diff --git a/tool-openssl/asn1parse.cc b/tool-openssl/asn1parse.cc index 4873ede323..0eff738d41 100644 --- a/tool-openssl/asn1parse.cc +++ b/tool-openssl/asn1parse.cc @@ -20,7 +20,8 @@ bool asn1parseTool(const args_list_t &args) { using namespace ordered_args; ordered_args_map_t parsed_args; args_list_t extra_args; - if (!ParseOrderedKeyValueArguments(parsed_args, extra_args, args, kArguments)) { + if (!ParseOrderedKeyValueArguments(parsed_args, extra_args, args, + kArguments)) { PrintUsage(kArguments); return false; } @@ -31,7 +32,7 @@ bool asn1parseTool(const args_list_t &args) { uint8_t *raw_input_bytes = nullptr; ossl_uint8_ptr input_bytes(nullptr, &OPENSSL_free); size_t input_bytes_len = 0; - + bool help = false; GetBoolArgument(&help, "-help", parsed_args); @@ -49,7 +50,8 @@ bool asn1parseTool(const args_list_t &args) { } else if (isStringUpperCaseEqual(inform_str, "PEM")) { input_format = FORMAT_PEM; } else { - fprintf(stderr, "Error: Invalid input format '%s'. Must be PEM or DER\n", inform_str.c_str()); + fprintf(stderr, "Error: Invalid input format '%s'. Must be PEM or DER\n", + inform_str.c_str()); goto err; } @@ -80,8 +82,8 @@ bool asn1parseTool(const args_list_t &args) { input_bytes_len = 0; int i = 0; - // We could use BIO_read_asn1 here, but it does have some limitations. So match the OpenSSL behavior - // here instead. + // We could use BIO_read_asn1 here, but it does have some limitations. So + // match the OpenSSL behavior here instead. for (;;) { if (!BUF_MEM_grow(buf.get(), input_bytes_len + BUFSIZ)) { goto err; @@ -104,11 +106,13 @@ bool asn1parseTool(const args_list_t &args) { ossl_char_ptr name(nullptr, &OPENSSL_free); ossl_char_ptr header(nullptr, &OPENSSL_free); - // Technically this is the `-strictpem` behavior from OpenSSL in combination with `-inform PEM`. Otherwise OpenSSL - // would try to base64 decode outside of PEM blocks. This seems like a niche edge case so adopting the strict + // Technically this is the `-strictpem` behavior from OpenSSL in combination + // with `-inform PEM`. Otherwise OpenSSL would try to base64 decode outside + // of PEM blocks. This seems like a niche edge case so adopting the strict // behavior for now. long input_len = 0; - if (!PEM_read_bio(input_bio.get(), &raw_name, &raw_header, &raw_input_bytes, &input_len)) { + if (!PEM_read_bio(input_bio.get(), &raw_name, &raw_header, &raw_input_bytes, + &input_len)) { fprintf(stderr, "Error reading PEM file\n"); goto err; } diff --git a/tool-openssl/crl_test.cc b/tool-openssl/crl_test.cc index ff4269c7d8..4cef4c6b7c 100644 --- a/tool-openssl/crl_test.cc +++ b/tool-openssl/crl_test.cc @@ -1,15 +1,15 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -#include "openssl/x509.h" #include #include +#include +#include "../crypto/test/test_util.h" #include "internal.h" +#include "openssl/x509.h" #include "test_util.h" -#include "../crypto/test/test_util.h" -#include -X509_CRL* createTestCRL() { +X509_CRL *createTestCRL() { bssl::UniquePtr crl(X509_CRL_new()); if (!crl) { ERR_print_errors_fp(stderr); @@ -19,8 +19,9 @@ X509_CRL* createTestCRL() { // Set issuer name bssl::UniquePtr issuer(X509_NAME_new()); if (!issuer || - !X509_NAME_add_entry_by_txt(issuer.get(), "CN", MBSTRING_ASC, (unsigned char *)"Test CA", -1, -1, 0) || - !X509_CRL_set_issuer_name(crl.get(), issuer.get())) { + !X509_NAME_add_entry_by_txt(issuer.get(), "CN", MBSTRING_ASC, + (unsigned char *)"Test CA", -1, -1, 0) || + !X509_CRL_set_issuer_name(crl.get(), issuer.get())) { return nullptr; } @@ -28,19 +29,21 @@ X509_CRL* createTestCRL() { bssl::UniquePtr lastUpdate(ASN1_TIME_new()); bssl::UniquePtr nextUpdate(ASN1_TIME_new()); if (!lastUpdate || !nextUpdate || !X509_gmtime_adj(lastUpdate.get(), 0) || - !X509_gmtime_adj(nextUpdate.get(), 86400L) || // 24 hours from now - !X509_CRL_set1_lastUpdate(crl.get(), lastUpdate.get()) || - !X509_CRL_set1_nextUpdate(crl.get(), nextUpdate.get())) { + !X509_gmtime_adj(nextUpdate.get(), 86400L) || // 24 hours from now + !X509_CRL_set1_lastUpdate(crl.get(), lastUpdate.get()) || + !X509_CRL_set1_nextUpdate(crl.get(), nextUpdate.get())) { return nullptr; } // Add a revoked certificate X509_REVOKED *revoked = X509_REVOKED_new(); bssl::UniquePtr serialNumber(ASN1_INTEGER_new()); - if (!revoked || !serialNumber || !ASN1_INTEGER_set(serialNumber.get(), 1) || // Serial number of revoked cert - !X509_REVOKED_set_serialNumber(revoked, serialNumber.get()) || - !X509_REVOKED_set_revocationDate(revoked, lastUpdate.get()) || - !X509_CRL_add0_revoked(crl.get(), revoked)) { + if (!revoked || !serialNumber || + !ASN1_INTEGER_set(serialNumber.get(), + 1) || // Serial number of revoked cert + !X509_REVOKED_set_serialNumber(revoked, serialNumber.get()) || + !X509_REVOKED_set_revocationDate(revoked, lastUpdate.get()) || + !X509_CRL_add0_revoked(crl.get(), revoked)) { return nullptr; } @@ -59,54 +62,52 @@ X509_CRL* createTestCRL() { } class CRLTest : public ::testing::Test { -protected: - void SetUp() override { - ASSERT_GT(createTempFILEpath(in_path), 0u); + protected: + void SetUp() override { + ASSERT_GT(createTempFILEpath(in_path), 0u); - // Create a test CRL - crl.reset(createTestCRL()); - ASSERT_TRUE(crl); + // Create a test CRL + crl.reset(createTestCRL()); + ASSERT_TRUE(crl); - ScopedFILE in_file(fopen(in_path, "wb")); - ASSERT_TRUE(in_file); - PEM_write_X509_CRL(in_file.get(), crl.get()); - } + ScopedFILE in_file(fopen(in_path, "wb")); + ASSERT_TRUE(in_file); + PEM_write_X509_CRL(in_file.get(), crl.get()); + } - void TearDown() override { - RemoveFile(in_path); - } + void TearDown() override { RemoveFile(in_path); } - char in_path[PATH_MAX]; - bssl::UniquePtr crl; + char in_path[PATH_MAX]; + bssl::UniquePtr crl; }; // ----------------------------- CRL Option Tests ----------------------------- // Test -in -TEST_F(CRLTest, CRLTestIn) { +TEST_F(CRLTest, In) { args_list_t args = {"-in", in_path}; bool result = CRLTool(args); ASSERT_TRUE(result); } // Test -hash -TEST_F(CRLTest, CRLTestHash) { +TEST_F(CRLTest, Hash) { args_list_t args = {"-in", in_path, "-hash"}; bool result = CRLTool(args); ASSERT_TRUE(result); } // Test -fingerprint -TEST_F(CRLTest, CRLTestFingerprint) { +TEST_F(CRLTest, Fingerprint) { args_list_t args = {"-in", in_path, "-fingerprint"}; bool result = CRLTool(args); ASSERT_TRUE(result); } // Test -noout -TEST_F(CRLTest, CRLTestNoout) { +TEST_F(CRLTest, Noout) { args_list_t args = {"-in", in_path, "-noout"}; bool result = CRLTool(args); ASSERT_TRUE(result); @@ -118,91 +119,124 @@ TEST_F(CRLTest, CRLTestNoout) { // AWSLC_TOOL_PATH and OPENSSL_TOOL_PATH. class CRLComparisonTest : public ::testing::Test { -protected: - void SetUp() override { - - // Skip gtests if env variables not set - tool_executable_path = getenv("AWSLC_TOOL_PATH"); - openssl_executable_path = getenv("OPENSSL_TOOL_PATH"); - if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { - GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH environment variables are not set"; - } - - ASSERT_GT(createTempFILEpath(in_path), 0u); - ASSERT_GT(createTempFILEpath(out_path_tool), 0u); - ASSERT_GT(createTempFILEpath(out_path_openssl), 0u); - - // Create a test CRL - crl.reset(createTestCRL()); - ASSERT_TRUE(crl); - - ScopedFILE in_file(fopen(in_path, "wb")); - ASSERT_TRUE(in_file); - PEM_write_X509_CRL(in_file.get(), crl.get()); + protected: + void SetUp() override { + // Skip gtests if env variables not set + tool_executable_path = getenv("AWSLC_TOOL_PATH"); + openssl_executable_path = getenv("OPENSSL_TOOL_PATH"); + if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { + GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " + "environment variables are not set"; } - void TearDown() override { - if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { - RemoveFile(in_path); - RemoveFile(out_path_tool); - RemoveFile(out_path_openssl); - } + ASSERT_GT(createTempFILEpath(in_path), 0u); + ASSERT_GT(createTempFILEpath(out_path_tool), 0u); + ASSERT_GT(createTempFILEpath(out_path_openssl), 0u); + + // Create a test CRL + crl.reset(createTestCRL()); + ASSERT_TRUE(crl); + + ScopedFILE in_file(fopen(in_path, "wb")); + ASSERT_TRUE(in_file); + PEM_write_X509_CRL(in_file.get(), crl.get()); + } + + void TearDown() override { + if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { + RemoveFile(in_path); + RemoveFile(out_path_tool); + RemoveFile(out_path_openssl); } + } - char in_path[PATH_MAX]; - char out_path_tool[PATH_MAX]; - char out_path_openssl[PATH_MAX]; - const char* tool_executable_path; - const char* openssl_executable_path; - std::string tool_output_str; - std::string openssl_output_str; - bssl::UniquePtr crl; + char in_path[PATH_MAX]; + char out_path_tool[PATH_MAX]; + char out_path_openssl[PATH_MAX]; + const char *tool_executable_path; + const char *openssl_executable_path; + std::string tool_output_str; + std::string openssl_output_str; + bssl::UniquePtr crl; }; // Test against OpenSSL output "openssl crl -in file" -TEST_F(CRLComparisonTest, CRLToolCompareOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " crl -in " + in_path + " > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " crl -in " + in_path + " > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); +TEST_F(CRLComparisonTest, Basic) { + std::string tool_command = std::string(tool_executable_path) + " crl -in " + + in_path + " > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " crl -in " + in_path + " > " + + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } // Test against OpenSSL output "openssl crl -in file -hash -fingerprint" -TEST_F(CRLComparisonTest, CRLToolCompareHashFingerprintOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " crl -in " + in_path + " -hash -fingerprint > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " crl -in " + in_path + " -hash -fingerprint > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); +TEST_F(CRLComparisonTest, HashFingerprint) { + std::string tool_command = std::string(tool_executable_path) + " crl -in " + + in_path + " -hash -fingerprint > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " crl -in " + in_path + + " -hash -fingerprint > " + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } // Test against OpenSSL output "openssl crl -in file -hash -fingerprint -noout" -TEST_F(CRLComparisonTest, CRLToolCompareHashFingerprintNoOutOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " crl -in " + in_path + " -hash -fingerprint -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " crl -in " + in_path + " -hash -fingerprint -noout > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); +TEST_F(CRLComparisonTest, HashFingerprintNoOut) { + std::string tool_command = std::string(tool_executable_path) + " crl -in " + + in_path + " -hash -fingerprint -noout > " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " crl -in " + in_path + + " -hash -fingerprint -noout > " + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } // Test against OpenSSL output "openssl crl -in file -fingerprint -hash" -TEST_F(CRLComparisonTest, CRLToolCompareReorderedHashFingerprintOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " crl -in " + in_path + " -fingerprint -hash > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " crl -in " + in_path + " -fingerprint -hash > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); +TEST_F(CRLComparisonTest, ReorderedHashFingerprint) { + std::string tool_command = std::string(tool_executable_path) + " crl -in " + + in_path + " -fingerprint -hash > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " crl -in " + in_path + + " -fingerprint -hash > " + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } // Test against OpenSSL output "openssl crl -in file -fingerprint -hash -noout" -TEST_F(CRLComparisonTest, CRLToolCompareReorderedHashFingerprintNoOutOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " crl -in " + in_path + " -fingerprint -hash -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " crl -in " + in_path + " -fingerprint -hash -noout > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); +TEST_F(CRLComparisonTest, ReorderedHashFingerprintNoOut) { + std::string tool_command = std::string(tool_executable_path) + " crl -in " + + in_path + " -fingerprint -hash -noout > " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " crl -in " + in_path + + " -fingerprint -hash -noout > " + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } // Test against OpenSSL output "openssl crl -in file -noout -fingerprint -hash" -TEST_F(CRLComparisonTest, CRLToolCompareReorderedNoOutHashFingerprintOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " crl -in " + in_path + " -noout -fingerprint -hash > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " crl -in " + in_path + " -noout -fingerprint -hash > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); +TEST_F(CRLComparisonTest, ReorderedNoOutHashFingerprint) { + std::string tool_command = std::string(tool_executable_path) + " crl -in " + + in_path + " -noout -fingerprint -hash > " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " crl -in " + in_path + + " -noout -fingerprint -hash > " + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } diff --git a/tool-openssl/dgst.cc b/tool-openssl/dgst.cc index 816d052d88..17650c1a58 100644 --- a/tool-openssl/dgst.cc +++ b/tool-openssl/dgst.cc @@ -289,14 +289,24 @@ static bool VerifySignature(EVP_PKEY *pkey, FILE *in_file, EVP_DigestVerifyFinal(ctx.get(), signature.data(), signature.size()); if (result > 0) { - BIO_printf(out_bio, "Verified OK\n"); + if (BIO_printf(out_bio, "Verified OK\n") <= 0) { + goto end; + } } else if (result == 0) { - BIO_printf(out_bio, "Verification failure\n"); + if (BIO_printf(out_bio, "Verification failure\n") <= 0) { + goto end; + } } else { - BIO_printf(out_bio, "Error verifying data\n"); + if (BIO_printf(out_bio, "Error verifying data\n") <= 0) { + goto end; + } } return true; + +end: + fprintf(stderr, "Error writing output to %s.\n", in_path.c_str()); + return false; } static bool WriteOutput(BIO *out_bio, const std::vector &data, @@ -304,27 +314,47 @@ static bool WriteOutput(BIO *out_bio, const std::vector &data, const std::string &digest_name, const std::string &in_path, bool out_bin) { if (out_bin) { - BIO_write(out_bio, data.data(), data.size()); + if (BIO_write(out_bio, data.data(), data.size()) <= 0) { + goto end; + } } else { if (!sig_name.empty()) { - BIO_printf(out_bio, "%s-%s", sig_name.c_str(), digest_name.c_str()); + if (BIO_printf(out_bio, "%s-%s", sig_name.c_str(), digest_name.c_str()) <= + 0) { + goto end; + } } else { - BIO_printf(out_bio, "%s", digest_name.c_str()); + if (BIO_printf(out_bio, "%s", digest_name.c_str()) <= 0) { + goto end; + } } if (!in_path.empty()) { - BIO_printf(out_bio, "(%s)=", in_path.c_str()); + if (BIO_printf(out_bio, "(%s)=", in_path.c_str()) <= 0) { + goto end; + } } else { - BIO_printf(out_bio, "(stdin)="); + if (BIO_printf(out_bio, "(stdin)=") <= 0) { + goto end; + } } for (size_t i = 0; i < data.size(); i++) { - BIO_printf(out_bio, "%02x", data[i]); + if (BIO_printf(out_bio, "%02x", data[i]) <= 0) { + goto end; + } + } + + if (BIO_printf(out_bio, "\n") <= 0) { + goto end; } - BIO_printf(out_bio, "\n"); } return true; + +end: + fprintf(stderr, "Error writing output to %s.\n", in_path.c_str()); + return false; } static bool dgstToolInternal(const args_list_t &args, const EVP_MD *digest) { diff --git a/tool-openssl/dhparam_test.cc b/tool-openssl/dhparam_test.cc index 2d4af212b3..53855bef44 100644 --- a/tool-openssl/dhparam_test.cc +++ b/tool-openssl/dhparam_test.cc @@ -3,13 +3,13 @@ #include #include +#include #include -#include #include -#include +#include +#include "../crypto/test/test_util.h" #include "internal.h" #include "test_util.h" -#include "../crypto/test/test_util.h" namespace { @@ -21,20 +21,20 @@ struct BitSizeTestParams { unsigned numbits; std::string test_name; - BitSizeTestParams(unsigned bits, const std::string& name) - : numbits(bits), test_name(name) {} + BitSizeTestParams(unsigned bits, const std::string &name) + : numbits(bits), test_name(name) {} }; // Custom PrintTo function to avoid Valgrind padding issues -void PrintTo(const BitSizeTestParams& params, std::ostream* os) { - *os << "BitSizeTestParams{numbits=" << params.numbits - << ", test_name=\"" << params.test_name << "\"}"; +void PrintTo(const BitSizeTestParams ¶ms, std::ostream *os) { + *os << "BitSizeTestParams{numbits=" << params.numbits << ", test_name=\"" + << params.test_name << "\"}"; } // -------------------- Basic Dhparam Functionality Tests --------------------- class DhparamTest : public ::testing::Test { -protected: + protected: void SetUp() override { ASSERT_GT(createTempFILEpath(out_path), 0u); ASSERT_GT(createTempFILEpath(in_path), 0u); @@ -45,8 +45,8 @@ class DhparamTest : public ::testing::Test { RemoveFile(in_path); } - char out_path[PATH_MAX] = {}; - char in_path[PATH_MAX] = {}; + char out_path[PATH_MAX]; + char in_path[PATH_MAX]; }; // Test help option @@ -64,13 +64,15 @@ TEST_F(DhparamTest, BasicGeneration) { // Validate it's actually parseable DH parameters in PEM format bssl::UniquePtr bio(BIO_new_file(out_path, "r")); ASSERT_TRUE(bio) << "Cannot open output file"; - bssl::UniquePtr dh(PEM_read_bio_DHparams(bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr dh( + PEM_read_bio_DHparams(bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(dh) << "Output is not valid DH parameters"; // Verify bit size const BIGNUM *p = DH_get0_p(dh.get()); ASSERT_TRUE(p); - ASSERT_EQ(512u, static_cast(BN_num_bits(p))) << "Wrong bit size in output"; + ASSERT_EQ(512u, static_cast(BN_num_bits(p))) + << "Wrong bit size in output"; // Verify generator is 2 const BIGNUM *g = DH_get0_g(dh.get()); @@ -84,11 +86,13 @@ TEST_F(DhparamTest, GenerateVariousSizes) { for (unsigned bits : bit_sizes) { args_list_t args = {"-out", out_path, std::to_string(bits)}; - EXPECT_TRUE(dhparamTool(args)) << "Failed to generate " << bits << "-bit parameters"; + EXPECT_TRUE(dhparamTool(args)) + << "Failed to generate " << bits << "-bit parameters"; bssl::UniquePtr bio(BIO_new_file(out_path, "r")); ASSERT_TRUE(bio); - bssl::UniquePtr dh(PEM_read_bio_DHparams(bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr dh( + PEM_read_bio_DHparams(bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(dh) << "Failed to parse " << bits << "-bit parameters"; const BIGNUM *p = DH_get0_p(dh.get()); @@ -102,7 +106,8 @@ TEST_F(DhparamTest, NooutFlag) { args_list_t args = {"-noout", "-out", out_path, "512"}; EXPECT_TRUE(dhparamTool(args)) << "dhparam -noout failed"; - EXPECT_TRUE(ReadFileToString(out_path).empty()) << "Output file should be empty with -noout"; + EXPECT_TRUE(ReadFileToString(out_path).empty()) + << "Output file should be empty with -noout"; } // Test -text flag @@ -113,10 +118,12 @@ TEST_F(DhparamTest, TextOutput) { std::string output = ReadFileToString(out_path); EXPECT_FALSE(output.empty()) << "Text output should not be empty"; - EXPECT_NE(output.find("DH Parameters:"), std::string::npos) << "Missing 'DH Parameters:' in output"; + EXPECT_NE(output.find("DH Parameters:"), std::string::npos) + << "Missing 'DH Parameters:' in output"; EXPECT_NE(output.find("P:"), std::string::npos) << "Missing 'P:' in output"; EXPECT_NE(output.find("G:"), std::string::npos) << "Missing 'G:' in output"; - EXPECT_NE(output.find("512 bit"), std::string::npos) << "Missing bit size in output"; + EXPECT_NE(output.find("512 bit"), std::string::npos) + << "Missing bit size in output"; } // Test -text with encoded output @@ -127,9 +134,12 @@ TEST_F(DhparamTest, TextWithEncodedOutput) { std::string output = ReadFileToString(out_path); EXPECT_FALSE(output.empty()); - EXPECT_NE(output.find("DH Parameters:"), std::string::npos) << "Missing text output"; - EXPECT_NE(output.find("-----BEGIN DH PARAMETERS-----"), std::string::npos) << "Missing PEM output"; - EXPECT_NE(output.find("-----END DH PARAMETERS-----"), std::string::npos) << "Missing PEM end marker"; + EXPECT_NE(output.find("DH Parameters:"), std::string::npos) + << "Missing text output"; + EXPECT_NE(output.find("-----BEGIN DH PARAMETERS-----"), std::string::npos) + << "Missing PEM output"; + EXPECT_NE(output.find("-----END DH PARAMETERS-----"), std::string::npos) + << "Missing PEM end marker"; } // Test DER output format @@ -147,7 +157,8 @@ TEST_F(DhparamTest, DEROutputFormat) { // Verify bit size const BIGNUM *p = DH_get0_p(dh.get()); ASSERT_TRUE(p); - ASSERT_EQ(512u, static_cast(BN_num_bits(p))) << "Wrong bit size in DER output"; + ASSERT_EQ(512u, static_cast(BN_num_bits(p))) + << "Wrong bit size in DER output"; } // Test reading PEM parameters @@ -171,7 +182,8 @@ TEST_F(DhparamTest, ReadDERParameters) { ASSERT_TRUE(dhparamTool(gen_args)); // Now read them back - args_list_t read_args = {"-inform", "DER", "-in", in_path, "-text", "-noout", "-out", out_path}; + args_list_t read_args = {"-inform", "DER", "-in", in_path, + "-text", "-noout", "-out", out_path}; EXPECT_TRUE(dhparamTool(read_args)) << "Failed to read DER parameters"; std::string output = ReadFileToString(out_path); @@ -185,7 +197,8 @@ TEST_F(DhparamTest, ConvertPEMtoDER) { ASSERT_TRUE(dhparamTool(gen_args)); // Convert to DER - args_list_t convert_args = {"-in", in_path, "-inform", "PEM", "-outform", "DER", "-out", out_path}; + args_list_t convert_args = {"-in", in_path, "-inform", "PEM", + "-outform", "DER", "-out", out_path}; EXPECT_TRUE(dhparamTool(convert_args)) << "PEM to DER conversion failed"; // Verify DER output @@ -202,7 +215,8 @@ TEST_F(DhparamTest, ConvertDERtoPEM) { ASSERT_TRUE(dhparamTool(gen_args)); // Convert to PEM - args_list_t convert_args = {"-in", in_path, "-inform", "DER", "-outform", "PEM", "-out", out_path}; + args_list_t convert_args = {"-in", in_path, "-inform", "DER", + "-outform", "PEM", "-out", out_path}; EXPECT_TRUE(dhparamTool(convert_args)) << "DER to PEM conversion failed"; // Verify PEM output @@ -212,7 +226,8 @@ TEST_F(DhparamTest, ConvertDERtoPEM) { bssl::UniquePtr bio(BIO_new_file(out_path, "r")); ASSERT_TRUE(bio); - bssl::UniquePtr dh(PEM_read_bio_DHparams(bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr dh( + PEM_read_bio_DHparams(bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(dh) << "Converted output is not valid PEM"; } @@ -225,7 +240,8 @@ TEST_F(DhparamTest, RoundTrip) { // Load the original bssl::UniquePtr bio1(BIO_new_file(in_path, "r")); ASSERT_TRUE(bio1); - bssl::UniquePtr dh1(PEM_read_bio_DHparams(bio1.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr dh1( + PEM_read_bio_DHparams(bio1.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(dh1); // Read and re-save @@ -235,7 +251,8 @@ TEST_F(DhparamTest, RoundTrip) { // Load the re-saved version bssl::UniquePtr bio2(BIO_new_file(out_path, "r")); ASSERT_TRUE(bio2); - bssl::UniquePtr dh2(PEM_read_bio_DHparams(bio2.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr dh2( + PEM_read_bio_DHparams(bio2.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(dh2); // Compare parameters @@ -245,22 +262,19 @@ TEST_F(DhparamTest, RoundTrip) { const BIGNUM *g2 = DH_get0_g(dh2.get()); ASSERT_EQ(0, BN_cmp(p1, p2)) << "Prime values don't match after round-trip"; - ASSERT_EQ(0, BN_cmp(g1, g2)) << "Generator values don't match after round-trip"; + ASSERT_EQ(0, BN_cmp(g1, g2)) + << "Generator values don't match after round-trip"; } // -------------------- Error Handling Tests ---------------------------------- class DhparamErrorTest : public ::testing::Test { -protected: - void SetUp() override { - ASSERT_GT(createTempFILEpath(out_path), 0u); - } + protected: + void SetUp() override { ASSERT_GT(createTempFILEpath(out_path), 0u); } - void TearDown() override { - RemoveFile(out_path); - } + void TearDown() override { RemoveFile(out_path); } - char out_path[PATH_MAX] = {}; + char out_path[PATH_MAX]; }; // Test invalid bit size (too small) @@ -301,94 +315,95 @@ TEST_F(DhparamErrorTest, ConflictingOptions) { // Now try to use both numbits and -in args_list_t args = {"-in", out_path, "1024"}; - EXPECT_FALSE(dhparamTool(args)) << "Should fail when both numbits and -in are specified"; + EXPECT_FALSE(dhparamTool(args)) + << "Should fail when both numbits and -in are specified"; } // Test too many arguments TEST_F(DhparamErrorTest, TooManyArguments) { args_list_t args = {"512", "1024"}; - EXPECT_FALSE(dhparamTool(args)) << "Should fail with multiple numbits arguments"; + EXPECT_FALSE(dhparamTool(args)) + << "Should fail with multiple numbits arguments"; } // -------------------- OpenSSL Comparison Tests ------------------------------ // Parameterized tests for bit size generation comparison -class DhparamBitSizeComparisonTest : public ::testing::Test, - public ::testing::WithParamInterface { -protected: +class DhparamBitSizeComparisonTest + : public ::testing::Test, + public ::testing::WithParamInterface { + protected: void SetUp() override { - memset(out_path_tool, '\0', PATH_MAX); - memset(out_path_openssl, '\0', PATH_MAX); tool_executable_path = getenv("AWSLC_TOOL_PATH"); openssl_executable_path = getenv("OPENSSL_TOOL_PATH"); if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { - GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH environment variables are not set"; + GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " + "environment variables are not set"; } ASSERT_GT(createTempFILEpath(out_path_tool), 0u); ASSERT_GT(createTempFILEpath(out_path_openssl), 0u); } void TearDown() override { - if (strnlen(out_path_tool, PATH_MAX) > 0) { + if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { RemoveFile(out_path_tool); - } - if (strnlen(out_path_openssl, PATH_MAX) > 0) { RemoveFile(out_path_openssl); } } - const char* tool_executable_path; - const char* openssl_executable_path; - char out_path_tool[PATH_MAX] = {}; - char out_path_openssl[PATH_MAX] = {}; + const char *tool_executable_path; + const char *openssl_executable_path; + char out_path_tool[PATH_MAX]; + char out_path_openssl[PATH_MAX]; }; TEST_P(DhparamBitSizeComparisonTest, CrossCompatibility) { - const auto& params = GetParam(); + const auto ¶ms = GetParam(); // Generate with AWS-LC - std::string tool_command = std::string(tool_executable_path) + " dhparam -out " + - out_path_tool + " " + std::to_string(params.numbits); + std::string tool_command = std::string(tool_executable_path) + + " dhparam -out " + out_path_tool + " " + + std::to_string(params.numbits); ASSERT_EQ(system(tool_command.c_str()), 0) << "AWS-LC generation failed"; // Verify OpenSSL can read AWS-LC generated parameters - std::string openssl_read = std::string(openssl_executable_path) + " dhparam -in " + - out_path_tool + " -noout"; - ASSERT_EQ(system(openssl_read.c_str()), 0) << "OpenSSL cannot read AWS-LC generated parameters"; + std::string openssl_read = std::string(openssl_executable_path) + + " dhparam -in " + out_path_tool + " -noout"; + ASSERT_EQ(system(openssl_read.c_str()), 0) + << "OpenSSL cannot read AWS-LC generated parameters"; // Generate with OpenSSL (can be slow, especially for larger sizes) - std::string openssl_command = std::string(openssl_executable_path) + " dhparam -out " + - out_path_openssl + " " + std::to_string(params.numbits); + std::string openssl_command = std::string(openssl_executable_path) + + " dhparam -out " + out_path_openssl + " " + + std::to_string(params.numbits); ASSERT_EQ(system(openssl_command.c_str()), 0) << "OpenSSL generation failed"; // Verify AWS-LC can read OpenSSL generated parameters std::string tool_read = std::string(tool_executable_path) + " dhparam -in " + - out_path_openssl + " -noout"; - ASSERT_EQ(system(tool_read.c_str()), 0) << "AWS-LC cannot read OpenSSL generated parameters"; + out_path_openssl + " -noout"; + ASSERT_EQ(system(tool_read.c_str()), 0) + << "AWS-LC cannot read OpenSSL generated parameters"; } -INSTANTIATE_TEST_SUITE_P(BitSizeTests, DhparamBitSizeComparisonTest, - ::testing::Values( - BitSizeTestParams{512, "Bits512"}, - BitSizeTestParams{1024, "Bits1024"} - // Note: 2048 is slow and may not be suitable for regular testing - ), - [](const ::testing::TestParamInfo& info) { - return info.param.test_name; - } -); +INSTANTIATE_TEST_SUITE_P( + BitSizeTests, DhparamBitSizeComparisonTest, + ::testing::Values( + BitSizeTestParams{512, "Bits512"}, BitSizeTestParams{1024, "Bits1024"} + // Note: 2048 is slow and may not be suitable for regular testing + ), + [](const ::testing::TestParamInfo &info) { + return info.param.test_name; + }); // Additional specialized comparison tests class DhparamComparisonTest : public ::testing::Test { -protected: + protected: void SetUp() override { - memset(out_path_tool, '\0', PATH_MAX); - memset(out_path_openssl, '\0', PATH_MAX); - memset(params_path, '\0', PATH_MAX); tool_executable_path = getenv("AWSLC_TOOL_PATH"); openssl_executable_path = getenv("OPENSSL_TOOL_PATH"); if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { - GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH environment variables are not set"; + GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " + "environment variables are not set"; } ASSERT_GT(createTempFILEpath(out_path_tool), 0u); ASSERT_GT(createTempFILEpath(out_path_openssl), 0u); @@ -396,28 +411,26 @@ class DhparamComparisonTest : public ::testing::Test { } void TearDown() override { - if (strnlen(out_path_tool, PATH_MAX) > 0) { + if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { RemoveFile(out_path_tool); - } - if (strnlen(out_path_openssl, PATH_MAX) > 0) { RemoveFile(out_path_openssl); - } - if (strnlen(params_path, PATH_MAX) > 0) { RemoveFile(params_path); } } - const char* tool_executable_path; - const char* openssl_executable_path; - char out_path_tool[PATH_MAX] = {}; - char out_path_openssl[PATH_MAX] = {}; - char params_path[PATH_MAX] = {}; + const char *tool_executable_path; + const char *openssl_executable_path; + char out_path_tool[PATH_MAX]; + char out_path_openssl[PATH_MAX]; + char params_path[PATH_MAX]; }; // Test -noout flag comparison TEST_F(DhparamComparisonTest, NooutComparison) { - std::string tool_command = std::string(tool_executable_path) + " dhparam -noout 512 > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " dhparam -noout 512 > " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + + " dhparam -noout 512 > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " dhparam -noout 512 > " + out_path_openssl; ASSERT_EQ(system(tool_command.c_str()), 0); ASSERT_EQ(system(openssl_command.c_str()), 0); @@ -428,36 +441,43 @@ TEST_F(DhparamComparisonTest, NooutComparison) { // Test DER format output comparison TEST_F(DhparamComparisonTest, DERFormatComparison) { // Generate parameters - std::string gen_command = std::string(tool_executable_path) + " dhparam -out " + params_path + " 512"; + std::string gen_command = std::string(tool_executable_path) + + " dhparam -out " + params_path + " 512"; ASSERT_EQ(system(gen_command.c_str()), 0); // Convert to DER with both tools - std::string tool_command = std::string(tool_executable_path) + " dhparam -in " + params_path + - " -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " dhparam -in " + params_path + - " -outform DER -out " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + + " dhparam -in " + params_path + + " -outform DER -out " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " dhparam -in " + params_path + + " -outform DER -out " + out_path_openssl; ASSERT_EQ(system(tool_command.c_str()), 0); ASSERT_EQ(system(openssl_command.c_str()), 0); // DER output should be byte-for-byte identical - ASSERT_EQ(ReadFileToString(out_path_tool), ReadFileToString(out_path_openssl)); + ASSERT_EQ(ReadFileToString(out_path_tool), + ReadFileToString(out_path_openssl)); } // Test PEM format round-trip compatibility TEST_F(DhparamComparisonTest, PEMRoundTripCompatibility) { // Generate with AWS-LC - std::string gen_command = std::string(tool_executable_path) + " dhparam -out " + params_path + " 512"; + std::string gen_command = std::string(tool_executable_path) + + " dhparam -out " + params_path + " 512"; ASSERT_EQ(system(gen_command.c_str()), 0); // Read with OpenSSL and output - std::string openssl_command = std::string(openssl_executable_path) + " dhparam -in " + params_path + - " -out " + out_path_openssl; + std::string openssl_command = std::string(openssl_executable_path) + + " dhparam -in " + params_path + " -out " + + out_path_openssl; ASSERT_EQ(system(openssl_command.c_str()), 0); // Read OpenSSL output with AWS-LC - std::string tool_command = std::string(tool_executable_path) + " dhparam -in " + out_path_openssl + - " -out " + out_path_tool; + std::string tool_command = std::string(tool_executable_path) + + " dhparam -in " + out_path_openssl + " -out " + + out_path_tool; ASSERT_EQ(system(tool_command.c_str()), 0); // Outputs should match (trimmed for whitespace differences) @@ -469,14 +489,17 @@ TEST_F(DhparamComparisonTest, PEMRoundTripCompatibility) { // Test text output format compatibility (structure only, not exact match) TEST_F(DhparamComparisonTest, TextOutputStructure) { // Generate parameters - std::string gen_command = std::string(tool_executable_path) + " dhparam -out " + params_path + " 512"; + std::string gen_command = std::string(tool_executable_path) + + " dhparam -out " + params_path + " 512"; ASSERT_EQ(system(gen_command.c_str()), 0); // Get text output from both tools - std::string tool_command = std::string(tool_executable_path) + " dhparam -in " + params_path + - " -text -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " dhparam -in " + params_path + - " -text -noout > " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + + " dhparam -in " + params_path + + " -text -noout > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " dhparam -in " + params_path + + " -text -noout > " + out_path_openssl; ASSERT_EQ(system(tool_command.c_str()), 0); ASSERT_EQ(system(openssl_command.c_str()), 0); @@ -498,21 +521,25 @@ TEST_F(DhparamComparisonTest, TextOutputStructure) { // Test format conversion compatibility TEST_F(DhparamComparisonTest, FormatConversionCompatibility) { // Generate PEM with AWS-LC - std::string gen_command = std::string(tool_executable_path) + " dhparam -out " + params_path + " 512"; + std::string gen_command = std::string(tool_executable_path) + + " dhparam -out " + params_path + " 512"; ASSERT_EQ(system(gen_command.c_str()), 0); // Convert PEM to DER with AWS-LC - std::string awslc_convert = std::string(tool_executable_path) + " dhparam -in " + params_path + - " -outform DER -out " + out_path_tool; + std::string awslc_convert = std::string(tool_executable_path) + + " dhparam -in " + params_path + + " -outform DER -out " + out_path_tool; ASSERT_EQ(system(awslc_convert.c_str()), 0); // Convert same PEM to DER with OpenSSL - std::string openssl_convert = std::string(openssl_executable_path) + " dhparam -in " + params_path + - " -outform DER -out " + out_path_openssl; + std::string openssl_convert = std::string(openssl_executable_path) + + " dhparam -in " + params_path + + " -outform DER -out " + out_path_openssl; ASSERT_EQ(system(openssl_convert.c_str()), 0); // DER outputs should be identical - ASSERT_EQ(ReadFileToString(out_path_tool), ReadFileToString(out_path_openssl)); + ASSERT_EQ(ReadFileToString(out_path_tool), + ReadFileToString(out_path_openssl)); } } // namespace diff --git a/tool-openssl/ec_test.cc b/tool-openssl/ec_test.cc index 814a8045a3..feb379185a 100644 --- a/tool-openssl/ec_test.cc +++ b/tool-openssl/ec_test.cc @@ -2,14 +2,15 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC #include -#include #include +#include +#include "../crypto/test/test_util.h" #include "internal.h" #include "test_util.h" -#include "../crypto/test/test_util.h" -static EC_KEY* CreateTestECKey() { - bssl::UniquePtr ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); +static EC_KEY *CreateTestECKey() { + bssl::UniquePtr ec_key( + EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); if (!ec_key || !EC_KEY_generate_key(ec_key.get())) { return nullptr; } @@ -17,7 +18,7 @@ static EC_KEY* CreateTestECKey() { } class ECTest : public ::testing::Test { -protected: + protected: void SetUp() override { ASSERT_GT(createTempFILEpath(pem_key_path), 0u); ASSERT_GT(createTempFILEpath(der_key_path), 0u); @@ -28,14 +29,20 @@ class ECTest : public ::testing::Test { if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { ASSERT_GT(createTempFILEpath(out_path_openssl), 0u); - + // Use OpenSSL to generate test keys for better cross-compatibility - std::string pem_cmd = std::string(openssl_executable_path) + " ecparam -genkey -name prime256v1 -out " + pem_key_path; - std::string der_cmd = std::string(openssl_executable_path) + " ecparam -genkey -name prime256v1 | " + - std::string(openssl_executable_path) + " ec -outform DER -out " + der_key_path; - - ASSERT_EQ(system(pem_cmd.c_str()), 0) << "Failed to generate PEM key with OpenSSL"; - ASSERT_EQ(system(der_cmd.c_str()), 0) << "Failed to generate DER key with OpenSSL"; + std::string pem_cmd = std::string(openssl_executable_path) + + " ecparam -genkey -name prime256v1 -out " + + pem_key_path; + std::string der_cmd = std::string(openssl_executable_path) + + " ecparam -genkey -name prime256v1 | " + + std::string(openssl_executable_path) + + " ec -outform DER -out " + der_key_path; + + ASSERT_EQ(system(pem_cmd.c_str()), 0) + << "Failed to generate PEM key with OpenSSL"; + ASSERT_EQ(system(der_cmd.c_str()), 0) + << "Failed to generate DER key with OpenSSL"; } else { // Fallback to AWS-LC key generation ec_key.reset(CreateTestECKey()); @@ -43,7 +50,8 @@ class ECTest : public ::testing::Test { bssl::UniquePtr pem_bio(BIO_new_file(pem_key_path, "wb")); ASSERT_TRUE(pem_bio); - ASSERT_TRUE(PEM_write_bio_ECPrivateKey(pem_bio.get(), ec_key.get(), nullptr, nullptr, 0, nullptr, nullptr)); + ASSERT_TRUE(PEM_write_bio_ECPrivateKey( + pem_bio.get(), ec_key.get(), nullptr, nullptr, 0, nullptr, nullptr)); BIO_flush(pem_bio.get()); bssl::UniquePtr der_bio(BIO_new_file(der_key_path, "wb")); @@ -66,65 +74,72 @@ class ECTest : public ::testing::Test { char der_key_path[PATH_MAX]; char out_path[PATH_MAX]; char out_path_openssl[PATH_MAX]; - const char* tool_executable_path; - const char* openssl_executable_path; + const char *tool_executable_path; + const char *openssl_executable_path; bssl::UniquePtr ec_key; }; TEST_F(ECTest, ReadPEMOutputPEM) { args_list_t args = {"-in", pem_key_path, "-out", out_path}; ASSERT_TRUE(ecTool(args)); - + bssl::UniquePtr out_bio(BIO_new_file(out_path, "rb")); ASSERT_TRUE(out_bio); - bssl::UniquePtr parsed_key(PEM_read_bio_ECPrivateKey(out_bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_key( + PEM_read_bio_ECPrivateKey(out_bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_key); } TEST_F(ECTest, ReadPEMOutputDER) { args_list_t args = {"-in", pem_key_path, "-outform", "DER", "-out", out_path}; ASSERT_TRUE(ecTool(args)); - + bssl::UniquePtr out_bio(BIO_new_file(out_path, "rb")); ASSERT_TRUE(out_bio); - bssl::UniquePtr parsed_key(d2i_ECPrivateKey_bio(out_bio.get(), nullptr)); + bssl::UniquePtr parsed_key( + d2i_ECPrivateKey_bio(out_bio.get(), nullptr)); ASSERT_TRUE(parsed_key); } TEST_F(ECTest, ReadDEROutputPEM) { args_list_t args = {"-in", der_key_path, "-inform", "DER", "-out", out_path}; ASSERT_TRUE(ecTool(args)); - + bssl::UniquePtr out_bio(BIO_new_file(out_path, "rb")); ASSERT_TRUE(out_bio); - bssl::UniquePtr parsed_key(PEM_read_bio_ECPrivateKey(out_bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_key( + PEM_read_bio_ECPrivateKey(out_bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_key); } TEST_F(ECTest, ReadDEROutputDER) { - args_list_t args = {"-in", der_key_path, "-inform", "DER", "-outform", "DER", "-out", out_path}; + args_list_t args = {"-in", der_key_path, "-inform", "DER", + "-outform", "DER", "-out", out_path}; ASSERT_TRUE(ecTool(args)); - + bssl::UniquePtr out_bio(BIO_new_file(out_path, "rb")); ASSERT_TRUE(out_bio); - bssl::UniquePtr parsed_key(d2i_ECPrivateKey_bio(out_bio.get(), nullptr)); + bssl::UniquePtr parsed_key( + d2i_ECPrivateKey_bio(out_bio.get(), nullptr)); ASSERT_TRUE(parsed_key); } TEST_F(ECTest, PublicKeyExtractionPEM) { args_list_t args = {"-in", pem_key_path, "-pubout", "-out", out_path}; ASSERT_TRUE(ecTool(args)); - + bssl::UniquePtr out_bio(BIO_new_file(out_path, "rb")); ASSERT_TRUE(out_bio); - bssl::UniquePtr parsed_key(PEM_read_bio_EC_PUBKEY(out_bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_key( + PEM_read_bio_EC_PUBKEY(out_bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_key); } TEST_F(ECTest, PublicKeyExtractionDER) { - args_list_t args = {"-in", der_key_path, "-inform", "DER", "-pubout", "-outform", "DER", "-out", out_path}; + args_list_t args = {"-in", der_key_path, "-inform", "DER", "-pubout", + "-outform", "DER", "-out", out_path}; ASSERT_TRUE(ecTool(args)); - + bssl::UniquePtr out_bio(BIO_new_file(out_path, "rb")); ASSERT_TRUE(out_bio); bssl::UniquePtr parsed_key(d2i_EC_PUBKEY_bio(out_bio.get(), nullptr)); @@ -138,10 +153,12 @@ TEST_F(ECTest, RoundTripPEMtoDERtoPEM) { // Load original key for comparison bssl::UniquePtr orig_bio(BIO_new_file(pem_key_path, "rb")); ASSERT_TRUE(orig_bio); - bssl::UniquePtr orig_key(PEM_read_bio_ECPrivateKey(orig_bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr orig_key( + PEM_read_bio_ECPrivateKey(orig_bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(orig_key); - args_list_t args1 = {"-in", pem_key_path, "-outform", "DER", "-out", temp_der}; + args_list_t args1 = {"-in", pem_key_path, "-outform", + "DER", "-out", temp_der}; ASSERT_TRUE(ecTool(args1)); args_list_t args2 = {"-in", temp_der, "-inform", "DER", "-out", out_path}; @@ -149,14 +166,15 @@ TEST_F(ECTest, RoundTripPEMtoDERtoPEM) { bssl::UniquePtr out_bio(BIO_new_file(out_path, "rb")); ASSERT_TRUE(out_bio); - bssl::UniquePtr parsed_key(PEM_read_bio_ECPrivateKey(out_bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_key( + PEM_read_bio_ECPrivateKey(out_bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_key); // Validate key content matches const BIGNUM *orig_priv = EC_KEY_get0_private_key(orig_key.get()); const BIGNUM *parsed_priv = EC_KEY_get0_private_key(parsed_key.get()); ASSERT_EQ(BN_cmp(orig_priv, parsed_priv), 0); - + RemoveFile(temp_der); } @@ -167,7 +185,8 @@ TEST_F(ECTest, RoundTripDERtoPEMtoDER) { // Load original key for comparison bssl::UniquePtr orig_bio(BIO_new_file(der_key_path, "rb")); ASSERT_TRUE(orig_bio); - bssl::UniquePtr orig_key(d2i_ECPrivateKey_bio(orig_bio.get(), nullptr)); + bssl::UniquePtr orig_key( + d2i_ECPrivateKey_bio(orig_bio.get(), nullptr)); ASSERT_TRUE(orig_key); args_list_t args1 = {"-in", der_key_path, "-inform", "DER", "-out", temp_pem}; @@ -178,14 +197,15 @@ TEST_F(ECTest, RoundTripDERtoPEMtoDER) { bssl::UniquePtr out_bio(BIO_new_file(out_path, "rb")); ASSERT_TRUE(out_bio); - bssl::UniquePtr parsed_key(d2i_ECPrivateKey_bio(out_bio.get(), nullptr)); + bssl::UniquePtr parsed_key( + d2i_ECPrivateKey_bio(out_bio.get(), nullptr)); ASSERT_TRUE(parsed_key); // Validate key content matches const BIGNUM *orig_priv = EC_KEY_get0_private_key(orig_key.get()); const BIGNUM *parsed_priv = EC_KEY_get0_private_key(parsed_key.get()); ASSERT_EQ(BN_cmp(orig_priv, parsed_priv), 0); - + RemoveFile(temp_pem); } @@ -200,18 +220,22 @@ TEST_F(ECTest, InvalidInputFile) { } TEST_F(ECTest, InvalidOutputPath) { - args_list_t args = {"-in", pem_key_path, "-out", "/nonexistent/dir/output.pem"}; + args_list_t args = {"-in", pem_key_path, "-out", + "/nonexistent/dir/output.pem"}; ASSERT_FALSE(ecTool(args)); } TEST_F(ECTest, CompareWithOpenSSLPEMOutput) { if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { - GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH environment variables are not set"; + GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " + "environment variables are not set"; } - std::string tool_cmd = std::string(tool_executable_path) + " ec -in " + pem_key_path + " -out " + out_path; - std::string openssl_cmd = std::string(openssl_executable_path) + " ec -in " + pem_key_path + " -out " + out_path_openssl; - + std::string tool_cmd = std::string(tool_executable_path) + " ec -in " + + pem_key_path + " -out " + out_path; + std::string openssl_cmd = std::string(openssl_executable_path) + " ec -in " + + pem_key_path + " -out " + out_path_openssl; + ASSERT_EQ(system(tool_cmd.c_str()), 0); ASSERT_EQ(system(openssl_cmd.c_str()), 0); @@ -220,20 +244,26 @@ TEST_F(ECTest, CompareWithOpenSSLPEMOutput) { ASSERT_TRUE(tool_bio); ASSERT_TRUE(openssl_bio); - bssl::UniquePtr tool_key(PEM_read_bio_ECPrivateKey(tool_bio.get(), nullptr, nullptr, nullptr)); - bssl::UniquePtr openssl_key(PEM_read_bio_ECPrivateKey(openssl_bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_key( + PEM_read_bio_ECPrivateKey(tool_bio.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr openssl_key( + PEM_read_bio_ECPrivateKey(openssl_bio.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_key); ASSERT_TRUE(openssl_key); } TEST_F(ECTest, CompareWithOpenSSLDEROutput) { if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { - GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH environment variables are not set"; + GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " + "environment variables are not set"; } - std::string tool_cmd = std::string(tool_executable_path) + " ec -in " + pem_key_path + " -outform DER -out " + out_path; - std::string openssl_cmd = std::string(openssl_executable_path) + " ec -in " + pem_key_path + " -outform DER -out " + out_path_openssl; - + std::string tool_cmd = std::string(tool_executable_path) + " ec -in " + + pem_key_path + " -outform DER -out " + out_path; + std::string openssl_cmd = std::string(openssl_executable_path) + " ec -in " + + pem_key_path + " -outform DER -out " + + out_path_openssl; + ASSERT_EQ(system(tool_cmd.c_str()), 0); ASSERT_EQ(system(openssl_cmd.c_str()), 0); @@ -242,8 +272,10 @@ TEST_F(ECTest, CompareWithOpenSSLDEROutput) { ASSERT_TRUE(tool_bio); ASSERT_TRUE(openssl_bio); - bssl::UniquePtr tool_key(d2i_ECPrivateKey_bio(tool_bio.get(), nullptr)); - bssl::UniquePtr openssl_key(d2i_ECPrivateKey_bio(openssl_bio.get(), nullptr)); + bssl::UniquePtr tool_key( + d2i_ECPrivateKey_bio(tool_bio.get(), nullptr)); + bssl::UniquePtr openssl_key( + d2i_ECPrivateKey_bio(openssl_bio.get(), nullptr)); ASSERT_TRUE(tool_key); ASSERT_TRUE(openssl_key); } diff --git a/tool-openssl/ecparam_test.cc b/tool-openssl/ecparam_test.cc index e0966c1e01..1120b7b64d 100644 --- a/tool-openssl/ecparam_test.cc +++ b/tool-openssl/ecparam_test.cc @@ -101,12 +101,12 @@ class EcparamTest : public ::testing::Test { RemoveFile(key_path); } - char out_path[PATH_MAX] = {}; - char key_path[PATH_MAX] = {}; + char out_path[PATH_MAX]; + char key_path[PATH_MAX]; }; // Test basic functionality -TEST_F(EcparamTest, EcparamToolBasicTest) { +TEST_F(EcparamTest, Basic) { args_list_t args = {"-name", "prime256v1", "-out", out_path}; EXPECT_TRUE(ecparamTool(args)) << "Basic ecparam functionality failed"; @@ -141,7 +141,7 @@ TEST_F(EcparamTest, secp256r1) { << "Wrong curve in output"; } -TEST_F(EcparamTest, EcparamToolNooutTest) { +TEST_F(EcparamTest, Noout) { args_list_t args = {"-name", "prime256v1", "-noout", "-out", out_path}; EXPECT_TRUE(ecparamTool(args)) << "Ecparam -noout failed"; @@ -149,7 +149,7 @@ TEST_F(EcparamTest, EcparamToolNooutTest) { << "Output file should be empty with -noout"; } -TEST_F(EcparamTest, EcparamToolNooutExceptionTest) { +TEST_F(EcparamTest, NooutException) { args_list_t args = {"-name", "prime256v1", "-genkey", "-noout", "-out", out_path}; @@ -172,7 +172,7 @@ TEST_F(EcparamTest, EcparamToolNooutExceptionTest) { << "Wrong curve generated"; } -TEST_F(EcparamTest, EcparamToolGenkeyTest) { +TEST_F(EcparamTest, Genkey) { args_list_t args = {"-name", "prime256v1", "-genkey", "-out", out_path}; EXPECT_TRUE(ecparamTool(args)) << "Ecparam -genkey failed"; @@ -194,7 +194,7 @@ TEST_F(EcparamTest, EcparamToolGenkeyTest) { << "Wrong curve generated"; } -TEST_F(EcparamTest, EcparamToolConvFormTest) { +TEST_F(EcparamTest, ConvForm) { args_list_t args = {"-name", "prime256v1", "-genkey", "-conv_form", "compressed", "-out", out_path}; @@ -216,7 +216,7 @@ TEST_F(EcparamTest, EcparamToolConvFormTest) { << "Key not using compressed format"; } -TEST_F(EcparamTest, EcparamToolOutformTest) { +TEST_F(EcparamTest, Outform) { args_list_t args = {"-name", "prime256v1", "-outform", "DER", "-out", out_path}; @@ -241,17 +241,17 @@ class EcparamOptionUsageErrorsTest : public ::testing::Test { } }; -TEST_F(EcparamOptionUsageErrorsTest, InvalidCurveTest) { +TEST_F(EcparamOptionUsageErrorsTest, InvalidCurve) { args_list_t args = {"-name", "invalid_curve"}; TestOptionUsageErrors(args); } -TEST_F(EcparamOptionUsageErrorsTest, InvalidConvFormTest) { +TEST_F(EcparamOptionUsageErrorsTest, InvalidConvForm) { args_list_t args = {"-name", "prime256v1", "-conv_form", "invalid"}; TestOptionUsageErrors(args); } -TEST_F(EcparamOptionUsageErrorsTest, InvalidOutformTest) { +TEST_F(EcparamOptionUsageErrorsTest, InvalidOutform) { args_list_t args = {"-name", "prime256v1", "-outform", "INVALID"}; TestOptionUsageErrors(args); } @@ -264,8 +264,6 @@ class EcparamCurveComparisonTest public ::testing::WithParamInterface { protected: void SetUp() override { - memset(out_path_tool, '\0', PATH_MAX); - memset(out_path_openssl, '\0', PATH_MAX); tool_executable_path = getenv("AWS_LC_TOOL_EXECUTABLE_PATH"); openssl_executable_path = getenv("OPENSSL_EXECUTABLE_PATH"); if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { @@ -278,20 +276,16 @@ class EcparamCurveComparisonTest } void TearDown() override { - if (strnlen(out_path_tool, PATH_MAX) > - 0) { // Only remove if path was created + if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { RemoveFile(out_path_tool); - } - if (strnlen(out_path_openssl, PATH_MAX) > - 0) { // Only remove if path was created RemoveFile(out_path_openssl); } } const char *tool_executable_path; const char *openssl_executable_path; - char out_path_tool[PATH_MAX] = {}; - char out_path_openssl[PATH_MAX] = {}; + char out_path_tool[PATH_MAX]; + char out_path_openssl[PATH_MAX]; }; TEST_P(EcparamCurveComparisonTest, CompareParameters) { @@ -319,7 +313,6 @@ class EcparamKeyGenComparisonTest public ::testing::WithParamInterface { protected: void SetUp() override { - memset(key_path_tool, '\0', PATH_MAX); tool_executable_path = getenv("AWS_LC_TOOL_EXECUTABLE_PATH"); openssl_executable_path = getenv("OPENSSL_EXECUTABLE_PATH"); if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { @@ -331,15 +324,14 @@ class EcparamKeyGenComparisonTest } void TearDown() override { - if (strnlen(key_path_tool, PATH_MAX) > - 0) { // Only remove if path was created + if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { RemoveFile(key_path_tool); } } const char *tool_executable_path; const char *openssl_executable_path; - char key_path_tool[PATH_MAX] = {}; + char key_path_tool[PATH_MAX]; }; TEST_P(EcparamKeyGenComparisonTest, KeyGenCompatibility) { @@ -379,10 +371,6 @@ INSTANTIATE_TEST_SUITE_P( class EcparamComparisonTest : public ::testing::Test { protected: void SetUp() override { - memset(out_path_tool, '\0', PATH_MAX); - memset(out_path_openssl, '\0', PATH_MAX); - memset(key_path_tool, '\0', PATH_MAX); - memset(key_path_openssl, '\0', PATH_MAX); tool_executable_path = getenv("AWS_LC_TOOL_EXECUTABLE_PATH"); openssl_executable_path = getenv("OPENSSL_EXECUTABLE_PATH"); if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { @@ -397,20 +385,10 @@ class EcparamComparisonTest : public ::testing::Test { } void TearDown() override { - if (strnlen(out_path_tool, PATH_MAX) > - 0) { // Only remove if path was created + if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { RemoveFile(out_path_tool); - } - if (strnlen(out_path_openssl, PATH_MAX) > - 0) { // Only remove if path was created RemoveFile(out_path_openssl); - } - if (strnlen(key_path_tool, PATH_MAX) > - 0) { // Only remove if path was created RemoveFile(key_path_tool); - } - if (strnlen(key_path_openssl, PATH_MAX) > - 0) { // Only remove if path was created RemoveFile(key_path_openssl); } } @@ -418,14 +396,14 @@ class EcparamComparisonTest : public ::testing::Test { const char *tool_executable_path; const char *openssl_executable_path; - char out_path_tool[PATH_MAX] = {}; - char out_path_openssl[PATH_MAX] = {}; - char key_path_tool[PATH_MAX] = {}; - char key_path_openssl[PATH_MAX] = {}; + char out_path_tool[PATH_MAX]; + char out_path_openssl[PATH_MAX]; + char key_path_tool[PATH_MAX]; + char key_path_openssl[PATH_MAX]; }; // Test against OpenSSL output "openssl ecparam -name prime256v1 -noout" -TEST_F(EcparamComparisonTest, EcparamToolCompareNooutOpenSSL) { +TEST_F(EcparamComparisonTest, Noout) { std::string tool_command = std::string(tool_executable_path) + " ecparam -name prime256v1 -noout > " + out_path_tool; @@ -440,7 +418,7 @@ TEST_F(EcparamComparisonTest, EcparamToolCompareNooutOpenSSL) { } // Test against OpenSSL output "openssl ecparam -name prime256v1 -outform DER" -TEST_F(EcparamComparisonTest, EcparamToolCompareDERFormatOpenSSL) { +TEST_F(EcparamComparisonTest, DERFormat) { std::string tool_command = std::string(tool_executable_path) + " ecparam -name prime256v1 -outform DER -out " + out_path_tool; @@ -455,7 +433,7 @@ TEST_F(EcparamComparisonTest, EcparamToolCompareDERFormatOpenSSL) { } // Test against OpenSSL output "openssl ecparam -name prime256v1 -out file" -TEST_F(EcparamComparisonTest, EcparamToolCompareFileOutputOpenSSL) { +TEST_F(EcparamComparisonTest, FileOutput) { std::string tool_command = std::string(tool_executable_path) + " ecparam -name prime256v1 -out " + out_path_tool; std::string openssl_command = std::string(openssl_executable_path) + diff --git a/tool-openssl/enc.cc b/tool-openssl/enc.cc index c1e002ef42..1a013276bb 100644 --- a/tool-openssl/enc.cc +++ b/tool-openssl/enc.cc @@ -41,7 +41,7 @@ static bool HexToBinary(uint8_t *buffer, const std::string &hex_string, return false; } - int ret = BN_bn2binpad(raw, buffer, size); + int ret = BN_bn2bin_padded(buffer, size, raw); BN_free(raw); return ret != -1; } @@ -56,17 +56,17 @@ bool encTool(const args_list_t &args) { return false; } - std::string in_path, out_path, hiv, cipher_name; - Password hkey; - bool help = false, e = false, d = false; + std::string in_path, out_path, hex_iv, cipher_name; + Password hex_key; + bool help = false, encode = false, decode = false; ordered_args::GetBoolArgument(&help, "-help", parsed_args); ordered_args::GetString(&in_path, "-in", "", parsed_args); ordered_args::GetString(&out_path, "-out", "", parsed_args); - ordered_args::GetBoolArgument(&e, "-e", parsed_args); - ordered_args::GetBoolArgument(&d, "-d", parsed_args); - ordered_args::GetString(&hkey.get(), "-K", "", parsed_args); - ordered_args::GetString(&hiv, "-iv", "", parsed_args); + ordered_args::GetBoolArgument(&encode, "-e", parsed_args); + ordered_args::GetBoolArgument(&decode, "-d", parsed_args); + ordered_args::GetString(&hex_key.get(), "-K", "", parsed_args); + ordered_args::GetString(&hex_iv, "-iv", "", parsed_args); ordered_args::GetExclusiveBoolArgument(&cipher_name, kArguments, "", parsed_args); @@ -78,20 +78,17 @@ bool encTool(const args_list_t &args) { // Since we do not implement key generation, a raw key is required // TODO: remove/modify if we ever implement -k, -kfile, or -S - if (hkey.empty()) { + if (hex_key.empty()) { fprintf(stderr, "Error: A raw key is required\n"); return false; } - if (e && d) { + if (encode && decode) { fprintf(stderr, "Error: -e and -d are mutually exclusive\n"); return false; } - bool enc = true; - if (d) { - enc = false; - } + encode = !decode; // Read from stdin if no -in path provided ScopedFILE in_file; @@ -121,12 +118,12 @@ bool encTool(const args_list_t &args) { unsigned int iv_length = EVP_CIPHER_iv_length(cipher); uint8_t iv[EVP_MAX_IV_LENGTH]; - if (!hiv.empty()) { + if (!hex_iv.empty()) { if (iv_length == 0) { fprintf(stderr, "Warning: IV is not used by cipher %s\n", cipher_name.c_str()); } else { - if (!HexToBinary(iv, hiv, iv_length)) { + if (!HexToBinary(iv, hex_iv, iv_length)) { fprintf(stderr, "Error: Invalid hex IV value\n"); return false; } @@ -141,8 +138,8 @@ bool encTool(const args_list_t &args) { uint8_t key[EVP_MAX_KEY_LENGTH]; - if (!hkey.empty()) { - if (!HexToBinary(key, hkey.get(), EVP_CIPHER_key_length(cipher))) { + if (!hex_key.empty()) { + if (!HexToBinary(key, hex_key.get(), EVP_CIPHER_key_length(cipher))) { fprintf(stderr, "Error: Invalid hex key value\n"); return false; } @@ -161,7 +158,7 @@ bool encTool(const args_list_t &args) { // Create and initialize cipher context bssl::UniquePtr ctx(EVP_CIPHER_CTX_new()); - if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, key, iv, enc)) { + if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, key, iv, encode)) { fprintf(stderr, "Error: Failed to initialize cipher\n"); return false; } @@ -187,16 +184,21 @@ bool encTool(const args_list_t &args) { fprintf(stderr, "Error: Cipher update failed\n"); return false; } - BIO_write(output_bio.get(), outbuf, outlen); + if (BIO_write(output_bio.get(), outbuf, outlen) <= 0) { + fprintf(stderr, "Error: Error writing to '%s'\n", out_path.c_str()); + return false; + } } - // Finalize if (!EVP_CipherFinal_ex(ctx.get(), outbuf, &outlen)) { fprintf(stderr, "Error: Cipher final failed\n"); return false; } - BIO_write(output_bio.get(), outbuf, outlen); + if (BIO_write(output_bio.get(), outbuf, outlen) <= 0) { + fprintf(stderr, "Error: Error writing to '%s'\n", out_path.c_str()); + return false; + } return true; } diff --git a/tool-openssl/enc_test.cc b/tool-openssl/enc_test.cc index e0475dfb3f..dcaf90132f 100644 --- a/tool-openssl/enc_test.cc +++ b/tool-openssl/enc_test.cc @@ -33,14 +33,14 @@ class EncTest : public ::testing::Test { // -------------------- Enc Basic Functionality Tests ------------------------- // Test help option -TEST_F(EncTest, EncToolHelpTest) { +TEST_F(EncTest, Help) { args_list_t args = {"-help"}; bool result = encTool(args); ASSERT_TRUE(result); } // Test basic encryption with AES-128-CBC -TEST_F(EncTest, EncToolBasicEncryptionTest) { +TEST_F(EncTest, BasicEncryption) { args_list_t args = {"-e", "-aes-128-cbc", "-K", "0123456789abcdef0123456789abcdef", "-iv", "0123456789abcdef0123456789abcdef", @@ -56,7 +56,7 @@ TEST_F(EncTest, EncToolBasicEncryptionTest) { } // Test basic decryption with AES-128-CBC -TEST_F(EncTest, EncToolBasicDecryptionTest) { +TEST_F(EncTest, BasicDecryption) { // First encrypt args_list_t encrypt_args = {"-e", "-aes-128-cbc", "-K", "0123456789abcdef0123456789abcdef", @@ -88,7 +88,7 @@ TEST_F(EncTest, EncToolBasicDecryptionTest) { } // Test decryption with explicit -d flag -TEST_F(EncTest, EncToolExplicitDecryptionTest) { +TEST_F(EncTest, ExplicitDecryption) { // First encrypt args_list_t encrypt_args = {"-e", "-aes-128-cbc", "-K", "0123456789abcdef0123456789abcdef", @@ -115,7 +115,7 @@ TEST_F(EncTest, EncToolExplicitDecryptionTest) { } // Test decryption with default cipher -TEST_F(EncTest, EncToolDecryptionDefaultCipherTest) { +TEST_F(EncTest, DecryptionDefaultCipher) { // First encrypt with default cipher args_list_t encrypt_args = {"-e", "-K", @@ -150,7 +150,7 @@ TEST_F(EncTest, EncToolDecryptionDefaultCipherTest) { } // Test default cipher (should be aes-128-cbc) -TEST_F(EncTest, EncToolDefaultCipherTest) { +TEST_F(EncTest, DefaultCipher) { args_list_t args = {"-e", "-K", "0123456789abcdef0123456789abcdef", @@ -165,7 +165,7 @@ TEST_F(EncTest, EncToolDefaultCipherTest) { } // Test encryption without -e flag (should default to encrypt) -TEST_F(EncTest, EncToolDefaultEncryptTest) { +TEST_F(EncTest, DefaultEncrypt) { args_list_t args = {"-aes-128-cbc", "-K", "0123456789abcdef0123456789abcdef", @@ -194,7 +194,7 @@ class EncOptionUsageErrorsTest : public EncTest { }; // Test missing required key -TEST_F(EncOptionUsageErrorsTest, MissingKeyTest) { +TEST_F(EncOptionUsageErrorsTest, MissingKey) { std::vector> testparams = { {"-e", "-aes-128-cbc", "-iv", "0123456789abcdef0123456789abcdef", "-in", in_path}, @@ -208,7 +208,7 @@ TEST_F(EncOptionUsageErrorsTest, MissingKeyTest) { } // Test mutually exclusive -e and -d options -TEST_F(EncOptionUsageErrorsTest, MutuallyExclusiveOptionsTest) { +TEST_F(EncOptionUsageErrorsTest, MutuallyExclusiveOptions) { std::vector> testparams = { {"-e", "-d", "-aes-128-cbc", "-K", "0123456789abcdef0123456789abcdef", "-iv", "0123456789abcdef0123456789abcdef", "-in", in_path}}; @@ -218,7 +218,7 @@ TEST_F(EncOptionUsageErrorsTest, MutuallyExclusiveOptionsTest) { } // Test invalid hex key -TEST_F(EncOptionUsageErrorsTest, InvalidHexKeyTest) { +TEST_F(EncOptionUsageErrorsTest, InvalidHexKey) { std::vector> testparams = { {"-e", "-aes-128-cbc", "-K", "invalidhexkey", "-iv", "0123456789abcdef0123456789abcdef", "-in", in_path}, @@ -230,7 +230,7 @@ TEST_F(EncOptionUsageErrorsTest, InvalidHexKeyTest) { } // Test invalid hex IV -TEST_F(EncOptionUsageErrorsTest, InvalidHexIVTest) { +TEST_F(EncOptionUsageErrorsTest, InvalidHexIV) { std::vector> testparams = { {"-e", "-aes-128-cbc", "-K", "0123456789abcdef0123456789abcdef", "-iv", "invalidhexiv", "-in", in_path}, @@ -242,7 +242,7 @@ TEST_F(EncOptionUsageErrorsTest, InvalidHexIVTest) { } // Test hex string size mismatch for key and IV -TEST_F(EncOptionUsageErrorsTest, HexStringSizeMismatchTest) { +TEST_F(EncOptionUsageErrorsTest, HexStringSizeMismatch) { std::vector> testparams = { // Key too short (AES-128 needs 32 hex chars, providing 30) {"-e", "-aes-128-cbc", "-K", "0123456789abcdef0123456789abcd", "-iv", @@ -262,7 +262,7 @@ TEST_F(EncOptionUsageErrorsTest, HexStringSizeMismatchTest) { } // Test missing IV for cipher that requires it -TEST_F(EncOptionUsageErrorsTest, MissingIVTest) { +TEST_F(EncOptionUsageErrorsTest, MissingIV) { std::vector> testparams = { {"-e", "-aes-128-cbc", "-K", "0123456789abcdef0123456789abcdef", "-in", in_path}}; @@ -272,7 +272,7 @@ TEST_F(EncOptionUsageErrorsTest, MissingIVTest) { } // Test invalid input file -TEST_F(EncOptionUsageErrorsTest, InvalidInputFileTest) { +TEST_F(EncOptionUsageErrorsTest, InvalidInputFile) { std::vector> testparams = { {"-e", "-aes-128-cbc", "-K", "0123456789abcdef0123456789abcdef", "-iv", "0123456789abcdef0123456789abcdef", "-in", "/nonexistent/file.txt"}}; @@ -325,7 +325,7 @@ class EncComparisonTest : public ::testing::Test { }; // Test encryption comparison with OpenSSL -TEST_F(EncComparisonTest, EncryptionComparisonTest) { +TEST_F(EncComparisonTest, EncryptionComparison) { std::string key = "0123456789abcdef0123456789abcdef"; std::string iv = "0123456789abcdef0123456789abcdef"; @@ -346,7 +346,7 @@ TEST_F(EncComparisonTest, EncryptionComparisonTest) { } // Test decryption comparison with OpenSSL -TEST_F(EncComparisonTest, DecryptionComparisonTest) { +TEST_F(EncComparisonTest, DecryptionComparison) { std::string key = "0123456789abcdef0123456789abcdef"; std::string iv = "0123456789abcdef0123456789abcdef"; diff --git a/tool-openssl/genpkey_test.cc b/tool-openssl/genpkey_test.cc index 809f6f4480..4b9599d822 100644 --- a/tool-openssl/genpkey_test.cc +++ b/tool-openssl/genpkey_test.cc @@ -22,10 +22,8 @@ class GenPKeyTest : public ::testing::Test { // Test -out TEST_F(GenPKeyTest, RSA_out_option) { - args_list_t args = {"-algorithm", "RSA", "-pkeyopt", - "rsa_keygen_bits:3072", - "-out", - out_path}; + args_list_t args = {"-algorithm", "RSA", "-pkeyopt", + "rsa_keygen_bits:3072", "-out", out_path}; bool result = genpkeyTool(args); ASSERT_TRUE(result); @@ -47,10 +45,9 @@ TEST_F(GenPKeyTest, RSA_stdout) { // Test ec p-256 keys TEST_F(GenPKeyTest, ECKeys) { - args_list_t args = {"-algorithm", "EC", "-pkeyopt", - "ec_paramgen_curve:P-256", - "-out", - out_path}; + args_list_t args = {"-algorithm", "EC", + "-pkeyopt", "ec_paramgen_curve:P-256", + "-out", out_path}; bool result = genpkeyTool(args); ASSERT_TRUE(result); diff --git a/tool-openssl/genrsa_test.cc b/tool-openssl/genrsa_test.cc index 7ae213a69a..93ee2080e2 100644 --- a/tool-openssl/genrsa_test.cc +++ b/tool-openssl/genrsa_test.cc @@ -14,19 +14,18 @@ #include "internal.h" #include "test_util.h" - const std::vector kStandardKeySizes = {1024, 2048, 3072, 4096}; struct CipherTestCase { - const char* cipher_flag; // "-aes128", "-des3", etc. - const char* cipher_name; // "AES-128-CBC", "DES3-CBC", etc. + const char *cipher_flag; // "-aes128", "-des3", etc. + const char *cipher_name; // "AES-128-CBC", "DES3-CBC", etc. }; static const CipherTestCase kCipherTestCases[] = { - {"-des3", "DES3-CBC"}, - {"-aes128", "AES-128-CBC"}, - {"-aes192", "AES-192-CBC"}, - {"-aes256", "AES-256-CBC"}, + {"-des3", "DES3-CBC"}, + {"-aes128", "AES-128-CBC"}, + {"-aes192", "AES-192-CBC"}, + {"-aes256", "AES-256-CBC"}, }; @@ -75,7 +74,7 @@ class GenRSATestBase : public ::testing::Test { unsigned actual_bits = RSA_bits(rsa.get()); if (actual_bits != expected_bits) { ADD_FAILURE() << "Key size mismatch. Expected: " << expected_bits - << " bits, Got: " << actual_bits << " bits"; + << " bits, Got: " << actual_bits << " bits"; return false; } } @@ -83,7 +82,8 @@ class GenRSATestBase : public ::testing::Test { return true; } - bool ValidateEncryptedKeyFile(const char *path, const char *password, unsigned expected_bits = 0) { + bool ValidateEncryptedKeyFile(const char *path, const char *password, + unsigned expected_bits = 0) { if (!path) { ADD_FAILURE() << "Path parameter is null"; return false; @@ -100,9 +100,8 @@ class GenRSATestBase : public ::testing::Test { return false; } - bssl::UniquePtr rsa( - PEM_read_bio_RSAPrivateKey(bio.get(), nullptr, nullptr, - const_cast(password))); + bssl::UniquePtr rsa(PEM_read_bio_RSAPrivateKey( + bio.get(), nullptr, nullptr, const_cast(password))); if (!rsa) { ADD_FAILURE() << "Failed to parse encrypted RSA key from PEM file"; return false; @@ -117,7 +116,7 @@ class GenRSATestBase : public ::testing::Test { unsigned actual_bits = RSA_bits(rsa.get()); if (actual_bits != expected_bits) { ADD_FAILURE() << "Key size mismatch. Expected: " << expected_bits - << " bits, Got: " << actual_bits << " bits"; + << " bits, Got: " << actual_bits << " bits"; return false; } } @@ -154,24 +153,27 @@ class GenRSAParamTest : public GenRSATestBase, public ::testing::WithParamInterface {}; -class GenRSACipherParamTest : public GenRSATestBase, - public ::testing::WithParamInterface {}; +class GenRSACipherParamTest + : public GenRSATestBase, + public ::testing::WithParamInterface {}; TEST_P(GenRSAParamTest, GeneratesKeyFile) { unsigned key_size = GetParam(); - + // FIPS builds require 2048-bit minimum - check both compile-time and runtime bool is_fips = false; #if defined(BORINGSSL_FIPS) is_fips = true; #endif is_fips = is_fips || FIPS_mode(); - + if (is_fips && key_size < 2048) { - GTEST_SKIP() << "Skipping " << key_size << "-bit key test in FIPS build/mode (minimum 2048 bits required)"; + GTEST_SKIP() + << "Skipping " << key_size + << "-bit key test in FIPS build/mode (minimum 2048 bits required)"; } - + EXPECT_TRUE(GenerateKey(key_size, out_path_tool)) << "Key generation failed"; EXPECT_TRUE(ValidateKeyFile(out_path_tool, key_size)) << "Generated key file validation failed"; @@ -180,18 +182,20 @@ TEST_P(GenRSAParamTest, GeneratesKeyFile) { TEST_P(GenRSAParamTest, OpenSSLCompatibility) { unsigned key_size = GetParam(); - + // FIPS builds require 2048-bit minimum - check both compile-time and runtime bool is_fips = false; #if defined(BORINGSSL_FIPS) is_fips = true; #endif is_fips = is_fips || FIPS_mode(); - + if (is_fips && key_size < 2048) { - GTEST_SKIP() << "Skipping " << key_size << "-bit key test in FIPS build/mode (minimum 2048 bits required)"; + GTEST_SKIP() + << "Skipping " << key_size + << "-bit key test in FIPS build/mode (minimum 2048 bits required)"; } - + if (!HasCrossCompatibilityTools()) { GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " "environment variables are not set"; @@ -210,30 +214,38 @@ INSTANTIATE_TEST_SUITE_P(StandardKeySizes, GenRSAParamTest, ::testing::ValuesIn(kStandardKeySizes)); TEST_P(GenRSACipherParamTest, EncryptedKeyGeneration) { - const CipherTestCase& cipher_test = GetParam(); - - args_list_t args{cipher_test.cipher_flag, "-passout", "pass:testpassword", "-out", out_path_tool, "2048"}; - EXPECT_TRUE(genrsaTool(args)) << cipher_test.cipher_name << " encrypted key generation should work"; + const CipherTestCase &cipher_test = GetParam(); + + args_list_t args{cipher_test.cipher_flag, "-passout", + "pass:testpassword", "-out", + out_path_tool, "2048"}; + EXPECT_TRUE(genrsaTool(args)) + << cipher_test.cipher_name << " encrypted key generation should work"; EXPECT_TRUE(ValidateEncryptedKeyFile(out_path_tool, "testpassword")) << cipher_test.cipher_name << " encrypted key should be valid"; } TEST_P(GenRSACipherParamTest, OpenSSLCompatibility) { - const CipherTestCase& cipher_test = GetParam(); - + const CipherTestCase &cipher_test = GetParam(); + if (!HasCrossCompatibilityTools()) { GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " "environment variables are not set"; return; } - args_list_t args{cipher_test.cipher_flag, "-passout", "pass:testpassword", "-out", out_path_tool, "2048"}; - EXPECT_TRUE(genrsaTool(args)) << "AWS-LC " << cipher_test.cipher_name << " key generation failed"; + args_list_t args{cipher_test.cipher_flag, "-passout", + "pass:testpassword", "-out", + out_path_tool, "2048"}; + EXPECT_TRUE(genrsaTool(args)) + << "AWS-LC " << cipher_test.cipher_name << " key generation failed"; - std::string verify_cmd = std::string(openssl_executable_path) + - " rsa -in " + out_path_tool + - " -passin pass:testpassword -check -noout"; - EXPECT_EQ(system(verify_cmd.c_str()), 0) << "OpenSSL verification of AWS-LC " << cipher_test.cipher_name << " key failed"; + std::string verify_cmd = std::string(openssl_executable_path) + " rsa -in " + + out_path_tool + + " -passin pass:testpassword -check -noout"; + EXPECT_EQ(system(verify_cmd.c_str()), 0) + << "OpenSSL verification of AWS-LC " << cipher_test.cipher_name + << " key failed"; } INSTANTIATE_TEST_SUITE_P(AllCiphers, GenRSACipherParamTest, @@ -308,17 +320,23 @@ TEST_F(GenRSATest, ArgumentValidation) { TEST_F(GenRSATest, CipherMutualExclusionValidation) { // Test that multiple cipher options are rejected { - args_list_t args{"-aes128", "-aes256", "-passout", "pass:testpassword", "-out", out_path_tool, "2048"}; - EXPECT_FALSE(genrsaTool(args)) << "Command should fail with multiple cipher options"; + args_list_t args{"-aes128", "-aes256", "-passout", "pass:testpassword", + "-out", out_path_tool, "2048"}; + EXPECT_FALSE(genrsaTool(args)) + << "Command should fail with multiple cipher options"; } { - args_list_t args{"-aes128", "-des3", "-passout", "pass:testpassword", "-out", out_path_tool, "2048"}; - EXPECT_FALSE(genrsaTool(args)) << "Command should fail with multiple cipher options"; + args_list_t args{"-aes128", "-des3", "-passout", "pass:testpassword", + "-out", out_path_tool, "2048"}; + EXPECT_FALSE(genrsaTool(args)) + << "Command should fail with multiple cipher options"; } { - args_list_t args{"-aes192", "-des3", "-passout", "pass:testpassword", "-out", out_path_tool, "2048"}; - EXPECT_FALSE(genrsaTool(args)) << "Command should fail with multiple cipher options"; + args_list_t args{"-aes192", "-des3", "-passout", "pass:testpassword", + "-out", out_path_tool, "2048"}; + EXPECT_FALSE(genrsaTool(args)) + << "Command should fail with multiple cipher options"; } } diff --git a/tool-openssl/internal.h b/tool-openssl/internal.h index e2d5b26f9e..ff77df44b6 100644 --- a/tool-openssl/internal.h +++ b/tool-openssl/internal.h @@ -105,7 +105,7 @@ enum class Source : uint8_t { kFile, // Password from file with file: prefix kEnv, // Password from environment with env: prefix kStdin, // Password from stdin -#ifndef _WIN32 +#if !defined(OPENSSL_WINDOWS) kFd, // Password from file descriptor with fd: prefix (Unix only) #endif }; diff --git a/tool-openssl/pass_util.cc b/tool-openssl/pass_util.cc index f615471ef5..ddfed86ed7 100644 --- a/tool-openssl/pass_util.cc +++ b/tool-openssl/pass_util.cc @@ -9,63 +9,62 @@ #include #include "internal.h" -// Use PEM_BUFSIZE (defined in openssl/pem.h) for password buffer size to ensure -// compatibility with PEM functions and password callbacks throughout AWS-LC +namespace pass_util { // Detect the type of password source -static pass_util::Source DetectSource(const Password &source) { +static Source DetectSource(const Password &source) { if (source.empty()) { - return pass_util::Source::kNone; + return Source::kNone; } if (source.get().compare(0, 5, "pass:") == 0) { - return pass_util::Source::kPass; + return Source::kPass; } if (source.get().compare(0, 5, "file:") == 0) { - return pass_util::Source::kFile; + return Source::kFile; } if (source.get().compare(0, 4, "env:") == 0) { - return pass_util::Source::kEnv; + return Source::kEnv; } if (source.get().compare("stdin") == 0) { - return pass_util::Source::kStdin; + return Source::kStdin; } #ifndef _WIN32 if (source.get().compare(0, 3, "fd:") == 0) { - return pass_util::Source::kFd; + return Source::kFd; } #endif - return pass_util::Source::kNone; + return Source::kNone; } // Helper function to validate password sources and detect same-file case -static bool ValidateSource(Password &passin, - Password *passout = nullptr, +static bool ValidateSource(Password &passin, Password *passout = nullptr, bool *same_file = nullptr) { // Validate passin format (if not empty) if (!passin.empty()) { - pass_util::Source passin_type = DetectSource(passin); - if (passin_type == pass_util::Source::kNone) { - fprintf(stderr, "Invalid password format (use pass:, file:, env:, or stdin)\n"); + Source passin_type = DetectSource(passin); + if (passin_type == Source::kNone) { + fprintf(stderr, + "Invalid password format (use pass:, file:, env:, or stdin)\n"); return false; } } // Validate passout format (if provided and not empty) if (passout && !passout->empty()) { - pass_util::Source passout_type = DetectSource(*passout); - if (passout_type == pass_util::Source::kNone) { - fprintf(stderr, "Invalid password format (use pass:, file:, env:, or stdin)\n"); + Source passout_type = DetectSource(*passout); + if (passout_type == Source::kNone) { + fprintf(stderr, + "Invalid password format (use pass:, file:, env:, or stdin)\n"); return false; } // Detect same-file case if requested if (same_file && !passin.empty()) { - pass_util::Source passin_type = DetectSource(passin); + Source passin_type = DetectSource(passin); *same_file = - (passin_type == pass_util::Source::kFile && - passout_type == pass_util::Source::kFile && passin.get() == passout->get()) || - (passin_type == pass_util::Source::kStdin && - passout_type == pass_util::Source::kStdin); + (passin_type == Source::kFile && passout_type == Source::kFile && + passin.get() == passout->get()) || + (passin_type == Source::kStdin && passout_type == Source::kStdin); } } @@ -80,7 +79,8 @@ static bool ValidateSource(Password &passin, static bool ExtractDirectPassword(Password &source) { // Check for additional colons in password portion after prefix if (source.get().find(':', 5) != std::string::npos) { - fprintf(stderr, "Invalid password format (use pass:, file:, env:, or stdin)\n"); + fprintf(stderr, + "Invalid password format (use pass:, file:, env:, or stdin)\n"); return false; } @@ -96,32 +96,32 @@ static bool ExtractDirectPassword(Password &source) { return true; } -static bool ExtractPasswordFromStream(Password &source, - pass_util::Source source_type, +static bool ExtractPasswordFromStream(Password &source, Source source_type, bool skip_first_line = false, Password *passout = nullptr) { char buf[PEM_BUFSIZE] = {}; bssl::UniquePtr bio; - + // Initialize BIO based on source type - if (source_type == pass_util::Source::kStdin) { -#ifdef _WIN32 + if (source_type == Source::kStdin) { +#ifdef OPENSSL_WINDOWS bio.reset(BIO_new_fp(stdin, BIO_NOCLOSE | BIO_FP_TEXT)); #else bio.reset(BIO_new_fp(stdin, BIO_NOCLOSE)); #endif - } else if (source_type == pass_util::Source::kFile) { - source.get().erase(0, 5); // Remove "file:" prefix + } else if (source_type == Source::kFile) { + source.get().erase(0, 5); // Remove "file:" prefix bio.reset(BIO_new_file(source.get().c_str(), "r")); #ifndef _WIN32 - } else if (source_type == pass_util::Source::kFd) { + } else if (source_type == Source::kFd) { source.get().erase(0, 3); - - if (source.empty() || strspn(source.get().c_str(), "0123456789") != source.get().length()) { + + if (source.empty() || + strspn(source.get().c_str(), "0123456789") != source.get().length()) { fprintf(stderr, "Invalid file descriptor: %s\n", source.get().c_str()); return false; } - + int fd = atoi(source.get().c_str()); if (fd < 0) { fprintf(stderr, "Invalid file descriptor: %s\n", source.get().c_str()); @@ -133,12 +133,12 @@ static bool ExtractPasswordFromStream(Password &source, fprintf(stderr, "Unsupported source type for stream extraction\n"); return false; } - + if (!bio) { - if (source_type == pass_util::Source::kStdin) { + if (source_type == Source::kStdin) { fprintf(stderr, "Cannot open stdin\n"); -#ifndef _WIN32 - } else if (source_type == pass_util::Source::kFd) { +#if !defined(OPENSSL_WINDOWS) + } else if (source_type == Source::kFd) { fprintf(stderr, "Cannot open file descriptor\n"); #endif } else { @@ -147,14 +147,14 @@ static bool ExtractPasswordFromStream(Password &source, return false; } - auto read_password_line = [&](std::string& target) -> bool { + auto read_password_line = [&](std::string &target) -> bool { int len = BIO_gets(bio.get(), buf, sizeof(buf)); if (len <= 0) { OPENSSL_cleanse(buf, sizeof(buf)); - if (source_type == pass_util::Source::kStdin) { + if (source_type == Source::kStdin) { fprintf(stderr, "Failed to read password from stdin\n"); -#ifndef _WIN32 - } else if (source_type == pass_util::Source::kFd) { +#if !defined(OPENSSL_WINDOWS) + } else if (source_type == Source::kFd) { fprintf(stderr, "Failed to read password from file descriptor\n"); #endif } else { @@ -164,17 +164,21 @@ static bool ExtractPasswordFromStream(Password &source, } // Check for possible truncation - if (static_cast(len) == PEM_BUFSIZE - 1 && - buf[len - 1] != '\n' && buf[len - 1] != '\r') { + if (static_cast(len) == PEM_BUFSIZE - 1 && buf[len - 1] != '\n' && + buf[len - 1] != '\r') { OPENSSL_cleanse(buf, sizeof(buf)); - if (source_type == pass_util::Source::kStdin) { - fprintf(stderr, "Password from stdin too long (maximum %d bytes)\n", PEM_BUFSIZE); -#ifndef _WIN32 - } else if (source_type == pass_util::Source::kFd) { - fprintf(stderr, "Password from file descriptor too long (maximum %d bytes)\n", PEM_BUFSIZE); + if (source_type == Source::kStdin) { + fprintf(stderr, "Password from stdin too long (maximum %d bytes)\n", + PEM_BUFSIZE); +#if !defined(OPENSSL_WINDOWS) + } else if (source_type == Source::kFd) { + fprintf(stderr, + "Password from file descriptor too long (maximum %d bytes)\n", + PEM_BUFSIZE); #endif } else { - fprintf(stderr, "Password file content too long (maximum %d bytes)\n", PEM_BUFSIZE); + fprintf(stderr, "Password file content too long (maximum %d bytes)\n", + PEM_BUFSIZE); } return false; } @@ -183,14 +187,15 @@ static bool ExtractPasswordFromStream(Password &source, while (len > 0 && (buf[len - 1] == '\n' || buf[len - 1] == '\r')) { len--; } - + target.assign(buf, len); return true; }; // Handle same-file case (read both passwords) if (passout) { - if (!read_password_line(source.get()) || !read_password_line(passout->get())) { + if (!read_password_line(source.get()) || + !read_password_line(passout->get())) { return false; } } else { @@ -201,7 +206,7 @@ static bool ExtractPasswordFromStream(Password &source, return false; } } - + // Read single password if (!read_password_line(source.get())) { return false; @@ -223,13 +228,15 @@ static bool ExtractPasswordFromEnv(Password &source) { const char *env_val = getenv(source.get().c_str()); if (!env_val) { - fprintf(stderr, "Environment variable '%s' not set\n", source.get().c_str()); + fprintf(stderr, "Environment variable '%s' not set\n", + source.get().c_str()); return false; } size_t env_val_len = strlen(env_val); if (env_val_len == 0) { - fprintf(stderr, "Environment variable '%s' is empty\n", source.get().c_str()); + fprintf(stderr, "Environment variable '%s' is empty\n", + source.get().c_str()); return false; } if (env_val_len > PEM_BUFSIZE) { @@ -244,46 +251,47 @@ static bool ExtractPasswordFromEnv(Password &source) { } // Internal helper to extract password based on source type -static bool ExtractPasswordFromSource(Password &source, - pass_util::Source type, +static bool ExtractPasswordFromSource(Password &source, Source type, bool skip_first_line = false, Password *passout = nullptr) { switch (type) { - case pass_util::Source::kPass: + case Source::kPass: return ExtractDirectPassword(source); - case pass_util::Source::kFile: + case Source::kFile: return ExtractPasswordFromStream(source, type, skip_first_line, passout); - case pass_util::Source::kEnv: + case Source::kEnv: return ExtractPasswordFromEnv(source); - case pass_util::Source::kStdin: + case Source::kStdin: return ExtractPasswordFromStream(source, type, skip_first_line, passout); -#ifndef _WIN32 - case pass_util::Source::kFd: +#if !defined(OPENSSL_WINDOWS) + case Source::kFd: return ExtractPasswordFromStream(source, type, skip_first_line, passout); #endif default: -#ifndef _WIN32 - fprintf(stderr, "Invalid password format (use pass:, file:, env:, fd:, or stdin)\n"); +#if !defined(OPENSSL_WINDOWS) + fprintf( + stderr, + "Invalid password format (use pass:, file:, env:, fd:, or stdin)\n"); #else - fprintf(stderr, "Invalid password format (use pass:, file:, env:, or stdin)\n"); + fprintf(stderr, + "Invalid password format (use pass:, file:, env:, or stdin)\n"); #endif return false; } } -namespace pass_util { - bool ExtractPassword(Password &source) { if (!ValidateSource(source)) { return false; } if (source.empty()) { - fprintf(stderr, "Invalid password format (use pass:, file:, env:, or stdin)\n"); + fprintf(stderr, + "Invalid password format (use pass:, file:, env:, or stdin)\n"); return false; } - pass_util::Source type = DetectSource(source); + Source type = DetectSource(source); return ExtractPasswordFromSource(source, type); } @@ -296,13 +304,13 @@ bool ExtractPasswords(Password &passin, Password &passout) { // Handle same_file case with single extraction call if (same_file && !passin.empty() && !passout.empty()) { - pass_util::Source source_type = DetectSource(passin); + Source source_type = DetectSource(passin); return ExtractPasswordFromSource(passin, source_type, same_file, &passout); } // Extract passin (always from first line) if (!passin.empty()) { - pass_util::Source passin_type = DetectSource(passin); + Source passin_type = DetectSource(passin); if (!ExtractPasswordFromSource(passin, passin_type, false)) { return false; } @@ -311,7 +319,7 @@ bool ExtractPasswords(Password &passin, Password &passout) { // Extract passout (from first line if different files, second line if same // file) if (!passout.empty()) { - pass_util::Source passout_type = DetectSource(passout); + Source passout_type = DetectSource(passout); if (!ExtractPasswordFromSource(passout, passout_type, same_file)) { return false; } diff --git a/tool-openssl/pass_util_test.cc b/tool-openssl/pass_util_test.cc index 5392aa10e5..2015269056 100644 --- a/tool-openssl/pass_util_test.cc +++ b/tool-openssl/pass_util_test.cc @@ -7,14 +7,10 @@ #include #include #include -#ifndef _WIN32 +#if !defined(OPENSSL_WINDOWS) #include #include #endif -#ifdef _WIN32 -#include // for _putenv_s -#include // for CreatePipe, SetStdHandle -#endif #include "internal.h" #include "test_util.h" @@ -44,7 +40,7 @@ void WriteTestFile(const char *path, const char *content, } void SetTestEnvVar(const char *name, const char *value) { -#ifdef _WIN32 +#if defined(OPENSSL_WINDOWS) _putenv_s(name, value); #else setenv(name, value, 1); @@ -52,7 +48,7 @@ void SetTestEnvVar(const char *name, const char *value) { } void UnsetTestEnvVar(const char *name) { -#ifdef _WIN32 +#if defined(OPENSSL_WINDOWS) _putenv_s(name, ""); #else unsetenv(name); @@ -113,9 +109,7 @@ TEST_F(PassUtilTest, FileEdgeCases) { << "Should fail on too long file content"; // Test empty file - { - WriteTestFile(pass_path, ""); - } + { WriteTestFile(pass_path, ""); } source = Password(std::string("file:") + pass_path); EXPECT_FALSE(pass_util::ExtractPassword(source)) @@ -149,64 +143,58 @@ TEST_F(PassUtilTest, FileEdgeCases) { << "Password should not include newline and should be max length - 2"; // Test Windows carriage return behavior (CRLF) - { - WriteTestFile(pass_path, "windowspassword\r\n", true); - } - + { WriteTestFile(pass_path, "windowspassword\r\n", true); } + source = Password(std::string("file:") + pass_path); result = pass_util::ExtractPassword(source); EXPECT_TRUE(result) << "Should succeed with Windows CRLF line ending"; - EXPECT_EQ(source.get(), "windowspassword") << "Should trim both \\r and \\n from Windows CRLF"; + EXPECT_EQ(source.get(), "windowspassword") + << "Should trim both \\r and \\n from Windows CRLF"; // Test old Mac carriage return behavior (CR only) - { - WriteTestFile(pass_path, "macpassword\r", true); - } - + { WriteTestFile(pass_path, "macpassword\r", true); } + source = Password(std::string("file:") + pass_path); result = pass_util::ExtractPassword(source); EXPECT_TRUE(result) << "Should succeed with old Mac CR line ending"; - EXPECT_EQ(source.get(), "macpassword") << "Should trim \\r from old Mac line ending"; + EXPECT_EQ(source.get(), "macpassword") + << "Should trim \\r from old Mac line ending"; // Test mixed trailing line endings - { - WriteTestFile(pass_path, "mixedpassword\r\n\r", true); - } - + { WriteTestFile(pass_path, "mixedpassword\r\n\r", true); } + source = Password(std::string("file:") + pass_path); result = pass_util::ExtractPassword(source); EXPECT_TRUE(result) << "Should succeed with mixed trailing line endings"; - EXPECT_EQ(source.get(), "mixedpassword") << "Should trim multiple trailing \\r and \\n characters"; + EXPECT_EQ(source.get(), "mixedpassword") + << "Should trim multiple trailing \\r and \\n characters"; // Test password with embedded carriage return (should be preserved) - { - WriteTestFile(pass_path, "pass\rwith\rembedded\r\n", true); - } - + { WriteTestFile(pass_path, "pass\rwith\rembedded\r\n", true); } + source = Password(std::string("file:") + pass_path); result = pass_util::ExtractPassword(source); EXPECT_TRUE(result) << "Should succeed with embedded carriage returns"; - EXPECT_EQ(source.get(), "pass\rwith\rembedded") << "Embedded \\r should be preserved, only trailing trimmed"; + EXPECT_EQ(source.get(), "pass\rwith\rembedded") + << "Embedded \\r should be preserved, only trailing trimmed"; // Test file with only CRLF - { - WriteTestFile(pass_path, "\r\n", true); - } - + { WriteTestFile(pass_path, "\r\n", true); } + source = Password(std::string("file:") + pass_path); result = pass_util::ExtractPassword(source); EXPECT_TRUE(result) << "Should succeed on CRLF-only file"; - EXPECT_TRUE(source.empty()) << "CRLF-only file should result in empty password"; + EXPECT_TRUE(source.empty()) + << "CRLF-only file should result in empty password"; // Test file with multiple CRLF lines - { - WriteTestFile(pass_path, "\r\n\r\n\r\n", true); - } - + { WriteTestFile(pass_path, "\r\n\r\n\r\n", true); } + source = Password(std::string("file:") + pass_path); result = pass_util::ExtractPassword(source); EXPECT_TRUE(result) << "Should succeed on multiple CRLF-only lines"; - EXPECT_TRUE(source.empty()) << "Multiple CRLF-only lines should result in empty password"; + EXPECT_TRUE(source.empty()) + << "Multiple CRLF-only lines should result in empty password"; } @@ -288,20 +276,21 @@ TEST_F(PassUtilTest, ExtractPasswordsSameFile) { // Test same-file functionality with Windows CRLF WriteTestFile(pass_path, "firstpass\r\nsecondpass\r\n", true); - + passin = Password(std::string("file:") + pass_path); passout = Password(std::string("file:") + pass_path); - + EXPECT_TRUE(pass_util::ExtractPasswords(passin, passout)); EXPECT_EQ(passin.get(), "firstpass") << "First line should have CRLF trimmed"; - EXPECT_EQ(passout.get(), "secondpass") << "Second line should have CRLF trimmed"; + EXPECT_EQ(passout.get(), "secondpass") + << "Second line should have CRLF trimmed"; // Test mixed line endings in same-file scenario WriteTestFile(pass_path, "unixpass\nsecondpass\r\n", true); - + passin = Password(std::string("file:") + pass_path); passout = Password(std::string("file:") + pass_path); - + EXPECT_TRUE(pass_util::ExtractPasswords(passin, passout)); EXPECT_EQ(passin.get(), "unixpass") << "Unix LF should be trimmed"; EXPECT_EQ(passout.get(), "secondpass") << "Windows CRLF should be trimmed"; @@ -425,18 +414,18 @@ TEST_F(PassUtilTest, ExtractPasswordsSameFileEdgeCases) { TEST_F(PassUtilTest, FdExtraction) { int fd = open(pass_path, O_RDONLY); ASSERT_GE(fd, 0); - + std::string fd_source = "fd:" + std::to_string(fd); Password source(fd_source); - + EXPECT_TRUE(pass_util::ExtractPassword(source)); EXPECT_EQ(source.get(), "testpassword"); - + close(fd); - + source = Password("fd:-1"); EXPECT_FALSE(pass_util::ExtractPassword(source)); - + source = Password("fd:invalid"); EXPECT_FALSE(pass_util::ExtractPassword(source)); } @@ -446,17 +435,17 @@ TEST_F(PassUtilTest, FdExtraction) { TEST_F(PassUtilTest, StdinExtraction) { int pipefd[2]; ASSERT_EQ(pipe(pipefd), 0); - + int old_stdin = dup(STDIN_FILENO); dup2(pipefd[0], STDIN_FILENO); - + ASSERT_EQ(write(pipefd[1], "stdinpass\n", 10), 10); close(pipefd[1]); - + Password source("stdin"); EXPECT_TRUE(pass_util::ExtractPassword(source)); EXPECT_EQ(source.get(), "stdinpass"); - + dup2(old_stdin, STDIN_FILENO); close(old_stdin); close(pipefd[0]); @@ -465,18 +454,18 @@ TEST_F(PassUtilTest, StdinExtraction) { TEST_F(PassUtilTest, StdinExtraction) { // Use existing temp file infrastructure instead of pipes WriteTestFile(pass_path, "stdinpass\n", true); - + // Redirect stdin to temp file using _dup2 - FILE* temp_file = fopen(pass_path, "r"); + FILE *temp_file = fopen(pass_path, "r"); ASSERT_TRUE(temp_file) << "Failed to open temp file"; - + int old_stdin = _dup(_fileno(stdin)); _dup2(_fileno(temp_file), _fileno(stdin)); - + Password source("stdin"); EXPECT_TRUE(pass_util::ExtractPassword(source)); EXPECT_EQ(source.get(), "stdinpass"); - + // Restore stdin _dup2(old_stdin, _fileno(stdin)); _close(old_stdin); @@ -488,20 +477,20 @@ TEST_F(PassUtilTest, StdinExtraction) { TEST_F(PassUtilTest, StdinExtractPasswords) { int pipefd[2]; ASSERT_EQ(pipe(pipefd), 0); - + int old_stdin = dup(STDIN_FILENO); dup2(pipefd[0], STDIN_FILENO); - + ASSERT_EQ(write(pipefd[1], "firstpass\nsecondpass\n", 20), 20); close(pipefd[1]); - + Password passin("stdin"); Password passout("stdin"); - + EXPECT_TRUE(pass_util::ExtractPasswords(passin, passout)); EXPECT_EQ(passin.get(), "firstpass"); EXPECT_EQ(passout.get(), "secondpass"); - + dup2(old_stdin, STDIN_FILENO); close(old_stdin); close(pipefd[0]); @@ -510,21 +499,21 @@ TEST_F(PassUtilTest, StdinExtractPasswords) { TEST_F(PassUtilTest, StdinExtractPasswords) { // Use existing temp file infrastructure for multi-line input WriteTestFile(pass_path, "firstpass\nsecondpass\n", true); - + // Redirect stdin to temp file using _dup2 - FILE* temp_file = fopen(pass_path, "r"); + FILE *temp_file = fopen(pass_path, "r"); ASSERT_TRUE(temp_file) << "Failed to open temp file"; - + int old_stdin = _dup(_fileno(stdin)); _dup2(_fileno(temp_file), _fileno(stdin)); - + Password passin("stdin"); Password passout("stdin"); - + EXPECT_TRUE(pass_util::ExtractPasswords(passin, passout)); EXPECT_EQ(passin.get(), "firstpass"); EXPECT_EQ(passout.get(), "secondpass"); - + // Restore stdin _dup2(old_stdin, _fileno(stdin)); _close(old_stdin); diff --git a/tool-openssl/pkcs8_test.cc b/tool-openssl/pkcs8_test.cc index 4b1e285c3d..9c6b40a5e8 100644 --- a/tool-openssl/pkcs8_test.cc +++ b/tool-openssl/pkcs8_test.cc @@ -40,14 +40,14 @@ class PKCS8Test : public ::testing::Test { RemoveFile(pass_path); } - char in_path[PATH_MAX] = {}; - char out_path[PATH_MAX] = {}; - char pass_path[PATH_MAX] = {}; + char in_path[PATH_MAX]; + char out_path[PATH_MAX]; + char pass_path[PATH_MAX]; bssl::UniquePtr key; }; // Test -in, -out, -topk8, and -nocrypt -TEST_F(PKCS8Test, PKCS8ToolBasicTest) { +TEST_F(PKCS8Test, Basic) { args_list_t args = {"-in", in_path, "-out", out_path, "-topk8", "-nocrypt"}; bool result = pkcs8Tool(args); ASSERT_TRUE(result); @@ -63,7 +63,7 @@ TEST_F(PKCS8Test, PKCS8ToolBasicTest) { } // Test -inform and -outform -TEST_F(PKCS8Test, PKCS8ToolFormatTest) { +TEST_F(PKCS8Test, Format) { args_list_t args = {"-in", in_path, "-out", out_path, "-topk8", "-nocrypt", "-inform", "PEM", "-outform", "PEM"}; bool result = pkcs8Tool(args); @@ -71,7 +71,7 @@ TEST_F(PKCS8Test, PKCS8ToolFormatTest) { } // Test -v2 with aes-256-cbc and -passout -TEST_F(PKCS8Test, PKCS8ToolEncryptionTest) { +TEST_F(PKCS8Test, Encryption) { std::string passout = std::string("file:") + pass_path; args_list_t args = {"-in", in_path, "-out", out_path, "-topk8", "-v2", @@ -83,34 +83,26 @@ TEST_F(PKCS8Test, PKCS8ToolEncryptionTest) { // Verify failure output contains "Error decrypting key" TEST_F(PKCS8Test, PKCS8ErrorDecryptingKey) { { - const char* passwd = "test1234"; - bssl::UniquePtr pass_bio(BIO_new_file(pass_path, "wb")); - BIO_write(pass_bio.get(), passwd, strlen(passwd)); - BIO_flush(pass_bio.get()); + const char *passwd = "test1234"; + bssl::UniquePtr pass_bio(BIO_new_file(pass_path, "wb")); + BIO_write(pass_bio.get(), passwd, strlen(passwd)); + BIO_flush(pass_bio.get()); } std::string passfile = std::string("file:") + pass_path; // Phase 1: Encrypt the key args_list_t args_encrypt = { - "-passin", "pass:''", - "-inform", "PEM", - "-in", in_path, - "-topk8", - "-v2", "aes-256-cbc", - "-passout", passfile.c_str(), - "-outform", "PEM", - "-out", out_path - }; + "-passin", "pass:''", "-inform", "PEM", "-in", + in_path, "-topk8", "-v2", "aes-256-cbc", "-passout", + passfile.c_str(), "-outform", "PEM", "-out", out_path}; ASSERT_TRUE(pkcs8Tool(args_encrypt)); // Phase 2: Try to decrypt with wrong password (should fail) args_list_t args_verify = { - "-passin", "pass:''", - "-inform", "PEM", - "-in", out_path, - "-outform", "PEM", + "-passin", "pass:''", "-inform", "PEM", + "-in", out_path, "-outform", "PEM", }; // Capture stderr to verify the error message @@ -118,23 +110,23 @@ TEST_F(PKCS8Test, PKCS8ErrorDecryptingKey) { bool verify_result = pkcs8Tool(args_verify); std::string captured_stderr = testing::internal::GetCapturedStderr(); - ASSERT_FALSE(verify_result) << "Expected decryption to fail with wrong password"; + ASSERT_FALSE(verify_result) + << "Expected decryption to fail with wrong password"; EXPECT_TRUE(captured_stderr.find("Error decrypting key") != std::string::npos) - << "Expected 'Error decrypting key' in stderr, but got: " << captured_stderr; + << "Expected 'Error decrypting key' in stderr, but got: " + << captured_stderr; // Phase 3: Decrypt with correct password (should succeed) args_list_t args_decrypt = { - "-passin", passfile.c_str(), - "-inform", "PEM", - "-in", out_path, - "-outform", "PEM", + "-passin", passfile.c_str(), "-inform", "PEM", + "-in", out_path, "-outform", "PEM", }; ASSERT_TRUE(pkcs8Tool(args_decrypt)); } // Test with a direct password rather than using environment variables -TEST_F(PKCS8Test, PKCS8ToolEnvVarPasswordTest) { +TEST_F(PKCS8Test, EnvVarPassword) { // Phase 1: Create an unencrypted PKCS8 file first { args_list_t args = {"-in", in_path, "-out", out_path, "-topk8", "-nocrypt"}; @@ -170,7 +162,7 @@ TEST_F(PKCS8Test, PKCS8ToolEnvVarPasswordTest) { } // Test -v2 option with the default cipher (aes-256-cbc) -TEST_F(PKCS8Test, PKCS8ToolV2DefaultTest) { +TEST_F(PKCS8Test, V2Default) { // Use direct password instead of file for simplicity std::string passout = "pass:testpassword"; args_list_t args = {"-in", in_path, "-out", @@ -199,7 +191,7 @@ TEST_F(PKCS8Test, PKCS8ToolV2DefaultTest) { } // Test -v2prf with hmacWithSHA1 (only supported PRF in AWS-LC) -TEST_F(PKCS8Test, PKCS8ToolPRFTest) { +TEST_F(PKCS8Test, PRF) { std::string passout = std::string("file:") + pass_path; args_list_t args = {"-in", in_path, "-out", out_path, "-topk8", "-v2", "aes-256-cbc", "-v2prf", @@ -209,7 +201,7 @@ TEST_F(PKCS8Test, PKCS8ToolPRFTest) { } // Test that unsupported PRF algorithms are rejected -TEST_F(PKCS8Test, PKCS8ToolUnsupportedPRFTest) { +TEST_F(PKCS8Test, UnsupportedPRF) { std::string passout = std::string("file:") + pass_path; args_list_t args = {"-in", in_path, "-out", out_path, "-topk8", "-v2", @@ -229,7 +221,7 @@ class PKCS8OptionUsageErrorsTest : public PKCS8Test { }; // Test invalid format -TEST_F(PKCS8OptionUsageErrorsTest, InvalidFormatTest) { +TEST_F(PKCS8OptionUsageErrorsTest, InvalidFormat) { std::vector> testparams = { {"-in", in_path, "-inform", "INVALID"}, {"-in", in_path, "-outform", "INVALID"}, @@ -287,11 +279,11 @@ class PKCS8ComparisonTest : public ::testing::Test { } } - char in_path[PATH_MAX] = {}; - char out_path_tool[PATH_MAX] = {}; - char out_path_openssl[PATH_MAX] = {}; - char pass_path[PATH_MAX] = {}; - char decrypt_path[PATH_MAX] = {}; + char in_path[PATH_MAX]; + char out_path_tool[PATH_MAX]; + char out_path_openssl[PATH_MAX]; + char pass_path[PATH_MAX]; + char decrypt_path[PATH_MAX]; bssl::UniquePtr key; const char *tool_executable_path; const char *openssl_executable_path; @@ -301,7 +293,7 @@ class PKCS8ComparisonTest : public ::testing::Test { // Test against OpenSSL output "openssl pkcs8 -topk8 -nocrypt -in file -out // file" -TEST_F(PKCS8ComparisonTest, PKCS8ToolCompareUnencryptedOpenSSL) { +TEST_F(PKCS8ComparisonTest, Unencrypted) { std::string tool_command = std::string(tool_executable_path) + " pkcs8 -topk8 -nocrypt -in " + in_path + " -out " + out_path_tool; @@ -405,7 +397,7 @@ TEST_F(PKCS8ComparisonTest, PKCS8ToolCrossCompat_OpenSSL_To_AWSLC) { } // Original format comparison test kept for backward compatibility -TEST_F(PKCS8ComparisonTest, PKCS8ToolCompareEncryptedOpenSSL) { +TEST_F(PKCS8ComparisonTest, Encrypted) { std::string tool_command = std::string(tool_executable_path) + " pkcs8 -topk8 -v2 aes-256-cbc -in " + in_path + " -out " + out_path_tool + " -passout file:" + pass_path; @@ -450,7 +442,7 @@ TEST_F(PKCS8ComparisonTest, PKCS8ToolCompareEncryptedOpenSSL) { } // Test against OpenSSL output with DER format -TEST_F(PKCS8ComparisonTest, PKCS8ToolCompareDERFormatOpenSSL) { +TEST_F(PKCS8ComparisonTest, DERFormat) { std::string tool_command = std::string(tool_executable_path) + " pkcs8 -topk8 -nocrypt -in " + in_path + " -outform DER -out " + out_path_tool; @@ -545,7 +537,7 @@ TEST_F(PKCS8ComparisonTest, PKCS8ToolCrossCompat_OpenSSL_To_AWSLC_WithPRF) { } // Original format comparison test with PRF kept for backward compatibility -TEST_F(PKCS8ComparisonTest, PKCS8ToolCompareV2prfOpenSSL) { +TEST_F(PKCS8ComparisonTest, V2prf) { std::string tool_command = std::string(tool_executable_path) + " pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA1 -in " + in_path + diff --git a/tool-openssl/pkey_test.cc b/tool-openssl/pkey_test.cc index 67c4c8d165..79f753aff2 100644 --- a/tool-openssl/pkey_test.cc +++ b/tool-openssl/pkey_test.cc @@ -2,21 +2,21 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC #include -#include #include #include +#include +#include +#include "../crypto/test/test_util.h" #include "internal.h" #include "test_util.h" -#include "../crypto/test/test_util.h" -#include // Helper function to create a test key -EVP_PKEY* CreateTestKey(int key_bits) { +EVP_PKEY *CreateTestKey(int key_bits) { bssl::UniquePtr pkey(EVP_PKEY_new()); if (!pkey) { return nullptr; } - + bssl::UniquePtr rsa(RSA_new()); bssl::UniquePtr bn(BN_new()); if (!bn || !BN_set_word(bn.get(), RSA_F4) || @@ -24,37 +24,38 @@ EVP_PKEY* CreateTestKey(int key_bits) { !EVP_PKEY_assign_RSA(pkey.get(), rsa.release())) { return nullptr; } - + return pkey.release(); } class PKeyTest : public ::testing::Test { -protected: + protected: void SetUp() override { ASSERT_GT(createTempFILEpath(in_path), 0u); ASSERT_GT(createTempFILEpath(out_path), 0u); ASSERT_GT(createTempFILEpath(der_key_path), 0u); - + // Create and save a private key in PEM format bssl::UniquePtr pkey(CreateTestKey(2048)); ASSERT_TRUE(pkey); - + ScopedFILE in_file(fopen(in_path, "wb")); ASSERT_TRUE(in_file); - ASSERT_TRUE(PEM_write_PrivateKey(in_file.get(), pkey.get(), nullptr, nullptr, 0, nullptr, nullptr)); - + ASSERT_TRUE(PEM_write_PrivateKey(in_file.get(), pkey.get(), nullptr, + nullptr, 0, nullptr, nullptr)); + // Create a DER format key ScopedFILE der_file(fopen(der_key_path, "wb")); ASSERT_TRUE(der_file); ASSERT_TRUE(i2d_PrivateKey_fp(der_file.get(), pkey.get())); } - + void TearDown() override { RemoveFile(in_path); RemoveFile(out_path); RemoveFile(der_key_path); } - + char in_path[PATH_MAX]; char out_path[PATH_MAX]; char der_key_path[PATH_MAX]; @@ -63,93 +64,98 @@ class PKeyTest : public ::testing::Test { // ----------------------------- PKey Option Tests ----------------------------- // Test -in and -out -TEST_F(PKeyTest, PKeyToolInOutTest) { +TEST_F(PKeyTest, InOut) { args_list_t args = {"-in", in_path, "-out", out_path}; bool result = pkeyTool(args); ASSERT_TRUE(result); { ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr parsed_pkey(PEM_read_PrivateKey(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_pkey( + PEM_read_PrivateKey(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_pkey); } } // Test -inform DER -TEST_F(PKeyTest, PKeyToolInformDERTest) { +TEST_F(PKeyTest, InformDER) { args_list_t args = {"-in", der_key_path, "-inform", "DER", "-out", out_path}; bool result = pkeyTool(args); ASSERT_TRUE(result); { ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr parsed_pkey(PEM_read_PrivateKey(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_pkey( + PEM_read_PrivateKey(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_pkey); } } // Test -outform DER -TEST_F(PKeyTest, PKeyToolOutformDERTest) { +TEST_F(PKeyTest, OutformDER) { args_list_t args = {"-in", in_path, "-outform", "DER", "-out", out_path}; bool result = pkeyTool(args); ASSERT_TRUE(result); { ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr parsed_pkey(d2i_PrivateKey_fp(out_file.get(), nullptr)); + bssl::UniquePtr parsed_pkey( + d2i_PrivateKey_fp(out_file.get(), nullptr)); ASSERT_TRUE(parsed_pkey); } } // Test -pubout -TEST_F(PKeyTest, PKeyToolPuboutTest) { +TEST_F(PKeyTest, Pubout) { args_list_t args = {"-in", in_path, "-pubout", "-out", out_path}; bool result = pkeyTool(args); ASSERT_TRUE(result); { ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr parsed_pkey(PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_pkey( + PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_pkey); } } // Test -pubin -TEST_F(PKeyTest, PKeyToolPubinTest) { +TEST_F(PKeyTest, Pubin) { // First create a public key file { args_list_t args = {"-in", in_path, "-pubout", "-out", out_path}; bool result = pkeyTool(args); ASSERT_TRUE(result); } - + // Then test reading it with -pubin { char temp_out[PATH_MAX]; ASSERT_GT(createTempFILEpath(temp_out), 0u); - + args_list_t args = {"-in", out_path, "-pubin", "-out", temp_out}; bool result = pkeyTool(args); ASSERT_TRUE(result); - + ScopedFILE out_file(fopen(temp_out, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr parsed_pkey(PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_pkey( + PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_pkey); - + RemoveFile(temp_out); } } // Test -text -TEST_F(PKeyTest, PKeyToolTextTest) { +TEST_F(PKeyTest, Text) { args_list_t args = {"-in", in_path, "-text", "-noout"}; bool result = pkeyTool(args); ASSERT_TRUE(result); } // Test -text_pub -TEST_F(PKeyTest, PKeyToolTextPubTest) { +TEST_F(PKeyTest, TextPub) { args_list_t args = {"-in", in_path, "-text_pub", "-noout"}; bool result = pkeyTool(args); ASSERT_TRUE(result); @@ -158,10 +164,10 @@ TEST_F(PKeyTest, PKeyToolTextPubTest) { // -------------------- PKey Option Usage Error Tests -------------------------- class PKeyOptionUsageErrorsTest : public PKeyTest { -protected: - void TestOptionUsageErrors(const std::vector& args) { + protected: + void TestOptionUsageErrors(const std::vector &args) { args_list_t c_args; - for (const auto& arg : args) { + for (const auto &arg : args) { c_args.push_back(arg.c_str()); } bool result = pkeyTool(c_args); @@ -172,10 +178,10 @@ class PKeyOptionUsageErrorsTest : public PKeyTest { // Test invalid format options TEST_F(PKeyOptionUsageErrorsTest, InvalidFormatOptionsTest) { std::vector> testparams = { - {"-in", in_path, "-inform", "INVALID"}, - {"-in", in_path, "-outform", "INVALID"}, + {"-in", in_path, "-inform", "INVALID"}, + {"-in", in_path, "-outform", "INVALID"}, }; - for (const auto& args : testparams) { + for (const auto &args : testparams) { TestOptionUsageErrors(args); } } @@ -186,13 +192,13 @@ TEST_F(PKeyOptionUsageErrorsTest, InvalidFormatOptionsTest) { // AWSLC_TOOL_PATH and OPENSSL_TOOL_PATH. class PKeyComparisonTest : public ::testing::Test { -protected: + protected: // Helper method to normalize key headers by removing algorithm prefixes // (e.g., "RSA Private-Key:" -> "Private-Key:") - void normalizeKeyHeader(std::string& str, const std::string& keyType) { + void normalizeKeyHeader(std::string &str, const std::string &keyType) { size_t pos = str.find(keyType + "-Key:"); if (pos != std::string::npos && pos > 0) { - size_t prefixStart = 0; + size_t prefixStart = 0; str.erase(prefixStart, pos - prefixStart); } } @@ -202,28 +208,30 @@ class PKeyComparisonTest : public ::testing::Test { tool_executable_path = getenv("AWSLC_TOOL_PATH"); openssl_executable_path = getenv("OPENSSL_TOOL_PATH"); if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { - GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH environment variables are not set"; + GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " + "environment variables are not set"; } ASSERT_GT(createTempFILEpath(in_path), 0u); ASSERT_GT(createTempFILEpath(out_path_tool), 0u); ASSERT_GT(createTempFILEpath(out_path_openssl), 0u); ASSERT_GT(createTempFILEpath(der_key_path), 0u); - + // Create and save a private key pkey.reset(CreateTestKey(2048)); ASSERT_TRUE(pkey); - + ScopedFILE in_file(fopen(in_path, "wb")); ASSERT_TRUE(in_file); - ASSERT_TRUE(PEM_write_PrivateKey(in_file.get(), pkey.get(), nullptr, nullptr, 0, nullptr, nullptr)); - + ASSERT_TRUE(PEM_write_PrivateKey(in_file.get(), pkey.get(), nullptr, + nullptr, 0, nullptr, nullptr)); + // Create a DER format key ScopedFILE der_file(fopen(der_key_path, "wb")); ASSERT_TRUE(der_file); ASSERT_TRUE(i2d_PrivateKey_fp(der_file.get(), pkey.get())); } - + void TearDown() override { if (tool_executable_path != nullptr && openssl_executable_path != nullptr) { RemoveFile(in_path); @@ -232,28 +240,38 @@ class PKeyComparisonTest : public ::testing::Test { RemoveFile(der_key_path); } } - + char in_path[PATH_MAX]; char out_path_tool[PATH_MAX]; char out_path_openssl[PATH_MAX]; char der_key_path[PATH_MAX]; bssl::UniquePtr pkey; - const char* tool_executable_path; - const char* openssl_executable_path; + const char *tool_executable_path; + const char *openssl_executable_path; std::string tool_output_str; std::string openssl_output_str; }; // Test against OpenSSL output "openssl pkey -in file -text -noout" -TEST_F(PKeyComparisonTest, PKeyToolCompareTextOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " pkey -in " + in_path + " -text -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " pkey -in " + in_path + " -text -noout > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); - - // OpenSSL versions may have slight formatting differences, so we remove whitespace for comparison - tool_output_str.erase(remove_if(tool_output_str.begin(), tool_output_str.end(), isspace), tool_output_str.end()); - openssl_output_str.erase(remove_if(openssl_output_str.begin(), openssl_output_str.end(), isspace), openssl_output_str.end()); +TEST_F(PKeyComparisonTest, Text) { + std::string tool_command = std::string(tool_executable_path) + " pkey -in " + + in_path + " -text -noout > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " pkey -in " + in_path + " -text -noout > " + + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); + + // OpenSSL versions may have slight formatting differences, so we remove + // whitespace for comparison + tool_output_str.erase( + remove_if(tool_output_str.begin(), tool_output_str.end(), isspace), + tool_output_str.end()); + openssl_output_str.erase( + remove_if(openssl_output_str.begin(), openssl_output_str.end(), isspace), + openssl_output_str.end()); // Normalize algorithm prefixes before "Private-Key:" normalizeKeyHeader(tool_output_str, "Private"); @@ -263,15 +281,25 @@ TEST_F(PKeyComparisonTest, PKeyToolCompareTextOpenSSL) { } // Test against OpenSSL output "openssl pkey -in file -text_pub -noout" -TEST_F(PKeyComparisonTest, PKeyToolCompareTextPubOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " pkey -in " + in_path + " -text_pub -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " pkey -in " + in_path + " -text_pub -noout > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); - - // OpenSSL versions may have slight formatting differences, so we remove whitespace for comparison - tool_output_str.erase(remove_if(tool_output_str.begin(), tool_output_str.end(), isspace), tool_output_str.end()); - openssl_output_str.erase(remove_if(openssl_output_str.begin(), openssl_output_str.end(), isspace), openssl_output_str.end()); +TEST_F(PKeyComparisonTest, TextPub) { + std::string tool_command = std::string(tool_executable_path) + " pkey -in " + + in_path + " -text_pub -noout > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " pkey -in " + in_path + + " -text_pub -noout > " + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); + + // OpenSSL versions may have slight formatting differences, so we remove + // whitespace for comparison + tool_output_str.erase( + remove_if(tool_output_str.begin(), tool_output_str.end(), isspace), + tool_output_str.end()); + openssl_output_str.erase( + remove_if(openssl_output_str.begin(), openssl_output_str.end(), isspace), + openssl_output_str.end()); // Normalize algorithm prefixes before "Public-Key:" normalizeKeyHeader(tool_output_str, "Public"); @@ -281,16 +309,21 @@ TEST_F(PKeyComparisonTest, PKeyToolCompareTextPubOpenSSL) { } // Test against OpenSSL output "openssl pkey -in file -pubout" -TEST_F(PKeyComparisonTest, PKeyToolComparePuboutOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " pkey -in " + in_path + " -pubout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " pkey -in " + in_path + " -pubout > " + out_path_openssl; +TEST_F(PKeyComparisonTest, Pubout) { + std::string tool_command = std::string(tool_executable_path) + " pkey -in " + + in_path + " -pubout > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " pkey -in " + in_path + " -pubout > " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Check that both outputs contain the public key header const std::string PUB_KEY_BEGIN = "-----BEGIN PUBLIC KEY-----"; const std::string PUB_KEY_END = "-----END PUBLIC KEY-----"; - + ASSERT_NE(tool_output_str.find(PUB_KEY_BEGIN), std::string::npos); ASSERT_NE(tool_output_str.find(PUB_KEY_END), std::string::npos); ASSERT_NE(openssl_output_str.find(PUB_KEY_BEGIN), std::string::npos); @@ -298,16 +331,21 @@ TEST_F(PKeyComparisonTest, PKeyToolComparePuboutOpenSSL) { } // Test against OpenSSL output "openssl pkey -in file -inform DER" -TEST_F(PKeyComparisonTest, PKeyToolCompareInformDEROpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " pkey -in " + der_key_path + " -inform DER > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " pkey -in " + der_key_path + " -inform DER > " + out_path_openssl; +TEST_F(PKeyComparisonTest, InformDER) { + std::string tool_command = std::string(tool_executable_path) + " pkey -in " + + der_key_path + " -inform DER > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " pkey -in " + der_key_path + + " -inform DER > " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Check that both outputs contain the private key header const std::string PRIV_KEY_BEGIN = "-----BEGIN PRIVATE KEY-----"; const std::string PRIV_KEY_END = "-----END PRIVATE KEY-----"; - + ASSERT_NE(tool_output_str.find(PRIV_KEY_BEGIN), std::string::npos); ASSERT_NE(tool_output_str.find(PRIV_KEY_END), std::string::npos); ASSERT_NE(openssl_output_str.find(PRIV_KEY_BEGIN), std::string::npos); @@ -315,49 +353,69 @@ TEST_F(PKeyComparisonTest, PKeyToolCompareInformDEROpenSSL) { } // Test against OpenSSL output "openssl pkey -in file -outform DER" -TEST_F(PKeyComparisonTest, PKeyToolCompareOutformDEROpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " pkey -in " + in_path + " -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " pkey -in " + in_path + " -outform DER -out " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); +TEST_F(PKeyComparisonTest, OutformDER) { + std::string tool_command = std::string(tool_executable_path) + " pkey -in " + + in_path + " -outform DER -out " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " pkey -in " + in_path + " -outform DER -out " + + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } // Test against OpenSSL output "openssl pkey -in file -pubin -pubout" -TEST_F(PKeyComparisonTest, PKeyToolComparePubinPuboutOpenSSL) { +TEST_F(PKeyComparisonTest, PubinPubout) { // First create a public key file - std::string create_pubkey_cmd = std::string(tool_executable_path) + " pkey -in " + in_path + " -pubout -out " + out_path_tool; + std::string create_pubkey_cmd = std::string(tool_executable_path) + + " pkey -in " + in_path + " -pubout -out " + + out_path_tool; ASSERT_EQ(system(create_pubkey_cmd.c_str()), 0); - - // Then test reading it with -pubin - std::string tool_command = std::string(tool_executable_path) + " pkey -in " + out_path_tool + " -pubin > " + out_path_tool + ".new"; - std::string openssl_command = std::string(openssl_executable_path) + " pkey -in " + out_path_tool + " -pubin > " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, (std::string(out_path_tool) + ".new").c_str(), out_path_openssl, tool_output_str, openssl_output_str); + // Then test reading it with -pubin + std::string tool_command = std::string(tool_executable_path) + " pkey -in " + + out_path_tool + " -pubin > " + out_path_tool + + ".new"; + std::string openssl_command = std::string(openssl_executable_path) + + " pkey -in " + out_path_tool + " -pubin > " + + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, + (std::string(out_path_tool) + ".new").c_str(), + out_path_openssl, tool_output_str, + openssl_output_str); // Check that both outputs contain the public key header const std::string PUB_KEY_BEGIN = "-----BEGIN PUBLIC KEY-----"; const std::string PUB_KEY_END = "-----END PUBLIC KEY-----"; - + ASSERT_NE(tool_output_str.find(PUB_KEY_BEGIN), std::string::npos); ASSERT_NE(tool_output_str.find(PUB_KEY_END), std::string::npos); ASSERT_NE(openssl_output_str.find(PUB_KEY_BEGIN), std::string::npos); ASSERT_NE(openssl_output_str.find(PUB_KEY_END), std::string::npos); - + // Clean up the extra file RemoveFile((std::string(out_path_tool) + ".new").c_str()); } // Test against OpenSSL output reading from stdin "cat file | openssl pkey" -TEST_F(PKeyComparisonTest, PKeyToolCompareStdinOpenSSL) { - std::string tool_command = "cat " + std::string(in_path) + " | " + std::string(tool_executable_path) + " pkey > " + out_path_tool; - std::string openssl_command = "cat " + std::string(in_path) + " | " + std::string(openssl_executable_path) + " pkey > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); +TEST_F(PKeyComparisonTest, Stdin) { + std::string tool_command = "cat " + std::string(in_path) + " | " + + std::string(tool_executable_path) + " pkey > " + + out_path_tool; + std::string openssl_command = "cat " + std::string(in_path) + " | " + + std::string(openssl_executable_path) + + " pkey > " + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Check that both outputs contain the private key header const std::string PRIV_KEY_BEGIN = "-----BEGIN PRIVATE KEY-----"; const std::string PRIV_KEY_END = "-----END PRIVATE KEY-----"; - + ASSERT_NE(tool_output_str.find(PRIV_KEY_BEGIN), std::string::npos); ASSERT_NE(tool_output_str.find(PRIV_KEY_END), std::string::npos); ASSERT_NE(openssl_output_str.find(PRIV_KEY_BEGIN), std::string::npos); diff --git a/tool-openssl/pkeyutl.cc b/tool-openssl/pkeyutl.cc index 8aa0886976..1bd1996ee3 100644 --- a/tool-openssl/pkeyutl.cc +++ b/tool-openssl/pkeyutl.cc @@ -213,7 +213,11 @@ static bool WriteOutput(const std::vector &data, return false; } - BIO_write(output_bio.get(), data.data(), data.size()); + if (BIO_write(output_bio.get(), data.data(), data.size()) <= 0) { + fprintf(stderr, "Error: failed to write output data\n"); + return false; + } + return true; } diff --git a/tool-openssl/pkeyutl_test.cc b/tool-openssl/pkeyutl_test.cc index 94401f107c..76d0f38f27 100644 --- a/tool-openssl/pkeyutl_test.cc +++ b/tool-openssl/pkeyutl_test.cc @@ -232,7 +232,7 @@ class PKeyUtlOptionUsageErrorsTest : public PKeyUtlTest { }; // Test invalid option combinations -TEST_F(PKeyUtlOptionUsageErrorsTest, InvalidOptionCombinationsTest) { +TEST_F(PKeyUtlOptionUsageErrorsTest, InvalidOptionCombinations) { std::vector> testparams = { // Both sign and verify specified {"-sign", "-verify", "-inkey", key_path, "-in", in_path}, @@ -324,7 +324,7 @@ class PKeyUtlComparisonTest : public ::testing::Test { }; // Test signing operation against OpenSSL -TEST_F(PKeyUtlComparisonTest, SignCompareOpenSSL) { +TEST_F(PKeyUtlComparisonTest, Sign) { std::string tool_command = std::string(tool_executable_path) + " pkeyutl -sign -inkey " + key_path + " -in " + in_path + " -out " + sig_path_tool; @@ -402,7 +402,7 @@ TEST_F(PKeyUtlComparisonTest, SignCompareOpenSSL) { } // Test pkeyopt functionality against OpenSSL -TEST_F(PKeyUtlComparisonTest, PkeyoptCompareOpenSSL) { +TEST_F(PKeyUtlComparisonTest, Pkeyopt) { char hashed_in_path[PATH_MAX]; ASSERT_GT(createTempFILEpath(hashed_in_path), 0u); diff --git a/tool-openssl/req.cc b/tool-openssl/req.cc index 1ed2f2b5d3..5e10790d5f 100644 --- a/tool-openssl/req.cc +++ b/tool-openssl/req.cc @@ -280,7 +280,7 @@ static const char *PromptField(const ReqField &field, char *buffer, buffer[len - 1] = '\0'; len--; } -#if defined(_WIN32) +#if defined(OPENSSL_WINDOWS) if (len > 0 && buffer[len - 1] == '\r') { buffer[len - 1] = '\0'; len--; @@ -380,7 +380,7 @@ static bssl::UniquePtr BuildSubject( } // Only add non-empty values - if (value && OPENSSL_strnlen(value, BUF_SIZE) > 0) { + if (value && OPENSSL_strnlen(value, sizeof(buffer)) > 0) { if (!X509_NAME_add_entry_by_NID( subj.get(), field.nid, chtype, reinterpret_cast(value), -1, -1, 0)) { @@ -428,7 +428,7 @@ static bssl::UniquePtr BuildSubject( } // Only add non-empty attributes - if (value && OPENSSL_strnlen(value, BUF_SIZE) > 0) { + if (value && OPENSSL_strnlen(value, sizeof(buffer)) > 0) { bssl::UniquePtr x509_attr(X509_ATTRIBUTE_create_by_NID( nullptr, attr.nid, MBSTRING_ASC, reinterpret_cast(value), -1)); @@ -647,13 +647,11 @@ static bool GenerateSerial(X509 *cert) { return false; } - /* - * Randomly generate a serial number - * - * IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits - * so that the first bit will never be one, so that the DER encoding - * rules won't force a leading octet. - */ + // Randomly generate a serial number + // + // IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits + // so that the first bit will never be one, so that the DER encoding + // rules won't force a leading octet. constexpr int SERIAL_RAND_BITS = 159; if (!BN_rand(bn.get(), SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) { diff --git a/tool-openssl/req_test.cc b/tool-openssl/req_test.cc index e2cd51238a..1eb18b225a 100644 --- a/tool-openssl/req_test.cc +++ b/tool-openssl/req_test.cc @@ -222,7 +222,7 @@ TEST_F(ReqTest, SuppressedKeyWrite) { "encrypt_key = yes\n" "[req_dn]\n" "CN = Common Name\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-out", csr_path, "-subj", "/CN=test.com"}; @@ -245,7 +245,7 @@ TEST_F(ReqTest, ExistingKeyNoWrite) { "encrypt_key = yes\n" "[req_dn]\n" "CN = Common Name\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-key", input_key_path, "-out", @@ -284,7 +284,7 @@ TEST_F(ReqTest, BasicConfig) { "distinguished_name = req_dn\n" "[req_dn]\n" "CN = Common Name\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-nodes", "-keyout", output_key_path, "-out", csr_path, @@ -310,7 +310,7 @@ TEST_F(ReqTest, NoReqSectionConfig) { "encrypt_key = no\n" "[req_dn]\n" "CN = Common Name\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-keyout", output_key_path, "-out", @@ -354,7 +354,7 @@ TEST_F(ReqTest, DigestSelectionFromConfig) { "default_md = sha512\n" "distinguished_name = req_dn\n" "[req_dn]\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-newkey", "rsa:2048", "-nodes", "-keyout", output_key_path, @@ -371,7 +371,7 @@ TEST_F(ReqTest, KeyEncryptionFromConfig) { "encrypt_key = yes\n" "distinguished_name = req_dn\n" "[req_dn]\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-newkey", "rsa:2048", "-passout", "pass:testpass", "-keyout", @@ -394,7 +394,7 @@ TEST_F(ReqTest, ReqExtensions) { "[test_ext]\n" "basicConstraints = CA:FALSE\n" "keyUsage = digitalSignature, keyEncipherment\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-extensions", "test_ext", "-newkey", "rsa:2048", "-nodes", @@ -415,7 +415,7 @@ TEST_F(ReqTest, X509Extensions) { "basicConstraints = CA:FALSE\n" "keyUsage = digitalSignature, keyEncipherment\n" "subjectAltName = DNS:alt.example.com\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-x509", "-new", "-config", config_path, "-extensions", "custom_ext", "-newkey", "rsa:2048", @@ -436,7 +436,7 @@ TEST_F(ReqTest, ReqExtensionsFromConfig) { "[v3_req]\n" "basicConstraints = CA:FALSE\n" "keyUsage = nonRepudiation, digitalSignature, keyEncipherment\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-newkey", "rsa:2048", "-nodes", "-keyout", output_key_path, @@ -456,7 +456,7 @@ TEST_F(ReqTest, X509ExtensionsFromConfig) { "[v3_ca]\n" "basicConstraints = critical,CA:true\n" "keyUsage = critical,keyCertSign,cRLSign\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-x509", "-new", "-config", config_path, "-newkey", "rsa:2048", "-nodes", "-keyout", @@ -470,7 +470,7 @@ TEST_F(ReqTest, ReqExtensionsFromEmptyConfig) { ScopedFILE config_file(fopen(config_path, "w")); ASSERT_TRUE(config_file); fprintf(config_file.get(), "[req]\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-new", "-config", config_path, "-newkey", "rsa:2048", "-nodes", "-keyout", output_key_path, @@ -483,7 +483,7 @@ TEST_F(ReqTest, X509ExtensionsFromEmptyConfig) { ScopedFILE config_file(fopen(config_path, "w")); ASSERT_TRUE(config_file); fprintf(config_file.get(), "[req]\n"); - fclose(config_file.release()); + config_file.reset(); args_list_t args = {"-x509", "-new", "-config", config_path, "-newkey", "rsa:2048", "-nodes", "-keyout", @@ -716,9 +716,8 @@ TEST_F(ReqComparisonTest, GenerateBasicCSR) { auto csr_tool = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_tool != nullptr) << "Failed to load CSR generated by tool"; - ASSERT_TRUE(csr_openssl != nullptr) - << "Failed to load CSR generated by OpenSSL"; + ASSERT_TRUE(csr_tool) << "Failed to load CSR generated by tool"; + ASSERT_TRUE(csr_openssl) << "Failed to load CSR generated by OpenSSL"; // Compare CSR attributes ASSERT_TRUE(CompareCSRs(csr_tool.get(), csr_openssl.get())) @@ -747,9 +746,8 @@ TEST_F(ReqComparisonTest, GenerateSelfSignedCertificate) { auto cert_tool = LoadPEMCertificate(cert_path_awslc); auto cert_openssl = LoadPEMCertificate(cert_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 365 days validity period @@ -770,7 +768,7 @@ TEST_F(ReqComparisonTest, NoPromptConfig) { "[ req_distinguished_name ]\n" "CN = config.example.com\n" "C = US\n"); - fclose(config_file.release()); + config_file.reset(); std::string awslc_command = std::string(tool_executable_path) + " req -new -config " + config_path + @@ -786,8 +784,8 @@ TEST_F(ReqComparisonTest, NoPromptConfig) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr); - ASSERT_TRUE(csr_openssl != nullptr); + ASSERT_TRUE(csr_awslc); + ASSERT_TRUE(csr_openssl); ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -813,8 +811,8 @@ TEST_F(ReqComparisonTest, InteractivePrompting) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr); - ASSERT_TRUE(csr_openssl != nullptr); + ASSERT_TRUE(csr_awslc); + ASSERT_TRUE(csr_openssl); ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -831,7 +829,7 @@ TEST_F(ReqComparisonTest, PrivateKeyLengthFromConfig) { "\n" "[ req_distinguished_name ]\n" "CN = test.example.com\n"); - fclose(config_file.release()); + config_file.reset(); std::string subject = "/CN=test.example.com"; std::string awslc_command = std::string(tool_executable_path) + " req -new " + @@ -848,8 +846,8 @@ TEST_F(ReqComparisonTest, PrivateKeyLengthFromConfig) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr); - ASSERT_TRUE(csr_openssl != nullptr); + ASSERT_TRUE(csr_awslc); + ASSERT_TRUE(csr_openssl); ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); bssl::UniquePtr awslc_key( @@ -902,7 +900,7 @@ TEST_F(ReqComparisonTest, SubjectConfigFallback) { "ST = California\n" "organizationName = Test Org\n" "CN = config.example.com\n"); - fclose(config_file.release()); + config_file.reset(); std::string awslc_command = std::string(tool_executable_path) + " req -new " + "-config " + config_path + @@ -919,8 +917,8 @@ TEST_F(ReqComparisonTest, SubjectConfigFallback) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr) << "Failed to load AWS-LC CSR"; - ASSERT_TRUE(csr_openssl != nullptr) << "Failed to load OpenSSL CSR"; + ASSERT_TRUE(csr_awslc) << "Failed to load AWS-LC CSR"; + ASSERT_TRUE(csr_openssl) << "Failed to load OpenSSL CSR"; ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -941,8 +939,8 @@ TEST_F(ReqComparisonTest, ExistingPrivateKey) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr) << "Failed to load AWS-LC CSR"; - ASSERT_TRUE(csr_openssl != nullptr) << "Failed to load OpenSSL CSR"; + ASSERT_TRUE(csr_awslc) << "Failed to load AWS-LC CSR"; + ASSERT_TRUE(csr_openssl) << "Failed to load OpenSSL CSR"; ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -966,8 +964,8 @@ TEST_F(ReqComparisonTest, OutformDER) { auto csr_awslc = LoadDERCSR(csr_path_awslc); auto csr_openssl = LoadDERCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr) << "Failed to load AWS-LC CSR"; - ASSERT_TRUE(csr_openssl != nullptr) << "Failed to load OpenSSL CSR"; + ASSERT_TRUE(csr_awslc) << "Failed to load AWS-LC CSR"; + ASSERT_TRUE(csr_openssl) << "Failed to load OpenSSL CSR"; ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); // Test certificate generation @@ -986,9 +984,8 @@ TEST_F(ReqComparisonTest, OutformDER) { auto cert_awslc = LoadDERCertificate(cert_path_awslc); auto cert_openssl = LoadDERCertificate(cert_path_openssl); - ASSERT_TRUE(cert_awslc != nullptr) << "Failed to load AWS-LC DER certificate"; - ASSERT_TRUE(cert_openssl != nullptr) - << "Failed to load OpenSSL DER certificate"; + ASSERT_TRUE(cert_awslc) << "Failed to load AWS-LC DER certificate"; + ASSERT_TRUE(cert_openssl) << "Failed to load OpenSSL DER certificate"; // Compare certificates with 365 days validity period ASSERT_TRUE( @@ -1019,8 +1016,8 @@ TEST_F(ReqComparisonTest, KeyConflict) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr) << "Failed to load AWS-LC CSR"; - ASSERT_TRUE(csr_openssl != nullptr) << "Failed to load OpenSSL CSR"; + ASSERT_TRUE(csr_awslc) << "Failed to load AWS-LC CSR"; + ASSERT_TRUE(csr_openssl) << "Failed to load OpenSSL CSR"; ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); bssl::UniquePtr awslc_key( @@ -1049,8 +1046,8 @@ TEST_F(ReqComparisonTest, DigestSelection) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr) << "Failed to load AWS-LC CSR"; - ASSERT_TRUE(csr_openssl != nullptr) << "Failed to load OpenSSL CSR"; + ASSERT_TRUE(csr_awslc) << "Failed to load AWS-LC CSR"; + ASSERT_TRUE(csr_openssl) << "Failed to load OpenSSL CSR"; ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -1067,7 +1064,7 @@ TEST_F(ReqComparisonTest, DigestSelectionFromConfig) { "\n" "[ req_distinguished_name ]\n" "CN = encrypted-key.example.com\n"); - fclose(config_file.release()); + config_file.reset(); std::string awslc_command = std::string(tool_executable_path) + " req -new " + "-config " + config_path + @@ -1084,8 +1081,8 @@ TEST_F(ReqComparisonTest, DigestSelectionFromConfig) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr) << "Failed to load AWS-LC CSR"; - ASSERT_TRUE(csr_openssl != nullptr) << "Failed to load OpenSSL CSR"; + ASSERT_TRUE(csr_awslc) << "Failed to load AWS-LC CSR"; + ASSERT_TRUE(csr_openssl) << "Failed to load OpenSSL CSR"; ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -1109,8 +1106,8 @@ TEST_F(ReqComparisonTest, CustomValidityPeriod) { auto cert_awslc = LoadPEMCertificate(cert_path_awslc); auto cert_openssl = LoadPEMCertificate(cert_path_openssl); - ASSERT_TRUE(cert_awslc != nullptr) << "Failed to load AWS-LC certificate"; - ASSERT_TRUE(cert_openssl != nullptr) << "Failed to load OpenSSL certificate"; + ASSERT_TRUE(cert_awslc) << "Failed to load AWS-LC certificate"; + ASSERT_TRUE(cert_openssl) << "Failed to load OpenSSL certificate"; // Compare certificates with 180 days validity period ASSERT_TRUE( @@ -1135,8 +1132,8 @@ TEST_F(ReqComparisonTest, CustomSigningKey) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr) << "Failed to load AWS-LC CSR"; - ASSERT_TRUE(csr_openssl != nullptr) << "Failed to load OpenSSL CSR"; + ASSERT_TRUE(csr_awslc) << "Failed to load AWS-LC CSR"; + ASSERT_TRUE(csr_openssl) << "Failed to load OpenSSL CSR"; ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -1158,8 +1155,8 @@ TEST_F(ReqComparisonTest, ProtectedSigningKey) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr); - ASSERT_TRUE(csr_openssl != nullptr); + ASSERT_TRUE(csr_awslc); + ASSERT_TRUE(csr_openssl); ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -1178,7 +1175,7 @@ TEST_F(ReqComparisonTest, GenerateProtectedPrivateKey) { "\n" "[ req_distinguished_name ]\n" "CN = encrypted-key.example.com\n"); - fclose(config_file.release()); + config_file.reset(); // Test with existing key (using the pre-generated sign_key_path) and config std::string awslc_command = @@ -1235,7 +1232,7 @@ TEST_F(ReqComparisonTest, ReqExtensions) { "[ test_ext ]\n" "basicConstraints = CA:FALSE\n" "keyUsage = digitalSignature, keyEncipherment\n"); - fclose(config_file.release()); + config_file.reset(); std::string awslc_command = std::string(tool_executable_path) + " req -new " + "-config " + config_path + @@ -1254,8 +1251,8 @@ TEST_F(ReqComparisonTest, ReqExtensions) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr); - ASSERT_TRUE(csr_openssl != nullptr); + ASSERT_TRUE(csr_awslc); + ASSERT_TRUE(csr_openssl); ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -1276,7 +1273,7 @@ TEST_F(ReqComparisonTest, X509Extensions) { "basicConstraints = CA:FALSE\n" "keyUsage = digitalSignature, keyEncipherment\n" "subjectAltName = DNS:alt.example.com\n"); - fclose(config_file.release()); + config_file.reset(); std::string awslc_command = std::string(tool_executable_path) + " req -x509 -new " + "-config " + config_path + @@ -1296,9 +1293,9 @@ TEST_F(ReqComparisonTest, X509Extensions) { auto cert_awslc = LoadPEMCertificate(cert_path_awslc); auto cert_openssl = LoadPEMCertificate(cert_path_openssl); - ASSERT_TRUE(cert_awslc != nullptr) + ASSERT_TRUE(cert_awslc) << "Failed to load AWS-LC certificate with custom extensions"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_openssl) << "Failed to load OpenSSL certificate with custom extensions"; // Compare certificates with custom extensions @@ -1323,7 +1320,7 @@ TEST_F(ReqComparisonTest, ReqExtensionsFromConfig) { "[ v3_req ]\n" "subjectAltName = DNS:alt1.example.com,DNS:alt2.example.com\n" "keyUsage = digitalSignature, keyEncipherment\n"); - fclose(config_file.release()); + config_file.reset(); std::string subject = "/CN=req-ext-test.example.com"; std::string awslc_command = @@ -1341,8 +1338,8 @@ TEST_F(ReqComparisonTest, ReqExtensionsFromConfig) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr); - ASSERT_TRUE(csr_openssl != nullptr); + ASSERT_TRUE(csr_awslc); + ASSERT_TRUE(csr_openssl); ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -1363,7 +1360,7 @@ TEST_F(ReqComparisonTest, X509ExtensionsFromConfig) { "basicConstraints = critical,CA:true\n" "keyUsage = critical,keyCertSign,cRLSign\n" "subjectKeyIdentifier = hash\n"); - fclose(config_file.release()); + config_file.reset(); std::string subject = "/CN=x509-ext-test.example.com"; std::string awslc_command = std::string(tool_executable_path) + @@ -1383,8 +1380,8 @@ TEST_F(ReqComparisonTest, X509ExtensionsFromConfig) { auto cert_awslc = LoadPEMCertificate(cert_path_awslc); auto cert_openssl = LoadPEMCertificate(cert_path_openssl); - ASSERT_TRUE(cert_awslc != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_awslc); + ASSERT_TRUE(cert_openssl); ASSERT_TRUE( CompareCertificates(cert_awslc.get(), cert_openssl.get(), nullptr, 365)); } @@ -1401,7 +1398,7 @@ TEST_F(ReqComparisonTest, ReqExtentionsFromEmptyConfig) { "[ req_distinguished_name ]\n" "CN = req-ext-test.example.com\n" "\n"); - fclose(config_file.release()); + config_file.reset(); std::string awslc_command = std::string(tool_executable_path) + " req -new " + "-config " + config_path + @@ -1418,8 +1415,8 @@ TEST_F(ReqComparisonTest, ReqExtentionsFromEmptyConfig) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr); - ASSERT_TRUE(csr_openssl != nullptr); + ASSERT_TRUE(csr_awslc); + ASSERT_TRUE(csr_openssl); ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } @@ -1435,7 +1432,7 @@ TEST_F(ReqComparisonTest, X509ExtensionsFromEmptyConfig) { "[ req_distinguished_name ]\n" "CN = x509-ext-test.example.com\n" "\n"); - fclose(config_file.release()); + config_file.reset(); std::string awslc_command = std::string(tool_executable_path) + " req -x509 -new " + "-config " + config_path + @@ -1452,8 +1449,8 @@ TEST_F(ReqComparisonTest, X509ExtensionsFromEmptyConfig) { auto cert_awslc = LoadPEMCertificate(cert_path_awslc); auto cert_openssl = LoadPEMCertificate(cert_path_openssl); - ASSERT_TRUE(cert_awslc != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_awslc); + ASSERT_TRUE(cert_openssl); ASSERT_TRUE( CompareCertificates(cert_awslc.get(), cert_openssl.get(), nullptr, 365)); } @@ -1473,7 +1470,7 @@ TEST_F(ReqComparisonTest, NoReqSectionConfig) { "[ v3_req ]\n" "subjectAltName = DNS:alt1.example.com,DNS:alt2.example.com\n" "keyUsage = digitalSignature, keyEncipherment\n"); - fclose(config_file.release()); + config_file.reset(); std::string subject = "/CN=req-ext-test.example.com"; std::string awslc_command = @@ -1491,8 +1488,8 @@ TEST_F(ReqComparisonTest, NoReqSectionConfig) { auto csr_awslc = LoadPEMCSR(csr_path_awslc); auto csr_openssl = LoadPEMCSR(csr_path_openssl); - ASSERT_TRUE(csr_awslc != nullptr); - ASSERT_TRUE(csr_openssl != nullptr); + ASSERT_TRUE(csr_awslc); + ASSERT_TRUE(csr_openssl); ASSERT_TRUE(CompareCSRs(csr_awslc.get(), csr_openssl.get())); } diff --git a/tool-openssl/rsa_test.cc b/tool-openssl/rsa_test.cc index 0020e0d89a..34cd66798a 100644 --- a/tool-openssl/rsa_test.cc +++ b/tool-openssl/rsa_test.cc @@ -4,15 +4,17 @@ #include "openssl/rsa.h" #include #include +#include "../crypto/test/test_util.h" #include "internal.h" #include "test_util.h" -#include "../crypto/test/test_util.h" -bool CheckBoundaries(const std::string &content, const std::string &begin1, const std::string &end1, const std::string &begin2, const std::string &end2); +bool CheckBoundaries(const std::string &content, const std::string &begin1, + const std::string &end1, const std::string &begin2, + const std::string &end2); -RSA* CreateRSAKey(); +RSA *CreateRSAKey(); -RSA* CreateRSAKey() { +RSA *CreateRSAKey() { bssl::UniquePtr bn(BN_new()); if (!bn || !BN_set_word(bn.get(), RSA_F4)) { return nullptr; @@ -25,7 +27,7 @@ RSA* CreateRSAKey() { } class RSATest : public ::testing::Test { -protected: + protected: void SetUp() override { ASSERT_GT(createTempFILEpath(in_path), 0u); ASSERT_GT(createTempFILEpath(out_path), 0u); @@ -35,7 +37,8 @@ class RSATest : public ::testing::Test { ScopedFILE in_file(fopen(in_path, "wb")); ASSERT_TRUE(in_file); - ASSERT_TRUE(PEM_write_RSAPrivateKey(in_file.get(), rsa.get(), nullptr, nullptr, 0, nullptr, nullptr)); + ASSERT_TRUE(PEM_write_RSAPrivateKey(in_file.get(), rsa.get(), nullptr, + nullptr, 0, nullptr, nullptr)); } void TearDown() override { RemoveFile(in_path); @@ -48,27 +51,28 @@ class RSATest : public ::testing::Test { // ----------------------------- RSA Option Tests ----------------------------- // Test -in and -out -TEST_F(RSATest, RSAToolInOutTest) { +TEST_F(RSATest, InOut) { args_list_t args = {"-in", in_path, "-out", out_path}; bool result = rsaTool(args); ASSERT_TRUE(result); { ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr parsed_rsa(PEM_read_RSAPrivateKey(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_rsa( + PEM_read_RSAPrivateKey(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_rsa); } } // Test -modulus -TEST_F(RSATest, RSAToolModulusTest) { +TEST_F(RSATest, Modulus) { args_list_t args = {"-in", in_path, "-modulus"}; bool result = rsaTool(args); ASSERT_TRUE(result); } // Test -noout -TEST_F(RSATest, RSAToolNooutTest) { +TEST_F(RSATest, Noout) { args_list_t args = {"-in", in_path, "-noout"}; bool result = rsaTool(args); ASSERT_TRUE(result); @@ -78,10 +82,10 @@ TEST_F(RSATest, RSAToolNooutTest) { // -------------------- RSA Option Usage Error Tests -------------------------- class RSAOptionUsageErrorsTest : public RSATest { -protected: - void TestOptionUsageErrors(const std::vector& args) { + protected: + void TestOptionUsageErrors(const std::vector &args) { args_list_t c_args; - for (const auto& arg : args) { + for (const auto &arg : args) { c_args.push_back(arg.c_str()); } bool result = rsaTool(c_args); @@ -99,7 +103,7 @@ TEST_F(RSAOptionUsageErrorsTest, InvalidFilePathTest) { // -------------------- RSA Functional Unit Tests ----------------------------- class RSAFunctionalTest : public ::testing::Test { -protected: + protected: void SetUp() override { ASSERT_GT(createTempFILEpath(in_path), 0u); ASSERT_GT(createTempFILEpath(out_path), 0u); @@ -111,7 +115,8 @@ class RSAFunctionalTest : public ::testing::Test { // Write private key in PEM format ScopedFILE in_file(fopen(in_path, "wb")); ASSERT_TRUE(in_file); - ASSERT_TRUE(PEM_write_RSAPrivateKey(in_file.get(), rsa.get(), nullptr, nullptr, 0, nullptr, nullptr)); + ASSERT_TRUE(PEM_write_RSAPrivateKey(in_file.get(), rsa.get(), nullptr, + nullptr, 0, nullptr, nullptr)); } void TearDown() override { @@ -133,7 +138,8 @@ TEST_F(RSAFunctionalTest, PEMtoPEMConversion) { ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr parsed_rsa(PEM_read_RSAPrivateKey(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_rsa( + PEM_read_RSAPrivateKey(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_rsa); // Verify modulus matches @@ -170,12 +176,14 @@ TEST_F(RSAFunctionalTest, DERtoPEMConversion) { ASSERT_TRUE(i2d_PrivateKey_fp(der_file.get(), pkey.get())); } - args_list_t args = {"-in", der_in_path, "-inform", "DER", "-out", out_path, "-outform", "PEM"}; + args_list_t args = {"-in", der_in_path, "-inform", "DER", + "-out", out_path, "-outform", "PEM"}; ASSERT_TRUE(rsaTool(args)); ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr parsed_rsa(PEM_read_RSAPrivateKey(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr parsed_rsa( + PEM_read_RSAPrivateKey(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(parsed_rsa); // Verify modulus matches @@ -191,7 +199,8 @@ TEST_F(RSAFunctionalTest, PublicKeyOutput) { ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr pkey(PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr pkey( + PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(pkey); bssl::UniquePtr parsed_rsa(EVP_PKEY_get1_RSA(pkey.get())); ASSERT_TRUE(parsed_rsa); @@ -221,7 +230,8 @@ TEST_F(RSAFunctionalTest, PublicKeyInputOutput) { ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr pkey(PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr pkey( + PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(pkey); bssl::UniquePtr parsed_rsa(EVP_PKEY_get1_RSA(pkey.get())); ASSERT_TRUE(parsed_rsa); @@ -244,12 +254,14 @@ TEST_F(RSAFunctionalTest, PublicKeyDERtoPEM) { ASSERT_TRUE(i2d_PUBKEY_fp(der_file.get(), pkey.get())); } - args_list_t args = {"-in", der_pub_path, "-inform", "DER", "-pubin", "-out", out_path, "-outform", "PEM"}; + args_list_t args = {"-in", der_pub_path, "-inform", "DER", "-pubin", + "-out", out_path, "-outform", "PEM"}; ASSERT_TRUE(rsaTool(args)); ScopedFILE out_file(fopen(out_path, "rb")); ASSERT_TRUE(out_file); - bssl::UniquePtr pkey(PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr pkey( + PEM_read_PUBKEY(out_file.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(pkey); bssl::UniquePtr parsed_rsa(EVP_PKEY_get1_RSA(pkey.get())); ASSERT_TRUE(parsed_rsa); @@ -318,7 +330,8 @@ TEST_F(RSAFunctionalTest, ModulusAndKeyOutput) { // Test DER output with public key TEST_F(RSAFunctionalTest, PublicKeyDEROutput) { - args_list_t args = {"-in", in_path, "-pubout", "-outform", "DER", "-out", out_path}; + args_list_t args = {"-in", in_path, "-pubout", "-outform", + "DER", "-out", out_path}; ASSERT_TRUE(rsaTool(args)); ScopedFILE out_file(fopen(out_path, "rb")); @@ -368,14 +381,14 @@ TEST_F(RSAFunctionalTest, CaseInsensitiveFormats) { // AWSLC_TOOL_PATH and OPENSSL_TOOL_PATH. class RSAComparisonTest : public ::testing::Test { -protected: + protected: void SetUp() override { - // Skip gtests if env variables not set tool_executable_path = getenv("AWSLC_TOOL_PATH"); openssl_executable_path = getenv("OPENSSL_TOOL_PATH"); if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { - GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH environment variables are not set"; + GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " + "environment variables are not set"; } ASSERT_GT(createTempFILEpath(in_path), 0u); @@ -387,7 +400,8 @@ class RSAComparisonTest : public ::testing::Test { ScopedFILE in_file(fopen(in_path, "wb")); ASSERT_TRUE(in_file); - ASSERT_TRUE(PEM_write_RSAPrivateKey(in_file.get(), rsa.get(), nullptr, nullptr, 0, nullptr, nullptr)); + ASSERT_TRUE(PEM_write_RSAPrivateKey(in_file.get(), rsa.get(), nullptr, + nullptr, 0, nullptr, nullptr)); } void TearDown() override { @@ -402,8 +416,8 @@ class RSAComparisonTest : public ::testing::Test { char out_path_tool[PATH_MAX]; char out_path_openssl[PATH_MAX]; bssl::UniquePtr rsa; - const char* tool_executable_path; - const char* openssl_executable_path; + const char *tool_executable_path; + const char *openssl_executable_path; std::string tool_output_str; std::string openssl_output_str; }; @@ -416,34 +430,52 @@ const std::string BEGIN = "-----BEGIN PRIVATE KEY-----"; const std::string END = "-----END PRIVATE KEY-----"; const std::string MODULUS = "Modulus="; -// OpenSSL versions 3.1.0 and later change PEM outputs from "BEGIN RSA PRIVATE KEY" to "BEGIN PRIVATE KEY" -bool CheckBoundaries(const std::string &content, const std::string &begin1, const std::string &end1, const std::string &begin2, const std::string &end2) { - return (content.compare(0, begin1.size(), begin1) == 0 && content.compare(content.size() - end1.size(), end1.size(), end1) == 0) || - (content.compare(0, begin2.size(), begin2) == 0 && content.compare(content.size() - end2.size(), end2.size(), end2) == 0); +// OpenSSL versions 3.1.0 and later change PEM outputs from "BEGIN RSA PRIVATE +// KEY" to "BEGIN PRIVATE KEY" +bool CheckBoundaries(const std::string &content, const std::string &begin1, + const std::string &end1, const std::string &begin2, + const std::string &end2) { + return (content.compare(0, begin1.size(), begin1) == 0 && + content.compare(content.size() - end1.size(), end1.size(), end1) == + 0) || + (content.compare(0, begin2.size(), begin2) == 0 && + content.compare(content.size() - end2.size(), end2.size(), end2) == + 0); } // Test against OpenSSL output "openssl rsa -in file -modulus" // Rsa private key is printed to stdin TEST_F(RSAComparisonTest, RSAToolCompareModulusOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + in_path + " > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + in_path + " > " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + in_path + " > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + in_path + " > " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); trim(tool_output_str); ASSERT_TRUE(CheckBoundaries(tool_output_str, RSA_BEGIN, RSA_END, BEGIN, END)); trim(openssl_output_str); - ASSERT_TRUE(CheckBoundaries(openssl_output_str, RSA_BEGIN, RSA_END, BEGIN, END)); + ASSERT_TRUE( + CheckBoundaries(openssl_output_str, RSA_BEGIN, RSA_END, BEGIN, END)); } // Test against OpenSSL output "openssl rsa -in file -modulus -noout" // Only modulus is printed to stdin TEST_F(RSAComparisonTest, RSAToolCompareModulusNooutOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + in_path + " -modulus -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + in_path + " -modulus -noout > " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + in_path + " -modulus -noout > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + in_path + " -modulus -noout > " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ASSERT_EQ(tool_output_str, openssl_output_str); } @@ -451,10 +483,15 @@ TEST_F(RSAComparisonTest, RSAToolCompareModulusNooutOpenSSL) { // Test against OpenSSL output "openssl rsa -in file -modulus -out out_file" // Modulus and rsa private key are printed to output file TEST_F(RSAComparisonTest, RSAToolCompareModulusOutOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + in_path + " -modulus -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + in_path + " -modulus -out " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + in_path + " -modulus -out " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + in_path + " -modulus -out " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ScopedFILE tool_out_file(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out_file); @@ -467,19 +504,21 @@ TEST_F(RSAComparisonTest, RSAToolCompareModulusOutOpenSSL) { ASSERT_TRUE(CheckBoundaries(tool_output_str, MODULUS, RSA_END, MODULUS, END)); trim(openssl_output_str); - ASSERT_TRUE(CheckBoundaries(openssl_output_str, MODULUS, RSA_END, MODULUS, END)); + ASSERT_TRUE( + CheckBoundaries(openssl_output_str, MODULUS, RSA_END, MODULUS, END)); } // Test against OpenSSL output reading from stdin "openssl rsa -in" TEST_F(RSAComparisonTest, StdinRSA) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " - + std::string(in_path) + " -pubout | " + - std::string(tool_executable_path) + - " rsa -pubin -inform PEM -outform DER > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " - + std::string(in_path) + " -pubout | " + - std::string(openssl_executable_path) + - " rsa -pubin -inform PEM -outform DER > " + out_path_openssl; + std::string tool_command = + std::string(tool_executable_path) + " rsa -in " + std::string(in_path) + + " -pubout | " + std::string(tool_executable_path) + + " rsa -pubin -inform PEM -outform DER > " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + + std::string(in_path) + " -pubout | " + + std::string(openssl_executable_path) + + " rsa -pubin -inform PEM -outform DER > " + out_path_openssl; RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, @@ -487,14 +526,15 @@ TEST_F(RSAComparisonTest, StdinRSA) { ASSERT_EQ(tool_output_str, openssl_output_str); - tool_command = std::string(tool_executable_path) + " rsa -in " - + std::string(in_path) + " -pubout -outform DER | " + + tool_command = std::string(tool_executable_path) + " rsa -in " + + std::string(in_path) + " -pubout -outform DER | " + std::string(tool_executable_path) + " rsa -pubin -inform DER -outform PEM > " + out_path_tool; - openssl_command = std::string(openssl_executable_path) + " rsa -in " - + std::string(in_path) + " -pubout -outform DER | " + - std::string(openssl_executable_path) + - " rsa -pubin -inform DER -outform PEM > " + out_path_openssl; + openssl_command = std::string(openssl_executable_path) + " rsa -in " + + std::string(in_path) + " -pubout -outform DER | " + + std::string(openssl_executable_path) + + " rsa -pubin -inform DER -outform PEM > " + + out_path_openssl; RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, @@ -504,13 +544,19 @@ TEST_F(RSAComparisonTest, StdinRSA) { ASSERT_EQ(tool_output_str, openssl_output_str); } -// Test against OpenSSL output "openssl rsa -in file -modulus -out out_file -noout" -// Only modulus is printed to output file +// Test against OpenSSL output "openssl rsa -in file -modulus -out out_file +// -noout" Only modulus is printed to output file TEST_F(RSAComparisonTest, RSAToolCompareModulusOutNooutOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + in_path + " -modulus -out " + out_path_tool + " -noout"; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + in_path + " -modulus -out " + out_path_openssl + " -noout"; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + in_path + " -modulus -out " + out_path_tool + + " -noout"; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + in_path + " -modulus -out " + + out_path_openssl + " -noout"; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ScopedFILE tool_out_file(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out_file); @@ -527,13 +573,14 @@ TEST_F(RSAComparisonTest, RSAToolCompareModulusOutNooutOpenSSL) { // ---------------------- RSA Format Conversion Tests ------------------------- class RSAFormatComparisonTest : public ::testing::Test { -protected: + protected: void SetUp() override { // Skip gtests if env variables not set tool_executable_path = getenv("AWSLC_TOOL_PATH"); openssl_executable_path = getenv("OPENSSL_TOOL_PATH"); if (tool_executable_path == nullptr || openssl_executable_path == nullptr) { - GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH environment variables are not set"; + GTEST_SKIP() << "Skipping test: AWSLC_TOOL_PATH and/or OPENSSL_TOOL_PATH " + "environment variables are not set"; } ASSERT_GT(createTempFILEpath(priv_pem_path), 0u); @@ -549,7 +596,8 @@ class RSAFormatComparisonTest : public ::testing::Test { // Create private key PEM ScopedFILE priv_pem_file(fopen(priv_pem_path, "wb")); ASSERT_TRUE(priv_pem_file); - ASSERT_TRUE(PEM_write_RSAPrivateKey(priv_pem_file.get(), rsa.get(), nullptr, nullptr, 0, nullptr, nullptr)); + ASSERT_TRUE(PEM_write_RSAPrivateKey(priv_pem_file.get(), rsa.get(), nullptr, + nullptr, 0, nullptr, nullptr)); priv_pem_file.reset(); // Create private key DER @@ -591,8 +639,8 @@ class RSAFormatComparisonTest : public ::testing::Test { char out_path_tool[PATH_MAX]; char out_path_openssl[PATH_MAX]; bssl::UniquePtr rsa; - const char* tool_executable_path; - const char* openssl_executable_path; + const char *tool_executable_path; + const char *openssl_executable_path; std::string tool_output_str; std::string openssl_output_str; }; @@ -603,21 +651,28 @@ const std::string PUBLIC_BEGIN = "-----BEGIN PUBLIC KEY-----"; const std::string PUBLIC_END = "-----END PUBLIC KEY-----"; // Test -pubin with PEM input (default format) -TEST_F(RSAFormatComparisonTest, RSAToolPubinPEMTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_pem_path + " -pubin -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_pem_path + " -pubin -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PubinPEM) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + pub_pem_path + " -pubin -out " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + pub_pem_path + " -pubin -out " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Read and verify output files contain valid public keys ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_rsa(PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr openssl_rsa( + PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(openssl_rsa); // Compare moduli @@ -627,30 +682,44 @@ TEST_F(RSAFormatComparisonTest, RSAToolPubinPEMTest) { } // Test -pubin with DER input using -inform DER -TEST_F(RSAFormatComparisonTest, RSAToolPubinDERInputTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PubinDERInput) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + pub_der_path + " -pubin -inform DER -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + pub_der_path + + " -pubin -inform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify both outputs are valid public keys ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_rsa(PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr openssl_rsa( + PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(openssl_rsa); } // Test -pubin with -outform DER -TEST_F(RSAFormatComparisonTest, RSAToolPubinDEROutputTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_pem_path + " -pubin -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_pem_path + " -pubin -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PubinDEROutput) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + pub_pem_path + " -pubin -outform DER -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + pub_pem_path + + " -pubin -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Read DER output and verify it's valid ScopedFILE tool_out(fopen(out_path_tool, "rb")); @@ -660,7 +729,8 @@ TEST_F(RSAFormatComparisonTest, RSAToolPubinDEROutputTest) { ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_rsa(d2i_RSA_PUBKEY_fp(openssl_out.get(), nullptr)); + bssl::UniquePtr openssl_rsa( + d2i_RSA_PUBKEY_fp(openssl_out.get(), nullptr)); ASSERT_TRUE(openssl_rsa); // Compare file contents should be identical for DER @@ -670,70 +740,95 @@ TEST_F(RSAFormatComparisonTest, RSAToolPubinDEROutputTest) { } // Test -inform DER with private key -TEST_F(RSAFormatComparisonTest, RSAToolPrivateKeyDERInputTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PrivateKeyDERInput) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_der_path + " -inform DER -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_der_path + + " -inform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify both outputs are valid private keys ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSAPrivateKey(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSAPrivateKey(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_rsa(PEM_read_RSAPrivateKey(openssl_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr openssl_rsa( + PEM_read_RSAPrivateKey(openssl_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(openssl_rsa); } // Test -outform DER with private key -TEST_F(RSAFormatComparisonTest, RSAToolPrivateKeyDEROutputTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PrivateKeyDEROutput) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -outform DER -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + + " -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Read DER output and verify it's valid ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_pkey(d2i_PrivateKey_fp(tool_out.get(), nullptr)); + bssl::UniquePtr tool_pkey( + d2i_PrivateKey_fp(tool_out.get(), nullptr)); ASSERT_TRUE(tool_pkey); bssl::UniquePtr tool_rsa(EVP_PKEY_get1_RSA(tool_pkey.get())); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_pkey(d2i_PrivateKey_fp(openssl_out.get(), nullptr)); + bssl::UniquePtr openssl_pkey( + d2i_PrivateKey_fp(openssl_out.get(), nullptr)); ASSERT_TRUE(openssl_pkey); bssl::UniquePtr openssl_rsa(EVP_PKEY_get1_RSA(openssl_pkey.get())); ASSERT_TRUE(openssl_rsa); - // Compare moduli to ensure keys are equivalent (DER encoding may differ slightly) + // Compare moduli to ensure keys are equivalent (DER encoding may differ + // slightly) const BIGNUM *tool_n = RSA_get0_n(tool_rsa.get()); const BIGNUM *openssl_n = RSA_get0_n(openssl_rsa.get()); ASSERT_EQ(BN_cmp(tool_n, openssl_n), 0); } // Test DER to DER conversion (private key) -TEST_F(RSAFormatComparisonTest, RSAToolPrivateKeyDERtoDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform DER -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PrivateKeyDERtoDER) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_der_path + " -inform DER -outform DER -out " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_der_path + + " -inform DER -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Parse and verify both outputs are valid private keys with same modulus ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_pkey(d2i_PrivateKey_fp(tool_out.get(), nullptr)); + bssl::UniquePtr tool_pkey( + d2i_PrivateKey_fp(tool_out.get(), nullptr)); ASSERT_TRUE(tool_pkey); bssl::UniquePtr tool_rsa(EVP_PKEY_get1_RSA(tool_pkey.get())); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_pkey(d2i_PrivateKey_fp(openssl_out.get(), nullptr)); + bssl::UniquePtr openssl_pkey( + d2i_PrivateKey_fp(openssl_out.get(), nullptr)); ASSERT_TRUE(openssl_pkey); bssl::UniquePtr openssl_rsa(EVP_PKEY_get1_RSA(openssl_pkey.get())); ASSERT_TRUE(openssl_rsa); @@ -745,11 +840,17 @@ TEST_F(RSAFormatComparisonTest, RSAToolPrivateKeyDERtoDERTest) { } // Test DER to PEM conversion (private key) -TEST_F(RSAFormatComparisonTest, RSAToolPrivateKeyDERtoPEMTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PrivateKeyDERtoPEM) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_der_path + " -inform DER -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_der_path + + " -inform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify PEM output tool_output_str = ReadFileToString(out_path_tool); @@ -757,27 +858,36 @@ TEST_F(RSAFormatComparisonTest, RSAToolPrivateKeyDERtoPEMTest) { trim(tool_output_str); ASSERT_TRUE(CheckBoundaries(tool_output_str, RSA_BEGIN, RSA_END, BEGIN, END)); trim(openssl_output_str); - ASSERT_TRUE(CheckBoundaries(openssl_output_str, RSA_BEGIN, RSA_END, BEGIN, END)); + ASSERT_TRUE( + CheckBoundaries(openssl_output_str, RSA_BEGIN, RSA_END, BEGIN, END)); } // Test PEM to DER conversion (private key) -TEST_F(RSAFormatComparisonTest, RSAToolPrivateKeyPEMtoDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PrivateKeyPEMtoDER) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -outform DER -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + + " -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Parse and verify both outputs are valid private keys with same modulus ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_pkey(d2i_PrivateKey_fp(tool_out.get(), nullptr)); + bssl::UniquePtr tool_pkey( + d2i_PrivateKey_fp(tool_out.get(), nullptr)); ASSERT_TRUE(tool_pkey); bssl::UniquePtr tool_rsa(EVP_PKEY_get1_RSA(tool_pkey.get())); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_pkey(d2i_PrivateKey_fp(openssl_out.get(), nullptr)); + bssl::UniquePtr openssl_pkey( + d2i_PrivateKey_fp(openssl_out.get(), nullptr)); ASSERT_TRUE(openssl_pkey); bssl::UniquePtr openssl_rsa(EVP_PKEY_get1_RSA(openssl_pkey.get())); ASSERT_TRUE(openssl_rsa); @@ -789,11 +899,17 @@ TEST_F(RSAFormatComparisonTest, RSAToolPrivateKeyPEMtoDERTest) { } // Test DER to DER conversion (public key with -pubin) -TEST_F(RSAFormatComparisonTest, RSAToolPublicKeyDERtoDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PublicKeyDERtoDER) { + std::string tool_command = + std::string(tool_executable_path) + " rsa -in " + pub_der_path + + " -pubin -inform DER -outform DER -out " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + pub_der_path + + " -pubin -inform DER -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // DER output should be identical tool_output_str = ReadFileToString(out_path_tool); @@ -802,30 +918,44 @@ TEST_F(RSAFormatComparisonTest, RSAToolPublicKeyDERtoDERTest) { } // Test DER to PEM conversion (public key with -pubin) -TEST_F(RSAFormatComparisonTest, RSAToolPublicKeyDERtoPEMTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PublicKeyDERtoPEM) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + pub_der_path + " -pubin -inform DER -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + pub_der_path + + " -pubin -inform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify PEM output ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_rsa(PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr openssl_rsa( + PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(openssl_rsa); } // Test PEM to DER conversion (public key with -pubin) -TEST_F(RSAFormatComparisonTest, RSAToolPublicKeyPEMtoDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_pem_path + " -pubin -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_pem_path + " -pubin -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PublicKeyPEMtoDER) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + pub_pem_path + " -pubin -outform DER -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + pub_pem_path + + " -pubin -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // DER output should be identical tool_output_str = ReadFileToString(out_path_tool); @@ -834,51 +964,76 @@ TEST_F(RSAFormatComparisonTest, RSAToolPublicKeyPEMtoDERTest) { } // Test -pubin with -modulus and PEM input -TEST_F(RSAFormatComparisonTest, RSAToolPubinModulusTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_pem_path + " -pubin -modulus -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_pem_path + " -pubin -modulus -noout > " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PubinModulus) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + pub_pem_path + " -pubin -modulus -noout > " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + pub_pem_path + + " -pubin -modulus -noout > " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ASSERT_EQ(tool_output_str, openssl_output_str); } // Test -pubin with -modulus and DER input -TEST_F(RSAFormatComparisonTest, RSAToolPubinModulusDERInputTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -modulus -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -modulus -noout > " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PubinModulusDERInput) { + std::string tool_command = + std::string(tool_executable_path) + " rsa -in " + pub_der_path + + " -pubin -inform DER -modulus -noout > " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + pub_der_path + + " -pubin -inform DER -modulus -noout > " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ASSERT_EQ(tool_output_str, openssl_output_str); } // Test -inform with modulus -TEST_F(RSAFormatComparisonTest, RSAToolInformDERWithModulusTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform DER -modulus -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -modulus -noout > " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, InformDERWithModulus) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_der_path + " -inform DER -modulus -noout > " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_der_path + + " -inform DER -modulus -noout > " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ASSERT_EQ(tool_output_str, openssl_output_str); } // Test -pubout with private key PEM input (extract public key) -TEST_F(RSAFormatComparisonTest, RSAToolPuboutFromPrivateKeyPEMTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -pubout -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -pubout -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PuboutFromPrivateKeyPEM) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -pubout -out " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + " -pubout -out " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify both outputs are valid public keys ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_rsa(PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr openssl_rsa( + PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(openssl_rsa); // Compare moduli @@ -888,21 +1043,29 @@ TEST_F(RSAFormatComparisonTest, RSAToolPuboutFromPrivateKeyPEMTest) { } // Test -pubout with private key DER input using -inform DER -TEST_F(RSAFormatComparisonTest, RSAToolPuboutFromPrivateKeyDERInputTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform DER -pubout -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -pubout -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PuboutFromPrivateKeyDERInput) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_der_path + " -inform DER -pubout -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_der_path + + " -inform DER -pubout -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify both outputs are valid public keys ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_rsa(PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr openssl_rsa( + PEM_read_RSA_PUBKEY(openssl_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(openssl_rsa); // Compare moduli @@ -912,11 +1075,17 @@ TEST_F(RSAFormatComparisonTest, RSAToolPuboutFromPrivateKeyDERInputTest) { } // Test -pubout with -outform DER (extract public key as DER) -TEST_F(RSAFormatComparisonTest, RSAToolPuboutDEROutputTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -pubout -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -pubout -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PuboutDEROutput) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -pubout -outform DER -out " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + + " -pubout -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Read DER output and verify it's valid ScopedFILE tool_out(fopen(out_path_tool, "rb")); @@ -926,7 +1095,8 @@ TEST_F(RSAFormatComparisonTest, RSAToolPuboutDEROutputTest) { ScopedFILE openssl_out(fopen(out_path_openssl, "rb")); ASSERT_TRUE(openssl_out); - bssl::UniquePtr openssl_rsa(d2i_RSA_PUBKEY_fp(openssl_out.get(), nullptr)); + bssl::UniquePtr openssl_rsa( + d2i_RSA_PUBKEY_fp(openssl_out.get(), nullptr)); ASSERT_TRUE(openssl_rsa); // Compare file contents should be identical for DER @@ -936,11 +1106,17 @@ TEST_F(RSAFormatComparisonTest, RSAToolPuboutDEROutputTest) { } // Test -pubout with -inform DER and -outform DER (DER private to DER public) -TEST_F(RSAFormatComparisonTest, RSAToolPuboutDERtoDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform DER -pubout -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -pubout -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PuboutDERtoDER) { + std::string tool_command = + std::string(tool_executable_path) + " rsa -in " + priv_der_path + + " -inform DER -pubout -outform DER -out " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_der_path + + " -inform DER -pubout -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // DER output should be identical tool_output_str = ReadFileToString(out_path_tool); @@ -949,11 +1125,17 @@ TEST_F(RSAFormatComparisonTest, RSAToolPuboutDERtoDERTest) { } // Test -pubout with -modulus -TEST_F(RSAFormatComparisonTest, RSAToolPuboutWithModulusTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -pubout -modulus -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -pubout -modulus -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PuboutWithModulus) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -pubout -modulus -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + + " -pubout -modulus -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Read output files and verify they contain modulus and public key tool_output_str = ReadFileToString(out_path_tool); @@ -964,43 +1146,65 @@ TEST_F(RSAFormatComparisonTest, RSAToolPuboutWithModulusTest) { ASSERT_TRUE(openssl_output_str.find("Modulus=") != std::string::npos); trim(tool_output_str); - ASSERT_TRUE(CheckBoundaries(tool_output_str, MODULUS, PUBLIC_END, MODULUS, PUBLIC_END)); + ASSERT_TRUE(CheckBoundaries(tool_output_str, MODULUS, PUBLIC_END, MODULUS, + PUBLIC_END)); trim(openssl_output_str); - ASSERT_TRUE(CheckBoundaries(openssl_output_str, MODULUS, PUBLIC_END, MODULUS, PUBLIC_END)); + ASSERT_TRUE(CheckBoundaries(openssl_output_str, MODULUS, PUBLIC_END, MODULUS, + PUBLIC_END)); } // Test -pubout with -modulus and -noout (only modulus from private key) -TEST_F(RSAFormatComparisonTest, RSAToolPuboutWithModulusNooutTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -pubout -modulus -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -pubout -modulus -noout > " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PuboutWithModulusNoout) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -pubout -modulus -noout > " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + + " -pubout -modulus -noout > " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ASSERT_EQ(tool_output_str, openssl_output_str); } // Test -pubout with DER to PEM conversion -TEST_F(RSAFormatComparisonTest, RSAToolPuboutDERtoPEMTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform DER -pubout -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -pubout -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PuboutDERtoPEM) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_der_path + " -inform DER -pubout -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_der_path + + " -inform DER -pubout -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify PEM output with public key boundaries tool_output_str = ReadFileToString(out_path_tool); openssl_output_str = ReadFileToString(out_path_openssl); trim(tool_output_str); - ASSERT_TRUE(tool_output_str.find(PUBLIC_BEGIN) != std::string::npos || tool_output_str.find(RSA_PUBLIC_BEGIN) != std::string::npos); + ASSERT_TRUE(tool_output_str.find(PUBLIC_BEGIN) != std::string::npos || + tool_output_str.find(RSA_PUBLIC_BEGIN) != std::string::npos); trim(openssl_output_str); - ASSERT_TRUE(openssl_output_str.find(PUBLIC_BEGIN) != std::string::npos || openssl_output_str.find(RSA_PUBLIC_BEGIN) != std::string::npos); + ASSERT_TRUE(openssl_output_str.find(PUBLIC_BEGIN) != std::string::npos || + openssl_output_str.find(RSA_PUBLIC_BEGIN) != std::string::npos); } // Test -pubout with PEM to DER conversion -TEST_F(RSAFormatComparisonTest, RSAToolPuboutPEMtoDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -pubout -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -pubout -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PuboutPEMtoDER) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -pubout -outform DER -out " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + + " -pubout -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // DER output should be identical tool_output_str = ReadFileToString(out_path_tool); @@ -1009,30 +1213,48 @@ TEST_F(RSAFormatComparisonTest, RSAToolPuboutPEMtoDERTest) { } // Test modulus output with -outform DER (should still output modulus as text) -TEST_F(RSAFormatComparisonTest, RSAToolModulusWithOutformDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -modulus -outform DER -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -modulus -outform DER -noout > " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, ModulusWithOutformDER) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + + " -modulus -outform DER -noout > " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + + " -modulus -outform DER -noout > " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Modulus output should be identical regardless of outform when using -noout ASSERT_EQ(tool_output_str, openssl_output_str); } // Test modulus with -inform DER and -outform DER, writing key to file -TEST_F(RSAFormatComparisonTest, RSAToolModulusInformOutformDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform DER -modulus -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -modulus -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, ModulusInformOutformDER) { + std::string tool_command = + std::string(tool_executable_path) + " rsa -in " + priv_der_path + + " -inform DER -modulus -outform DER -out " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_der_path + + " -inform DER -modulus -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } // Test modulus with public key and various format combinations -TEST_F(RSAFormatComparisonTest, RSAToolPubinModulusInformDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -modulus -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -modulus -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, PubinModulusInformDER) { + std::string tool_command = + std::string(tool_executable_path) + " rsa -in " + pub_der_path + + " -pubin -inform DER -modulus -out " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + pub_der_path + + " -pubin -inform DER -modulus -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Read output files and verify they contain modulus and public key tool_output_str = ReadFileToString(out_path_tool); @@ -1044,11 +1266,17 @@ TEST_F(RSAFormatComparisonTest, RSAToolPubinModulusInformDERTest) { } // Test modulus output to file (not stdout) with PEM input -TEST_F(RSAFormatComparisonTest, RSAToolModulusToFileTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -modulus -out " + out_path_tool + " -noout"; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -modulus -out " + out_path_openssl + " -noout"; +TEST_F(RSAFormatComparisonTest, ModulusToFile) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -modulus -out " + out_path_tool + + " -noout"; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + + " -modulus -out " + out_path_openssl + " -noout"; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Read files directly - they should contain only the modulus tool_output_str = ReadFileToString(out_path_tool); @@ -1060,151 +1288,218 @@ TEST_F(RSAFormatComparisonTest, RSAToolModulusToFileTest) { } // Test modulus with -pubout and -outform DER -TEST_F(RSAFormatComparisonTest, RSAToolModulusPuboutOutformDERTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -pubout -modulus -outform DER -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -pubout -modulus -outform DER -out " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, ModulusPuboutOutformDER) { + std::string tool_command = + std::string(tool_executable_path) + " rsa -in " + priv_pem_path + + " -pubout -modulus -outform DER -out " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + + " -pubout -modulus -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); } // Test case-insensitive -inform option (pem, Pem, PEM) -TEST_F(RSAFormatComparisonTest, RSAToolInformCaseInsensitiveTest) { +TEST_F(RSAFormatComparisonTest, InformCaseInsensitive) { std::vector formats = {"pem", "Pem", "PEM"}; - for (const auto& format : formats) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -inform " + format + " -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -out " + out_path_openssl; + for (const auto &format : formats) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -inform " + format + " -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + " -out " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify output is valid ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSAPrivateKey(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSAPrivateKey(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); } } // Test case-insensitive -inform DER option (der, Der, DER) -TEST_F(RSAFormatComparisonTest, RSAToolInformDERCaseInsensitiveTest) { +TEST_F(RSAFormatComparisonTest, InformDERCaseInsensitive) { std::vector formats = {"der", "Der", "DER"}; - for (const auto& format : formats) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_der_path + " -inform " + format + " -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -out " + out_path_openssl; + for (const auto &format : formats) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_der_path + " -inform " + format + " -out " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_der_path + + " -inform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify output is valid ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSAPrivateKey(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSAPrivateKey(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); } } // Test case-insensitive -outform option (pem, Pem, PEM) -TEST_F(RSAFormatComparisonTest, RSAToolOutformCaseInsensitiveTest) { +TEST_F(RSAFormatComparisonTest, OutformCaseInsensitive) { std::vector formats = {"pem", "Pem", "PEM"}; - for (const auto& format : formats) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -outform " + format + " -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -out " + out_path_openssl; + for (const auto &format : formats) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -outform " + format + + " -out " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + " -out " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify output is valid PEM tool_output_str = ReadFileToString(out_path_tool); trim(tool_output_str); - ASSERT_TRUE(CheckBoundaries(tool_output_str, RSA_BEGIN, RSA_END, BEGIN, END)); + ASSERT_TRUE( + CheckBoundaries(tool_output_str, RSA_BEGIN, RSA_END, BEGIN, END)); } } // Test case-insensitive -outform DER option (der, Der, DER) -TEST_F(RSAFormatComparisonTest, RSAToolOutformDERCaseInsensitiveTest) { +TEST_F(RSAFormatComparisonTest, OutformDERCaseInsensitive) { std::vector formats = {"der", "Der", "DER"}; - for (const auto& format : formats) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -outform " + format + " -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -outform DER -out " + out_path_openssl; + for (const auto &format : formats) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -outform " + format + + " -out " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + + " -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify output is valid DER ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_pkey(d2i_PrivateKey_fp(tool_out.get(), nullptr)); + bssl::UniquePtr tool_pkey( + d2i_PrivateKey_fp(tool_out.get(), nullptr)); ASSERT_TRUE(tool_pkey); } } // Test case-insensitive formats with -pubin -TEST_F(RSAFormatComparisonTest, RSAToolPubinCaseInsensitiveTest) { +TEST_F(RSAFormatComparisonTest, PubinCaseInsensitive) { std::vector inform_formats = {"der", "Der", "DER"}; std::vector outform_formats = {"pem", "Pem", "PEM"}; - for (const auto& inform : inform_formats) { - for (const auto& outform : outform_formats) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform " + inform + " -outform " + outform + " -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_der_path + " -pubin -inform DER -out " + out_path_openssl; + for (const auto &inform : inform_formats) { + for (const auto &outform : outform_formats) { + std::string tool_command = std::string(tool_executable_path) + + " rsa -in " + pub_der_path + + " -pubin -inform " + inform + " -outform " + + outform + " -out " + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + pub_der_path + + " -pubin -inform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify output is valid public key ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); } } } // Test various parameter orderings with -modulus and -noout -TEST_F(RSAFormatComparisonTest, RSAToolParameterOrderingTest1) { +TEST_F(RSAFormatComparisonTest, ParameterOrdering1) { // Test: -modulus before -noout - std::string tool_command1 = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -modulus -noout > " + out_path_tool; - std::string openssl_command1 = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -modulus -noout > " + out_path_openssl; - - RunCommandsAndCompareOutput(tool_command1, openssl_command1, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + std::string tool_command1 = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -modulus -noout > " + + out_path_tool; + std::string openssl_command1 = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + + " -modulus -noout > " + out_path_openssl; + + RunCommandsAndCompareOutput(tool_command1, openssl_command1, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ASSERT_EQ(tool_output_str, openssl_output_str); } // Test various parameter orderings with -out before other flags -TEST_F(RSAFormatComparisonTest, RSAToolParameterOrderingTest2) { +TEST_F(RSAFormatComparisonTest, ParameterOrdering2) { // Test: -out before -pubout - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -out " + out_path_tool + " -pubout"; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -out " + out_path_openssl + " -pubout"; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -out " + out_path_tool + + " -pubout"; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + " -out " + + out_path_openssl + " -pubout"; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify both are valid public keys ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); } // Test parameter ordering with all format flags -TEST_F(RSAFormatComparisonTest, RSAToolParameterOrderingTest3) { +TEST_F(RSAFormatComparisonTest, ParameterOrdering3) { // Test: -outform before -inform - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -outform DER -inform PEM -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -inform PEM -outform DER -out " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -outform DER -inform PEM -out " + + out_path_tool; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + + " -inform PEM -outform DER -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify DER output ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_pkey(d2i_PrivateKey_fp(tool_out.get(), nullptr)); + bssl::UniquePtr tool_pkey( + d2i_PrivateKey_fp(tool_out.get(), nullptr)); ASSERT_TRUE(tool_pkey); } // Test stdout output with modulus (no -out flag) -TEST_F(RSAFormatComparisonTest, RSAToolStdoutWithModulusTest) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + priv_pem_path + " -modulus > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -modulus > " + out_path_openssl; +TEST_F(RSAFormatComparisonTest, StdoutWithModulus) { + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + priv_pem_path + " -modulus > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + " -modulus > " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Both should contain modulus and key tool_output_str = ReadFileToString(out_path_tool); @@ -1214,42 +1509,62 @@ TEST_F(RSAFormatComparisonTest, RSAToolStdoutWithModulusTest) { } // Test complex parameter ordering with all flags -TEST_F(RSAFormatComparisonTest, RSAToolComplexParameterOrderingTest) { +TEST_F(RSAFormatComparisonTest, ComplexParameterOrdering) { // Test: flags in unusual order - std::string tool_command = std::string(tool_executable_path) + " rsa -modulus -in " + priv_der_path + " -pubout -inform DER -out " + out_path_tool + " -outform PEM"; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_der_path + " -inform DER -pubout -modulus -outform PEM -out " + out_path_openssl; + std::string tool_command = + std::string(tool_executable_path) + " rsa -modulus -in " + priv_der_path + + " -pubout -inform DER -out " + out_path_tool + " -outform PEM"; + std::string openssl_command = + std::string(openssl_executable_path) + " rsa -in " + priv_der_path + + " -inform DER -pubout -modulus -outform PEM -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify output contains both modulus and public key tool_output_str = ReadFileToString(out_path_tool); ASSERT_TRUE(tool_output_str.find("Modulus=") != std::string::npos); trim(tool_output_str); - ASSERT_TRUE(CheckBoundaries(tool_output_str, MODULUS, PUBLIC_END, MODULUS, PUBLIC_END)); + ASSERT_TRUE(CheckBoundaries(tool_output_str, MODULUS, PUBLIC_END, MODULUS, + PUBLIC_END)); } // Test -in flag at different positions -TEST_F(RSAFormatComparisonTest, RSAToolInFlagPositionTest) { +TEST_F(RSAFormatComparisonTest, InFlagPosition) { // Test: -in at the end - std::string tool_command = std::string(tool_executable_path) + " rsa -pubout -out " + out_path_tool + " -in " + priv_pem_path; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + priv_pem_path + " -pubout -out " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + + " rsa -pubout -out " + out_path_tool + " -in " + + priv_pem_path; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + priv_pem_path + " -pubout -out " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); // Verify output is valid public key ScopedFILE tool_out(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out); - bssl::UniquePtr tool_rsa(PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); + bssl::UniquePtr tool_rsa( + PEM_read_RSA_PUBKEY(tool_out.get(), nullptr, nullptr, nullptr)); ASSERT_TRUE(tool_rsa); } // Test -pubin with -modulus in different order -TEST_F(RSAFormatComparisonTest, RSAToolPubinModulusOrderingTest) { +TEST_F(RSAFormatComparisonTest, PubinModulusOrdering) { // Test: -pubin after -modulus - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + pub_pem_path + " -modulus -pubin -noout > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + pub_pem_path + " -pubin -modulus -noout > " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + pub_pem_path + " -modulus -pubin -noout > " + + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + pub_pem_path + + " -pubin -modulus -noout > " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ASSERT_EQ(tool_output_str, openssl_output_str); } @@ -1257,21 +1572,31 @@ TEST_F(RSAFormatComparisonTest, RSAToolPubinModulusOrderingTest) { // Test against OpenSSL output "openssl rsa -in file -noout -modulus" // Only modulus is printed to stdin (reordered parameters) TEST_F(RSAComparisonTest, RSAToolCompareReorderedModulusNooutOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + in_path + " -noout -modulus > " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + in_path + " -noout -modulus > " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + in_path + " -noout -modulus > " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + in_path + " -noout -modulus > " + + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ASSERT_EQ(tool_output_str, openssl_output_str); } -// Test against OpenSSL output "openssl rsa -in file -noout -modulus -out out_file" -// Only modulus is printed to output file (reordered parameters) +// Test against OpenSSL output "openssl rsa -in file -noout -modulus -out +// out_file" Only modulus is printed to output file (reordered parameters) TEST_F(RSAComparisonTest, RSAToolCompareReorderedModulusOutNooutOpenSSL) { - std::string tool_command = std::string(tool_executable_path) + " rsa -in " + in_path + " -noout -modulus -out " + out_path_tool; - std::string openssl_command = std::string(openssl_executable_path) + " rsa -in " + in_path + " -noout -modulus -out " + out_path_openssl; + std::string tool_command = std::string(tool_executable_path) + " rsa -in " + + in_path + " -noout -modulus -out " + out_path_tool; + std::string openssl_command = std::string(openssl_executable_path) + + " rsa -in " + in_path + + " -noout -modulus -out " + out_path_openssl; - RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, out_path_openssl, tool_output_str, openssl_output_str); + RunCommandsAndCompareOutput(tool_command, openssl_command, out_path_tool, + out_path_openssl, tool_output_str, + openssl_output_str); ScopedFILE tool_out_file(fopen(out_path_tool, "rb")); ASSERT_TRUE(tool_out_file); diff --git a/tool-openssl/s_client_test.cc b/tool-openssl/s_client_test.cc index b6e4f56e3d..82083f5cfa 100644 --- a/tool-openssl/s_client_test.cc +++ b/tool-openssl/s_client_test.cc @@ -2,55 +2,55 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC #include -#include "internal.h" #include +#include "internal.h" // Test -connect -TEST(SClientTest, SClientConnect) { +TEST(SClientTest, Connect) { args_list_t args = {"-connect", "amazon.com:443"}; bool result = SClientTool(args); ASSERT_TRUE(result); } // Test without connect but with help -TEST(SClientTest, SClientNoConnect) { +TEST(SClientTest, NoConnect) { args_list_t args = {}; bool result = SClientTool(args); ASSERT_FALSE(result); } // Test -help -TEST(SClientTest, SClientHelp) { +TEST(SClientTest, Help) { args_list_t args = {"-help"}; bool result = SClientTool(args); ASSERT_TRUE(result); } // Test -connect, -verify, -showcerts -TEST(SClientTest, SClientConnectVerifyShowcerts) { +TEST(SClientTest, ConnectVerifyShowcerts) { args_list_t args = {"-connect", "amazon.com:443", "-verify", "99"}; bool result = SClientTool(args); ASSERT_TRUE(result); } // Test -cipher -TEST(SClientTest, SClientCipher) { +TEST(SClientTest, Cipher) { args_list_t args = {"-connect", "amazon.com:443", "-cipher", "AES128-SHA"}; bool result = SClientTool(args); ASSERT_TRUE(result); } // Test -tls1_1 -TEST(SClientTest, SClientTls1_1) { +TEST(SClientTest, Tls1_1) { args_list_t args = {"-connect", "amazon.com:443", "-tls1_1"}; bool result = SClientTool(args); ASSERT_TRUE(result); } // Test -cipher and -tls1_1 together -TEST(SClientTest, SClientCipherAndTls1_1) { - args_list_t args = {"-connect", "amazon.com:443", "-cipher", "AES128-SHA", "-tls1_1"}; +TEST(SClientTest, CipherAndTls1_1) { + args_list_t args = {"-connect", "amazon.com:443", "-cipher", "AES128-SHA", + "-tls1_1"}; bool result = SClientTool(args); ASSERT_TRUE(result); } - diff --git a/tool-openssl/verify_test.cc b/tool-openssl/verify_test.cc index cde5c6342f..cad94d1e8d 100644 --- a/tool-openssl/verify_test.cc +++ b/tool-openssl/verify_test.cc @@ -47,28 +47,28 @@ class VerifyTest : public ::testing::Test { // ----------------------------- // Test -CAfile with self-signed certificate -TEST_F(VerifyTest, VerifyTestSelfSignedCertWithCAfileTest) { +TEST_F(VerifyTest, SelfSignedCertWithCAfileTest) { args_list_t args = {"-CAfile", ca_path, in_path}; bool result = VerifyTool(args); ASSERT_TRUE(result); } // Test certificate without -CAfile -TEST_F(VerifyTest, VerifyTestSelfSignedCertWithoutCAfile) { +TEST_F(VerifyTest, SelfSignedCertWithoutCAfile) { args_list_t args = {in_path}; bool result = VerifyTool(args); ASSERT_FALSE(result); } // Test certificate with -untrusted -TEST_F(VerifyTest, VerifyTestSelfSignedCertWithUntrustedChain) { +TEST_F(VerifyTest, SelfSignedCertWithUntrustedChain) { args_list_t args = {"-untrusted", chain_path, in_path}; bool result = VerifyTool(args); ASSERT_FALSE(result); } // Test certificate with -untrusted and -CAfile -TEST_F(VerifyTest, VerifyTestSelfSignedCertWithCAFileAndUntrustedChain) { +TEST_F(VerifyTest, SelfSignedCertWithCAFileAndUntrustedChain) { args_list_t args = {"-CAfile", ca_path, "-untrusted", chain_path, in_path}; bool result = VerifyTool(args); ASSERT_TRUE(result); @@ -130,7 +130,7 @@ class VerifyComparisonTest : public ::testing::Test { // Test against OpenSSL with -CAfile & self-signed cert fed in as a file // "openssl verify -CAfile cert.pem cert.pem" -TEST_F(VerifyComparisonTest, VerifyToolOpenSSLCAFileSelfSignedComparison) { +TEST_F(VerifyComparisonTest, CAFileSelfSigned) { std::string tool_command = std::string(tool_executable_path) + " verify -CAfile " + ca_path + " " + in_path + " &> " + out_path_tool; @@ -147,7 +147,7 @@ TEST_F(VerifyComparisonTest, VerifyToolOpenSSLCAFileSelfSignedComparison) { // Test against OpenSSL with -CAfile & 2 self-signed cert fed in as files // "openssl verify -CAfile cert.pem cert.pem cert.pem" -TEST_F(VerifyComparisonTest, VerifyToolOpenSSLCAFileMultipleFilesComparison) { +TEST_F(VerifyComparisonTest, CAFileMultipleFiles) { std::string tool_command = std::string(tool_executable_path) + " verify -CAfile " + ca_path + " " + in_path + " " + in_path + " &> " + out_path_tool; @@ -164,7 +164,7 @@ TEST_F(VerifyComparisonTest, VerifyToolOpenSSLCAFileMultipleFilesComparison) { // Test against OpenSSL with -CAfile & self-signed cert fed through stdin // "cat cert.pem | openssl verify -CAfile cert.pem" -TEST_F(VerifyComparisonTest, VerifyToolOpenSSLCAFileSelfSignedStdinComparison) { +TEST_F(VerifyComparisonTest, CAFileSelfSignedStdin) { std::string tool_command = "cat " + std::string(ca_path) + " | " + std::string(tool_executable_path) + " verify -CAfile " + ca_path + " &> " + diff --git a/tool-openssl/x509.cc b/tool-openssl/x509.cc index bced61cd3b..1ab543df64 100644 --- a/tool-openssl/x509.cc +++ b/tool-openssl/x509.cc @@ -91,6 +91,13 @@ static bool WriteSignedCertificate(X509 *x509, bssl::UniquePtr &output_bio, return true; } +static int HexToBIGNUM(bssl::UniquePtr *out, const char *in) { + BIGNUM *raw = NULL; + int ret = BN_hex2bn(&raw, in); + out->reset(raw); + return ret; +} + static int AdaptKeyIDExtension(X509 *cert, X509V3_CTX *ext_ctx, const char *name, const char *value, int add_if_missing) { @@ -134,24 +141,22 @@ static bool SetSerial(X509 *cert, const std::string &ca_file_path) { file.reset(fopen(serial_file_path.c_str(), "r")); // Check if file exists } - BIGNUM *bn = NULL; + bssl::UniquePtr bn; // 1. If no CA provided or serial file not found, generate a random serial // number // 2. Otherwise, read serial number from serial file if (ca_file_path.empty() || !file) { - bn = BN_new(); - - /* - * Randomly generate a serial number - * - * IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits - * so that the first bit will never be one, so that the DER encoding - * rules won't force a leading octet. - */ + bn.reset(BN_new()); + + // Randomly generate a serial number + // + // IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits + // so that the first bit will never be one, so that the DER encoding + // rules won't force a leading octet. constexpr int SERIAL_RAND_BITS = 159; - if (!BN_rand(bn, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) { - BN_free(bn); + if (!BN_rand(bn.get(), SERIAL_RAND_BITS, BN_RAND_TOP_ANY, + BN_RAND_BOTTOM_ANY)) { fprintf(stderr, "Error: Failed to generate random serial number\n"); return false; } @@ -167,30 +172,26 @@ static bool SetSerial(X509 *cert, const std::string &ca_file_path) { len--; } -#if defined(_WIN32) +#if defined(OPENSSL_WINDOWS) if (len > 0 && buf[len - 1] == '\r') { buf[len - 1] = '\0'; len--; } #endif - bn = BN_new(); - - if (!BN_hex2bn(&bn, buf)) { - BN_free(bn); + if (!HexToBIGNUM(&bn, buf)) { return false; } } - if (!BN_add_word(bn, 1)) { - BN_free(bn); + // Increment to get a new serial number + if (!BN_add_word(bn.get(), 1)) { fprintf(stderr, "Error: Failed to increment serial number\n"); return false; } // Convert serial number to ASN1_INTEGER and assign it to cert - if (!BN_to_ASN1_INTEGER(bn, serial)) { - BN_free(bn); + if (!BN_to_ASN1_INTEGER(bn.get(), serial)) { fprintf(stderr, "Error: Failed to convert serial number to ASN1_INTEGER\n"); return false; } @@ -204,11 +205,10 @@ static bool SetSerial(X509 *cert, const std::string &ca_file_path) { return false; } - bssl::UniquePtr hex_str(BN_bn2hex(bn)); + bssl::UniquePtr hex_str(BN_bn2hex(bn.get())); fprintf(file.get(), "%s\n", hex_str.get()); } - BN_free(bn); return true; } diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc index 6890a29cf9..1147840d2d 100644 --- a/tool-openssl/x509_test.cc +++ b/tool-openssl/x509_test.cc @@ -125,7 +125,7 @@ class X509Test : public ::testing::Test { // ----------------------------- X509 Option Tests ----------------------------- // Test -in and -out -TEST_F(X509Test, X509ToolInOutTest) { +TEST_F(X509Test, InOut) { args_list_t args = {"-in", in_path, "-out", out_path}; bool result = X509Tool(args); ASSERT_TRUE(result); @@ -139,21 +139,21 @@ TEST_F(X509Test, X509ToolInOutTest) { } // Test -modulus -TEST_F(X509Test, X509ToolModulusTest) { +TEST_F(X509Test, Modulus) { args_list_t args = {"-in", in_path, "-modulus"}; bool result = X509Tool(args); ASSERT_TRUE(result); } // Test -subject -TEST_F(X509Test, X509ToolSubjectTest) { +TEST_F(X509Test, Subject) { args_list_t args = {"-in", in_path, "-subject"}; bool result = X509Tool(args); ASSERT_TRUE(result); } // Test -subject_hash and -subject_hash_old -TEST_F(X509Test, X509ToolSubjectHashTest) { +TEST_F(X509Test, SubjectHash) { args_list_t args = {"-in", in_path, "-subject_hash"}; bool result = X509Tool(args); ASSERT_TRUE(result); @@ -164,21 +164,21 @@ TEST_F(X509Test, X509ToolSubjectHashTest) { } // Test -fingerprint -TEST_F(X509Test, X509ToolFingerprintTest) { +TEST_F(X509Test, Fingerprint) { args_list_t args = {"-in", in_path, "-fingerprint"}; bool result = X509Tool(args); ASSERT_TRUE(result); } // Test signkey -TEST_F(X509Test, X509ToolSignkeyTest) { +TEST_F(X509Test, Signkey) { args_list_t args = {"-in", in_path, "-signkey", signkey_path}; bool result = X509Tool(args); ASSERT_TRUE(result); } // Test -days -TEST_F(X509Test, X509ToolDaysTest) { +TEST_F(X509Test, Days) { args_list_t args = {"-in", in_path, "-out", out_path, "-signkey", signkey_path, "-days", "365"}; bool result = X509Tool(args); @@ -186,21 +186,21 @@ TEST_F(X509Test, X509ToolDaysTest) { } // Test -dates -TEST_F(X509Test, X509ToolDatesTest) { +TEST_F(X509Test, Daest) { args_list_t args = {"-in", in_path, "-dates"}; bool result = X509Tool(args); ASSERT_TRUE(result); } // Test -enddate -TEST_F(X509Test, X509ToolEnddateTest) { +TEST_F(X509Test, Enddate) { args_list_t args = {"-in", in_path, "-enddate"}; bool result = X509Tool(args); ASSERT_TRUE(result); } // Test -inform -TEST_F(X509Test, X509ToolInformTest) { +TEST_F(X509Test, Inform) { args_list_t args = {"-in", der_cert_path, "-inform", "DER"}; bool result = X509Tool(args); ASSERT_TRUE(result); @@ -211,7 +211,7 @@ TEST_F(X509Test, X509ToolInformTest) { } // Test -outform -TEST_F(X509Test, X509ToolOutformTest) { +TEST_F(X509Test, Outform) { args_list_t args = {"-in", in_path, "-out", out_path, "-outform", "DER"}; bool result = X509Tool(args); ASSERT_TRUE(result); @@ -232,14 +232,14 @@ TEST_F(X509Test, X509ToolOutformTest) { } // Test -checkend -TEST_F(X509Test, X509ToolCheckendTest) { +TEST_F(X509Test, Checkend) { args_list_t args = {"-in", in_path, "-checkend", "3600"}; bool result = X509Tool(args); ASSERT_TRUE(result); } // Test -req -TEST_F(X509Test, X509ToolReqTest) { +TEST_F(X509Test, Req) { args_list_t args = {"-in", csr_path, "-req", "-signkey", signkey_path, "-out", out_path}; bool result = X509Tool(args); @@ -247,14 +247,14 @@ TEST_F(X509Test, X509ToolReqTest) { } // Test -pubkey -TEST_F(X509Test, X509ToolPubkeyTest) { +TEST_F(X509Test, Pubkey) { args_list_t args = {"-in", in_path, "-pubkey"}; bool result = X509Tool(args); ASSERT_TRUE(result); } // Test -CA and -CAkey -TEST_F(X509Test, X509ToolCATest) { +TEST_F(X509Test, CA) { args_list_t args = {"-in", in_path, "-CA", ca_cert_path, "-CAkey", ca_key_path}; bool result = X509Tool(args); @@ -270,7 +270,7 @@ TEST_F(X509Test, X509ToolCATest) { } // Test -extfile and -extensions -TEST_F(X509Test, X509ToolExtensionTest) { +TEST_F(X509Test, Extension) { char ext_path[PATH_MAX]; ASSERT_GT(createTempFILEpath(ext_path), 0u); @@ -314,7 +314,7 @@ TEST_F(X509Test, X509ToolExtensionTest) { } // Test -passin with -signkey -TEST_F(X509Test, X509ToolPassinSignkeyTest) { +TEST_F(X509Test, PassinSignkey) { args_list_t args = {"-in", in_path, "-signkey", protected_signkey_path, "-passin", "pass:testpassword"}; @@ -323,7 +323,7 @@ TEST_F(X509Test, X509ToolPassinSignkeyTest) { } // Test -passin with -CA (key in CA file) -TEST_F(X509Test, X509ToolPassinCATest) { +TEST_F(X509Test, PassinCA) { args_list_t args = {"-in", in_path, "-CA", protected_ca_cert_path, "-passin", "pass:testpassword"}; @@ -332,7 +332,7 @@ TEST_F(X509Test, X509ToolPassinCATest) { } // Test -passin with -CA and -CAkey -TEST_F(X509Test, X509ToolPassinCAkeyTest) { +TEST_F(X509Test, PassinCAkey) { args_list_t args = {"-in", in_path, "-CA", ca_cert_path, "-CAkey", protected_ca_key_path, @@ -342,7 +342,7 @@ TEST_F(X509Test, X509ToolPassinCAkeyTest) { } // Test -passin with -req and -signkey -TEST_F(X509Test, X509ToolPassinReqSignkeyTest) { +TEST_F(X509Test, PassinReqSignkey) { args_list_t args = { "-in", csr_path, "-req", "-signkey", protected_signkey_path, "-passin", "pass:testpassword"}; @@ -351,7 +351,7 @@ TEST_F(X509Test, X509ToolPassinReqSignkeyTest) { } // Test SetSerial functionality with CA certificate -TEST_F(X509Test, X509ToolSetSerialTest) { +TEST_F(X509Test, SetSerial) { // Test 1: First certificate with CA - should create .srl file args_list_t args = {"-in", in_path, "-CA", ca_cert_path, "-CAkey", ca_key_path, "-out", out_path}; @@ -369,18 +369,20 @@ TEST_F(X509Test, X509ToolSetSerialTest) { // Read first serial number std::string serial1 = ReadFileToString(srl_path.c_str()); ASSERT_FALSE(serial1.empty()); - serial1 = serial1.substr(0, serial1.find_first_of("\r\n")); // Remove newline (handles both \r\n and \n) + serial1 = serial1.substr( + 0, serial1.find_first_of( + "\r\n")); // Remove newline (handles both \r\n and \n) // Verify the first certificate serial matches the .srl file content auto cert1 = LoadPEMCertificate(out_path); - ASSERT_TRUE(cert1 != nullptr); + ASSERT_TRUE(cert1); ASN1_INTEGER *cert_serial = X509_get_serialNumber(cert1.get()); - ASSERT_TRUE(cert_serial != nullptr); + ASSERT_TRUE(cert_serial); bssl::UniquePtr bn(ASN1_INTEGER_to_BN(cert_serial, nullptr)); - ASSERT_TRUE(bn != nullptr); + ASSERT_TRUE(bn); bssl::UniquePtr hex_str(BN_bn2hex(bn.get())); - ASSERT_TRUE(hex_str != nullptr); + ASSERT_TRUE(hex_str); ASSERT_EQ(serial1, std::string(hex_str.get())); srl_file.reset(); @@ -394,22 +396,24 @@ TEST_F(X509Test, X509ToolSetSerialTest) { // Read updated serial number std::string serial2 = ReadFileToString(srl_path.c_str()); ASSERT_FALSE(serial2.empty()); - serial2 = serial2.substr(0, serial2.find_first_of("\r\n")); // Remove newline (handles both \r\n and \n) + serial2 = serial2.substr( + 0, serial2.find_first_of( + "\r\n")); // Remove newline (handles both \r\n and \n) // Serial numbers should be different ASSERT_NE(serial1, serial2); // Verify the certificate serial matches the .srl file content auto cert2 = LoadPEMCertificate(out_path); - ASSERT_TRUE(cert2 != nullptr); + ASSERT_TRUE(cert2); cert_serial = X509_get_serialNumber(cert2.get()); - ASSERT_TRUE(cert_serial != nullptr); + ASSERT_TRUE(cert_serial); // Convert certificate serial to hex string for comparison bn.reset(ASN1_INTEGER_to_BN(cert_serial, nullptr)); - ASSERT_TRUE(bn != nullptr); + ASSERT_TRUE(bn); hex_str.reset(BN_bn2hex(bn.get())); - ASSERT_TRUE(hex_str != nullptr); + ASSERT_TRUE(hex_str); ASSERT_EQ(serial2, std::string(hex_str.get())); @@ -417,8 +421,8 @@ TEST_F(X509Test, X509ToolSetSerialTest) { RemoveFile(srl_path.c_str()); } -// Test SetSerial functionality without CA (random serial generation) -TEST_F(X509Test, X509ToolSetSerialRandomTest) { +// Test serial generation without CA (random serial generation) +TEST_F(X509Test, BasicSerialGeneration) { // Test self-signed certificates - should generate random serials args_list_t args = {"-in", in_path, "-signkey", signkey_path, "-out", out_path}; @@ -427,27 +431,27 @@ TEST_F(X509Test, X509ToolSetSerialRandomTest) { auto cert1 = LoadPEMCertificate(out_path); - ASSERT_TRUE(cert1 != nullptr); + ASSERT_TRUE(cert1); args = {"-in", in_path, "-signkey", signkey_path, "-out", out_path}; result = X509Tool(args); ASSERT_TRUE(result); auto cert2 = LoadPEMCertificate(out_path); - ASSERT_TRUE(cert2 != nullptr); + ASSERT_TRUE(cert2); // Verify certificates have different serial numbers ASN1_INTEGER *serial1 = X509_get_serialNumber(cert1.get()); ASN1_INTEGER *serial2 = X509_get_serialNumber(cert2.get()); - ASSERT_TRUE(serial1 != nullptr); - ASSERT_TRUE(serial2 != nullptr); + ASSERT_TRUE(serial1); + ASSERT_TRUE(serial2); // Serial numbers should be different ASSERT_NE(0, ASN1_INTEGER_cmp(serial1, serial2)); } -// Test SetSerial functionality with existing .srl file -TEST_F(X509Test, X509ToolSetSerialExistingFileTest) { +// Test serial generation with existing .srl file +TEST_F(X509Test, SerialGenerationExistingFile) { // Create existing .srl file with known serial number std::string srl_path = std::string(ca_cert_path) @@ -475,14 +479,14 @@ TEST_F(X509Test, X509ToolSetSerialExistingFileTest) { // Verify the certificate serial matches the .srl file content auto cert = LoadPEMCertificate(out_path); - ASSERT_TRUE(cert != nullptr); + ASSERT_TRUE(cert); ASN1_INTEGER *cert_serial = X509_get_serialNumber(cert.get()); - ASSERT_TRUE(cert_serial != nullptr); + ASSERT_TRUE(cert_serial); bssl::UniquePtr bn(ASN1_INTEGER_to_BN(cert_serial, nullptr)); - ASSERT_TRUE(bn != nullptr); + ASSERT_TRUE(bn); bssl::UniquePtr hex_str(BN_bn2hex(bn.get())); - ASSERT_TRUE(hex_str != nullptr); + ASSERT_TRUE(hex_str); // new_serial already stripped above, no need to strip again ASSERT_EQ(new_serial, std::string(hex_str.get())); @@ -492,7 +496,7 @@ TEST_F(X509Test, X509ToolSetSerialExistingFileTest) { } // Test AKID serial number -TEST_F(X509Test, X509ToolAKIDSerialWithCATest) { +TEST_F(X509Test, AKIDSerialWithCA) { char ext_path[PATH_MAX]; ASSERT_GT(createTempFILEpath(ext_path), 0u); @@ -533,7 +537,7 @@ TEST_F(X509Test, X509ToolAKIDSerialWithCATest) { } // Test AKID serial number -TEST_F(X509Test, X509ToolAKIDSerialSelfSignedTest) { +TEST_F(X509Test, AKIDSerialSelfSigned) { char ext_path[PATH_MAX]; ASSERT_GT(createTempFILEpath(ext_path), 0u); @@ -582,7 +586,7 @@ class X509OptionUsageErrorsTest : public X509Test { }; // Test mutually exclusive options -TEST_F(X509OptionUsageErrorsTest, MutuallyExclusiveOptionsTests) { +TEST_F(X509OptionUsageErrorsTest, MutuallyExclusiveOptions) { std::vector> testparams = { {"-in", in_path, "-req", "-signkey", signkey_path, "-dates"}, {"-in", in_path, "-req", "-signkey", signkey_path, "-checkend", "3600"}, @@ -598,7 +602,7 @@ TEST_F(X509OptionUsageErrorsTest, MutuallyExclusiveOptionsTests) { } } -TEST_F(X509OptionUsageErrorsTest, RequiredOptionTests) { +TEST_F(X509OptionUsageErrorsTest, RequiredOptions) { std::vector> testparams = { {"-in", in_path, "-req"}, // Test -req without -signkey {"-in", in_path, "-CAkey", ca_key_path} // Test -CAkey without -CA @@ -610,7 +614,7 @@ TEST_F(X509OptionUsageErrorsTest, RequiredOptionTests) { // Test argument errors for -days: !<0 || non-integer, -checkend: !<=0 || // non-integer, -inform != {DER, PEM} -TEST_F(X509OptionUsageErrorsTest, DaysAndCheckendArgTests) { +TEST_F(X509OptionUsageErrorsTest, DaysAndCheckendArgs) { std::vector> testparams = { {"-in", in_path, "-checkend", "abc"}, {"-in", in_path, "-checkend", "-1"}, @@ -623,7 +627,7 @@ TEST_F(X509OptionUsageErrorsTest, DaysAndCheckendArgTests) { } } -TEST_F(X509OptionUsageErrorsTest, InvalidArgTests) { +TEST_F(X509OptionUsageErrorsTest, InvalidArgs) { std::vector> testparams = { {"-in", in_path, "-inform", "RANDOM"}, {"-in", in_path, "-out", out_path, "-outform", "RANDOM"}}; @@ -633,7 +637,7 @@ TEST_F(X509OptionUsageErrorsTest, InvalidArgTests) { } // Test -passin with invalid formats and wrong passwords -TEST_F(X509OptionUsageErrorsTest, InvalidPassinTest) { +TEST_F(X509OptionUsageErrorsTest, InvalidPassin) { std::vector> testparams = { {"-in", in_path, "-signkey", protected_signkey_path, "-passin", "pass:wrongpassword"}, @@ -780,7 +784,7 @@ static std::string normalize_subject(std::string input) { } // Test against OpenSSL output "openssl x509 -in file -text -noout" -TEST_F(X509ComparisonTest, X509ToolCompareTextOpenSSL) { +TEST_F(X509ComparisonTest, Text) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -text -noout> " + out_path_tool; std::string openssl_command = std::string(openssl_executable_path) + @@ -818,7 +822,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareTextOpenSSL) { } // Test against OpenSSL output "openssl x509 -in file -modulus" -TEST_F(X509ComparisonTest, X509ToolCompareModulusOpenSSL) { +TEST_F(X509ComparisonTest, Modulus) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -modulus > " + out_path_tool; std::string openssl_command = std::string(openssl_executable_path) + @@ -844,7 +848,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareModulusOpenSSL) { } // Test against OpenSSL output "openssl x509 -in file -subject" -TEST_F(X509ComparisonTest, X509ToolCompareSubjectOpenSSL) { +TEST_F(X509ComparisonTest, Subject) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -subject > " + out_path_tool; std::string openssl_command = std::string(openssl_executable_path) + @@ -881,7 +885,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareSubjectOpenSSL) { // Test against OpenSSL output "openssl x509 -in file -fingerprint -subject_hash // -subject_hash_old" -TEST_F(X509ComparisonTest, X509ToolCompareFingerprintOpenSSL) { +TEST_F(X509ComparisonTest, Fingerprint) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -subject_hash -subject_hash_old -fingerprint > " + out_path_tool; @@ -911,7 +915,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareFingerprintOpenSSL) { // Test against OpenSSL output "openssl x509 -in file -fingerprint -subject_hash // -subject_hash_old" -TEST_F(X509ComparisonTest, X509ToolCompareReorderedFingerprintOpenSSL) { +TEST_F(X509ComparisonTest, ReorderedFingerprint) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -subject_hash -fingerprint -subject_hash_old > " + out_path_tool; @@ -941,7 +945,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareReorderedFingerprintOpenSSL) { // Test against OpenSSL output "openssl x509 -in file -fingerprint -subject_hash // -subject_hash_old" -TEST_F(X509ComparisonTest, X509ToolCompareHashFingerprintOpenSSL) { +TEST_F(X509ComparisonTest, HashFingerprint) { std::string tool_command = std::string(tool_executable_path) + " x509 -subject_hash -fingerprint -noout -in " + in_path + " > " + out_path_tool; @@ -957,7 +961,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareHashFingerprintOpenSSL) { } // Test against OpenSSL output "openssl x509 -in file -pubkey" -TEST_F(X509ComparisonTest, X509ToolComparePubkeyOpenSSL) { +TEST_F(X509ComparisonTest, Pubkey) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -pubkey > " + out_path_tool; std::string openssl_command = std::string(openssl_executable_path) + @@ -973,7 +977,7 @@ TEST_F(X509ComparisonTest, X509ToolComparePubkeyOpenSSL) { // Test against OpenSSL output "openssl x509 -in file -noout -subject // -fingerprint" -TEST_F(X509ComparisonTest, X509ToolCompareSubjectFingerprintOpenSSL) { +TEST_F(X509ComparisonTest, SubjectFingerprint) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -noout -subject -fingerprint > " + out_path_tool; @@ -1012,7 +1016,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareSubjectFingerprintOpenSSL) { // Test against OpenSSL output "openssl x509 -in file -noout -subject // -fingerprint" -TEST_F(X509ComparisonTest, X509ToolCompareReorderedSubjectFingerprintOpenSSL) { +TEST_F(X509ComparisonTest, ReorderedSubjectFingerprint) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -noout -fingerprint -subject > " + out_path_tool; @@ -1050,7 +1054,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareReorderedSubjectFingerprintOpenSSL) { } // Test against OpenSSL output "openssl x509 -in in_file -checkend 0" -TEST_F(X509ComparisonTest, X509ToolCompareCheckendOpenSSL) { +TEST_F(X509ComparisonTest, Checkend) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -checkend 0 > " + out_path_tool; std::string openssl_command = std::string(openssl_executable_path) + @@ -1066,7 +1070,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareCheckendOpenSSL) { // Test against OpenSSL output "openssl x509 -req -in csr_file -signkey // private_key_file -days 80 -out out_file" -TEST_F(X509ComparisonTest, X509ToolCompareReqSignkeyDaysOpenSSL) { +TEST_F(X509ComparisonTest, ReqSignkeyDays) { std::string tool_command = std::string(tool_executable_path) + " x509 -req -in " + csr_path + " -signkey " + signkey_path + " -days 80 -out " + out_path_tool; @@ -1081,9 +1085,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareReqSignkeyDaysOpenSSL) { auto cert_tool = LoadPEMCertificate(out_path_tool); auto cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 365 days validity period @@ -1093,7 +1096,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareReqSignkeyDaysOpenSSL) { } // Test against OpenSSL output "openssl x509 -in file -dates -noout" -TEST_F(X509ComparisonTest, X509ToolCompareDatesNooutOpenSSL) { +TEST_F(X509ComparisonTest, DatesNoout) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -dates -noout > " + out_path_tool; std::string openssl_command = std::string(openssl_executable_path) + @@ -1120,7 +1123,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareDatesNooutOpenSSL) { // Test against OpenSSL output "openssl x509 -in file -dates -enddate", notAfter // date should only be printed out once -TEST_F(X509ComparisonTest, X509ToolCompareDatesEnddateOpenSSL) { +TEST_F(X509ComparisonTest, DatesEnddate) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -dates -enddate > " + out_path_tool; std::string openssl_command = std::string(openssl_executable_path) + @@ -1146,7 +1149,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareDatesEnddateOpenSSL) { } // Test against OpenSSL output "openssl x509 -in file -inform DER -enddate" -TEST_F(X509ComparisonTest, X509ToolCompareInformDEREnddateOpenSSL) { +TEST_F(X509ComparisonTest, InformDEREnddate) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + der_cert_path + " -inform DER -enddate > " + out_path_tool; @@ -1174,7 +1177,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareInformDEREnddateOpenSSL) { } // Test against OpenSSL output "openssl x509 -in file -inform DER -enddate" -TEST_F(X509ComparisonTest, X509ToolCompareInformPEMEnddateOpenSSL) { +TEST_F(X509ComparisonTest, InformPEMEnddate) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -inform PEM -enddate > " + out_path_tool; @@ -1202,7 +1205,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareInformPEMEnddateOpenSSL) { // Test against OpenSSL output reading from stdin "openssl x509 -fingerprint // -dates" -TEST_F(X509ComparisonTest, X509ToolCompareStdinFingerprintDatesOpenSSL) { +TEST_F(X509ComparisonTest, StdinFingerprintDates) { std::string tool_command = "cat " + std::string(in_path) + " | " + std::string(tool_executable_path) + " x509 -fingerprint -dates > " + out_path_tool; @@ -1233,7 +1236,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareStdinFingerprintDatesOpenSSL) { // Test against OpenSSL output "openssl x509 -in in_file (-req) -signkey // private_key_file -out out_file -outform PEM" -TEST_F(X509ComparisonTest, X509ToolCompareSignkeyOutformPEMOpenSSL) { +TEST_F(X509ComparisonTest, SignkeyOutformPEM) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -signkey " + signkey_path + " -outform PEM -out " + out_path_tool; @@ -1248,9 +1251,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareSignkeyOutformPEMOpenSSL) { auto cert_tool = LoadPEMCertificate(out_path_tool); auto cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 365 days validity period @@ -1273,9 +1275,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareSignkeyOutformPEMOpenSSL) { cert_tool = LoadPEMCertificate(out_path_tool); cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 365 days validity period @@ -1286,7 +1287,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareSignkeyOutformPEMOpenSSL) { // Test against OpenSSL output "openssl x509 -in in_file (-req) -signkey // private_key_file -out out_file -outform DER" -TEST_F(X509ComparisonTest, X509ToolCompareSignkeyOutformDEROpenSSL) { +TEST_F(X509ComparisonTest, SignkeyOutformDER) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -signkey " + signkey_path + " -outform DER -out " + out_path_tool; @@ -1301,9 +1302,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareSignkeyOutformDEROpenSSL) { auto cert_tool = LoadDERCertificate(out_path_tool); auto cert_openssl = LoadDERCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 30 days validity period @@ -1325,9 +1325,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareSignkeyOutformDEROpenSSL) { cert_tool = LoadDERCertificate(out_path_tool); cert_openssl = LoadDERCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 30 days validity period @@ -1339,7 +1338,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareSignkeyOutformDEROpenSSL) { // Test against OpenSSL output "openssl x509 -in in_file -CA certfile -CAkey // keyfile" -TEST_F(X509ComparisonTest, X509ToolCompareCAOpenSSL) { +TEST_F(X509ComparisonTest, CA) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -CA " + ca_cert_path + " -out " + out_path_tool; @@ -1355,9 +1354,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareCAOpenSSL) { auto cert_openssl = LoadPEMCertificate(out_path_openssl); auto ca_cert = LoadPEMCertificate(ca_cert_path); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 365 days validity period @@ -1380,9 +1378,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareCAOpenSSL) { cert_tool = LoadPEMCertificate(out_path_tool); cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 365 days validity period @@ -1393,7 +1390,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareCAOpenSSL) { // Test against OpenSSL output "openssl x509 -in in_file -CA certfile -CAkey // keyfile" -TEST_F(X509ComparisonTest, X509ToolCompareReqCAOpenSSL) { +TEST_F(X509ComparisonTest, ReqCA) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + csr_path + " -req -CA " + ca_cert_path + " -out " + out_path_tool; @@ -1409,9 +1406,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareReqCAOpenSSL) { auto cert_openssl = LoadPEMCertificate(out_path_openssl); auto ca_cert = LoadPEMCertificate(ca_cert_path); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 365 days validity period @@ -1434,9 +1430,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareReqCAOpenSSL) { cert_tool = LoadPEMCertificate(out_path_tool); cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 365 days validity period @@ -1446,7 +1441,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareReqCAOpenSSL) { } // Test against OpenSSL output with -passin option -TEST_F(X509ComparisonTest, X509ToolComparePassinOpenSSL) { +TEST_F(X509ComparisonTest, Passin) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -signkey " + protected_signkey_path + " -passin pass:testpassword -out " + out_path_tool; @@ -1462,9 +1457,8 @@ TEST_F(X509ComparisonTest, X509ToolComparePassinOpenSSL) { auto cert_tool = LoadPEMCertificate(out_path_tool); auto cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr) - << "Failed to load certificate generated by tool"; - ASSERT_TRUE(cert_openssl != nullptr) + ASSERT_TRUE(cert_tool) << "Failed to load certificate generated by tool"; + ASSERT_TRUE(cert_openssl) << "Failed to load certificate generated by OpenSSL"; // Compare certificates in detail with 30 days validity period @@ -1475,7 +1469,7 @@ TEST_F(X509ComparisonTest, X509ToolComparePassinOpenSSL) { // Test against OpenSSL output "openssl x509 -extfile extfile -extensions // extension_header" -TEST_F(X509ComparisonTest, X509ToolCompareExtensionsOpenSSL) { +TEST_F(X509ComparisonTest, Extensions) { char ext_path[PATH_MAX]; ASSERT_GT(createTempFILEpath(ext_path), 0u); @@ -1499,8 +1493,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareExtensionsOpenSSL) { auto cert_tool = LoadPEMCertificate(out_path_tool); auto cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_tool); + ASSERT_TRUE(cert_openssl); ASSERT_TRUE( CompareCertificates(cert_tool.get(), cert_openssl.get(), nullptr, 30)); @@ -1525,8 +1519,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareExtensionsOpenSSL) { cert_tool = LoadPEMCertificate(out_path_tool); cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_tool); + ASSERT_TRUE(cert_openssl); ASSERT_TRUE( CompareCertificates(cert_tool.get(), cert_openssl.get(), nullptr, 30)); @@ -1553,8 +1547,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareExtensionsOpenSSL) { cert_tool = LoadPEMCertificate(out_path_tool); cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_tool); + ASSERT_TRUE(cert_openssl); ASSERT_TRUE( CompareCertificates(cert_tool.get(), cert_openssl.get(), nullptr, 30)); @@ -1562,8 +1556,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareExtensionsOpenSSL) { RemoveFile(ext_path); } -// Test SetSerial functionality against OpenSSL with CA certificate -TEST_F(X509ComparisonTest, X509ToolCompareSetSerialCAOpenSSL) { +// Test serial generation against OpenSSL +TEST_F(X509ComparisonTest, BasicSerialGeneration) { std::string tool_command = std::string(tool_executable_path) + " x509 -in " + in_path + " -CA " + ca_cert_path + " -CAkey " + ca_key_path + " -out " + out_path_tool; @@ -1577,14 +1571,14 @@ TEST_F(X509ComparisonTest, X509ToolCompareSetSerialCAOpenSSL) { auto cert_tool = LoadPEMCertificate(out_path_tool); auto cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_tool); + ASSERT_TRUE(cert_openssl); // Both should have valid serial numbers (non-zero) ASN1_INTEGER *serial_tool = X509_get_serialNumber(cert_tool.get()); ASN1_INTEGER *serial_openssl = X509_get_serialNumber(cert_openssl.get()); - ASSERT_TRUE(serial_tool != nullptr); - ASSERT_TRUE(serial_openssl != nullptr); + ASSERT_TRUE(serial_tool); + ASSERT_TRUE(serial_openssl); // Clean up .srl files std::string srl_path = @@ -1594,8 +1588,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareSetSerialCAOpenSSL) { RemoveFile(srl_path.c_str()); } -// Test SetSerial functionality against OpenSSL with existing .srl file -TEST_F(X509ComparisonTest, X509ToolCompareSetSerialExistingFileOpenSSL) { +// Test serial generation against OpenSSL with existing .srl file +TEST_F(X509ComparisonTest, SerialGenerationExistingFile) { // Create existing .srl file with known serial number std::string srl_path = std::string(ca_cert_path) @@ -1619,21 +1613,21 @@ TEST_F(X509ComparisonTest, X509ToolCompareSetSerialExistingFileOpenSSL) { auto cert_tool = LoadPEMCertificate(out_path_tool); auto cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_tool); + ASSERT_TRUE(cert_openssl); // Both should have incremented the serial number ASN1_INTEGER *serial_tool = X509_get_serialNumber(cert_tool.get()); ASN1_INTEGER *serial_openssl = X509_get_serialNumber(cert_openssl.get()); - ASSERT_TRUE(serial_tool != nullptr); - ASSERT_TRUE(serial_openssl != nullptr); + ASSERT_TRUE(serial_tool); + ASSERT_TRUE(serial_openssl); // Clean up .srl files RemoveFile(srl_path.c_str()); } // Test AdaptKeyIDExtension with existing valid key identifier extensions -TEST_F(X509ComparisonTest, X509ToolCompareKeyIDExtensionValidOpenSSL) { +TEST_F(X509ComparisonTest, KeyIDExtensionValid) { char ext_path[PATH_MAX]; ASSERT_GT(createTempFILEpath(ext_path), 0u); @@ -1660,8 +1654,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareKeyIDExtensionValidOpenSSL) { auto cert_tool = LoadPEMCertificate(out_path_tool); auto cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_tool); + ASSERT_TRUE(cert_openssl); ASSERT_TRUE( CompareCertificates(cert_tool.get(), cert_openssl.get(), nullptr, 30)); @@ -1670,7 +1664,7 @@ TEST_F(X509ComparisonTest, X509ToolCompareKeyIDExtensionValidOpenSSL) { } // Test AdaptKeyIDExtension with self-signed cert missing authorityKeyIdentifier -TEST_F(X509ComparisonTest, X509ToolCompareKeyIDExtensionSelfSignedOpenSSL) { +TEST_F(X509ComparisonTest, KeyIDExtensionSelfSigned) { char ext_path[PATH_MAX]; ASSERT_GT(createTempFILEpath(ext_path), 0u); @@ -1699,8 +1693,8 @@ TEST_F(X509ComparisonTest, X509ToolCompareKeyIDExtensionSelfSignedOpenSSL) { auto cert_tool = LoadPEMCertificate(out_path_tool); auto cert_openssl = LoadPEMCertificate(out_path_openssl); - ASSERT_TRUE(cert_tool != nullptr); - ASSERT_TRUE(cert_openssl != nullptr); + ASSERT_TRUE(cert_tool); + ASSERT_TRUE(cert_openssl); ASSERT_TRUE( CompareCertificates(cert_tool.get(), cert_openssl.get(), nullptr, 30));