Add tests for do_updatedb

Fixes #13944 Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests. Added function "asn1_string_to_time_t" including tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17645)
openssl · Feb 14, 2022 · 065121f · bernd-edlinger · Feb 14, 2022 · bernd-edlinger
1 parent c920020
commit 065121f
Show file tree

Hide file tree

Showing 12 changed files with 412 additions and 25 deletions.
diff --git a/apps/ca.c b/apps/ca.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -129,7 +129,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
                    CONF *conf, unsigned long certopt, unsigned long nameopt,
                    int default_op, int ext_copy, int selfsign, unsigned long dateopt);
 static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
 static int check_time_format(const char *str);
 static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
                      const char *extval);
@@ -755,7 +754,7 @@ int ca_main(int argc, char **argv)
         if (verbose)
             BIO_printf(bio_err, "Updating %s ...\n", dbfile);
 
-        i = do_updatedb(db);
+        i = do_updatedb(db, NULL);
         if (i == -1) {
             BIO_printf(bio_err, "Malloc failure\n");
             goto end;
@@ -2290,7 +2289,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
     return ok;
 }
 
-static int do_updatedb(CA_DB *db)
+int do_updatedb(CA_DB *db, time_t *now)
 {
     ASN1_TIME *a_tm = NULL;
     int i, cnt = 0;
@@ -2301,7 +2300,7 @@ static int do_updatedb(CA_DB *db)
         return -1;
 
     /* get actual time */
-    if (X509_gmtime_adj(a_tm, 0) == NULL) {
+    if (X509_time_adj(a_tm, 0, now) == NULL) {
         ASN1_TIME_free(a_tm);
         return -1;
     }

diff --git a/apps/include/apps.h b/apps/include/apps.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -221,6 +221,8 @@ typedef struct ca_db_st {
 # endif
 } CA_DB;
 
+extern int do_updatedb(CA_DB *db, time_t *now);
+
 void app_bail_out(char *fmt, ...);
 void *app_malloc(size_t sz, const char *what);
 BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -3247,18 +3247,6 @@ void make_uppercase(char *string)
         string[i] = toupper((unsigned char)string[i]);
 }
 
-/* This function is defined here due to visibility of bio_err */
-int opt_printf_stderr(const char *fmt, ...)
-{
-    va_list ap;
-    int ret;
-
-    va_start(ap, fmt);
-    ret = BIO_vprintf(bio_err, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
 OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
                                      const OSSL_PARAM *paramdefs)
 {

diff --git a/apps/lib/apps_opt_printf.c b/apps/lib/apps_opt_printf.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "opt.h"
+#include <openssl/ui.h>
+#include "apps_ui.h"
+
+/* This function is defined here due to visibility of bio_err */
+int opt_printf_stderr(const char *fmt, ...)
+{
+    va_list ap;
+    int ret;
+
+    va_start(ap, fmt);
+    ret = BIO_vprintf(bio_err, fmt, ap);
+    va_end(ap);
+    return ret;
+}
+
diff --git a/apps/lib/build.info b/apps/lib/build.info
@@ -10,7 +10,7 @@ ENDIF
 # Source for libapps
 $LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \
         columns.c app_params.c names.c app_provider.c app_x509.c http_server.c \
-        engine.c engine_loader.c app_libctx.c
+        engine.c engine_loader.c app_libctx.c apps_opt_printf.c
 
 IF[{- !$disabled{apps} -}]
   LIBS{noinst}=../libapps.a

diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -589,3 +589,41 @@ int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
         return -1;
     return 0;
 }
+
+/*
+ * tweak for Windows
+ */
+#ifdef WIN32
+# define timezone _timezone
+#endif
+
+time_t asn1_string_to_time_t(const char *asn1_string)
+{
+    ASN1_TIME *timestamp_asn1 = NULL;
+    struct tm *timestamp_tm = NULL;
+    time_t timestamp_local;
+    time_t timestamp_utc;
+
+    timestamp_asn1 = ASN1_TIME_new();
+    if (!ASN1_TIME_set_string(timestamp_asn1, asn1_string))
+    {
+        ASN1_TIME_free(timestamp_asn1);
+        return -1;
+    }
+
+    timestamp_tm = OPENSSL_malloc(sizeof(*timestamp_tm));
+
+    if (!(ASN1_TIME_to_tm(timestamp_asn1, timestamp_tm))) {
+        OPENSSL_free(timestamp_tm);
+        ASN1_TIME_free(timestamp_asn1);
+        return -1;
+    }
+
+    timestamp_local = mktime(timestamp_tm);
+    OPENSSL_free(timestamp_tm);
+
+    timestamp_utc = timestamp_local - timezone;
+
+    ASN1_TIME_free(timestamp_asn1);
+    return timestamp_utc;
+}
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -147,4 +147,6 @@ EVP_PKEY * ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a,
                                       OSSL_LIB_CTX *libctx, const char *propq);
 X509_ALGOR *ossl_X509_ALGOR_from_nid(int nid, int ptype, void *pval);
 
+time_t asn1_string_to_time_t(const char *asn1_string);
+
 #endif /* ndef OSSL_CRYPTO_ASN1_H */
diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,6 +12,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include <crypto/asn1.h>
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -28,6 +29,53 @@ struct testdata {
     int convert_result;     /* conversion result */
 };
 
+struct TESTDATA_asn1_to_utc {
+    char *input;
+    time_t expected;
+};
+
+static const struct TESTDATA_asn1_to_utc asn1_to_utc[] = {
+    {
+        /*
+         * last second of standard time in central Europe in 2021
+         * specified in GMT
+         */
+        "210328005959Z",
+        1616893199,
+    },
+    {
+        /*
+         * first second of daylight saving time in central Europe in 2021
+         * specified in GMT
+         */
+        "210328010000Z",
+        1616893200,
+    },
+    {
+        /*
+         * last second of standard time in central Europe in 2021
+         * specified in offset to GMT
+         */
+        "20210328015959+0100",
+        1616893199,
+    },
+    {
+        /*
+         * first second of daylight saving time in central Europe in 2021
+         * specified in offset to GMT
+         */
+        "20210328030000+0200",
+        1616893200,
+    },
+    {
+        /*
+         * Invalid strings should get -1 as a result
+         */
+        "INVALID",
+        -1,
+    },
+};
+
 static struct testdata tbl_testdata_pos[] = {
     { "0",                 V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0,           0,  0, 0, }, /* Bad time */
     { "ABCD",              V_ASN1_GENERALIZEDTIME, V_ASN1_GENERALIZEDTIME, 0,           0,  0, 0, },
@@ -379,6 +427,20 @@ static int test_time_dup(void)
     return ret;
 }
 
+static int convert_asn1_to_time_t(int idx)
+{
+    time_t testdateutc;
+
+    testdateutc = asn1_string_to_time_t(asn1_to_utc[idx].input);
+
+    if (!TEST_time_t_eq(testdateutc, asn1_to_utc[idx].expected)) {
+        TEST_info("asn1_string_to_time_t (%s) failed: expected %li, got %li\n",
+                asn1_to_utc[idx].input, asn1_to_utc[idx].expected, (signed long) testdateutc);
+        return 0;
+    }
+    return 1;
+}
+
 int setup_tests(void)
 {
     /*
@@ -414,5 +476,6 @@ int setup_tests(void)
     }
     ADD_ALL_TESTS(test_table_compare, OSSL_NELEM(tbl_compare_testdata));
     ADD_TEST(test_time_dup);
+    ADD_ALL_TESTS(convert_asn1_to_time_t, OSSL_NELEM(asn1_to_utc));
     return 1;
 }
diff --git a/test/build.info b/test/build.info
@@ -62,7 +62,7 @@ IF[{- !$disabled{tests} -}]
           context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
           keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
           bio_readbuffer_test user_property_test pkcs7_test upcallstest \
-          provfetchtest prov_config_test rand_test
+          provfetchtest prov_config_test rand_test ca_internals_test
 
   IF[{- !$disabled{'deprecated-3.0'} -}]
     PROGRAMS{noinst}=enginetest
@@ -575,6 +575,13 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[cmp_client_test]=.. ../include ../apps/include
   DEPEND[cmp_client_test]=../libcrypto.a libtestutil.a
 
+  SOURCE[ca_internals_test]=ca_internals_test.c ../apps/ca.c ../apps/lib/apps.c \
+                            ../apps/lib/app_rand.c ../apps/lib/engine.c ../apps/lib/app_provider.c \
+                            ../apps/lib/app_libctx.c ../apps/lib/fmt.c ../apps/lib/apps_ui.c \
+                            ../apps/lib/app_x509.c ../crypto/asn1/a_time.c ../crypto/ctype.c
+  INCLUDE[ca_internals_test]=.. ../include ../apps/include
+  DEPEND[ca_internals_test]=libtestutil.a ../libssl
+
   # Internal test programs.  These are essentially a collection of internal
   # test routines.  Some of them need to reach internal symbols that aren't
   # available through the shared library (at least on Linux, Solaris, Windows
@@ -780,7 +787,8 @@ IF[{- !$disabled{tests} -}]
   ENDIF
 
   PROGRAMS{noinst}=asn1_time_test
-  SOURCE[asn1_time_test]=asn1_time_test.c
+  SOURCE[asn1_time_test]=asn1_time_test.c ../crypto/ctype.c \
+                         ../crypto/asn1/a_time.c
   INCLUDE[asn1_time_test]=../include ../apps/include
   DEPEND[asn1_time_test]=../libcrypto libtestutil.a