From: Dr. David von Oheimb Date: Tue, 18 Aug 2020 15:04:54 +0000 (+0200) Subject: Add libctx/provider support to cmp_vfy_test X-Git-Tag: openssl-3.0.0-alpha7~522 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160;p=thirdparty%2Fopenssl.git Add libctx/provider support to cmp_vfy_test Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11808) --- diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 778aa5a7308..1aec50d6570 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -38,6 +38,9 @@ typedef struct test_fixture { int additional_arg; } CMP_VFY_TEST_FIXTURE; +static OPENSSL_CTX *libctx = NULL; +static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; + static void tear_down(CMP_VFY_TEST_FIXTURE *fixture) { OSSL_CMP_MSG_free(fixture->msg); @@ -56,7 +59,7 @@ static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name) return NULL; fixture->test_case_name = test_case_name; if (ts == NULL - || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL)) + || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL)) || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts) || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) { tear_down(fixture); @@ -547,9 +550,21 @@ void cleanup_tests(void) X509_free(instaca_cert); OSSL_CMP_MSG_free(ir_unprotected); OSSL_CMP_MSG_free(ir_rmprotection); + OPENSSL_CTX_free(libctx); return; } + +#define USAGE "server.crt client.crt " \ + "EndEntity1.crt EndEntity2.crt " \ + "Root_CA.crt Intermediate_CA.crt " \ + "CMP_IR_protected.der CMP_IR_unprotected.der " \ + "IP_waitingStatus_PBM.der IR_rmprotection.der " \ + "insta.cert.pem insta_ca.cert.pem " \ + "IR_protected_0_extraCerts.der " \ + "IR_protected_2_extraCerts.der module_name [module_conf_file]\n" +OPT_TEST_DECLARE_USAGE(USAGE) + int setup_tests(void) { /* Set test time stamps */ @@ -582,31 +597,27 @@ int setup_tests(void) || !TEST_ptr(instaca_f = test_get_argument(11)) || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12)) || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) { - TEST_error("usage: cmp_vfy_test server.crt client.crt " - "EndEntity1.crt EndEntity2.crt " - "Root_CA.crt Intermediate_CA.crt " - "CMP_IR_protected.der CMP_IR_unprotected.der " - "IP_waitingStatus_PBM.der IR_rmprotection.der " - "insta.cert.pem insta_ca.cert.pem " - "IR_protected_0_extraCerts.der " - "IR_protected_2_extraCerts.der\n"); + TEST_error("usage: cmp_vfy_test %s", USAGE); return 0; } + if (!test_get_libctx(&libctx, &default_null_provider, &provider, 14, USAGE)) + return 0; + /* Load certificates for cert chain */ - if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, NULL)) - || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, NULL)) + if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx)) + || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx)) || !TEST_ptr(root = load_pem_cert(root_f, NULL)) - || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, NULL))) + || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx))) goto err; - if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f, NULL)) - || !TEST_ptr(instaca_cert = load_pem_cert(instaca_f, NULL))) + if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f, libctx)) + || !TEST_ptr(instaca_cert = load_pem_cert(instaca_f, libctx))) goto err; /* Load certificates for message validation */ - if (!TEST_ptr(srvcert = load_pem_cert(server_f, NULL)) - || !TEST_ptr(clcert = load_pem_cert(client_f, NULL))) + if (!TEST_ptr(srvcert = load_pem_cert(server_f, libctx)) + || !TEST_ptr(clcert = load_pem_cert(client_f, libctx))) goto err; if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) goto err; diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t index 8b3911ea363..800dabcd85c 100644 --- a/test/recipes/65-test_cmp_vfy.t +++ b/test/recipes/65-test_cmp_vfy.t @@ -9,10 +9,18 @@ # https://www.openssl.org/source/license.html use strict; -use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/; use OpenSSL::Test::Utils; -setup("test_cmp_vfy"); +BEGIN { + setup("test_cmp_vfy"); +} + +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan skip_all => "This test is not supported in a no-cmp build" if disabled("cmp"); @@ -20,17 +28,30 @@ plan skip_all => "This test is not supported in a no-cmp build" plan skip_all => "This test is not supported in a no-ec build" if disabled("ec"); -plan tests => 1; - -ok(run(test(["cmp_vfy_test", - data_file("server.crt"), data_file("client.crt"), - data_file("EndEntity1.crt"), data_file("EndEntity2.crt"), - data_file("Root_CA.crt"), data_file("Intermediate_CA.crt"), - data_file("IR_protected.der"), - data_file("IR_unprotected.der"), - data_file("IP_waitingStatus_PBM.der"), - data_file("IR_rmprotection.der"), - data_file("insta.cert.pem"), - data_file("insta_ca.cert.pem"), - data_file("IR_protected_0_extraCerts.der"), - data_file("IR_protected_2_extraCerts.der")]))); +plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test + +my @basic_cmd = ("cmp_vfy_test", + data_file("server.crt"), data_file("client.crt"), + data_file("EndEntity1.crt"), data_file("EndEntity2.crt"), + data_file("Root_CA.crt"), data_file("Intermediate_CA.crt"), + data_file("IR_protected.der"), + data_file("IR_unprotected.der"), + data_file("IP_waitingStatus_PBM.der"), + data_file("IR_rmprotection.der"), + data_file("insta.cert.pem"), + data_file("insta_ca.cert.pem"), + data_file("IR_protected_0_extraCerts.der"), + data_file("IR_protected_2_extraCerts.der")); + +ok(run(test([@basic_cmd, "none"]))); + +ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")]))); + +unless ($no_fips) { + ok(run(app(['openssl', 'fipsinstall', + '-out', bldtop_file('providers', 'fipsmodule.cnf'), + '-module', bldtop_file('providers', platform->dso('fips'))])), + "fipsinstall"); + + ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); +}