2 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
12 #include "helpers/cmp_testlib.h"
14 static const char *ir_protected_f
;
15 static const char *genm_prot_Ed_f
;
16 static const char *ir_unprotected_f
;
17 static const char *ip_PBM_f
;
19 typedef struct test_fixture
{
20 const char *test_case_name
;
21 OSSL_CMP_CTX
*cmp_ctx
;
22 /* for protection tests */
24 OSSL_CMP_PKISI
*si
; /* for error and response messages */
29 STACK_OF(X509
) *certs
;
30 STACK_OF(X509
) *chain
;
34 } CMP_PROTECT_TEST_FIXTURE
;
36 static OSSL_LIB_CTX
*libctx
= NULL
;
37 static OSSL_PROVIDER
*default_null_provider
= NULL
, *provider
= NULL
;
39 static void tear_down(CMP_PROTECT_TEST_FIXTURE
*fixture
)
41 if (fixture
!= NULL
) {
42 OSSL_CMP_CTX_free(fixture
->cmp_ctx
);
43 OSSL_CMP_MSG_free(fixture
->msg
);
44 OSSL_CMP_PKISI_free(fixture
->si
);
46 OPENSSL_free(fixture
->mem
);
47 sk_X509_free(fixture
->certs
);
48 sk_X509_free(fixture
->chain
);
50 OPENSSL_free(fixture
);
54 static CMP_PROTECT_TEST_FIXTURE
*set_up(const char *const test_case_name
)
56 CMP_PROTECT_TEST_FIXTURE
*fixture
;
58 if (!TEST_ptr(fixture
= OPENSSL_zalloc(sizeof(*fixture
))))
60 fixture
->test_case_name
= test_case_name
;
61 if (!TEST_ptr(fixture
->cmp_ctx
= OSSL_CMP_CTX_new(libctx
, NULL
))) {
68 static EVP_PKEY
*prot_RSA_key
= NULL
;
69 #ifndef OPENSSL_NO_ECX
70 static EVP_PKEY
*prot_Ed_key
= NULL
;
71 static OSSL_CMP_MSG
*genm_protected_Ed
;
73 static EVP_PKEY
*server_key
= NULL
;
74 static X509
*server_cert
= NULL
;
75 static unsigned char rand_data
[OSSL_CMP_TRANSACTIONID_LENGTH
];
76 static OSSL_CMP_MSG
*ir_unprotected
, *ir_protected
;
77 static X509
*endentity1
= NULL
, *endentity2
= NULL
,
78 *root
= NULL
, *intermediate
= NULL
;
80 static int execute_calc_protection_fails_test(CMP_PROTECT_TEST_FIXTURE
*fixture
)
82 ASN1_BIT_STRING
*protection
=
83 ossl_cmp_calc_protection(fixture
->cmp_ctx
, fixture
->msg
);
84 int res
= TEST_ptr_null(protection
);
86 ASN1_BIT_STRING_free(protection
);
90 static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE
*fixture
)
92 ASN1_BIT_STRING
*protection
=
93 ossl_cmp_calc_protection(fixture
->cmp_ctx
, fixture
->msg
);
94 int res
= TEST_ptr(protection
)
95 && TEST_true(ASN1_STRING_cmp(protection
,
96 fixture
->msg
->protection
) == 0);
98 ASN1_BIT_STRING_free(protection
);
103 * This function works similarly to parts of verify_signature in cmp_vfy.c,
104 * but without the need for an OSSL_CMP_CTX or an X509 certificate.
106 static int verify_signature(OSSL_CMP_MSG
*msg
,
107 ASN1_BIT_STRING
*protection
,
108 EVP_PKEY
*pkey
, EVP_MD
*digest
)
110 OSSL_CMP_PROTECTEDPART prot_part
;
112 prot_part
.header
= OSSL_CMP_MSG_get0_header(msg
);
113 prot_part
.body
= msg
->body
;
114 return ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART
),
115 msg
->header
->protectionAlg
, protection
,
116 &prot_part
, NULL
, pkey
, libctx
, NULL
) > 0;
119 /* Calls OSSL_CMP_calc_protection and compares and verifies signature */
120 static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE
*
123 ASN1_BIT_STRING
*protection
=
124 ossl_cmp_calc_protection(fixture
->cmp_ctx
, fixture
->msg
);
125 int ret
= (TEST_ptr(protection
)
126 && TEST_true(verify_signature(fixture
->msg
, protection
,
128 fixture
->cmp_ctx
->digest
)));
130 ASN1_BIT_STRING_free(protection
);
134 static int test_cmp_calc_protection_no_key_no_secret(void)
136 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
137 if (!TEST_ptr(fixture
->msg
= load_pkimsg(ir_unprotected_f
, libctx
))
138 || !TEST_ptr(fixture
->msg
->header
->protectionAlg
=
139 X509_ALGOR_new() /* no specific alg needed here */)) {
144 EXECUTE_TEST(execute_calc_protection_fails_test
, tear_down
);
148 static int test_cmp_calc_protection_pkey(void)
150 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
151 fixture
->pubkey
= prot_RSA_key
;
152 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture
->cmp_ctx
, prot_RSA_key
))
153 || !TEST_ptr(fixture
->msg
= load_pkimsg(ir_protected_f
, libctx
))) {
157 EXECUTE_TEST(execute_calc_protection_signature_test
, tear_down
);
161 #ifndef OPENSSL_NO_ECX
162 static int test_cmp_calc_protection_pkey_Ed(void)
164 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
165 fixture
->pubkey
= prot_Ed_key
;
166 if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture
->cmp_ctx
, prot_Ed_key
))
167 || !TEST_ptr(fixture
->msg
= load_pkimsg(genm_prot_Ed_f
, libctx
))) {
171 EXECUTE_TEST(execute_calc_protection_signature_test
, tear_down
);
176 static int test_cmp_calc_protection_pbmac(void)
178 unsigned char sec_insta
[] = { 'i', 'n', 's', 't', 'a' };
180 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
181 if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture
->cmp_ctx
,
182 sec_insta
, sizeof(sec_insta
)))
183 || !TEST_ptr(fixture
->msg
= load_pkimsg(ip_PBM_f
, libctx
))) {
187 EXECUTE_TEST(execute_calc_protection_pbmac_test
, tear_down
);
190 static int execute_MSG_protect_test(CMP_PROTECT_TEST_FIXTURE
*fixture
)
192 return TEST_int_eq(fixture
->expected
,
193 ossl_cmp_msg_protect(fixture
->cmp_ctx
, fixture
->msg
));
196 #define SET_OPT_UNPROTECTED_SEND(ctx, val) \
197 OSSL_CMP_CTX_set_option((ctx), OSSL_CMP_OPT_UNPROTECTED_SEND, (val))
198 static int test_MSG_protect_unprotected_request(void)
200 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
202 fixture
->expected
= 1;
203 if (!TEST_ptr(fixture
->msg
= OSSL_CMP_MSG_dup(ir_unprotected
))
204 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture
->cmp_ctx
, 1))) {
208 EXECUTE_TEST(execute_MSG_protect_test
, tear_down
);
212 static int test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key(void)
214 const size_t size
= sizeof(rand_data
) / 2;
216 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
217 fixture
->expected
= 1;
219 if (!TEST_ptr(fixture
->msg
= OSSL_CMP_MSG_dup(ir_unprotected
))
220 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture
->cmp_ctx
, 0))
222 * Use half of the 16 bytes of random input
223 * for each reference and secret value
225 || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture
->cmp_ctx
,
227 || !TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture
->cmp_ctx
,
233 EXECUTE_TEST(execute_MSG_protect_test
, tear_down
);
237 static int test_MSG_protect_with_certificate_and_key(void)
239 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
240 fixture
->expected
= 1;
242 if (!TEST_ptr(fixture
->msg
=
243 OSSL_CMP_MSG_dup(ir_unprotected
))
244 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture
->cmp_ctx
, 0))
245 || !TEST_true(OSSL_CMP_CTX_set1_pkey(fixture
->cmp_ctx
, server_key
))
246 || !TEST_true(OSSL_CMP_CTX_set1_cert(fixture
->cmp_ctx
,
251 EXECUTE_TEST(execute_MSG_protect_test
, tear_down
);
255 static int test_MSG_protect_certificate_based_without_cert(void)
259 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
260 ctx
= fixture
->cmp_ctx
;
261 fixture
->expected
= 0;
262 if (!TEST_ptr(fixture
->msg
=
263 OSSL_CMP_MSG_dup(ir_unprotected
))
264 || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx
, 0))
265 || !TEST_true(OSSL_CMP_CTX_set0_newPkey(ctx
, 1, server_key
))) {
269 EVP_PKEY_up_ref(server_key
);
270 EXECUTE_TEST(execute_MSG_protect_test
, tear_down
);
274 static int test_MSG_protect_no_key_no_secret(void)
276 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
277 fixture
->expected
= 0;
278 if (!TEST_ptr(fixture
->msg
= OSSL_CMP_MSG_dup(ir_unprotected
))
279 || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture
->cmp_ctx
, 0))) {
283 EXECUTE_TEST(execute_MSG_protect_test
, tear_down
);
287 static int test_MSG_protect_pbmac_no_sender(int with_ref
)
289 static unsigned char secret
[] = { 47, 11, 8, 15 };
290 static unsigned char ref
[] = { 0xca, 0xfe, 0xba, 0xbe };
292 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
293 fixture
->expected
= with_ref
;
294 if (!TEST_ptr(fixture
->msg
= OSSL_CMP_MSG_dup(ir_unprotected
))
295 || !SET_OPT_UNPROTECTED_SEND(fixture
->cmp_ctx
, 0)
296 || !ossl_cmp_hdr_set1_sender(fixture
->msg
->header
, NULL
)
297 || !OSSL_CMP_CTX_set1_secretValue(fixture
->cmp_ctx
,
298 secret
, sizeof(secret
))
299 || (!OSSL_CMP_CTX_set1_referenceValue(fixture
->cmp_ctx
,
300 with_ref
? ref
: NULL
,
305 EXECUTE_TEST(execute_MSG_protect_test
, tear_down
);
309 static int test_MSG_protect_pbmac_no_sender_with_ref(void)
311 return test_MSG_protect_pbmac_no_sender(1);
314 static int test_MSG_protect_pbmac_no_sender_no_ref(void)
316 return test_MSG_protect_pbmac_no_sender(0);
319 static int execute_MSG_add_extraCerts_test(CMP_PROTECT_TEST_FIXTURE
*fixture
)
321 return TEST_true(ossl_cmp_msg_add_extraCerts(fixture
->cmp_ctx
,
325 static int test_MSG_add_extraCerts(void)
327 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
328 if (!TEST_ptr(fixture
->msg
= OSSL_CMP_MSG_dup(ir_protected
))) {
332 EXECUTE_TEST(execute_MSG_add_extraCerts_test
, tear_down
);
336 #ifndef OPENSSL_NO_EC
337 /* The cert chain tests use EC certs so we skip them in no-ec builds */
338 static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE
*fixture
)
341 OSSL_CMP_CTX
*ctx
= fixture
->cmp_ctx
;
343 STACK_OF(X509
) *chain
=
344 X509_build_chain(fixture
->cert
, fixture
->certs
, NULL
,
345 fixture
->with_ss
, ctx
->libctx
, ctx
->propq
);
347 if (TEST_ptr(chain
)) {
348 /* Check whether chain built is equal to the expected one */
349 ret
= TEST_int_eq(0, STACK_OF_X509_cmp(chain
, fixture
->chain
));
350 OSSL_STACK_OF_X509_free(chain
);
355 if (TEST_ptr(store
= X509_STORE_new())
356 && TEST_true(X509_STORE_add_cert(store
, root
))) {
357 X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store
),
358 X509_V_FLAG_NO_CHECK_TIME
);
359 chain
= X509_build_chain(fixture
->cert
, fixture
->certs
, store
,
360 fixture
->with_ss
, ctx
->libctx
, ctx
->propq
);
361 ret
= TEST_int_eq(fixture
->expected
, chain
!= NULL
);
362 if (ret
&& chain
!= NULL
) {
363 /* Check whether chain built is equal to the expected one */
364 ret
= TEST_int_eq(0, STACK_OF_X509_cmp(chain
, fixture
->chain
));
365 OSSL_STACK_OF_X509_free(chain
);
368 X509_STORE_free(store
);
372 static int test_cmp_build_cert_chain(void)
374 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
375 fixture
->expected
= 1;
376 fixture
->with_ss
= 0;
377 fixture
->cert
= endentity2
;
378 if (!TEST_ptr(fixture
->certs
= sk_X509_new_null())
379 || !TEST_ptr(fixture
->chain
= sk_X509_new_null())
380 || !TEST_true(sk_X509_push(fixture
->certs
, endentity1
))
381 || !TEST_true(sk_X509_push(fixture
->certs
, root
))
382 || !TEST_true(sk_X509_push(fixture
->certs
, intermediate
))
383 || !TEST_true(sk_X509_push(fixture
->chain
, endentity2
))
384 || !TEST_true(sk_X509_push(fixture
->chain
, intermediate
))) {
388 if (fixture
!= NULL
) {
389 result
= execute_cmp_build_cert_chain_test(fixture
);
390 fixture
->with_ss
= 1;
391 if (result
&& TEST_true(sk_X509_push(fixture
->chain
, root
)))
392 result
= execute_cmp_build_cert_chain_test(fixture
);
398 static int test_cmp_build_cert_chain_missing_intermediate(void)
400 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
401 fixture
->expected
= 0;
402 fixture
->with_ss
= 0;
403 fixture
->cert
= endentity2
;
404 if (!TEST_ptr(fixture
->certs
= sk_X509_new_null())
405 || !TEST_ptr(fixture
->chain
= sk_X509_new_null())
406 || !TEST_true(sk_X509_push(fixture
->certs
, endentity1
))
407 || !TEST_true(sk_X509_push(fixture
->certs
, root
))
408 || !TEST_true(sk_X509_push(fixture
->chain
, endentity2
))) {
412 EXECUTE_TEST(execute_cmp_build_cert_chain_test
, tear_down
);
416 static int test_cmp_build_cert_chain_no_root(void)
418 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
419 fixture
->expected
= 1;
420 fixture
->with_ss
= 0;
421 fixture
->cert
= endentity2
;
422 if (!TEST_ptr(fixture
->certs
= sk_X509_new_null())
423 || !TEST_ptr(fixture
->chain
= sk_X509_new_null())
424 || !TEST_true(sk_X509_push(fixture
->certs
, endentity1
))
425 || !TEST_true(sk_X509_push(fixture
->certs
, intermediate
))
426 || !TEST_true(sk_X509_push(fixture
->chain
, endentity2
))
427 || !TEST_true(sk_X509_push(fixture
->chain
, intermediate
))) {
431 EXECUTE_TEST(execute_cmp_build_cert_chain_test
, tear_down
);
435 static int test_cmp_build_cert_chain_only_root(void)
437 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
438 fixture
->expected
= 1;
439 fixture
->with_ss
= 0; /* still chain must include the only cert (root) */
440 fixture
->cert
= root
;
441 if (!TEST_ptr(fixture
->certs
= sk_X509_new_null())
442 || !TEST_ptr(fixture
->chain
= sk_X509_new_null())
443 || !TEST_true(sk_X509_push(fixture
->certs
, root
))
444 || !TEST_true(sk_X509_push(fixture
->chain
, root
))) {
448 EXECUTE_TEST(execute_cmp_build_cert_chain_test
, tear_down
);
452 static int test_cmp_build_cert_chain_no_certs(void)
454 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
455 fixture
->expected
= 0;
456 fixture
->with_ss
= 0;
457 fixture
->cert
= endentity2
;
458 if (!TEST_ptr(fixture
->certs
= sk_X509_new_null())
459 || !TEST_ptr(fixture
->chain
= sk_X509_new_null())
460 || !TEST_true(sk_X509_push(fixture
->chain
, endentity2
))) {
464 EXECUTE_TEST(execute_cmp_build_cert_chain_test
, tear_down
);
467 #endif /* OPENSSL_NO_EC */
469 static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE
*fixture
)
471 X509_STORE
*store
= X509_STORE_new();
472 STACK_OF(X509
) *sk
= NULL
;
475 if (!TEST_true(ossl_cmp_X509_STORE_add1_certs(store
,
477 fixture
->callback_arg
)))
479 sk
= X509_STORE_get1_all_certs(store
);
480 if (!TEST_int_eq(0, STACK_OF_X509_cmp(sk
, fixture
->chain
)))
484 X509_STORE_free(store
);
485 OSSL_STACK_OF_X509_free(sk
);
490 static int test_X509_STORE(void)
492 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
493 fixture
->callback_arg
= 0; /* self-issued allowed */
494 if (!TEST_ptr(fixture
->certs
= sk_X509_new_null())
495 || !sk_X509_push(fixture
->certs
, endentity1
)
496 || !sk_X509_push(fixture
->certs
, endentity2
)
497 || !sk_X509_push(fixture
->certs
, root
)
498 || !sk_X509_push(fixture
->certs
, intermediate
)
499 || !TEST_ptr(fixture
->chain
= sk_X509_dup(fixture
->certs
))) {
503 EXECUTE_TEST(execute_X509_STORE_test
, tear_down
);
507 static int test_X509_STORE_only_self_issued(void)
509 SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE
, set_up
);
510 fixture
->certs
= sk_X509_new_null();
511 fixture
->chain
= sk_X509_new_null();
512 fixture
->callback_arg
= 1; /* only self-issued */
513 if (!TEST_true(sk_X509_push(fixture
->certs
, endentity1
))
514 || !TEST_true(sk_X509_push(fixture
->certs
, endentity2
))
515 || !TEST_true(sk_X509_push(fixture
->certs
, root
))
516 || !TEST_true(sk_X509_push(fixture
->certs
, intermediate
))
517 || !TEST_true(sk_X509_push(fixture
->chain
, root
))) {
521 EXECUTE_TEST(execute_X509_STORE_test
, tear_down
);
525 void cleanup_tests(void)
527 EVP_PKEY_free(prot_RSA_key
);
528 #ifndef OPENSSL_NO_ECX
529 EVP_PKEY_free(prot_Ed_key
);
530 OSSL_CMP_MSG_free(genm_protected_Ed
);
532 EVP_PKEY_free(server_key
);
533 X509_free(server_cert
);
534 X509_free(endentity1
);
535 X509_free(endentity2
);
537 X509_free(intermediate
);
538 OSSL_CMP_MSG_free(ir_protected
);
539 OSSL_CMP_MSG_free(ir_unprotected
);
540 OSSL_PROVIDER_unload(default_null_provider
);
541 OSSL_PROVIDER_unload(provider
);
542 OSSL_LIB_CTX_free(libctx
);
545 #define USAGE "prot_RSA.pem IR_protected.der prot_Ed.pem " \
546 "GENM_protected_Ed.der IR_unprotected.der IP_PBM.der " \
547 "server.crt server.pem EndEntity1.crt EndEntity2.crt Root_CA.crt " \
548 "Intermediate_CA.crt module_name [module_conf_file]\n"
549 OPT_TEST_DECLARE_USAGE(USAGE
)
551 int setup_tests(void)
560 char *intermediate_f
;
562 if (!test_skip_common_options()) {
563 TEST_error("Error parsing test options\n");
567 RAND_bytes(rand_data
, OSSL_CMP_TRANSACTIONID_LENGTH
);
568 if (!TEST_ptr(prot_RSA_f
= test_get_argument(0))
569 || !TEST_ptr(ir_protected_f
= test_get_argument(1))
570 || !TEST_ptr(prot_Ed_f
= test_get_argument(2))
571 || !TEST_ptr(genm_prot_Ed_f
= test_get_argument(3))
572 || !TEST_ptr(ir_unprotected_f
= test_get_argument(4))
573 || !TEST_ptr(ip_PBM_f
= test_get_argument(5))
574 || !TEST_ptr(server_cert_f
= test_get_argument(6))
575 || !TEST_ptr(server_key_f
= test_get_argument(7))
576 || !TEST_ptr(endentity1_f
= test_get_argument(8))
577 || !TEST_ptr(endentity2_f
= test_get_argument(9))
578 || !TEST_ptr(root_f
= test_get_argument(10))
579 || !TEST_ptr(intermediate_f
= test_get_argument(11))) {
580 TEST_error("usage: cmp_protect_test %s", USAGE
);
584 if (!test_arg_libctx(&libctx
, &default_null_provider
, &provider
, 12, USAGE
))
587 if (!TEST_ptr(server_key
= load_pkey_pem(server_key_f
, libctx
))
588 || !TEST_ptr(server_cert
= load_cert_pem(server_cert_f
, libctx
)))
591 if (!TEST_ptr(prot_RSA_key
= load_pkey_pem(prot_RSA_f
, libctx
)))
593 #ifndef OPENSSL_NO_ECX
594 if (!TEST_ptr(prot_Ed_key
= load_pkey_pem(prot_Ed_f
, libctx
)))
597 if (!TEST_ptr(ir_protected
= load_pkimsg(ir_protected_f
, libctx
))
598 #ifndef OPENSSL_NO_ECX
599 || !TEST_ptr(genm_protected_Ed
= load_pkimsg(genm_prot_Ed_f
, libctx
))
601 || !TEST_ptr(ir_unprotected
= load_pkimsg(ir_unprotected_f
, libctx
)))
603 if (!TEST_ptr(endentity1
= load_cert_pem(endentity1_f
, libctx
))
604 || !TEST_ptr(endentity2
= load_cert_pem(endentity2_f
, libctx
))
605 || !TEST_ptr(root
= load_cert_pem(root_f
, libctx
))
606 || !TEST_ptr(intermediate
= load_cert_pem(intermediate_f
, libctx
)))
608 if (!TEST_int_eq(1, RAND_bytes(rand_data
, OSSL_CMP_TRANSACTIONID_LENGTH
)))
611 /* Message protection tests */
612 ADD_TEST(test_cmp_calc_protection_no_key_no_secret
);
613 ADD_TEST(test_cmp_calc_protection_pkey
);
614 #ifndef OPENSSL_NO_ECX
615 ADD_TEST(test_cmp_calc_protection_pkey_Ed
);
617 ADD_TEST(test_cmp_calc_protection_pbmac
);
619 ADD_TEST(test_MSG_protect_with_msg_sig_alg_protection_plus_rsa_key
);
620 ADD_TEST(test_MSG_protect_with_certificate_and_key
);
621 ADD_TEST(test_MSG_protect_certificate_based_without_cert
);
622 ADD_TEST(test_MSG_protect_unprotected_request
);
623 ADD_TEST(test_MSG_protect_no_key_no_secret
);
624 ADD_TEST(test_MSG_protect_pbmac_no_sender_with_ref
);
625 ADD_TEST(test_MSG_protect_pbmac_no_sender_no_ref
);
626 ADD_TEST(test_MSG_add_extraCerts
);
628 #ifndef OPENSSL_NO_EC
629 ADD_TEST(test_cmp_build_cert_chain
);
630 ADD_TEST(test_cmp_build_cert_chain_only_root
);
631 ADD_TEST(test_cmp_build_cert_chain_no_root
);
632 ADD_TEST(test_cmp_build_cert_chain_missing_intermediate
);
633 ADD_TEST(test_cmp_build_cert_chain_no_certs
);
636 ADD_TEST(test_X509_STORE
);
637 ADD_TEST(test_X509_STORE_only_self_issued
);