ const ASN1_ITEM *i = ASN1_ITEM_ptr(package->asn1_type);
+ ASN1_VALUE *o;
+ int ret;
+
+ OPENSSL_assert(package->encode_expectations_elem_size <= DATA_BUF_SIZE);
+ if ((o = OPENSSL_malloc(DATA_BUF_SIZE)) == NULL)
+ return 0;
+
+ (void)RAND_bytes((unsigned char*)o,
+ (int)package->encode_expectations_elem_size);
+ ret = ASN1_item_print(bio_err, o, 0, i, NULL);
+ OPENSSL_free(o);
+
+ return ret;
+}
+
static int test_intern(const TEST_PACKAGE *package)
{
sizeof(test_custom_data) / sizeof(test_custom_data[0]));
for (i = 0; i < nelems; i++) {
size_t pos = i * package->encode_expectations_elem_size;
+ switch (do_encode_custom((EXPECTED *)&((unsigned char *)package
+ ->encode_expectations)[pos],
+ &test_custom_data[i], package)) {
+ case -1:
+ TEST_error("Failed custom encode round trip %u of %s",
+ i, package->name);
+ TEST_openssl_errors();
+ fail++;
+ break;
+ case 0:
+ TEST_error("Custom encode round trip %u of %s mismatch",
+ i, package->name);
+ TEST_openssl_errors();
+ fail++;
+ break;
+ case 1:
+ break;
+ default:
+ OPENSSL_die("do_encode_custom() return unknown value",
+ __FILE__, __LINE__);
+ }
switch (do_decode_custom(&test_custom_data[i],
(EXPECTED *)&((unsigned char *)package
->encode_expectations)[pos],
package->encode_expectations_elem_size,
package)) {
case -1:
- fprintf(stderr, "Failed custom decode round trip %u of %s\n",
- i, package->name);
- ERR_print_errors_fp(stderr);
+ TEST_error("Failed custom decode round trip %u of %s",
+ i, package->name);
+ TEST_openssl_errors();
fail++;
- ERR_clear_error();
break;
case 0:
- fprintf(stderr, "Custom decode round trip %u of %s mismatch\n",
- i, package->name);
+ TEST_error("Custom decode round trip %u of %s mismatch",
+ i, package->name);
+ TEST_openssl_errors();
fail++;
break;
case 1:
break;
default:
- OPENSSL_die("do_enc_dec() return unknown value",
+ OPENSSL_die("do_decode_custom() return unknown value",
__FILE__, __LINE__);
}
}
package->encdec_data_elem_size,
package)) {
case -1:
- fprintf(stderr, "Failed encode/decode round trip %u of %s\n",
- i, package->name);
- ERR_print_errors_fp(stderr);
- ERR_clear_error();
+ TEST_error("Failed encode/decode round trip %u of %s",
+ i, package->name);
+ TEST_openssl_errors();
fail++;
break;
case 0:
- fprintf(stderr, "Encode/decode round trip %u of %s mismatch\n",
- i, package->name);
+ TEST_error("Encode/decode round trip %u of %s mismatch",
+ i, package->name);
fail++;
break;
case 1:
}
}
+ if (!do_print_item(package)) {
+ TEST_error("Printing of %s failed", package->name);
+ TEST_openssl_errors();
+ fail++;
+ }
+
return fail == 0;
}
return test_intern(&uint64_test_package);
}
-void register_tests(void)
+int setup_tests(void)
{
#if OPENSSL_API_COMPAT < 0x10200000L
ADD_TEST(test_long_32bit);
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
ADD_TEST(test_uint64);
+ return 1;
}