const OSSL_DISPATCH *in,
const OSSL_DISPATCH **out,
void **provctx);
-DEFINE_STACK_OF(OCSP_RESPID)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
static OPENSSL_CTX *libctx = NULL;
static OSSL_PROVIDER *defctxnull = NULL;
if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
goto end;
- chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
+
+ if (!TEST_ptr(chaincert = X509_new_with_libctx(libctx, NULL)))
+ goto end;
+
+ if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL)
+ goto end;
BIO_free(certbio);
certbio = NULL;
- if (!TEST_ptr(chaincert))
- goto end;
if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version,
max_version, &sctx, &cctx, cert,
testresult = 1;
end:
+ BIO_free(certbio);
X509_free(chaincert);
SSL_free(serverssl);
SSL_free(clientssl);
tls_version, tls_version,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx, cipher))
+ || !TEST_true(SSL_CTX_set_cipher_list(sctx, cipher))
|| !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
&clientssl, sfd, cfd)))
goto end;
tls_version, tls_version,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx, cipher))
+ || !TEST_true(SSL_CTX_set_cipher_list(sctx, cipher))
|| !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl,
&clientssl, sfd, cfd)))
goto end;
|| !TEST_true(BIO_get_ktls_send(serverssl->wbio)))
goto end;
- RAND_bytes(buf, SENDFILE_SZ);
+ if (!TEST_true(RAND_bytes_ex(libctx, buf, SENDFILE_SZ)))
+ goto end;
+
out = BIO_new_file(tmpfilename, "wb");
if (!TEST_ptr(out))
goto end;
return testresult;
}
-static int test_ktls_no_txrx_client_no_txrx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(0, 0, 0, 0, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(0, 0, 0, 0, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(0, 0, 0, 0, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_rx_client_no_txrx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(1, 0, 0, 0, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(1, 0, 0, 0, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(1, 0, 0, 0, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_tx_client_no_txrx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(0, 1, 0, 0, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(0, 1, 0, 0, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(0, 1, 0, 0, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_client_no_txrx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(1, 1, 0, 0, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(1, 1, 0, 0, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(1, 1, 0, 0, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_txrx_client_no_rx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(0, 0, 1, 0, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(0, 0, 1, 0, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(0, 0, 1, 0, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_rx_client_no_rx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(1, 0, 1, 0, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(1, 0, 1, 0, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(1, 0, 1, 0, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_tx_client_no_rx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(0, 1, 1, 0, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(0, 1, 1, 0, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(0, 1, 1, 0, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_client_no_rx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(1, 1, 1, 0, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(1, 1, 1, 0, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(1, 1, 1, 0, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_txrx_client_no_tx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(0, 0, 0, 1, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(0, 0, 0, 1, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(0, 0, 0, 1, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_rx_client_no_tx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(1, 0, 0, 1, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(1, 0, 0, 1, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(1, 0, 0, 1, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_tx_client_no_tx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(0, 1, 0, 1, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(0, 1, 0, 1, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(0, 1, 0, 1, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_client_no_tx_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(1, 1, 0, 1, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(1, 1, 0, 1, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(1, 1, 0, 1, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_txrx_client_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(0, 0, 1, 1, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(0, 0, 1, 1, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(0, 0, 1, 1, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_rx_client_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(1, 0, 1, 1, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(1, 0, 1, 1, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(1, 0, 1, 1, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_no_tx_client_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(0, 1, 1, 1, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(0, 1, 1, 1, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(0, 1, 1, 1, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
-static int test_ktls_client_server(int tlsver)
-{
- int testresult = 1;
-
-#ifdef OPENSSL_KTLS_AES_GCM_128
- testresult &= execute_test_ktls(1, 1, 1, 1, tlsver,
- "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_CCM_128
- testresult &= execute_test_ktls(1, 1, 1, 1, tlsver,
- "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
-#endif
-#ifdef OPENSSL_KTLS_AES_GCM_256
- testresult &= execute_test_ktls(1, 1, 1, 1, tlsver,
- "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
-#endif
- return testresult;
-}
-
#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
static int test_ktls(int test)
{
- int tlsver;
+ int cis_ktls_tx, cis_ktls_rx, sis_ktls_tx, sis_ktls_rx;
+ int tlsver, testresult;
if (test > 15) {
#if defined(OPENSSL_NO_TLS1_3)
#endif
}
- switch(test) {
- case 0:
- return test_ktls_no_txrx_client_no_txrx_server(tlsver);
- case 1:
- return test_ktls_no_rx_client_no_txrx_server(tlsver);
- case 2:
- return test_ktls_no_tx_client_no_txrx_server(tlsver);
- case 3:
- return test_ktls_client_no_txrx_server(tlsver);
- case 4:
- return test_ktls_no_txrx_client_no_rx_server(tlsver);
- case 5:
- return test_ktls_no_rx_client_no_rx_server(tlsver);
- case 6:
- return test_ktls_no_tx_client_no_rx_server(tlsver);
- case 7:
- return test_ktls_client_no_rx_server(tlsver);
- case 8:
- return test_ktls_no_txrx_client_no_tx_server(tlsver);
- case 9:
- return test_ktls_no_rx_client_no_tx_server(tlsver);
- case 10:
- return test_ktls_no_tx_client_no_tx_server(tlsver);
- case 11:
- return test_ktls_client_no_tx_server(tlsver);
- case 12:
- return test_ktls_no_txrx_client_server(tlsver);
- case 13:
- return test_ktls_no_rx_client_server(tlsver);
- case 14:
- return test_ktls_no_tx_client_server(tlsver);
- case 15:
- return test_ktls_client_server(tlsver);
- default:
- return 0;
- }
+ cis_ktls_tx = (test & 1) != 0;
+ cis_ktls_rx = (test & 2) != 0;
+ sis_ktls_tx = (test & 4) != 0;
+ sis_ktls_rx = (test & 8) != 0;
+
+#if defined(OPENSSL_NO_KTLS_RX)
+ if (cis_ktls_rx || sis_ktls_rx)
+ return 1;
+#endif
+#if !defined(OPENSSL_NO_TLS1_3)
+ if (tlsver == TLS1_3_VERSION && (cis_ktls_rx || sis_ktls_rx))
+ return 1;
+#endif
+
+ testresult = 1;
+#ifdef OPENSSL_KTLS_AES_GCM_128
+ testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
+ sis_ktls_rx, tlsver, "AES128-GCM-SHA256",
+ TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
+#endif
+#ifdef OPENSSL_KTLS_AES_CCM_128
+ testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
+ sis_ktls_rx, tlsver, "AES128-CCM",
+ TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
+#endif
+#ifdef OPENSSL_KTLS_AES_GCM_256
+ testresult &= execute_test_ktls(cis_ktls_tx, cis_ktls_rx, sis_ktls_tx,
+ sis_ktls_rx, tlsver, "AES256-GCM-SHA384",
+ TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
+#endif
+ return testresult;
}
static int test_ktls_sendfile_anytls(int tst)
{
- char *cipher[] = {"AES128-GCM-SHA256","AES128-CCM-SHA256","AES256-GCM-SHA384"};
+ char *cipher[] = {"AES128-GCM-SHA256","AES128-CCM","AES256-GCM-SHA384"};
int tlsver;
if (tst > 2) {
if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
|| !TEST_ptr(id = OCSP_RESPID_new())
|| !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
- || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
- NULL, NULL, NULL))
+ || !TEST_ptr(ocspcert = X509_new_with_libctx(libctx, NULL))
+ || !TEST_ptr(PEM_read_bio_X509(certbio, &ocspcert, NULL, NULL))
|| !TEST_true(OCSP_RESPID_set_by_key_ex(id, ocspcert, libctx, NULL))
|| !TEST_true(sk_OCSP_RESPID_push(ids, id)))
goto end;
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
- NULL))
- || !TEST_true(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE)))
+ NULL)))
+ goto end;
+
+ /*
+ * Premature call of SSL_export_keying_material should just fail.
+ */
+ if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
+ sizeof(ckeymat1), label,
+ SMALL_LABEL_LEN + 1, context,
+ sizeof(context) - 1, 1), 0))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
goto end;
if (tst == 5) {
static SRP_VBASE *vbase = NULL;
-DEFINE_STACK_OF(SRP_user_pwd)
-
static int ssl_srp_cb(SSL *s, int *ad, void *arg)
{
int ret = SSL3_AL_FATAL;
goto out;
if (!TEST_ptr(in = BIO_new(BIO_s_file()))
|| !TEST_int_ge(BIO_read_filename(in, rootfile), 0)
- || !TEST_ptr(rootx = PEM_read_bio_X509(in, NULL, NULL, NULL))
+ || !TEST_ptr(rootx = X509_new_with_libctx(libctx, NULL))
+ || !TEST_ptr(PEM_read_bio_X509(in, &rootx, NULL, NULL))
|| !TEST_true(sk_X509_push(chain, rootx)))
goto out;
rootx = NULL;
BIO_free(in);
if (!TEST_ptr(in = BIO_new(BIO_s_file()))
|| !TEST_int_ge(BIO_read_filename(in, ecdsacert), 0)
- || !TEST_ptr(x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+ || !TEST_ptr(x509 = X509_new_with_libctx(libctx, NULL))
+ || !TEST_ptr(PEM_read_bio_X509(in, &x509, NULL, NULL)))
goto out;
BIO_free(in);
if (!TEST_ptr(in = BIO_new(BIO_s_file()))
|| !TEST_int_ge(BIO_read_filename(in, ecdsakey), 0)
- || !TEST_ptr(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL)))
+ || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(in, NULL,
+ NULL, NULL,
+ libctx, NULL)))
goto out;
rv = SSL_check_chain(s, x509, pkey, chain);
/*
X509 *xcert;
EVP_PKEY *privpkey;
BIO *in = NULL;
+ BIO *priv_in = NULL;
/* Check that SSL_get0_peer_certificate() returns something sensible */
if (!TEST_ptr(SSL_get0_peer_certificate(ssl)))
if (!TEST_ptr(in))
return 0;
- xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
- BIO_free(in);
- if (!TEST_ptr(xcert))
- return 0;
-
- in = BIO_new_file(privkey, "r");
- if (!TEST_ptr(in)) {
- X509_free(xcert);
- return 0;
- }
-
- privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
- BIO_free(in);
- if (!TEST_ptr(privpkey)) {
- X509_free(xcert);
- return 0;
- }
+ if (!TEST_ptr(xcert = X509_new_with_libctx(libctx, NULL))
+ || !TEST_ptr(PEM_read_bio_X509(in, &xcert, NULL, NULL))
+ || !TEST_ptr(priv_in = BIO_new_file(privkey, "r"))
+ || !TEST_ptr(privpkey = PEM_read_bio_PrivateKey_ex(priv_in, NULL,
+ NULL, NULL,
+ libctx, NULL)))
+ goto err;
*x509 = xcert;
*pkey = privpkey;
+ BIO_free(in);
+ BIO_free(priv_in);
return 1;
+err:
+ X509_free(xcert);
+ BIO_free(in);
+ BIO_free(priv_in);
+ return 0;
}
static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)