forked from wolfSSL/wolfssl
Don't regenerate in test_wolfSSL_PEM_write_bio_X509(). We don't have the private key.
This commit is contained in:
Anthony Hu
23
src/x509.c
23
src/x509.c
@ -11578,12 +11578,8 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
|
|||||||
byte* pem = NULL;
|
byte* pem = NULL;
|
||||||
int pemSz = 0;
|
int pemSz = 0;
|
||||||
/* Get large buffer to hold cert der */
|
/* Get large buffer to hold cert der */
|
||||||
|
const byte* der = NULL;
|
||||||
int derSz = X509_BUFFER_SZ;
|
int derSz = X509_BUFFER_SZ;
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
byte* der;
|
|
||||||
#else
|
|
||||||
byte der[X509_BUFFER_SZ];
|
|
||||||
#endif
|
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509()");
|
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509()");
|
||||||
@ -11593,15 +11589,11 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
/* Do not call wolfssl_x509_make_der() here. If we did, then need to re-sign
|
||||||
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
* because we don't know the original order of the extensions and so we must
|
||||||
if (!der) {
|
* assume our extensions are in a different order, thus need to re-sign. */
|
||||||
WOLFSSL_MSG("malloc failed");
|
der = wolfSSL_X509_get_der(cert, &derSz);
|
||||||
return WOLFSSL_FAILURE;
|
if (der == NULL) {
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (wolfssl_x509_make_der(cert, 0, der, &derSz, 1) != WOLFSSL_SUCCESS) {
|
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -11631,9 +11623,6 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
|
|||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
||||||
#endif
|
|
||||||
if (pem)
|
if (pem)
|
||||||
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
|
|||||||
26
tests/api.c
26
tests/api.c
@ -39514,20 +39514,30 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
|
|||||||
int res = TEST_SKIPPED;
|
int res = TEST_SKIPPED;
|
||||||
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \
|
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \
|
||||||
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \
|
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \
|
||||||
!defined(NO_BIO) && !defined(NO_RSA)
|
!defined(NO_BIO) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
|
||||||
/* This test contains the hard coded expected
|
/* This test contains the hard coded expected
|
||||||
* lengths. Update if necessary */
|
* lengths. Update if necessary */
|
||||||
|
FILE* fp = NULL;
|
||||||
|
WOLFSSL_EVP_PKEY *priv = NULL;
|
||||||
|
|
||||||
BIO* input;
|
BIO* input = NULL;
|
||||||
BIO* output;
|
BIO* output = NULL;
|
||||||
X509* x509a = NULL;
|
X509* x509a = NULL;
|
||||||
X509* x509b = NULL;
|
X509* x509b = NULL;
|
||||||
|
|
||||||
ASN1_TIME* notBeforeA = NULL;
|
ASN1_TIME* notBeforeA = NULL;
|
||||||
ASN1_TIME* notAfterA = NULL;
|
ASN1_TIME* notAfterA = NULL;
|
||||||
ASN1_TIME* notBeforeB = NULL;
|
ASN1_TIME* notBeforeB = NULL;
|
||||||
ASN1_TIME* notAfterB = NULL;
|
ASN1_TIME* notAfterB = NULL;
|
||||||
int expectedLen;
|
int expectedLen;
|
||||||
|
|
||||||
|
fp = XFOPEN("certs/server-key.pem", "rb");
|
||||||
|
AssertNotNull(fp);
|
||||||
|
priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL);
|
||||||
|
XFCLOSE(fp);
|
||||||
|
fp = NULL;
|
||||||
|
AssertNotNull(priv);
|
||||||
|
|
||||||
AssertNotNull(input = BIO_new_file(
|
AssertNotNull(input = BIO_new_file(
|
||||||
"certs/test/cert-ext-multiple.pem", "rb"));
|
"certs/test/cert-ext-multiple.pem", "rb"));
|
||||||
AssertIntEQ(wolfSSL_BIO_get_len(input), 2000);
|
AssertIntEQ(wolfSSL_BIO_get_len(input), 2000);
|
||||||
@ -39537,7 +39547,7 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
|
|||||||
AssertNotNull(notBeforeA = X509_get_notBefore(x509a));
|
AssertNotNull(notBeforeA = X509_get_notBefore(x509a));
|
||||||
AssertNotNull(notAfterA = X509_get_notAfter(x509a));
|
AssertNotNull(notAfterA = X509_get_notAfter(x509a));
|
||||||
|
|
||||||
/* write X509 back to PEM BIO */
|
/* write X509 back to PEM BIO; no need to sign as nothing changed. */
|
||||||
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
|
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
|
||||||
AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
|
AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
|
||||||
/* compare length against expected */
|
/* compare length against expected */
|
||||||
@ -39565,6 +39575,9 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
|
|||||||
x509a->authKeyIdSrcSz = 0;
|
x509a->authKeyIdSrcSz = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Resign to re-generate the der */
|
||||||
|
AssertIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0);
|
||||||
|
|
||||||
AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
|
AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
|
||||||
|
|
||||||
/* Check that we generate a smaller output since the AKID will
|
/* Check that we generate a smaller output since the AKID will
|
||||||
@ -39592,8 +39605,8 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
|
|||||||
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
|
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
|
||||||
AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
|
AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS);
|
||||||
|
|
||||||
/* read exported X509 PEM back into struct, ensure isCa and
|
/* read exported X509 PEM back into struct, ensure isCa and basicConstSet
|
||||||
* basicConstSet values are maintained */
|
* values are maintained; no need to sign as nothing changed. */
|
||||||
AssertNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL));
|
AssertNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL));
|
||||||
AssertIntEQ(x509b->isCa, 1);
|
AssertIntEQ(x509b->isCa, 1);
|
||||||
AssertIntEQ(x509b->basicConstSet, 1);
|
AssertIntEQ(x509b->basicConstSet, 1);
|
||||||
@ -39621,6 +39634,7 @@ static int test_wolfSSL_PEM_write_bio_X509(void)
|
|||||||
AssertIntEQ(x509b->isCa, 0);
|
AssertIntEQ(x509b->isCa, 0);
|
||||||
AssertIntEQ(x509b->basicConstSet, 1);
|
AssertIntEQ(x509b->basicConstSet, 1);
|
||||||
|
|
||||||
|
wolfSSL_EVP_PKEY_free(priv);
|
||||||
X509_free(x509a);
|
X509_free(x509a);
|
||||||
X509_free(x509b);
|
X509_free(x509b);
|
||||||
BIO_free(input);
|
BIO_free(input);
|
||||||
|
|||||||
Reference in New Issue
Block a user