--- /dev/null
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+
+#include "testutil.h"
+
+static const char *certstr;
+static const char *privkeystr;
+
+static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out)
+{
+ BIO *certbio, *keybio;
+ X509 *cert = NULL;
+ EVP_PKEY *key = NULL;
+
+ if (!TEST_ptr(certbio = BIO_new_file(certstr, "r")))
+ return 0;
+ cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
+ BIO_free(certbio);
+ if (!TEST_ptr(keybio = BIO_new_file(privkeystr, "r")))
+ goto end;
+ key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL);
+ BIO_free(keybio);
+ if (!TEST_ptr(cert) || !TEST_ptr(key))
+ goto end;
+ *cert_out = cert;
+ *key_out = key;
+ return 1;
+ end:
+ X509_free(cert);
+ EVP_PKEY_free(key);
+ return 0;
+}
+
+static OCSP_BASICRESP *make_dummy_resp(void)
+{
+ const unsigned char namestr[] = "openssl.example.com";
+ unsigned char keybytes[128] = {7};
+ OCSP_BASICRESP *bs = OCSP_BASICRESP_new();
+ OCSP_CERTID *cid;
+ ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL));
+ ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200);
+ X509_NAME *name = X509_NAME_new();
+ ASN1_BIT_STRING *key = ASN1_BIT_STRING_new();
+ ASN1_INTEGER *serial = ASN1_INTEGER_new();
+
+ if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC,
+ namestr, -1, -1, 1)
+ || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)
+ || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)))
+ return NULL;
+ cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial);
+ if (!TEST_ptr(bs)
+ || !TEST_ptr(thisupd)
+ || !TEST_ptr(nextupd)
+ || !TEST_ptr(cid)
+ || !TEST_true(OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL, thisupd, nextupd)))
+ return NULL;
+ ASN1_TIME_free(thisupd);
+ ASN1_TIME_free(nextupd);
+ ASN1_BIT_STRING_free(key);
+ ASN1_INTEGER_free(serial);
+ OCSP_CERTID_free(cid);
+ X509_NAME_free(name);
+ return bs;
+}
+
+#ifndef OPENSSL_NO_OCSP
+static int test_resp_signer(void)
+{
+ OCSP_BASICRESP *bs;
+ X509 *signer = NULL, *tmp;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *extra_certs;
+
+ /*
+ * Test a response with no certs at all; get the signer from the
+ * extra certs given to OCSP_resp_get0_signer().
+ */
+ bs = make_dummy_resp();
+ extra_certs = sk_X509_new_null();
+ if (!TEST_ptr(bs)
+ || !TEST_ptr(extra_certs)
+ || !TEST_true(get_cert_and_key(&signer, &key))
+ || !TEST_true(sk_X509_push(extra_certs, signer))
+ || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
+ NULL, OCSP_NOCERTS)))
+ return 0;
+ if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs))
+ || !TEST_int_eq(X509_cmp(tmp, signer), 0))
+ return 0;
+ OCSP_BASICRESP_free(bs);
+
+ /* Do it again but include the signer cert */
+ bs = make_dummy_resp();
+ tmp = NULL;
+ if (!TEST_ptr(bs)
+ || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
+ NULL, 0)))
+ return 0;
+ if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL))
+ || !TEST_int_eq(X509_cmp(tmp, signer), 0))
+ return 0;
+ OCSP_BASICRESP_free(bs);
+ sk_X509_free(extra_certs);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ return 1;
+}
+#endif
+
+int setup_tests(void)
+{
+ if (!TEST_ptr(certstr = test_get_argument(0))
+ || !TEST_ptr(privkeystr = test_get_argument(1)))
+ return 0;
+#ifndef OPENSSL_NO_OCSP
+ ADD_TEST(test_resp_signer);
+#endif
+ return 1;
+}
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhSgAwIBAgICFs8wDQYJKoZIhvcNAQELBQAwSzEQMA4GA1UECgwHT3Bl
+blNTTDETMBEGA1UECwwKVGVzdCBTdWl0ZTEiMCAGA1UEAwwZVGVzdCBPQ1NQIHJl
+c3BvbnNlIHNpZ25lcjAeFw0xNzEwMjMxNDA4MDlaFw0yNjAxMDkxNDA4MDlaMEsx
+EDAOBgNVBAoMB09wZW5TU0wxEzARBgNVBAsMClRlc3QgU3VpdGUxIjAgBgNVBAMM
+GVRlc3QgT0NTUCByZXNwb25zZSBzaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC81prq23FY2YDuwiXetb/NCs/cSm/afVnPsdSseRKi/GHi9d7b
+EEgWnQOJmz4zTuU+Bw2duHZ1X2WUR/Pjy4CvWNRq417aJ3IfyQHf8cxEplk9Ifd0
+5VEq6WzWVWAX6ki/CZIJUihzj3AAn/SYfvXw2wd319OQGvwYiQVt3Is5k4E4rAI2
+zXf5BdE9XkayM3jq6Ewc/VZ05EA/LaBLy5ujQljjfAFEy/qopYx3AJ4G8t2a5rvM
+dbNOyJCx9NNeryZMv2wRzEaYp6jYao+xxqbm5lgnwfE3jJ4aA9/oC1sUM8FokOGW
+9KAK3UEptoxux8JHH9R8X5bTVE7HADHhG5s7AgMBAAGjGjAYMAkGA1UdEwQCMAAw
+CwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBAQCPkojVPBFNT9DGpLq9Y/Hl
+XhcA+vSdt83EFzPD/nxIMp/QYSnZ9w2SWL21AH4C+HWd4JuKX5Zlsd6qYobYZLcT
+TyVfw0OMwwPUI6Mxbz395EAnVLmtddN2RDsEYvThSMMoSfhtUwyANpA0Q6M8RcGt
+LwnaC69iXhBh1xcTVVg97yEJ22yIrwQ1GhX4F1PRJIAQ/QmQhnoTGlhl2VAQ3LIk
+lNFxkWbx0rqPIcor27QDNa2DPqioyvHMlkjC1h5EPhL9Ynu011r4Dn9A34+vFxeu
+Q+emRwl/JjCNZX4l/AripU/Cy/+J2YGKilKzRcB1QMMVSl0VaeLSCwkNDQtdlwWO
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC81prq23FY2YDu
+wiXetb/NCs/cSm/afVnPsdSseRKi/GHi9d7bEEgWnQOJmz4zTuU+Bw2duHZ1X2WU
+R/Pjy4CvWNRq417aJ3IfyQHf8cxEplk9Ifd05VEq6WzWVWAX6ki/CZIJUihzj3AA
+n/SYfvXw2wd319OQGvwYiQVt3Is5k4E4rAI2zXf5BdE9XkayM3jq6Ewc/VZ05EA/
+LaBLy5ujQljjfAFEy/qopYx3AJ4G8t2a5rvMdbNOyJCx9NNeryZMv2wRzEaYp6jY
+ao+xxqbm5lgnwfE3jJ4aA9/oC1sUM8FokOGW9KAK3UEptoxux8JHH9R8X5bTVE7H
+ADHhG5s7AgMBAAECggEBAJLp946eeVmhpiCa5XGWPwlbzwlY1BrNCRGADbC9ZRVu
+ew1jMiWGTj9hmr31DHhIeis+u4YoW+jG9jVdoU5pJc3Fs0URbdsVc0FtVcsPyFbk
+gGsCQQ4t1m8nOaiqtV8Fw+D0piwgQh5dysqBp374z4i6Lt47CHqFs/m2qIWnXp3E
+YF3xX2Zz9rIgejERRxrUnp5998NqxSYHPF7Ts4VQ/+UezUqEpA2jBs6cJ2tWVNR9
+uf+3Fklpo7Uau+xG5xkiRYxx4mSIg6EREz5+XMPkSOcXi6tyinoKsafxTNQDil0q
+pdurVlHNgZb2QdJjHugVmbalydHIQ5c0CU1RO5CP97kCgYEA7RqrRooniil0iAKR
+6scFct0juVBW1Uw05Ejt97RtwQRf/m9SU5mSs0PfFx/l3PeNDSWnpmwunL1igYQb
++tVqDQQ9xR4owyl6/qDJSP2bS84jb+3MCR4UE/b2YR2rCDBllXeyQsDT7KMoW8lX
+gliWmYd6HYddRDOKNM/tzccFG1cCgYEAy+M6yv0ublrpTj4o8DcOi6JJrQbPSAWx
+R7zKDXSvSq5lLjfXmqX4s/jgZWgQ+kYoYZrIOqIygcZ2U6tBMCP2LAhbf86I6r27
+loMyQg7lhC5GCztpGes4/JmUvnvjTUIFspB6ReaXlBFAstzzJirgI1wmoO6+GiG/
+OUDmvCjFdL0CgYALQGa8VDYIImt7QNP31jX1+3SEiMF2IcWox6UzSgajUDfV9SZs
+/S6u/xuJF2RrFfxFkXHhPeUAXyRbjQ9e2d3MfFUKE6JPkJpblvm2UwKZmFCqMRir
+nhfJ0sBiX2wMWW+YpjN5Y3krE5sIsAdNEjMjWgB7gj70y5VVaECasUUWxQKBgQDB
+aauqSIc1VLSh7sGzLudzet5db2pPLmdAYE1kel6Xf9yn/X1gTTYitGNaj2Abq1Y/
+US/Ev30eMwCo2nqaimLK3pq+IVUtKhO78nVIyQzdWXBE03Uei0+iAKdkE+5Kqejx
+vbDggqEka0Fu678VY/MAWDikzhY0f/MBAxpfQGYgGQKBgC0tR1ymvCLkk6J5e4/G
+OD1D9m2JJjcK4eWUS4rAiEH61sI5CKQRU2pQ3f3cIGekDZZt3XzHLYwc9W2UnN2J
+glMmKXp0qqt2HoE/XKLrIc1dEDXsZxFnMZ6nmWKsl4AHxM/gyXqfDo/AUXyEGcVu
+8TbVs3nlISUy7vwjpaW1KOs1
+-----END PRIVATE KEY-----
projects / oweals / openssl.git / commitdiff