DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+static const char *newkey_f;
static const char *server_cert_f;
static const char *pkcs10_f;
OSSL_CMP_PKISI *si;
} CMP_MSG_TEST_FIXTURE;
+static OPENSSL_CTX *libctx = NULL;
+static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
+
+/* TODO(3.0) Clean this up - See issue #12680 */
+static X509 *X509_dup_with_libctx(const X509 *cert)
+{
+ X509 *dup = X509_dup(cert);
+
+ if (dup != NULL)
+ x509_set0_libctx(dup, libctx, NULL);
+ return dup;
+}
+
static unsigned char ref[CMP_TEST_REFVALUE_LENGTH];
static void tear_down(CMP_MSG_TEST_FIXTURE *fixture)
return NULL;
fixture->test_case_name = test_case_name;
- if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL))
+ if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
|| !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))
|| !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
ref, sizeof(ref)))) {
fixture->bodytype = OSSL_CMP_PKIBODY_IR;
fixture->err_code = -1;
fixture->expected = 1;
- if (!TEST_int_eq(1, RAND_bytes(secret, sizeof(secret)))
+ if (!TEST_int_eq(1, RAND_bytes_ex(libctx, secret, sizeof(secret)))
|| !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
|| !TEST_true(set1_newPkey(ctx, newkey))
|| !TEST_true(OSSL_CMP_CTX_set1_secretValue(ctx, secret,
fixture->fail_info = 0;
fixture->expected = 1;
if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
- X509_dup(cert)))) {
+ X509_dup_with_libctx(cert)))) {
tear_down(fixture);
fixture = NULL;
}
fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg;
fixture->expected = 1;
if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
- X509_dup(cert)))) {
+ X509_dup_with_libctx(cert)))) {
tear_down(fixture);
fixture = NULL;
}
fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX;
fixture->expected = 1;
if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
- X509_dup(cert)))) {
+ X509_dup_with_libctx(cert)))) {
tear_down(fixture);
fixture = NULL;
}
cresp->certifiedKeyPair->certOrEncCert->type =
OSSL_CMP_CERTORENCCERT_CERTIFICATE;
if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate =
- X509_dup(cert)) == NULL
+ X509_dup_with_libctx(cert)) == NULL
|| !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp))
goto err;
cresp = NULL;
{
EVP_PKEY_free(newkey);
X509_free(cert);
+ OPENSSL_CTX_free(libctx);
}
+#define USAGE "new.key server.crt pkcs10.der module_name [module_conf_file]\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
int setup_tests(void)
{
if (!test_skip_common_options()) {
return 0;
}
- if (!TEST_ptr(server_cert_f = test_get_argument(0))
- || !TEST_ptr(pkcs10_f = test_get_argument(1))) {
- TEST_error("usage: cmp_msg_test server.crt pkcs10.der\n");
+ if (!TEST_ptr(newkey_f = test_get_argument(0))
+ || !TEST_ptr(server_cert_f = test_get_argument(1))
+ || !TEST_ptr(pkcs10_f = test_get_argument(2))) {
+ TEST_error("usage: cmp_msg_test %s", USAGE);
return 0;
}
- if (!TEST_ptr(newkey = gen_rsa())
- || !TEST_ptr(cert = load_pem_cert(server_cert_f, NULL))
- || !TEST_int_eq(1, RAND_bytes(ref, sizeof(ref)))) {
+ if (!test_get_libctx(&libctx, &default_null_provider, &provider, 3, USAGE))
+ return 0;
+
+ if (!TEST_ptr(newkey = load_pem_key(newkey_f))
+ || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx))
+ || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
cleanup_tests();
return 0;
}
return csr;
}
-EVP_PKEY *gen_rsa(void)
-{
- EVP_PKEY_CTX *ctx = NULL;
- EVP_PKEY *pkey = NULL;
-
- (void)(TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))
- && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
- && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048), 0)
- && TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0));
- EVP_PKEY_CTX_free(ctx);
- return pkey;
-}
-
/*
* Checks whether the syntax of msg conforms to ASN.1
*/
X509_REQ *load_csr(const char *file);
OSSL_CMP_MSG *load_pkimsg(const char *file);
int valid_asn1_encoding(const OSSL_CMP_MSG *msg);
-EVP_PKEY *gen_rsa(void);
int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2);
int STACK_OF_X509_push1(STACK_OF(X509) *sk, X509 *cert);
int print_to_bio_out(const char *func, const char *file, int line,
# https://www.openssl.org/source/license.html
use strict;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
use OpenSSL::Test::Utils;
-setup("test_cmp_msg");
+BEGIN {
+ setup("test_cmp_msg");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "This test is not supported in a no-cmp build"
if disabled("cmp");
-plan tests => 1;
+plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+
+my @basic_cmd = ("cmp_msg_test",
+ data_file("new.key"),
+ data_file("server.crt"),
+ data_file("pkcs10.der"));
+
+ok(run(test([@basic_cmd, "none"])));
+
+ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
+
+unless ($no_fips) {
+ ok(run(app(['openssl', 'fipsinstall',
+ '-out', bldtop_file('providers', 'fipsmodule.cnf'),
+ '-module', bldtop_file('providers', platform->dso('fips'))])),
+ "fipsinstall");
-ok(run(test(["cmp_msg_test",
- data_file("server.crt"),
- data_file("pkcs10.der")])));
+ ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+}
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIHp0kAPnBtK1B
+/gcTQSGV20NKE1VD+OEO7qzYprfQV0/iaXX5zY/Ls4NRKNIJ6BdoEg5cID5HTNoE
+Andl6pfHdSsT0+JdodEZlyg+1fiYr0g4eEh3HA9Rrpx5I4mfhwdj6nRwUun/ludQ
+SungipsvVsx3i/x8XEnRkMYlqF8uK6udhTJqVo0Icr6Erb5Fp5GA+Wxd+JT+/CGG
+MWF2GLFs+byX5L7bE3JJXUkADOtS8QN01nSIG+5VxLaaWFIpOG3ll6D7QLruRhir
+Ez0JVkLBxX9pJQibCN4Ww0wmyX+cXIRpy7q9fPSuO8vA/NMB5VhnLn3YbC9qRY62
+IN1qntYlAgMBAAECggEAJgHieHcS+F43VcRIVbjWBx8orYX0eL9pByv/efpYCOK8
+UlUTSglnmRmUBDMLiUQiReq//XFGQsZu1boeMSYYA5LWRqLEaGIWU5To2N5Mo7sO
+rWLy6GRU6H+QSlWcisbbeXeK+9ZTiO6BKjfAKZxJkvkaRk44+umQP5QOfhJ3WU4t
+0wkwYOfm8uOEg48yZTgjUVzhIORHAq5RHH/5goLrNwO2bIqOHOqzSrXGQJJ+oDaL
+JykccyVAElUGd5JaSpm5z0a43C4A5q770ppiByGxJv1L3ID1hkik1ZpWfMtwPH1Y
+FIAINqlhVoeAEwOCpL9axZ5OCGQrgWLNV4LfJyG4NQKBgQDyHGDyp+ZpMJRxCtDt
+8QWtthuoOfwmXOR81ZJGD3GA8rEGcG1zH4F+B4Z76/Kwb/uabH9FPURS+kcDpsuM
+9Avx88JTg6YFhtpQQCcmhY7awgc+B4ve95ziz6DOMhCD8Yb36UjM7B1jY+zVLIYt
+yQhZOKQEzPFqfPMrzEDsabT+GwKBgQDTmY35/l13zYi21xmCL+309KzjbZEyX0NF
+SE2JjIdwcWvKSMPFlWv7l1ssIg1fF0Hu7mEbLB74eUU0fe4D0LPeoEX3ihjYej4N
+M/EdKv7+WhCr11lnWwWTM+aeeFAmwdD95Gdvv0hTnG/GqxiOt19HhGhMHJueAKDL
+Tmci9hPAvwKBgQCkjbM62fEZp4IMvtw4DKveYDq2AQsnC9XkHsh3Q8HScaDuDnXl
+XBGIFhdKnJhrYQEx+PIbnkOU3jRr/+6zE6AWx6VZW834TaqOBrxVS0tH1b5UY46m
+ccc4xQO3gYGGHB+u2ei4Fvb2eZEbZlKgRdWdxoh8FssypFAmgYHS7Rmt5wKBgEYu
+symM1aGL2WGTnJFSpmFN2h4g1DzZ3e0X2yfZJX8FD5RraAub0NIE1Kehr7+vbh36
+kNi7XJZbWrnbXtuDGHWpwSsmcbEzcmtcpAdhoGvqoYbtiWi/huzZFQ/Qpf0E4fWk
+ES6+ShX5WBWT4DRN29tTrmg4QOE6IhrsqUauScTvAoGAKxEzsSHPgZm5rGOfVPcI
+cFeSJFCsaPfVk97T9aNievhMMChKBV8vT3Unlk0RObcsMweo6OMmfnRxrHhgfVz8
+elpLOlzEHfELlR8HELvxCeWWzuPgNCAPcG3BmjRnm8g5xmmkfQuRKlkQTcGbHotI
+wIPT+bHg3fjx7CemHl+rZeo=
+-----END PRIVATE KEY-----