/*
- * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
* https://www.openssl.org/source/license.html
*/
-#include "cmp_testlib.h"
-
-DEFINE_STACK_OF(X509)
+#include "helpers/cmp_testlib.h"
static const char *ir_protected_f;
static const char *ir_unprotected_f;
X509 *cert;
STACK_OF(X509) *certs;
STACK_OF(X509) *chain;
+ int with_ss;
int callback_arg;
int expected;
} CMP_PROTECT_TEST_FIXTURE;
-static OPENSSL_CTX *libctx = NULL;
+static OSSL_LIB_CTX *libctx = NULL;
static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
/*
* This function works similarly to parts of CMP_verify_signature in cmp_vfy.c,
- * but without the need for a OSSL_CMP_CTX or a X509 certificate
+ * but without the need for an OSSL_CMP_CTX or a X509 certificate
*/
static int verify_signature(OSSL_CMP_MSG *msg,
ASN1_BIT_STRING *protection,
static int test_cmp_calc_protection_no_key_no_secret(void)
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))
|| !TEST_ptr(fixture->msg->header->protectionAlg =
X509_ALGOR_new() /* no specific alg needed here */)) {
tear_down(fixture);
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
fixture->pubkey = loadedpubkey;
if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey))
- || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) {
+ || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) {
tear_down(fixture);
fixture = NULL;
}
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
sec_insta, sizeof(sec_insta)))
- || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) {
+ || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) {
tear_down(fixture);
fixture = NULL;
}
OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
X509_STORE *store;
STACK_OF(X509) *chain =
- ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL,
- fixture->certs, fixture->cert);
+ X509_build_chain(fixture->cert, fixture->certs, NULL,
+ fixture->with_ss, ctx->libctx, ctx->propq);
if (TEST_ptr(chain)) {
/* Check whether chain built is equal to the expected one */
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
}
if (!ret)
return 0;
&& TEST_true(X509_STORE_add_cert(store, root))) {
X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store),
X509_V_FLAG_NO_CHECK_TIME);
- chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq,
- store, fixture->certs, fixture->cert);
+ chain = X509_build_chain(fixture->cert, fixture->certs, store,
+ fixture->with_ss, ctx->libctx, ctx->propq);
ret = TEST_int_eq(fixture->expected, chain != NULL);
if (ret && chain != NULL) {
/* Check whether chain built is equal to the expected one */
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
}
}
X509_STORE_free(store);
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
fixture->expected = 1;
+ fixture->with_ss = 0;
fixture->cert = endentity2;
if (!TEST_ptr(fixture->certs = sk_X509_new_null())
|| !TEST_ptr(fixture->chain = sk_X509_new_null())
tear_down(fixture);
fixture = NULL;
}
- EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
+ if (fixture != NULL) {
+ result = execute_cmp_build_cert_chain_test(fixture);
+ fixture->with_ss = 1;
+ if (result && TEST_true(sk_X509_push(fixture->chain, root)))
+ result = execute_cmp_build_cert_chain_test(fixture);
+ }
+ tear_down(fixture);
return result;
}
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
fixture->expected = 0;
+ fixture->with_ss = 0;
fixture->cert = endentity2;
if (!TEST_ptr(fixture->certs = sk_X509_new_null())
|| !TEST_ptr(fixture->chain = sk_X509_new_null())
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
fixture->expected = 1;
+ fixture->with_ss = 0;
fixture->cert = endentity2;
if (!TEST_ptr(fixture->certs = sk_X509_new_null())
|| !TEST_ptr(fixture->chain = sk_X509_new_null())
return result;
}
+static int test_cmp_build_cert_chain_only_root(void)
+{
+ SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
+ fixture->expected = 1;
+ fixture->with_ss = 0; /* still chain must include the only cert (root) */
+ fixture->cert = root;
+ if (!TEST_ptr(fixture->certs = sk_X509_new_null())
+ || !TEST_ptr(fixture->chain = sk_X509_new_null())
+ || !TEST_true(sk_X509_push(fixture->certs, root))
+ || !TEST_true(sk_X509_push(fixture->chain, root))) {
+ tear_down(fixture);
+ fixture = NULL;
+ }
+ EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
+ return result;
+}
+
static int test_cmp_build_cert_chain_no_certs(void)
{
SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
fixture->expected = 0;
+ fixture->with_ss = 0;
fixture->cert = endentity2;
if (!TEST_ptr(fixture->certs = sk_X509_new_null())
|| !TEST_ptr(fixture->chain = sk_X509_new_null())
res = 1;
err:
X509_STORE_free(store);
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
return res;
}
return result;
}
-
void cleanup_tests(void)
{
EVP_PKEY_free(loadedprivkey);
X509_free(intermediate);
OSSL_CMP_MSG_free(ir_protected);
OSSL_CMP_MSG_free(ir_unprotected);
- OPENSSL_CTX_free(libctx);
+ OSSL_LIB_CTX_free(libctx);
}
#define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \
return 0;
}
- if (!test_get_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
+ if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
return 0;
- if (!TEST_ptr(loadedkey = load_pem_key(server_key_f, libctx))
- || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx)))
+ if (!TEST_ptr(loadedkey = load_pkey_pem(server_key_f, libctx))
+ || !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx)))
return 0;
- if (!TEST_ptr(loadedprivkey = load_pem_key(server_f, libctx)))
+ if (!TEST_ptr(loadedprivkey = load_pkey_pem(server_f, libctx)))
return 0;
if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
loadedpubkey = loadedprivkey;
- if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f))
- || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)))
+ if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
+ || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
return 0;
- if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx))
- || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx))
- || !TEST_ptr(root = load_pem_cert(root_f, libctx))
- || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx)))
+ if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
+ || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
+ || !TEST_ptr(root = load_cert_pem(root_f, libctx))
+ || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
return 0;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
return 0;
#ifndef OPENSSL_NO_EC
ADD_TEST(test_cmp_build_cert_chain);
+ ADD_TEST(test_cmp_build_cert_chain_only_root);
ADD_TEST(test_cmp_build_cert_chain_no_root);
ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
ADD_TEST(test_cmp_build_cert_chain_no_certs);