STACK_OF(X509) *caPubs;
} CMP_SES_TEST_FIXTURE;
+static OPENSSL_CTX *libctx = NULL;
+static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
+
static EVP_PKEY *server_key = NULL;
static X509 *server_cert = NULL;
static EVP_PKEY *client_key = NULL;
if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
return NULL;
fixture->test_case_name = test_case_name;
- if (!TEST_ptr(fixture->srv_ctx = ossl_cmp_mock_srv_new(NULL, NULL))
+ if (!TEST_ptr(fixture->srv_ctx = ossl_cmp_mock_srv_new(libctx, NULL))
|| !OSSL_CMP_SRV_CTX_set_accept_unprotected(fixture->srv_ctx, 1)
|| !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert)
|| (srv_cmp_ctx =
|| !OSSL_CMP_CTX_set1_cert(srv_cmp_ctx, server_cert)
|| !OSSL_CMP_CTX_set1_pkey(srv_cmp_ctx, server_key))
goto err;
- if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(NULL, NULL))
+ if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(libctx, NULL))
|| !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)
|| !OSSL_CMP_CTX_set_transfer_cb(ctx, OSSL_CMP_CTX_server_perform)
|| !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx)
EVP_PKEY_free(server_key);
X509_free(client_cert);
EVP_PKEY_free(client_key);
+ OPENSSL_CTX_free(libctx);
return;
}
+#define USAGE "server.key server.crt client.key client.crt client.csr module_name [module_conf_file]\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
int setup_tests(void)
{
if (!test_skip_common_options()) {
|| !TEST_ptr(client_key_f = test_get_argument(2))
|| !TEST_ptr(client_cert_f = test_get_argument(3))
|| !TEST_ptr(pkcs10_f = test_get_argument(4))) {
- TEST_error("usage: cmp_client_test server.key server.crt client.key client.crt client.csr\n");
+ TEST_error("usage: cmp_client_test %s", USAGE);
return 0;
}
+ if (!test_get_libctx(&libctx, &default_null_provider, &provider, 5, USAGE))
+ return 0;
+
if (!TEST_ptr(server_key = load_pem_key(server_key_f))
- || !TEST_ptr(server_cert = load_pem_cert(server_cert_f))
+ || !TEST_ptr(server_cert = load_pem_cert(server_cert_f, libctx))
|| !TEST_ptr(client_key = load_pem_key(client_key_f))
- || !TEST_ptr(client_cert = load_pem_cert(client_cert_f))
- || !TEST_int_eq(1, RAND_bytes(ref, sizeof(ref)))) {
+ || !TEST_ptr(client_cert = load_pem_cert(client_cert_f, libctx))
+ || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
cleanup_tests();
return 0;
}
}
if (!TEST_ptr(newkey = gen_rsa())
- || !TEST_ptr(cert = load_pem_cert(server_cert_f))
+ || !TEST_ptr(cert = load_pem_cert(server_cert_f, NULL))
|| !TEST_int_eq(1, RAND_bytes(ref, sizeof(ref)))) {
cleanup_tests();
return 0;
return 0;
}
if (!TEST_ptr(loadedkey = load_pem_key(server_key_f))
- || !TEST_ptr(cert = load_pem_cert(server_cert_f)))
+ || !TEST_ptr(cert = load_pem_cert(server_cert_f, NULL)))
return 0;
if (!TEST_ptr(loadedprivkey = load_pem_key(server_f)))
if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f))
|| !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)))
return 0;
- if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f))
- || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f))
- || !TEST_ptr(root = load_pem_cert(root_f))
- || !TEST_ptr(intermediate = load_pem_cert(intermediate_f)))
+ if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, NULL))
+ || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, NULL))
+ || !TEST_ptr(root = load_pem_cert(root_f, NULL))
+ || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, NULL)))
return 0;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
return 0;
return key;
}
-X509 *load_pem_cert(const char *file)
+X509 *load_pem_cert(const char *file, OPENSSL_CTX *libctx)
{
X509 *cert = NULL;
BIO *bio = NULL;
if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
return NULL;
- if (TEST_int_gt(BIO_read_filename(bio, file), 0))
- (void)TEST_ptr(cert = PEM_read_bio_X509(bio, NULL, NULL, NULL));
+ if (TEST_int_gt(BIO_read_filename(bio, file), 0)
+ && TEST_ptr(cert = X509_new_with_libctx(libctx, NULL)))
+ (void)TEST_ptr(cert = PEM_read_bio_X509(bio, &cert, NULL, NULL));
BIO_free(bio);
return cert;
# include <openssl/cmp.h>
# include <openssl/pem.h>
# include <openssl/rand.h>
+# include "crypto/x509.h" /* for x509_set0_libctx() and x509_dup_with_libctx() */
# include "../crypto/cmp/cmp_local.h"
# ifndef OPENSSL_NO_CMP
# define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */
EVP_PKEY *load_pem_key(const char *file);
-X509 *load_pem_cert(const char *file);
+X509 *load_pem_cert(const char *file, OPENSSL_CTX *libctx);
X509_REQ *load_csr(const char *file);
OSSL_CMP_MSG *load_pkimsg(const char *file);
int valid_asn1_encoding(const OSSL_CMP_MSG *msg);
}
/* Load certificates for cert chain */
- if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f))
- || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f))
- || !TEST_ptr(root = load_pem_cert(root_f))
- || !TEST_ptr(intermediate = load_pem_cert(intermediate_f)))
+ if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, NULL))
+ || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, NULL))
+ || !TEST_ptr(root = load_pem_cert(root_f, NULL))
+ || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, NULL)))
goto err;
- if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f))
- || !TEST_ptr(instaca_cert = load_pem_cert(instaca_f)))
+ if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f, NULL))
+ || !TEST_ptr(instaca_cert = load_pem_cert(instaca_f, NULL)))
goto err;
/* Load certificates for message validation */
- if (!TEST_ptr(srvcert = load_pem_cert(server_f))
- || !TEST_ptr(clcert = load_pem_cert(client_f)))
+ if (!TEST_ptr(srvcert = load_pem_cert(server_f, NULL))
+ || !TEST_ptr(clcert = load_pem_cert(client_f, NULL)))
goto err;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
goto err;
# https://www.openssl.org/source/license.html
use strict;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
use OpenSSL::Test::Utils;
-setup("test_cmp_client");
+BEGIN {
+ setup("test_cmp_client");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "This test is not supported in a no-cmp or no-ec build"
if disabled("cmp") || disabled("ec");
-plan tests => 1;
+plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+
+my @basic_cmd = ("cmp_client_test",
+ data_file("server.key"),
+ data_file("server.crt"),
+ data_file("client.key"),
+ data_file("client.crt"),
+ data_file("client.csr"));
+
+ok(run(test([@basic_cmd, "none"])));
+
+ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
+
+unless ($no_fips) {
+ ok(run(app(['openssl', 'fipsinstall',
+ '-out', bldtop_file('providers', 'fipsmodule.cnf'),
+ '-module', bldtop_file('providers', platform->dso('fips'))])),
+ "fipsinstall");
-ok(run(test(["cmp_client_test",
- data_file("server.key"),
- data_file("server.crt"),
- data_file("client.key"),
- data_file("client.crt"),
- data_file("client.csr")])));
+ ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+}