/*
- * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
* https://www.openssl.org/source/license.html
*/
-#include "cmp_testlib.h"
+#include "helpers/cmp_testlib.h"
#include <openssl/x509_vfy.h>
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(POLICYINFO)
-
typedef struct test_fixture {
const char *test_case_name;
OSSL_CMP_CTX *ctx;
if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
return NULL;
- if (!TEST_ptr(fixture->ctx = OSSL_CMP_CTX_new())) {
+ if (!TEST_ptr(fixture->ctx = OSSL_CMP_CTX_new(NULL, NULL))) {
tear_down(fixture);
return NULL;
}
static void sk_X509_pop_X509_free(STACK_OF(X509) *sk)
{
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
}
static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture)
OSSL_CMP_CTX *ctx = fixture->ctx;
ASN1_OCTET_STRING *bytes = NULL;
STACK_OF(X509) *certs = NULL;
+ X509 *cert = X509_new();
int res = 0;
/* set non-default values in all relevant fields */
if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null())
|| !ossl_cmp_ctx_set0_newCert(ctx, X509_new())
|| !TEST_ptr(certs = sk_X509_new_1())
+ || !ossl_cmp_ctx_set1_newChain(ctx, certs)
|| !ossl_cmp_ctx_set1_caPubs(ctx, certs)
|| !ossl_cmp_ctx_set1_extraCertsIn(ctx, certs)
- || !ossl_cmp_ctx_set0_validatedSrvCert(ctx, X509_new())
+ || !ossl_cmp_ctx_set1_validatedSrvCert(ctx, cert)
|| !TEST_ptr(bytes = ASN1_OCTET_STRING_new())
|| !OSSL_CMP_CTX_set1_transactionID(ctx, bytes)
|| !OSSL_CMP_CTX_set1_senderNonce(ctx, bytes)
&& ctx->failInfoCode == -1
&& ctx->statusString == NULL
&& ctx->newCert == NULL
+ && ctx->newChain == NULL
&& ctx->caPubs == NULL
&& ctx->extraCertsIn == NULL
&& ctx->validatedSrvCert == NULL
res = 1;
err:
+ X509_free(cert);
sk_X509_pop_X509_free(certs);
ASN1_OCTET_STRING_free(bytes);
return res;
}
+static int test_CTX_libctx_propq(void)
+{
+ OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
+ const char *propq = "?provider=legacy";
+ OSSL_CMP_CTX *cmpctx = OSSL_CMP_CTX_new(libctx, propq);
+ int res = TEST_ptr(libctx)
+ && TEST_ptr(cmpctx)
+ && TEST_ptr_eq(libctx, OSSL_CMP_CTX_get0_libctx(cmpctx))
+ && TEST_str_eq(propq, OSSL_CMP_CTX_get0_propq(cmpctx));
+
+ OSSL_CMP_CTX_free(cmpctx);
+ OSSL_LIB_CTX_free(libctx);
+ return res;
+}
+
static int test_CTX_reinit(void)
{
SETUP_TEST_FIXTURE(OSSL_CMP_CTX_TEST_FIXTURE, set_up);
res = 0;
# ifndef OPENSSL_NO_STDIO
- CMPerr(0, CMP_R_MULTIPLE_SAN_SOURCES);
+ ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES);
OSSL_CMP_CTX_print_errors(ctx); /* should print above error to STDERR */
# endif
if (!TEST_true(ctx->log_cb == msg_total_size_log_cb)) {
res = 0;
} else {
- CMPerr(0, CMP_R_INVALID_ARGS);
+ ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
base_err_msg_size = strlen("INVALID_ARGS");
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
base_err_msg_size += strlen("NULL_ARGUMENT");
expected_size = base_err_msg_size;
- ossl_cmp_add_error_data("data1"); /* should prepend separator " : " */
- expected_size += strlen(" : " "data1");
+ ossl_cmp_add_error_data("data1"); /* should prepend separator ":" */
+ expected_size += strlen(":" "data1");
ossl_cmp_add_error_data("data2"); /* should prepend separator " : " */
expected_size += strlen(" : " "data2");
ossl_cmp_add_error_line("new line"); /* should prepend separator "\n" */
if (!TEST_int_eq(msg_total_size, expected_size))
res = 0;
- CMPerr(0, CMP_R_INVALID_ARGS);
- base_err_msg_size = strlen("INVALID_ARGS") + strlen(" : ");
+ ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
+ base_err_msg_size = strlen("INVALID_ARGS") + strlen(":");
expected_size = base_err_msg_size;
while (expected_size < 4096) { /* force split */
ERR_add_error_txt(STR_SEP, max_str_literal);
return result;
}
+#ifndef OPENSSL_NO_HTTP
static BIO *test_http_cb(BIO *bio, void *arg, int use_ssl, int detail)
{
return NULL;
}
+#endif
static OSSL_CMP_MSG *test_transfer_cb(OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req)
} else { \
if (DUP && val1_read == val1) { \
TEST_error("first set did not dup the value"); \
+ val1_read = 0; \
res = 0; \
} \
if (DEFAULT(val1_read)) { \
} else { \
if (DUP && val2_read == val2) { \
TEST_error("second set did not dup the value"); \
+ val2_read = 0; \
res = 0; \
} \
if (val2 == val1) { \
} else { \
if (DUP && val3_read == val2_read) { \
TEST_error("third get did not create a new dup"); \
+ val3_read = 0; \
res = 0; \
} \
} \
#define IS_0(x) ((x) == 0) /* for any type */
#define DROP(x) (void)(x) /* dummy free() for non-pointer and function types */
-#define ERR(x) (CMPerr(0, CMP_R_NULL_ARGUMENT), x)
+#define RET_IF_NULL_ARG(ctx, ret) \
+ if (ctx == NULL) { \
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
+ return ret; \
+ }
+/* cannot use PREFIX instead of OSSL_CMP and CTX due to #define OSSL_CMP_CTX */
#define DEFINE_SET_GET_TEST(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE) \
DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \
TYPE *, NULL, IS_0, TYPE##_new(), TYPE##_free)
#define DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, N, DUP, FIELD, TYPE, DEFAULT) \
static TYPE *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \
{ \
- return ctx == NULL ? ERR(NULL) : (TYPE *)ctx->FIELD; \
+ RET_IF_NULL_ARG(ctx, NULL); \
+ return (TYPE *)ctx->FIELD; \
} \
DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, N, 0, DUP, FIELD, TYPE, DEFAULT)
#define DEFINE_SET_TEST(OSSL_CMP, CTX, N, DUP, FIELD, TYPE) \
#define DEFINE_SET_SK_TEST(OSSL_CMP, CTX, N, FIELD, TYPE) \
static STACK_OF(TYPE) *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \
{ \
- return ctx == NULL ? ERR(NULL) : ctx->FIELD; \
+ RET_IF_NULL_ARG(ctx, NULL); \
+ return ctx->FIELD; \
} \
DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get0, 1, FIELD, \
STACK_OF(TYPE)*, NULL, IS_0, \
sk_##TYPE##_new_null(), sk_##TYPE##_free)
+#ifndef OPENSSL_NO_HTTP
typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t;
+#endif
#define DEFINE_SET_CB_TEST(FIELD) \
static OSSL_CMP_##FIELD##_t OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \
{ \
- if (ctx == NULL) \
- CMPerr(0, CMP_R_NULL_ARGUMENT); \
- return ctx == NULL ? NULL /* cannot use ERR(NULL) here */ : ctx->FIELD;\
+ RET_IF_NULL_ARG(ctx, NULL); \
+ return ctx->FIELD; \
} \
DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, \
OSSL_CMP_##FIELD##_t, NULL, IS_0, \
#define DEFINE_SET_INT_TEST(FIELD) \
static int OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \
{ \
- return ctx == NULL ? ERR(-1) : ctx->FIELD; \
+ RET_IF_NULL_ARG(ctx, -1); \
+ return ctx->FIELD; \
} \
DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, IS_0)
\
static char *OSSL_CMP_CTX_get1_##FIELD##_str(const CMP_CTX *ctx) \
{ \
- const ASN1_OCTET_STRING *bytes = ctx == NULL ? ERR(NULL) : ctx->FIELD; \
+ const ASN1_OCTET_STRING *bytes = NULL; \
\
+ RET_IF_NULL_ARG(ctx, NULL); \
+ bytes = ctx->FIELD; \
return bytes == NULL ? NULL : \
OPENSSL_strndup((char *)bytes->data, bytes->length); \
}
} \
\
if (!(*push_fn)(ctx, val2)) { \
- TEST_error("pushting second value failed"); \
+ TEST_error("pushing second value failed"); \
res = 0; \
} \
if (PUSHN == 0) \
return;
}
-DEFINE_SET_GET_ARG_FN(set, get, option, 16, int)
-/* option == OSSL_CMP_OPT_IGNORE_KEYUSAGE */
-DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, option_16, int, -1, IS_0, \
+DEFINE_SET_GET_ARG_FN(set, get, option, 35, int) /* OPT_IGNORE_KEYUSAGE */
+DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, option_35, int, -1, IS_0, \
1 /* true */, DROP)
DEFINE_SET_CB_TEST(log_cb)
DEFINE_SET_INT_TEST(serverPort)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, proxy, char)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, no_proxy, char)
+#ifndef OPENSSL_NO_HTTP
DEFINE_SET_CB_TEST(http_cb)
DEFINE_SET_GET_P_VOID_TEST(http_cb_arg)
+#endif
DEFINE_SET_CB_TEST(transfer_cb)
DEFINE_SET_GET_P_VOID_TEST(transfer_cb_arg)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, srvCert, X509)
-DEFINE_SET_TEST(ossl_cmp, ctx, 0, 0, validatedSrvCert, X509)
+DEFINE_SET_GET_TEST(ossl_cmp, ctx, 1, 0, 0, validatedSrvCert, X509)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, expected_sender, X509_NAME)
-DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore,
+DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trusted,
X509_STORE *, NULL,
DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free)
-DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted_certs)
+DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted)
-DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, clCert, X509)
+DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, cert, X509)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, pkey, EVP_PKEY)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, recipient, X509_NAME)
DEFINE_SET_GET_SK_TEST(ossl_cmp, ctx, 0, 0, statusString, ASN1_UTF8STRING)
DEFINE_SET_GET_INT_TEST(ossl_cmp, ctx, failInfoCode)
DEFINE_SET_GET_TEST(ossl_cmp, ctx, 0, 0, 0, newCert, X509)
+DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, newChain)
DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, caPubs)
DEFINE_SET_GET_SK_X509_TEST(ossl_cmp, ctx, 1, 1, extraCertsIn)
int setup_tests(void)
{
- /* OSSL_CMP_CTX_new() is tested by set_up() */
- /* OSSL_CMP_CTX_free() is tested by tear_down() */
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
+
+ /* also tests OSSL_CMP_CTX_new() and OSSL_CMP_CTX_free(): */
+ ADD_TEST(test_CTX_libctx_propq);
ADD_TEST(test_CTX_reinit);
/* various CMP options: */
- ADD_TEST(test_CTX_set_get_option_16);
+ ADD_TEST(test_CTX_set_get_option_35);
/* CMP-specific callback for logging and outputting the error queue: */
ADD_TEST(test_CTX_set_get_log_cb);
/*
ADD_TEST(test_CTX_set_get_serverPort);
ADD_TEST(test_CTX_set1_get0_proxy);
ADD_TEST(test_CTX_set1_get0_no_proxy);
+#ifndef OPENSSL_NO_HTTP
ADD_TEST(test_CTX_set_get_http_cb);
ADD_TEST(test_CTX_set_get_http_cb_arg);
+#endif
ADD_TEST(test_CTX_set_get_transfer_cb);
ADD_TEST(test_CTX_set_get_transfer_cb_arg);
/* server authentication: */
ADD_TEST(test_CTX_set1_get0_srvCert);
- ADD_TEST(test_CTX_set0_get0_validatedSrvCert);
+ ADD_TEST(test_CTX_set1_get0_validatedSrvCert);
ADD_TEST(test_CTX_set1_get0_expected_sender);
- ADD_TEST(test_CTX_set0_get0_trustedStore);
- ADD_TEST(test_CTX_set1_get0_untrusted_certs);
+ ADD_TEST(test_CTX_set0_get0_trusted);
+ ADD_TEST(test_CTX_set1_get0_untrusted);
/* client authentication: */
- ADD_TEST(test_CTX_set1_get0_clCert);
+ ADD_TEST(test_CTX_set1_get0_cert);
ADD_TEST(test_CTX_set1_get0_pkey);
/* the following two also test ossl_cmp_asn1_octet_string_set1_bytes(): */
ADD_TEST(test_CTX_set1_get1_referenceValue_str);
ADD_TEST(test_CTX_set0_get0_statusString);
ADD_TEST(test_CTX_set_get_failInfoCode);
ADD_TEST(test_CTX_set0_get0_newCert);
+ ADD_TEST(test_CTX_set1_get1_newChain);
ADD_TEST(test_CTX_set1_get1_caPubs);
ADD_TEST(test_CTX_set1_get1_extraCertsIn);
/* exported for testing and debugging purposes: */
ADD_TEST(test_CTX_set1_get0_transactionID);
ADD_TEST(test_CTX_set1_get0_senderNonce);
ADD_TEST(test_CTX_set1_get0_recipNonce);
- /* ossl_cmp_build_cert_chain() is tested in cmp_protect.c */
return 1;
}