Refactor crltest.c to separate the test cases into individual functions.

/*

 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy

 * https://www.openssl.org/source/license.html

 */

#include <stdio.h>

#include "../e_os.h"

#include <string.h>

#include <openssl/bio.h>

    NULL

};

static const char **unknown_critical_crls[] = {

    kUnknownCriticalCRL, kUnknownCriticalCRL2

};

static X509 *test_root = NULL;

static X509 *test_leaf = NULL;

/*

 * Glue an array of strings together.  Return a BIO and put the string

    STACK_OF(X509) *roots = sk_X509_new_null();

    int status = X509_V_ERR_UNSPECIFIED;

    if (!TEST_ptr(ctx))

        goto err;

    if (!TEST_ptr(store))

        goto err;

    if (!TEST_ptr(param))

        goto err;

    if (!TEST_ptr(roots))

    if (!TEST_ptr(ctx)

        || !TEST_ptr(store)

        || !TEST_ptr(param)

        || !TEST_ptr(roots))

        goto err;

    /* Create a stack; upref the cert because we free it below. */

    X509_up_ref(root);

    if (!TEST_true(sk_X509_push(roots, root)))

        goto err;

    if (!TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))

    if (!TEST_true(sk_X509_push(roots, root))

        || !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL)))

        goto err;

    X509_STORE_CTX_set0_trusted_stack(ctx, roots);

    X509_STORE_CTX_set0_crls(ctx, crls);

    X509_VERIFY_PARAM_set_time(param, PARAM_TIME);

    if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) {

        TEST_info("set_time/get_time mismatch.");

    if (!TEST_long_eq(X509_VERIFY_PARAM_get_time(param), PARAM_TIME))

        goto err;

    }

    X509_VERIFY_PARAM_set_depth(param, 16);

    if (flags)

        X509_VERIFY_PARAM_set_flags(param, flags);

    return sk;

}

static int test_crl()

static int test_basic_crl(void)

{

    X509 *root = X509_from_strings(kCRLTestRoot);

    X509 *leaf = X509_from_strings(kCRLTestLeaf);

    X509_CRL *basic_crl = CRL_from_strings(kBasicCRL);

    X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL);

    X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);

    X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);

    X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL);

    X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2);

    int status = 0;

    if (!TEST_ptr(root))

        goto err;

    if (!TEST_ptr(leaf))

        goto err;

    if (!TEST_ptr(basic_crl))

        goto err;

    if (!TEST_ptr(revoked_crl))

        goto err;

    if (!TEST_ptr(bad_issuer_crl))

        goto err;

    if (!TEST_ptr(known_critical_crl))

        goto err;

    if (!TEST_ptr(unknown_critical_crl))

        goto err;

    if (!TEST_ptr(unknown_critical_crl2))

        goto err;

    if (verify(leaf, root, make_CRL_stack(basic_crl, NULL),

               X509_V_FLAG_CRL_CHECK) != X509_V_OK) {

        TEST_info("Cert with CRL didn't verify.");

        goto err;

    int r;

    r = TEST_ptr(basic_crl)

        && TEST_ptr(revoked_crl)

        && TEST_int_eq(verify(test_leaf, test_root,

                              make_CRL_stack(basic_crl, NULL),

                              X509_V_FLAG_CRL_CHECK), X509_V_OK)

        && TEST_int_eq(verify(test_leaf, test_root,

                              make_CRL_stack(basic_crl, revoked_crl),

                              X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED);

    X509_CRL_free(basic_crl);

    X509_CRL_free(revoked_crl);

    return r;

}

    if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl),

               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) {

        TEST_info("Revoked CRL wasn't checked.");

        goto err;

static int test_no_crl(void)

{

    return TEST_int_eq(verify(test_leaf, test_root, NULL,

                              X509_V_FLAG_CRL_CHECK),

                       X509_V_ERR_UNABLE_TO_GET_CRL);

}

    if (verify(leaf, root, NULL,

               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {

        TEST_info("CRLs were not required.");

        goto err;

    }

static int test_bad_issuer_crl(void)

{

    X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL);

    int r;

    if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL),

               X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) {

        TEST_info("Bad CRL issuer was unnoticed.");

        goto err;

    r = TEST_ptr(bad_issuer_crl)

        && TEST_int_eq(verify(test_leaf, test_root,

                              make_CRL_stack(bad_issuer_crl, NULL),

                              X509_V_FLAG_CRL_CHECK),

                       X509_V_ERR_UNABLE_TO_GET_CRL);

    X509_CRL_free(bad_issuer_crl);

    return r;

}

    if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL),

               X509_V_FLAG_CRL_CHECK) != X509_V_OK) {

        TEST_info("CRL with known critical extension was rejected.");

        goto err;

static int test_known_critical_crl(void)

{

    X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL);

    int r;

    r = TEST_ptr(known_critical_crl)

        && TEST_int_eq(verify(test_leaf, test_root,

                              make_CRL_stack(known_critical_crl, NULL),

                              X509_V_FLAG_CRL_CHECK), X509_V_OK);

    X509_CRL_free(known_critical_crl);

    return r;

}

    if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL),

               X509_V_FLAG_CRL_CHECK) !=

            X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {

        TEST_info("CRL with unknown critical extension was accepted.");

        goto err;

static int test_unknown_critical_crl(int n)

{

    X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]);

    int r;

    r = TEST_ptr(unknown_critical_crl)

        && TEST_int_eq(verify(test_leaf, test_root,

                              make_CRL_stack(unknown_critical_crl, NULL),

                              X509_V_FLAG_CRL_CHECK),

                       X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION);

    X509_CRL_free(unknown_critical_crl);

    return r;

}

    if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL),

               X509_V_FLAG_CRL_CHECK) !=

            X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) {

        TEST_info("CRL with unknown critical extension (2) was accepted.");

int test_main(int argc, char *argv[])

{

    int status = EXIT_FAILURE;

    if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))

        || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf)))

        goto err;

    }

    status = 1;

    ADD_TEST(test_no_crl);

    ADD_TEST(test_basic_crl);

    ADD_TEST(test_bad_issuer_crl);

    ADD_TEST(test_known_critical_crl);

    ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));

    status = run_tests(argv[0]);

err:

    X509_free(root);

    X509_free(leaf);

    X509_CRL_free(basic_crl);

    X509_CRL_free(revoked_crl);

    X509_CRL_free(bad_issuer_crl);

    X509_CRL_free(known_critical_crl);

    X509_CRL_free(unknown_critical_crl);

    X509_CRL_free(unknown_critical_crl2);

    X509_free(test_root);

    X509_free(test_leaf);

    return status;

}

void register_tests(void)

{

    ADD_TEST(test_crl);

}