]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/cmp_protect_test.c
projects / thirdparty / openssl.git / blob
? search:


8f76a14222c67f7cefc61e59447ebb57070dd0c1
[thirdparty/openssl.git] / test / cmp_protect_test.c
1 /*
2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include "cmp_testlib.h"
13
14 static const char *ir_protected_f;
15 static const char *ir_unprotected_f;
16 static const char *ip_PBM_f;
17
18 typedef struct test_fixture {
19 const char *test_case_name;
20 OSSL_CMP_CTX *cmp_ctx;
21 /* for protection tests */
22 OSSL_CMP_MSG *msg;
23 OSSL_CMP_PKISI *si; /* for error and response messages */
24 EVP_PKEY *pubkey;
25 unsigned char *mem;
26 int memlen;
27 X509 *cert;
28 STACK_OF(X509) *certs;
29 STACK_OF(X509) *chain;
30 int callback_arg;
31 int expected;
32 } CMP_PROTECT_TEST_FIXTURE;
33
34 static OPENSSL_CTX *libctx = NULL;
35 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
36
37 static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture)
38 {
39 OSSL_CMP_CTX_free(fixture->cmp_ctx);
40 OSSL_CMP_MSG_free(fixture->msg);
41 OSSL_CMP_PKISI_free(fixture->si);
42
43 OPENSSL_free(fixture->mem);
44 sk_X509_free(fixture->certs);
45 sk_X509_free(fixture->chain);
46
47 OPENSSL_free(fixture);
48 }
49
50 static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name)
51 {
52 CMP_PROTECT_TEST_FIXTURE *fixture;
53
54 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
55 return NULL;
56 fixture->test_case_name = test_case_name;
57 if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))) {
58 tear_down(fixture);
59 return NULL;
60 }
61 return fixture;
62 }
63
64 static EVP_PKEY *loadedprivkey = NULL;
65 static EVP_PKEY *loadedpubkey = NULL;
66 static EVP_PKEY *loadedkey = NULL;
67 static X509 *cert = NULL;
68 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
69 static OSSL_CMP_MSG *ir_unprotected, *ir_protected;
70 static X509 *endentity1 = NULL, *endentity2 = NULL,
71 *root = NULL, *intermediate = NULL;
72
73 static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE *fixture)
74 {
75 ASN1_BIT_STRING *protection =
76 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
77 int res = TEST_ptr_null(protection);
78
79 ASN1_BIT_STRING_free(protection);
80 return res;
81 }
82
83 static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture)
84 {
85 ASN1_BIT_STRING *protection =
86 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
87 int res = TEST_ptr(protection)
88 && TEST_true(ASN1_STRING_cmp(protection,
89 fixture->msg->protection) == 0);
90
91 ASN1_BIT_STRING_free(protection);
92 return res;
93 }
94
95 /*
96 * This function works similarly to parts of CMP_verify_signature in cmp_vfy.c,
97 * but without the need for a OSSL_CMP_CTX or a X509 certificate
98 */
99 static int verify_signature(OSSL_CMP_MSG *msg,
100 ASN1_BIT_STRING *protection,
101 EVP_PKEY *pkey, EVP_MD *digest)
102 {
103 OSSL_CMP_PROTECTEDPART prot_part;
104 unsigned char *prot_part_der = NULL;
105 int len;
106 EVP_MD_CTX *ctx = NULL;
107 int res;
108
109 prot_part.header = OSSL_CMP_MSG_get0_header(msg);
110 prot_part.body = msg->body;
111 len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der);
112 res =
113 TEST_int_ge(len, 0)
114 && TEST_ptr(ctx = EVP_MD_CTX_new())
115 && TEST_true(EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey))
116 && TEST_int_eq(EVP_DigestVerify(ctx, protection->data,
117 protection->length,
118 prot_part_der, len), 1);
119 /* cleanup */
120 EVP_MD_CTX_free(ctx);
121 OPENSSL_free(prot_part_der);
122 return res;
123 }
124
125 /* Calls OSSL_CMP_calc_protection and compares and verifies signature */
126 static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE *
127 fixture)
128 {
129 ASN1_BIT_STRING *protection =
130 ossl_cmp_calc_protection(fixture->cmp_ctx, fixture->msg);
131 int ret = (TEST_ptr(protection)
132 && TEST_true(ASN1_STRING_cmp(protection,
133 fixture->msg->protection) == 0)
134 && TEST_true(verify_signature(fixture->msg, protection,
135 fixture->pubkey,
136 fixture->cmp_ctx->digest)));
137
138 ASN1_BIT_STRING_free(protection);
139 return ret;
140 }
141
142 static int test_cmp_calc_protection_no_key_no_secret(void)
143 {
144 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
145 if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))
146 || !TEST_ptr(fixture->msg->header->protectionAlg =
147 X509_ALGOR_new() /* no specific alg needed here */)) {
148 tear_down(fixture);
149 fixture = NULL;
150 }
151
152 EXECUTE_TEST(execute_calc_protection_fails_test, tear_down);
153 return result;
154 }
155
156 static int test_cmp_calc_protection_pkey(void)
157 {
158 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
159 fixture->pubkey = loadedpubkey;
160 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey))
161 || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) {
162 tear_down(fixture);
163 fixture = NULL;
164 }
165 EXECUTE_TEST(execute_calc_protection_signature_test, tear_down);
166 return result;
167 }
168
169 static int test_cmp_calc_protection_pbmac(void)
170 {
171 unsigned char sec_insta[] = { 'i', 'n', 's', 't', 'a' };
172
173 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
174 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
175 sec_insta, sizeof(sec_insta)))
176 || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) {
177 tear_down(fixture);
178 fixture = NULL;
179 }
180 EXECUTE_TEST(execute_calc_protection_pbmac_test, tear_down);
181 return result;
182 }
183 static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE *fixture)
184 {
185 return TEST_int_eq(fixture->expected,
186 ossl_cmp_msg_protect(fixture->cmp_ctx, fixture->msg));
187 }
188
189 #define SET_OPT_UNPROTECTED_SEND(ctx, val) \
190 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
191 static int test_MSG_protect_unprotected_request(void)
192 {
193 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
194
195 fixture->expected = 1;
196 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
197 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))) {
198 tear_down(fixture);
199 fixture = NULL;
200 }
201 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
202 return result;
203 }
204
205 static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)
206 {
207 const size_t size = sizeof(rand_data) / 2;
208
209 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
210 fixture->expected = 1;
211
212 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
213 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
214 /*
215 * Use half of the 16 bytes of random input
216 * for each reference and secret value
217 */
218 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
219 rand_data, size))
220 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
221 rand_data + size,
222 size))) {
223 tear_down(fixture);
224 fixture = NULL;
225 }
226 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
227 return result;
228 }
229
230 static int test_MSG_protect_with_certificate_and_key(void)
231 {
232 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
233 fixture->expected = 1;
234
235 if (!TEST_ptr(fixture->msg =
236 OSSL_CMP_MSG_dup(ir_unprotected))
237 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))
238 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedkey))
239 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture->cmp_ctx, cert))) {
240 tear_down(fixture);
241 fixture = NULL;
242 }
243 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
244 return result;
245 }
246
247 static int test_MSG_protect_certificate_based_without_cert(void)
248 {
249 OSSL_CMP_CTX *ctx;
250
251 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
252 ctx = fixture->cmp_ctx;
253 fixture->expected = 0;
254 if (!TEST_ptr(fixture->msg =
255 OSSL_CMP_MSG_dup(ir_unprotected))
256 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
257 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx, 1, loadedkey))) {
258 tear_down(fixture);
259 fixture = NULL;
260 }
261 EVP_PKEY_up_ref(loadedkey);
262 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
263 return result;
264 }
265
266 static int test_MSG_protect_no_key_no_secret(void)
267 {
268 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
269 fixture->expected = 0;
270 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
271 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0))) {
272 tear_down(fixture);
273 fixture = NULL;
274 }
275 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
276 return result;
277 }
278
279 static int test_MSG_protect_pbmac_no_sender(int with_ref)
280 {
281 static unsigned char secret[] = { 47, 11, 8, 15 };
282 static unsigned char ref[] = { 0xca, 0xfe, 0xba, 0xbe };
283
284 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
285 fixture->expected = with_ref;
286 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_unprotected))
287 || !SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 0)
288 || !ossl_cmp_hdr_set1_sender(fixture->msg->header, NULL)
289 || !OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
290 secret, sizeof(secret))
291 || (!OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
292 with_ref ? ref : NULL,
293 sizeof(ref)))) {
294 tear_down(fixture);
295 fixture = NULL;
296 }
297 EXECUTE_TEST(execute_MSG_protect_test, tear_down);
298 return result;
299 }
300
301 static int test_MSG_protect_pbmac_no_sender_with_ref(void)
302 {
303 return test_MSG_protect_pbmac_no_sender(1);
304 }
305
306 static int test_MSG_protect_pbmac_no_sender_no_ref(void)
307 {
308 return test_MSG_protect_pbmac_no_sender(0);
309 }
310
311 static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE *fixture)
312 {
313 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture->cmp_ctx,
314 fixture->msg));
315 }
316
317 static int test_MSG_add_extraCerts(void)
318 {
319 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
320 if (!TEST_ptr(fixture->msg = OSSL_CMP_MSG_dup(ir_protected))) {
321 tear_down(fixture);
322 fixture = NULL;
323 }
324 EXECUTE_TEST(execute_MSG_add_extraCerts_test, tear_down);
325 return result;
326 }
327
328 #ifndef OPENSSL_NO_EC
329 /* The cert chain tests use EC certs so we skip them in no-ec builds */
330 static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
331 {
332 int ret = 0;
333 OSSL_CMP_CTX *ctx = fixture->cmp_ctx;
334 X509_STORE *store;
335 STACK_OF(X509) *chain =
336 ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL,
337 fixture->certs, fixture->cert);
338
339 if (TEST_ptr(chain)) {
340 /* Check whether chain built is equal to the expected one */
341 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
342 sk_X509_pop_free(chain, X509_free);
343 }
344 if (!ret)
345 return 0;
346
347 if (TEST_ptr(store = X509_STORE_new())
348 && TEST_true(X509_STORE_add_cert(store, root))) {
349 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store),
350 X509_V_FLAG_NO_CHECK_TIME);
351 chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq,
352 store, fixture->certs, fixture->cert);
353 ret = TEST_int_eq(fixture->expected, chain != NULL);
354 if (ret && chain != NULL) {
355 /* Check whether chain built is equal to the expected one */
356 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
357 sk_X509_pop_free(chain, X509_free);
358 }
359 }
360 X509_STORE_free(store);
361 return ret;
362 }
363
364 static int test_cmp_build_cert_chain(void)
365 {
366 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
367 fixture->expected = 1;
368 fixture->cert = endentity2;
369 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
370 || !TEST_ptr(fixture->chain = sk_X509_new_null())
371 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
372 || !TEST_true(sk_X509_push(fixture->certs, root))
373 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
374 || !TEST_true(sk_X509_push(fixture->chain, endentity2))
375 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
376 tear_down(fixture);
377 fixture = NULL;
378 }
379 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
380 return result;
381 }
382
383 static int test_cmp_build_cert_chain_missing_intermediate(void)
384 {
385 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
386 fixture->expected = 0;
387 fixture->cert = endentity2;
388 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
389 || !TEST_ptr(fixture->chain = sk_X509_new_null())
390 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
391 || !TEST_true(sk_X509_push(fixture->certs, root))
392 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
393 tear_down(fixture);
394 fixture = NULL;
395 }
396 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
397 return result;
398 }
399
400 static int test_cmp_build_cert_chain_no_root(void)
401 {
402 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
403 fixture->expected = 1;
404 fixture->cert = endentity2;
405 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
406 || !TEST_ptr(fixture->chain = sk_X509_new_null())
407 || !TEST_true(sk_X509_push(fixture->certs, endentity1))
408 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
409 || !TEST_true(sk_X509_push(fixture->chain, endentity2))
410 || !TEST_true(sk_X509_push(fixture->chain, intermediate))) {
411 tear_down(fixture);
412 fixture = NULL;
413 }
414 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
415 return result;
416 }
417
418 static int test_cmp_build_cert_chain_no_certs(void)
419 {
420 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
421 fixture->expected = 0;
422 fixture->cert = endentity2;
423 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
424 || !TEST_ptr(fixture->chain = sk_X509_new_null())
425 || !TEST_true(sk_X509_push(fixture->chain, endentity2))) {
426 tear_down(fixture);
427 fixture = NULL;
428 }
429 EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down);
430 return result;
431 }
432 #endif /* OPENSSL_NO_EC */
433
434 static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
435 {
436 X509_STORE *store = X509_STORE_new();
437 STACK_OF(X509) *sk = NULL;
438 int res = 0;
439
440 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store,
441 fixture->certs,
442 fixture->callback_arg)))
443 goto err;
444 sk = X509_STORE_get1_all_certs(store);
445 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk, fixture->chain)))
446 goto err;
447 res = 1;
448 err:
449 X509_STORE_free(store);
450 sk_X509_pop_free(sk, X509_free);
451 return res;
452
453 }
454
455 static int test_X509_STORE(void)
456 {
457 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
458 fixture->callback_arg = 0; /* self-issued allowed */
459 if (!TEST_ptr(fixture->certs = sk_X509_new_null())
460 || !sk_X509_push(fixture->certs, endentity1)
461 || !sk_X509_push(fixture->certs, endentity2)
462 || !sk_X509_push(fixture->certs, root)
463 || !sk_X509_push(fixture->certs, intermediate)
464 || !TEST_ptr(fixture->chain = sk_X509_dup(fixture->certs))) {
465 tear_down(fixture);
466 fixture = NULL;
467 }
468 EXECUTE_TEST(execute_X509_STORE_test, tear_down);
469 return result;
470 }
471
472 static int test_X509_STORE_only_self_issued(void)
473 {
474 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
475 fixture->certs = sk_X509_new_null();
476 fixture->chain = sk_X509_new_null();
477 fixture->callback_arg = 1; /* only self-issued */
478 if (!TEST_true(sk_X509_push(fixture->certs, endentity1))
479 || !TEST_true(sk_X509_push(fixture->certs, endentity2))
480 || !TEST_true(sk_X509_push(fixture->certs, root))
481 || !TEST_true(sk_X509_push(fixture->certs, intermediate))
482 || !TEST_true(sk_X509_push(fixture->chain, root))) {
483 tear_down(fixture);
484 fixture = NULL;
485 }
486 EXECUTE_TEST(execute_X509_STORE_test, tear_down);
487 return result;
488 }
489
490
491 void cleanup_tests(void)
492 {
493 EVP_PKEY_free(loadedprivkey);
494 EVP_PKEY_free(loadedpubkey);
495 EVP_PKEY_free(loadedkey);
496 X509_free(cert);
497 X509_free(endentity1);
498 X509_free(endentity2);
499 X509_free(root);
500 X509_free(intermediate);
501 OSSL_CMP_MSG_free(ir_protected);
502 OSSL_CMP_MSG_free(ir_unprotected);
503 OPENSSL_CTX_free(libctx);
504 }
505
506 #define USAGE "server.pem IR_protected.der IR_unprotected.der IP_PBM.der " \
507 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \
508 "Intermediate_CA.crt module_name [module_conf_file]\n"
509 OPT_TEST_DECLARE_USAGE(USAGE)
510
511 int setup_tests(void)
512 {
513 char *server_f;
514 char *server_key_f;
515 char *server_cert_f;
516 char *endentity1_f;
517 char *endentity2_f;
518 char *root_f;
519 char *intermediate_f;
520
521 if (!test_skip_common_options()) {
522 TEST_error("Error parsing test options\n");
523 return 0;
524 }
525
526 RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
527 if (!TEST_ptr(server_f = test_get_argument(0))
528 || !TEST_ptr(ir_protected_f = test_get_argument(1))
529 || !TEST_ptr(ir_unprotected_f = test_get_argument(2))
530 || !TEST_ptr(ip_PBM_f = test_get_argument(3))
531 || !TEST_ptr(server_cert_f = test_get_argument(4))
532 || !TEST_ptr(server_key_f = test_get_argument(5))
533 || !TEST_ptr(endentity1_f = test_get_argument(6))
534 || !TEST_ptr(endentity2_f = test_get_argument(7))
535 || !TEST_ptr(root_f = test_get_argument(8))
536 || !TEST_ptr(intermediate_f = test_get_argument(9))) {
537 TEST_error("usage: cmp_protect_test %s", USAGE);
538 return 0;
539 }
540
541 if (!test_get_libctx(&libctx, &default_null_provider, &provider, 10, USAGE))
542 return 0;
543
544 if (!TEST_ptr(loadedkey = load_pem_key(server_key_f, libctx))
545 || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx)))
546 return 0;
547
548 if (!TEST_ptr(loadedprivkey = load_pem_key(server_f, libctx)))
549 return 0;
550 if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
551 loadedpubkey = loadedprivkey;
552 if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f))
553 || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)))
554 return 0;
555 if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx))
556 || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx))
557 || !TEST_ptr(root = load_pem_cert(root_f, libctx))
558 || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx)))
559 return 0;
560 if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
561 return 0;
562
563 /* Message protection tests */
564 ADD_TEST(test_cmp_calc_protection_no_key_no_secret);
565 ADD_TEST(test_cmp_calc_protection_pkey);
566 ADD_TEST(test_cmp_calc_protection_pbmac);
567
568 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key);
569 ADD_TEST(test_MSG_protect_with_certificate_and_key);
570 ADD_TEST(test_MSG_protect_certificate_based_without_cert);
571 ADD_TEST(test_MSG_protect_unprotected_request);
572 ADD_TEST(test_MSG_protect_no_key_no_secret);
573 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref);
574 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref);
575 ADD_TEST(test_MSG_add_extraCerts);
576
577 #ifndef OPENSSL_NO_EC
578 ADD_TEST(test_cmp_build_cert_chain);
579 ADD_TEST(test_cmp_build_cert_chain_no_root);
580 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate);
581 ADD_TEST(test_cmp_build_cert_chain_no_certs);
582 #endif
583
584 ADD_TEST(test_X509_STORE);
585 ADD_TEST(test_X509_STORE_only_self_issued);
586
587 return 1;
588 }
A mirror of the official openssl repository