/*
- * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name)
{
- X509_STORE *ts = X509_STORE_new();
+ X509_STORE *ts;
CMP_VFY_TEST_FIXTURE *fixture;
if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
return NULL;
+
+ ts = X509_STORE_new();
fixture->test_case_name = test_case_name;
if (ts == NULL
|| !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
- || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts)
+ || !OSSL_CMP_CTX_set0_trusted(fixture->cmp_ctx, ts)
|| !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) {
tear_down(fixture);
X509_STORE_free(ts);
static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
{
- if ((fixture->msg = load_pkimsg(ir_protected_f)) == NULL)
+ if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL)
return 0;
if (fixture->expected == 0) {
const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
}
#endif
+/* indirectly checks also OSSL_CMP_validate_msg() */
static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture)
{
- return TEST_int_eq(fixture->expected,
- ossl_cmp_msg_check_update(fixture->cmp_ctx, fixture->msg,
- NULL, 0));
+ int res = TEST_int_eq(fixture->expected,
+ ossl_cmp_msg_check_update(fixture->cmp_ctx,
+ fixture->msg, NULL, 0));
+ X509 *validated = OSSL_CMP_CTX_get0_validatedSrvCert(fixture->cmp_ctx);
+
+ return res && (!fixture->expected || TEST_ptr_eq(validated, fixture->cert));
}
static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture)
{
- X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
+ X509_STORE *ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx);
int res = TEST_int_eq(fixture->expected,
OSSL_CMP_validate_cert_path(fixture->cmp_ctx,
ts, fixture->cert));
};
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
+ fixture->cert = NULL;
fixture->expected = 1;
if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
sizeof(sec_1)))
- || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) {
+ || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
tear_down(fixture);
fixture = NULL;
}
};
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
+ fixture->cert = NULL;
fixture->expected = 0;
if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad,
sizeof(sec_bad)))
- || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) {
+ || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
tear_down(fixture);
fixture = NULL;
}
static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert)
{
- return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trustedStore(ctx), cert);
+ return X509_STORE_add_cert(OSSL_CMP_CTX_get0_trusted(ctx), cert);
}
static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert)
X509_STORE *ts;
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
+ fixture->cert = srvcert;
- ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
+ ts = OSSL_CMP_CTX_get0_trusted(fixture->cmp_ctx);
fixture->expected = !expired;
if (ts == NULL
- || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
+ || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
|| !add_trusted(fixture->cmp_ctx, srvcert)) {
tear_down(fixture);
fixture = NULL;
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 0;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
|| !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) {
tear_down(fixture);
fixture = NULL;
static int test_validate_msg_signature_srvcert(int bad_sig)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
+ fixture->cert = srvcert;
fixture->expected = !bad_sig;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
|| !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))
|| (bad_sig && !flip_bit(fixture->msg->protection))) {
tear_down(fixture);
static int test_validate_msg_signature_sender_cert_untrusted(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
+ fixture->cert = insta_cert;
fixture->expected = 1;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
|| !add_trusted(fixture->cmp_ctx, instaca_cert)
|| !add_untrusted(fixture->cmp_ctx, insta_cert)) {
tear_down(fixture);
static int test_validate_msg_signature_sender_cert_trusted(void)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
+ fixture->cert = insta_cert;
fixture->expected = 1;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
|| !add_trusted(fixture->cmp_ctx, instaca_cert)
|| !add_trusted(fixture->cmp_ctx, insta_cert)) {
tear_down(fixture);
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 1;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts))
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx))
|| !add_trusted(fixture->cmp_ctx, instaca_cert)) {
tear_down(fixture);
fixture = NULL;
}
+ fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */
EXECUTE_TEST(execute_validate_msg_test, tear_down);
return result;
}
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 0;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))) {
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) {
tear_down(fixture);
fixture = NULL;
}
static int test_validate_with_sender(const X509_NAME *name, int expected)
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
+ fixture->cert = srvcert;
fixture->expected = expected;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
|| !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name))
|| !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) {
tear_down(fixture);
{
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 0;
- if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))) {
+ if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) {
tear_down(fixture);
fixture = NULL;
}
(*fixture)->cert = endentity2;
(*fixture)->expected = wrong == NULL && !expired;
if (expired) {
- X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore((*fixture)->cmp_ctx);
+ X509_STORE *ts = OSSL_CMP_CTX_get0_trusted((*fixture)->cmp_ctx);
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
}
fixture->additional_arg)))
return 0;
- if (fixture->expected == 0) /* error expected aready during above check */
+ if (fixture->expected == 0) /* error expected already during above check */
return 1;
return
TEST_int_eq(0,
goto err;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
goto err;
- if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))
- || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f)))
+ if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
+ || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx)))
goto err;
/* Message validation tests */