From e58087842cf74164809977872eb2f7a62490d8dd Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 29 Jun 2021 17:18:34 +0200 Subject: [PATCH] test_pem_reading: Test loading a key from a file with multiple PEM data Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15949) --- test/certs/cert-key-cert.pem | 90 ++++++++++++++++++++++++++++++ test/pemtest.c | 22 +++++++- test/recipes/04-test_pem_reading.t | 24 +++++--- test/recipes/80-test_pkcs12.t | 23 +++++++- 4 files changed, 146 insertions(+), 13 deletions(-) create mode 100644 test/certs/cert-key-cert.pem diff --git a/test/certs/cert-key-cert.pem b/test/certs/cert-key-cert.pem new file mode 100644 index 0000000000..bf6fd9c34b --- /dev/null +++ b/test/certs/cert-key-cert.pem @@ -0,0 +1,90 @@ +Some garbage at the beginning +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- +Some garbage in the middle +And more +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7MOIrqH+ZIJiZ +droKMrelKMSvvRKg2MEgj/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN +2SLr1ZsPftCHIY12LF560WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8S +JSqUskf03MpcwnLbVfSphwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev +/Ccmqqt81NFkb1WVejvN5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzW +qF77u/crHufIhoEa7NkZhSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2I +GLDLoA0XAgMBAAECggEAcEBMIGoWuji1ybFMtrjbL4tXBxuWhCX3ChPNSpQFctmN +Cba7+c4GTIqaHG9cHcJ8dCgCZjpGdNYKXZKMQmgBaDVfzujr76WDsprFb3hsCbkE +YRJ/mIa5cTH7ySaGoLf+5/lDJxcmWqiT/YmUEz8lr0yHfUCNp8HPyalUvYKafbos +5BiXs8lr4XQ/vxL0CtVQx+5T8pmgU6CmP1jjgBqV4Y9RPewSmPNhxKAqm82JYMND +9evNHNpZmDpwTMygwwL0oJ0DV0nq0uqzuk1ORcp7YIph7IFGcdi4n7Y4Y2U6B8Ok +ITY684qpcXgy+qO1A8AwDEJ34wiIWb8Mi8S84KdTIQKBgQDhHmCdpWKzwLETlHQR +V9wT3ulySmxG0t8kSgNOFRVUZNXQ0ij2v8rOJ7R0QzJ+kCqvdxJ5QHNlUFKkOFMA +SnSy098iEz5skwRhHof7ZNa3U6oRRSauUcZcThWL+z14nhTIC1m99KpACV6fl3jj +MVEYYpG6n7jZ0wKUGMStxT1q9QKBgQDU3pOgNLnFasMIujvXI3ARSK6xIpkBTq89 +n6pmn9XeMWs/H6wQRO5wpUXbg+/3/d4tnezrDG9Lg5aPV8ca/zJ7IP8iNyLnhiUY +c9O6hKAW1fxddt9megzBDvsBgRzhytnv3OSpM+idgtsJ7Tvkevmt4K5j6gitpJpb +1A1erknoWwKBgCM5zKZ+bZ5xBYRp02uvUtmtJNxkduLyNkaIalH6jJbjHG4LpKtP +wZ1Wqy8SIMGbL4K7YCGnCyeMVRIrWhmOjQo6iwza9AarTqEf1OlqkwqmxdLj/jSC +yUZCVa7MxoasPdY7qHRH56gTj0HrwtfSLL1jFyibu6IiGaIw6f3DAmRNAoGAL2sx +iYOVSnPg5GXQBLnBMih1ucHSQadMhDa4F8pNMwThNhuREcK5NuCqMh8u6phj0NeY +Ojf35uN2O5I7KTll/mW4T9/mZ5rLUqoipS78FnoukId1dneDtdHnektPqsCsUbFs +QoDstYG713dAW0JFskUVs+4jZsL/G6ueGtRKZHcCgYEA27sBEJtHGLAgEUGSlwSA +acmaIlKpF3EMImgWhlzRN3JC7+z8HJAhoHTxQUdnWfJt2Xl4Z+WmXvv+E7U9ofH7 +kH8fbLcaxwvylPm4hAMlhtL3EqnRDSL4hfZHBrqqf3C0Kv+C8naNxzeCNG6iHxcp +3c7vY4BXTz0dGBGHml6qu5Y= +-----END PRIVATE KEY----- +More garbage in the middle +And more +-----BEGIN CERTIFICATE----- +MIIEzDCCA7QCCQCgxkRox+YljjANBgkqhkiG9w0BAQsFADCCASYxYzBhBgNVBAgM +WlRoZSBHcmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVs +ZCBOYW1lcyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0G +A1UEBwwWVG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2 +b2xlbnQgU29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlw +aHJhc2lzMT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlk +ZW50aWFyeSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwHhcN +MTcwMjIzMjAyNTM2WhcNMTcwMzI1MjAyNTM2WjCCASYxYzBhBgNVBAgMWlRoZSBH +cmVhdCBTdGF0ZSBvZiBMb25nLVdpbmRlZCBDZXJ0aWZpY2F0ZSBGaWVsZCBOYW1l +cyBXaGVyZWJ5IHRvIEluY3JlYXNlIHRoZSBPdXRwdXQgU2l6ZTEfMB0GA1UEBwwW +VG9vbWFueWNoYXJhY3RlcnN2aWxsZTFIMEYGA1UECgw/VGhlIEJlbmV2b2xlbnQg +U29jaWV0eSBvZiBMb3F1YWNpb3VzIGFuZCBQbGVvbmFzdGljIFBlcmlwaHJhc2lz +MT0wOwYDVQQLDDRFbmRvcnNlbWVudCBvZiBWb3VjaHNhZmUnZCBFdmlkZW50aWFy +eSBDZXJ0aWZpY2F0aW9uMRUwEwYDVQQDDAxjZXJ0LmV4YW1wbGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MOIrqH+ZIJiZdroKMrelKMSvvRKg2MEg +j/sx9TaHHqrKys4AiL4Rq/ybQEigFC6G8mpZWbBrU+vN2SLr1ZsPftCHIY12LF56 +0WLYTYNqDgF5BdCZCrjJ2hhN+XwML2tgYdWioV/Eey8SJSqUskf03MpcwnLbVfSp +hwmowqNfiEFFqPBCf7E8IVarGWctbMpvlMbAM5owhMev/Ccmqqt81NFkb1WVejvN +5v/JKv243/Xedf4I7ZJv7zKeswoP9piFzWHXCd9SIVzWqF77u/crHufIhoEa7NkZ +hSC2aosQF619iKnfk0nqWaLDJ182CCXkHERoQC7q9X2IGLDLoA0XAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAKbtLx+YlCGRCBmYn3dfYF+BIvK/b/e0DKNhDKhb4s9J +ywlJ4qnAB48tgPx0q+ZB+EdMYRqCwyvXJxEdZ7PsCdUeU6xI2ybkhSdUUfQbYem3 +aYRG+yukGzazySQJs8lGqxBlRMFl/FGCg+oSQ/I32eGf8micDskj2zkAJtCkUPHX +30YrWMfOwW1r2xYr2mBNXbNWXJhW/sIg5u8aa9fcALeuQcMXkbsbVoPmC5aLdiVZ +rvUFoJ8DPg0aYYwj64RwU0B5HW/7jKhQ25FgKVAzLGrgYx1DivkM7UQGdWYnU8IA +A8S89gRjGk2hnkeagWas3dxqTTpgJDhprgWzyKa9hII= +-----END CERTIFICATE----- +Some garbage at the end diff --git a/test/pemtest.c b/test/pemtest.c index 8c9e04297a..444603f253 100644 --- a/test/pemtest.c +++ b/test/pemtest.c @@ -28,6 +28,8 @@ static TESTDATA b64_pem_data[] = { static const char *pemtype = "PEMTESTDATA"; +static char *pemfile; + static int test_b64(int idx) { BIO *b = BIO_new(BIO_s_mem()); @@ -83,9 +85,23 @@ static int test_invalid(void) return 1; } -int setup_tests(void) +static int test_cert_key_cert(void) { - ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data)); - ADD_TEST(test_invalid); + EVP_PKEY *key; + + if (!TEST_ptr(key = load_pkey_pem(pemfile, NULL))) + return 0; + + EVP_PKEY_free(key); + return 1; +} + +int setup_tests(void) +{ + if (!TEST_ptr(pemfile = test_get_argument(0))) + return 0; + ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data)); + ADD_TEST(test_invalid); + ADD_TEST(test_cert_key_cert); return 1; } diff --git a/test/recipes/04-test_pem_reading.t b/test/recipes/04-test_pem_reading.t index f69121cd37..9698289a8b 100644 --- a/test/recipes/04-test_pem_reading.t +++ b/test/recipes/04-test_pem_reading.t @@ -80,7 +80,7 @@ my %dsa_expected = ( "dsa.pem" => 1 ); -plan tests => scalar keys(%cert_expected) + scalar keys(%dsa_expected) + 2; +plan tests => scalar keys(%cert_expected) + scalar keys(%dsa_expected) + 4; foreach my $input (keys %cert_expected) { my @common = ($cmd, "x509", "-text", "-noout", "-inform", "PEM", "-in"); @@ -101,12 +101,18 @@ SKIP: { is((scalar @match > 0 ? 1 : 0), $dsa_expected{$input}); } } -SKIP: { - skip "RSA support disabled, skipping...", 1 unless !disabled("rsa"); - my @common = ($cmd, "pkey", "-inform", "PEM", "-noout", "-text", "-in"); - my @data = run(app([@common, data_file("beermug.pem")], stderr => undef), capture => 1); - my @match = grep /00:a0:3a:21:14:5d:cd:b6:d5:a0:3e:49:23:c1:3a:/, @data; - ok(scalar @match > 0 ? 1 : 0); -} -ok(run(test(["pemtest"])), "running pemtest"); +my @common = ($cmd, "pkey", "-inform", "PEM", "-noout", "-text", "-in"); +my @data = run(app([@common, data_file("beermug.pem")], stderr => undef), capture => 1); +my @match = grep /00:a0:3a:21:14:5d:cd:b6:d5:a0:3e:49:23:c1:3a:/, @data; +ok(scalar @match > 0 ? 1 : 0); +my $certkeycert = srctop_file("test", "certs", "cert-key-cert.pem"); +@data = run(app([@common, $certkeycert], stderr => "outerr.txt"), capture => 1); +open DATA, "outerr.txt"; +@match = grep /:error:/, ; +close DATA; +ok(scalar @match > 0 ? 0 : 1); +@match = grep /70:40:4c:20:6a:16:ba:38:b5:c9:b1:4c:b6:b8:db:/, @data; +ok(scalar @match > 0 ? 1 : 0); + +ok(run(test(["pemtest", $certkeycert])), "running pemtest"); diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t index c85437f1a8..52c70cb0f7 100644 --- a/test/recipes/80-test_pkcs12.t +++ b/test/recipes/80-test_pkcs12.t @@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) { } $ENV{OPENSSL_WIN32_UTF8}=1; -plan tests => 7; +plan tests => 10; # Test different PKCS#12 formats ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); @@ -78,6 +78,7 @@ my @path = qw(test certs); my $outfile1 = "out1.p12"; my $outfile2 = "out2.p12"; my $outfile3 = "out3.p12"; +my $outfile4 = "out4.p12"; # Test the -chain option with -untrusted ok(run(app(["openssl", "pkcs12", "-export", "-chain", @@ -113,4 +114,24 @@ SKIP: { "test_pkcs12_passcerts_legacy"); } +# Test export of PEM file with both cert and key +# -nomac necessary to avoid legacy provider requirement +ok(run(app(["openssl", "pkcs12", "-export", + "-inkey", srctop_file(@path, "cert-key-cert.pem"), + "-in", srctop_file(@path, "cert-key-cert.pem"), + "-passout", "pass:v3-certs", + "-nomac", "-out", $outfile4], stderr => "outerr.txt")), + "test_export_pkcs12_cert_key_cert"); +open DATA, "outerr.txt"; +my @match = grep /:error:/, ; +close DATA; +ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_outerr_empty"); + +ok(run(app(["openssl", "pkcs12", + "-in", $outfile4, + "-passin", "pass:v3-certs", + "-nomacver", "-nodes"])), + "test_import_pkcs12_cert_key_cert"); + + SetConsoleOutputCP($savedcp) if (defined($savedcp));