--- /dev/null
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+
+#include "../e_os.h"
+
+static const char *progname;
+
+static void test_usage(void)
+{
+ fprintf(stderr, "usage: %s certfile\n", progname);
+}
+
+static void print_errors(void)
+{
+ unsigned long err;
+ char buffer[1024];
+ const char *file;
+ const char *data;
+ int line;
+ int flags;
+
+ while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+ ERR_error_string_n(err, buffer, sizeof(buffer));
+ if (flags & ERR_TXT_STRING)
+ fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data);
+ else
+ fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line);
+ }
+}
+
+static int test_certs(BIO *fp)
+{
+ int count;
+ char *name = 0;
+ char *header = 0;
+ unsigned char *data = 0;
+ long len;
+ typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
+ typedef int (*i2d_X509_t)(X509 *, unsigned char **);
+ int err = 0;
+
+ for (count = 0;
+ !err && PEM_read_bio(fp, &name, &header, &data, &len);
+ ++count) {
+ int trusted = strcmp(name, PEM_STRING_X509_TRUSTED) == 0;
+ d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509;
+ i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509;
+ X509 *cert = NULL;
+ const unsigned char *p = data;
+ unsigned char *buf = NULL;
+ unsigned char *bufp;
+ long enclen;
+
+ if (!trusted
+ && strcmp(name, PEM_STRING_X509) != 0
+ && strcmp(name, PEM_STRING_X509_OLD) != 0) {
+ fprintf(stderr, "unexpected PEM object: %s\n", name);
+ err = 1;
+ goto next;
+ }
+ cert = d2i(NULL, &p, len);
+
+ if (cert == NULL || (p - data) != len) {
+ fprintf(stderr, "error parsing input %s\n", name);
+ err = 1;
+ goto next;
+ }
+
+ /* Test traditional 2-pass encoding into caller allocated buffer */
+ enclen = i2d(cert, NULL);
+ if (len != enclen) {
+ fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
+ enclen, name, len);
+ err = 1;
+ goto next;
+ }
+ if ((buf = bufp = OPENSSL_malloc(len)) == NULL) {
+ perror("malloc");
+ err = 1;
+ goto next;
+ }
+ enclen = i2d(cert, &bufp);
+ if (len != enclen) {
+ fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
+ enclen, name, len);
+ err = 1;
+ goto next;
+ }
+ enclen = (long) (bufp - buf);
+ if (enclen != len) {
+ fprintf(stderr, "unexpected buffer position after encoding %s\n",
+ name);
+ err = 1;
+ goto next;
+ }
+ if (memcmp(buf, data, len) != 0) {
+ fprintf(stderr, "encoded content of %s does not match input\n",
+ name);
+ err = 1;
+ goto next;
+ }
+ OPENSSL_free(buf);
+ buf = NULL;
+
+ /* Test 1-pass encoding into library allocated buffer */
+ enclen = i2d(cert, &buf);
+ if (len != enclen) {
+ fprintf(stderr, "encoded length %ld of %s != input length %ld\n",
+ enclen, name, len);
+ err = 1;
+ goto next;
+ }
+ if (memcmp(buf, data, len) != 0) {
+ fprintf(stderr, "encoded content of %s does not match input\n",
+ name);
+ err = 1;
+ goto next;
+ }
+
+ if (trusted) {
+ /* Encode just the cert and compare with initial encoding */
+ OPENSSL_free(buf);
+ buf = NULL;
+
+ /* Test 1-pass encoding into library allocated buffer */
+ enclen = i2d(cert, &buf);
+ if (enclen > len) {
+ fprintf(stderr, "encoded length %ld of %s > input length %ld\n",
+ enclen, name, len);
+ err = 1;
+ goto next;
+ }
+ if (memcmp(buf, data, enclen) != 0) {
+ fprintf(stderr, "encoded cert content does not match input\n");
+ err = 1;
+ goto next;
+ }
+ }
+
+ /*
+ * If any of these were null, PEM_read() would have failed.
+ */
+ next:
+ X509_free(cert);
+ OPENSSL_free(buf);
+ OPENSSL_free(name);
+ OPENSSL_free(header);
+ OPENSSL_free(data);
+ }
+
+ if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
+ /* Reached end of PEM file */
+ if (count > 0) {
+ ERR_clear_error();
+ return 1;
+ }
+ }
+
+ /* Some other PEM read error */
+ print_errors();
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ BIO *bio_err;
+ const char *certfile;
+ const char *p;
+ int ret = 1;
+
+ progname = argv[0];
+ if (argc < 2) {
+ test_usage();
+ EXIT(ret);
+ }
+
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ p = getenv("OPENSSL_DEBUG_MEMORY");
+ if (p != NULL && strcmp(p, "on") == 0)
+ CRYPTO_set_mem_debug(1);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ while ((certfile = *++argv) != NULL) {
+ BIO *f = BIO_new_file(certfile, "r");
+ int ok;
+
+ if (f == NULL) {
+ fprintf(stderr, "%s: Error opening cert file: '%s': %s\n",
+ progname, certfile, strerror(errno));
+ EXIT(ret);
+ }
+ ret = !(ok = test_certs(f));
+ BIO_free(f);
+
+ if (!ok) {
+ printf("%s ERROR\n", certfile);
+ ret = 1;
+ break;
+ }
+ printf("%s OK\n", certfile);
+ }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+ if (CRYPTO_mem_leaks(bio_err) <= 0)
+ ret = 1;
+#endif
+ BIO_free(bio_err);
+ EXIT(ret);
+}
projects / oweals / openssl.git / blobdiff