diff --git a/crypto/x509v3/standard_exts.h b/crypto/x509v3/standard_exts.h new file mode 100644 index 0000000000000000000000000000000000000000..05e086955b5e8856100a21e1dcb3c796ba05d8b7 --- /dev/null +++ b/crypto/x509v3/standard_exts.h @@ -0,0 +1,77 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This table will be searched using OBJ_bsearch so it *must* kept in order + * of the ext_nid values. + */ + +static const X509V3_EXT_METHOD *standard_exts[] = { + &v3_nscert, + &v3_ns_ia5_list[0], + &v3_ns_ia5_list[1], + &v3_ns_ia5_list[2], + &v3_ns_ia5_list[3], + &v3_ns_ia5_list[4], + &v3_ns_ia5_list[5], + &v3_ns_ia5_list[6], + &v3_skey_id, + &v3_key_usage, + &v3_pkey_usage_period, + &v3_alt[0], + &v3_alt[1], + &v3_bcons, + &v3_crl_num, + &v3_cpols, + &v3_akey_id, + &v3_crld, + &v3_ext_ku, + &v3_delta_crl, + &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP + &v3_crl_invdate, +#endif + &v3_sxnet, + &v3_info, +#ifndef OPENSSL_NO_RFC3779 + &v3_addr, + &v3_asid, +#endif +#ifndef OPENSSL_NO_OCSP + &v3_ocsp_nonce, + &v3_ocsp_crlid, + &v3_ocsp_accresp, + &v3_ocsp_nocheck, + &v3_ocsp_acutoff, + &v3_ocsp_serviceloc, +#endif + &v3_sinfo, + &v3_policy_constraints, +#ifndef OPENSSL_NO_OCSP + &v3_crl_hold, +#endif + &v3_pci, + &v3_name_constraints, + &v3_policy_mappings, + &v3_inhibit_anyp, + &v3_idp, + &v3_alt[2], + &v3_freshest_crl, +#ifndef OPENSSL_NO_CT + &v3_ct_scts[0], + &v3_ct_scts[1], + &v3_ct_scts[2], +#endif + &v3_tls_feature, +}; + +/* Number of standard extensions */ + +#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) + diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c deleted file mode 100644 index a33a63a79584e3698bfc98735435216e37f49d56..0000000000000000000000000000000000000000 --- a/crypto/x509v3/tabtest.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Simple program to check the ext_dat.h is correct and print out problems if - * it is not. - */ - -#include - -#include - -#include "ext_dat.h" - -main() -{ - int i, prev = -1, bad = 0; - X509V3_EXT_METHOD **tmp; - i = OSSL_NELEM(standard_exts); - if (i != STANDARD_EXTENSION_COUNT) - fprintf(stderr, "Extension number invalid expecting %d\n", i); - tmp = standard_exts; - for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) { - if ((*tmp)->ext_nid < prev) - bad = 1; - prev = (*tmp)->ext_nid; - - } - if (bad) { - tmp = standard_exts; - fprintf(stderr, "Extensions out of order!\n"); - for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) - printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); - } else - fprintf(stderr, "Order OK\n"); -} diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index a3ca720fe1343c3e97a020795019db4e39955573..d9058006e82b1c0101adcf30977942a0b13c7e69 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -47,73 +47,7 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, ext); -/* - * This table will be searched using OBJ_bsearch so it *must* kept in order - * of the ext_nid values. - */ - -static const X509V3_EXT_METHOD *standard_exts[] = { - &v3_nscert, - &v3_ns_ia5_list[0], - &v3_ns_ia5_list[1], - &v3_ns_ia5_list[2], - &v3_ns_ia5_list[3], - &v3_ns_ia5_list[4], - &v3_ns_ia5_list[5], - &v3_ns_ia5_list[6], - &v3_skey_id, - &v3_key_usage, - &v3_pkey_usage_period, - &v3_alt[0], - &v3_alt[1], - &v3_bcons, - &v3_crl_num, - &v3_cpols, - &v3_akey_id, - &v3_crld, - &v3_ext_ku, - &v3_delta_crl, - &v3_crl_reason, -#ifndef OPENSSL_NO_OCSP - &v3_crl_invdate, -#endif - &v3_sxnet, - &v3_info, -#ifndef OPENSSL_NO_RFC3779 - &v3_addr, - &v3_asid, -#endif -#ifndef OPENSSL_NO_OCSP - &v3_ocsp_nonce, - &v3_ocsp_crlid, - &v3_ocsp_accresp, - &v3_ocsp_nocheck, - &v3_ocsp_acutoff, - &v3_ocsp_serviceloc, -#endif - &v3_sinfo, - &v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP - &v3_crl_hold, -#endif - &v3_pci, - &v3_name_constraints, - &v3_policy_mappings, - &v3_inhibit_anyp, - &v3_idp, - &v3_alt[2], - &v3_freshest_crl, -#ifndef OPENSSL_NO_CT - &v3_ct_scts[0], - &v3_ct_scts[1], - &v3_ct_scts[2], -#endif - &v3_tls_feature, -}; - -/* Number of standard extensions */ - -#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) +#include "standard_exts.h" const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { diff --git a/test/build.info b/test/build.info index eb9851a1c2fd7f8574e2df87e1748595c2de0371..4f89ce809189bb8867e9939f6ece89602999eb63 100644 --- a/test/build.info +++ b/test/build.info @@ -314,7 +314,7 @@ IF[{- !$disabled{tests} -}] # Note that when building with static libraries, none of those extra files # are needed, since all symbols are available anyway, regardless of what's # listed in util/*.num. - PROGRAMS_NO_INST=asn1_internal_test modes_internal_test + PROGRAMS_NO_INST=asn1_internal_test modes_internal_test x509_internal_test IF[{- !$disabled{poly1305} -}] PROGRAMS_NO_INST=poly1305_internal_test ENDIF @@ -349,6 +349,28 @@ IF[{- !$disabled{tests} -}] ENDIF INCLUDE[modes_internal_test]=.. ../include DEPEND[modes_internal_test]=../libcrypto + + # The reason for the huge amount of directly included x509v3 files + # is that a table that is checked by x509_internal_test refers to + # structures that are spread all over those files. + SOURCE[x509_internal_test]=x509_internal_test.c testutil.c + IF[{- !$disabled{shared} -}] + SOURCE[x509_internal_test]= ../crypto/x509v3/v3_bitst.c \ + ../crypto/x509v3/v3_ia5.c ../crypto/x509v3/v3_skey.c \ + ../crypto/x509v3/v3_pku.c ../crypto/x509v3/v3_alt.c \ + ../crypto/x509v3/v3_bcons.c ../crypto/x509v3/v3_int.c \ + ../crypto/x509v3/v3_cpols.c ../crypto/x509v3/v3_akey.c \ + ../crypto/x509v3/v3_crld.c ../crypto/x509v3/v3_utl.c \ + ../crypto/x509v3/v3_extku.c ../crypto/x509v3/v3_enum.c \ + ../crypto/x509v3/v3_sxnet.c ../crypto/x509v3/v3_info.c \ + ../crypto/x509v3/v3_addr.c ../crypto/x509v3/v3_asid.c \ + ../crypto/x509v3/v3_pcons.c ../crypto/x509v3/v3_pmaps.c \ + ../crypto/x509v3/v3_pci.c ../crypto/x509v3/v3_ncons.c \ + ../crypto/x509v3/v3_tlsf.c ../crypto/ocsp/v3_ocsp.c \ + ../crypto/ct/ct_x509v3.c ../crypto/asn1/a_strex.c + ENDIF + INCLUDE[x509_internal_test]=.. ../include + DEPEND[x509_internal_test]=../libcrypto ENDIF {- diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c new file mode 100644 index 0000000000000000000000000000000000000000..76cc2edcfb07e8ab9b714c368b915bc50e02771f --- /dev/null +++ b/test/x509_internal_test.c @@ -0,0 +1,100 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal tests for the x509 and x509v3 modules */ + +#include +#include + +#include +#include +#include "testutil.h" +#include "e_os.h" + +typedef struct { + const char *test_case_name; + const char *test_section; +} SIMPLE_FIXTURE; + +/********************************************************************** + * + * Test of x509v3 + * + ***/ + +static SIMPLE_FIXTURE setup_standard_exts(const char *const test_case_name) +{ + SIMPLE_FIXTURE fixture; + fixture.test_case_name = test_case_name; + return fixture; +} + +#include "../crypto/x509v3/ext_dat.h" +#include "../crypto/x509v3/standard_exts.h" + +static int execute_standard_exts(SIMPLE_FIXTURE fixture) +{ + size_t i; + int prev = -1, good = 1; + const X509V3_EXT_METHOD **tmp; + + tmp = standard_exts; + for (i = 0; i < OSSL_NELEM(standard_exts); i++, tmp++) { + if ((*tmp)->ext_nid < prev) + good = 0; + prev = (*tmp)->ext_nid; + + } + if (!good) { + tmp = standard_exts; + fprintf(stderr, "Extensions out of order!\n"); + for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) + fprintf(stderr, "%d : %s\n", (*tmp)->ext_nid, + OBJ_nid2sn((*tmp)->ext_nid)); + } else { + fprintf(stderr, "Order OK\n"); + } + + return good; +} + +static void teardown_standard_exts(SIMPLE_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); +} + +/********************************************************************** + * + * Test driver + * + ***/ + +static struct { + const char *section; + SIMPLE_FIXTURE (*setup)(const char *const test_case_name); + int (*execute)(SIMPLE_FIXTURE); + void (*teardown)(SIMPLE_FIXTURE); +} tests[] = { + {"standard_exts", setup_standard_exts, execute_standard_exts, + teardown_standard_exts}, +}; + +static int drive_tests(int idx) +{ + SETUP_TEST_FIXTURE(SIMPLE_FIXTURE, tests[idx].setup); + fixture.test_section = tests[idx].section; + EXECUTE_TEST(tests[idx].execute, tests[idx].teardown); +} + +int main(int argc, char **argv) +{ + ADD_ALL_TESTS(drive_tests, OSSL_NELEM(tests)); + + return run_tests(argv[0]); +}