diff options
author | Pauli <paul.dale@oracle.com> | 2017-04-27 06:08:31 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-04-28 16:03:35 +0200 |
commit | f5a140f7e9d836ee8a75dbaac2f8ab3971c4db86 (patch) | |
tree | 36fed03a9d9aa7633e0eaa5e7941e07809087806 /test/crltest.c | |
parent | testutil: Remove test_puts_std{out,err}, they are superfluous (diff) | |
download | openssl-f5a140f7e9d836ee8a75dbaac2f8ab3971c4db86.tar.xz openssl-f5a140f7e9d836ee8a75dbaac2f8ab3971c4db86.zip |
Refactor crltest.c to separate the test cases into individual functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3327)
Diffstat (limited to 'test/crltest.c')
-rw-r--r-- | test/crltest.c | 174 |
1 files changed, 84 insertions, 90 deletions
diff --git a/test/crltest.c b/test/crltest.c index 790fc5f4a7..048f67fec5 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,6 @@ * https://www.openssl.org/source/license.html */ -#include <stdio.h> #include "../e_os.h" #include <string.h> #include <openssl/bio.h> @@ -177,6 +176,12 @@ static const char *kUnknownCriticalCRL2[] = { NULL }; +static const char **unknown_critical_crls[] = { + kUnknownCriticalCRL, kUnknownCriticalCRL2 +}; + +static X509 *test_root = NULL; +static X509 *test_leaf = NULL; /* * Glue an array of strings together. Return a BIO and put the string @@ -242,29 +247,22 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, STACK_OF(X509) *roots = sk_X509_new_null(); int status = X509_V_ERR_UNSPECIFIED; - if (!TEST_ptr(ctx)) - goto err; - if (!TEST_ptr(store)) - goto err; - if (!TEST_ptr(param)) - goto err; - if (!TEST_ptr(roots)) + if (!TEST_ptr(ctx) + || !TEST_ptr(store) + || !TEST_ptr(param) + || !TEST_ptr(roots)) goto err; /* Create a stack; upref the cert because we free it below. */ X509_up_ref(root); - if (!TEST_true(sk_X509_push(roots, root))) - goto err; - - if (!TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL))) + if (!TEST_true(sk_X509_push(roots, root)) + || !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL))) goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); X509_VERIFY_PARAM_set_time(param, PARAM_TIME); - if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) { - TEST_info("set_time/get_time mismatch."); + if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) goto err; - } X509_VERIFY_PARAM_set_depth(param, 16); if (flags) X509_VERIFY_PARAM_set_flags(param, flags); @@ -299,94 +297,90 @@ static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2) return sk; } -static int test_crl() +static int test_basic_crl(void) { - X509 *root = X509_from_strings(kCRLTestRoot); - X509 *leaf = X509_from_strings(kCRLTestLeaf); X509_CRL *basic_crl = CRL_from_strings(kBasicCRL); X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL); - X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); - X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); - X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL); - X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2); - int status = 0; + int r; + + r = TEST_ptr(basic_crl) + && TEST_ptr(revoked_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(basic_crl, NULL), + X509_V_FLAG_CRL_CHECK), X509_V_OK) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(basic_crl, revoked_crl), + X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED); + X509_CRL_free(basic_crl); + X509_CRL_free(revoked_crl); + return r; +} - if (!TEST_ptr(root)) - goto err; - if (!TEST_ptr(leaf)) - goto err; - if (!TEST_ptr(basic_crl)) - goto err; - if (!TEST_ptr(revoked_crl)) - goto err; - if (!TEST_ptr(bad_issuer_crl)) - goto err; - if (!TEST_ptr(known_critical_crl)) - goto err; - if (!TEST_ptr(unknown_critical_crl)) - goto err; - if (!TEST_ptr(unknown_critical_crl2)) - goto err; +static int test_no_crl(void) +{ + return TEST_int_eq(verify(test_leaf, test_root, NULL, + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); +} - if (verify(leaf, root, make_CRL_stack(basic_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_OK) { - TEST_info("Cert with CRL didn't verify."); - goto err; - } +static int test_bad_issuer_crl(void) +{ + X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); + int r; - if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl), - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) { - TEST_info("Revoked CRL wasn't checked."); - goto err; - } + r = TEST_ptr(bad_issuer_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(bad_issuer_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); + X509_CRL_free(bad_issuer_crl); + return r; +} - if (verify(leaf, root, NULL, - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { - TEST_info("CRLs were not required."); - goto err; - } +static int test_known_critical_crl(void) +{ + X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); + int r; - if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { - TEST_info("Bad CRL issuer was unnoticed."); - goto err; - } + r = TEST_ptr(known_critical_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(known_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), X509_V_OK); + X509_CRL_free(known_critical_crl); + return r; +} - if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_OK) { - TEST_info("CRL with known critical extension was rejected."); - goto err; - } +static int test_unknown_critical_crl(int n) +{ + X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]); + int r; + + r = TEST_ptr(unknown_critical_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(unknown_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); + X509_CRL_free(unknown_critical_crl); + return r; +} - if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK) != - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { - TEST_info("CRL with unknown critical extension was accepted."); - goto err; - } +int test_main(int argc, char *argv[]) +{ + int status = EXIT_FAILURE; - if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL), - X509_V_FLAG_CRL_CHECK) != - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { - TEST_info("CRL with unknown critical extension (2) was accepted."); + if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) + || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf))) goto err; - } - status = 1; + ADD_TEST(test_no_crl); + ADD_TEST(test_basic_crl); + ADD_TEST(test_bad_issuer_crl); + ADD_TEST(test_known_critical_crl); + ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); + status = run_tests(argv[0]); err: - X509_free(root); - X509_free(leaf); - X509_CRL_free(basic_crl); - X509_CRL_free(revoked_crl); - X509_CRL_free(bad_issuer_crl); - X509_CRL_free(known_critical_crl); - X509_CRL_free(unknown_critical_crl); - X509_CRL_free(unknown_critical_crl2); + X509_free(test_root); + X509_free(test_leaf); return status; } - -void register_tests(void) -{ - ADD_TEST(test_crl); -} |