Add libctx/provider support to cmp_vfy_test

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-08-18 17:04:54 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-08-21 09:04:13 +0200
commit: bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160 (patch)
tree: 082e1a54e3a3762740d0502869f629c40e863851 /test
parent: b0248cbc3e2fa20e9c4d97845808537f9bd4206a (diff)
download: openssl-bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160.zip
openssl-bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160.tar.gz
openssl-bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160.tar.bz2
2 files changed, 64 insertions, 32 deletions
diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c
index 778aa5a..1aec50d 100644
--- a/test/cmp_vfy_test.c
+++ b/test/cmp_vfy_test.c
@@ -38,6 +38,9 @@ typedef struct test_fixture {
     int additional_arg;
 } CMP_VFY_TEST_FIXTURE;
 
+static OPENSSL_CTX *libctx = NULL;
+static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
+
 static void tear_down(CMP_VFY_TEST_FIXTURE *fixture)
 {
     OSSL_CMP_MSG_free(fixture->msg);
@@ -56,7 +59,7 @@ static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name)
         return NULL;
     fixture->test_case_name = test_case_name;
     if (ts == NULL
-            || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL))
+            || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
             || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts)
             || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) {
         tear_down(fixture);
@@ -547,9 +550,21 @@ void cleanup_tests(void)
     X509_free(instaca_cert);
     OSSL_CMP_MSG_free(ir_unprotected);
     OSSL_CMP_MSG_free(ir_rmprotection);
+    OPENSSL_CTX_free(libctx);
     return;
 }
 
+
+#define USAGE "server.crt client.crt " \
+    "EndEntity1.crt EndEntity2.crt " \
+    "Root_CA.crt Intermediate_CA.crt " \
+    "CMP_IR_protected.der CMP_IR_unprotected.der " \
+    "IP_waitingStatus_PBM.der IR_rmprotection.der " \
+    "insta.cert.pem insta_ca.cert.pem " \
+    "IR_protected_0_extraCerts.der " \
+    "IR_protected_2_extraCerts.der module_name [module_conf_file]\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
 int setup_tests(void)
 {
     /* Set test time stamps */
@@ -582,31 +597,27 @@ int setup_tests(void)
             || !TEST_ptr(instaca_f = test_get_argument(11))
             || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12))
             || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) {
-        TEST_error("usage: cmp_vfy_test server.crt client.crt "
-                   "EndEntity1.crt EndEntity2.crt "
-                   "Root_CA.crt Intermediate_CA.crt "
-                   "CMP_IR_protected.der CMP_IR_unprotected.der "
-                   "IP_waitingStatus_PBM.der IR_rmprotection.der "
-                   "insta.cert.pem insta_ca.cert.pem "
-                   "IR_protected_0_extraCerts.der "
-                   "IR_protected_2_extraCerts.der\n");
+        TEST_error("usage: cmp_vfy_test %s", USAGE);
         return 0;
     }
 
+    if (!test_get_libctx(&libctx, &default_null_provider, &provider, 14, USAGE))
+        return 0;
+
     /* Load certificates for cert chain */
-    if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, NULL))
-            || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, NULL))
+    if (!TEST_ptr(endentity1 = load_pem_cert(endentity1_f, libctx))
+            || !TEST_ptr(endentity2 = load_pem_cert(endentity2_f, libctx))
             || !TEST_ptr(root = load_pem_cert(root_f, NULL))
-            || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, NULL)))
+            || !TEST_ptr(intermediate = load_pem_cert(intermediate_f, libctx)))
         goto err;
 
-    if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f, NULL))
-            || !TEST_ptr(instaca_cert = load_pem_cert(instaca_f, NULL)))
+    if (!TEST_ptr(insta_cert = load_pem_cert(instacert_f, libctx))
+            || !TEST_ptr(instaca_cert = load_pem_cert(instaca_f, libctx)))
         goto err;
 
     /* Load certificates for message validation */
-    if (!TEST_ptr(srvcert = load_pem_cert(server_f, NULL))
-            || !TEST_ptr(clcert = load_pem_cert(client_f, NULL)))
+    if (!TEST_ptr(srvcert = load_pem_cert(server_f, libctx))
+            || !TEST_ptr(clcert = load_pem_cert(client_f, libctx)))
         goto err;
     if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
         goto err;
diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t
index 8b3911e..800dabc 100644
--- a/test/recipes/65-test_cmp_vfy.t
+++ b/test/recipes/65-test_cmp_vfy.t
@@ -9,10 +9,18 @@
 # https://www.openssl.org/source/license.html
 
 use strict;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
 use OpenSSL::Test::Utils;
 
-setup("test_cmp_vfy");
+BEGIN {
+    setup("test_cmp_vfy");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan skip_all => "This test is not supported in a no-cmp build"
     if disabled("cmp");
@@ -20,17 +28,30 @@ plan skip_all => "This test is not supported in a no-cmp build"
 plan skip_all => "This test is not supported in a no-ec build"
     if disabled("ec");
 
-plan tests => 1;
-
-ok(run(test(["cmp_vfy_test",
-             data_file("server.crt"),     data_file("client.crt"),
-             data_file("EndEntity1.crt"), data_file("EndEntity2.crt"),
-             data_file("Root_CA.crt"),    data_file("Intermediate_CA.crt"),
-             data_file("IR_protected.der"),
-             data_file("IR_unprotected.der"),
-             data_file("IP_waitingStatus_PBM.der"),
-             data_file("IR_rmprotection.der"),
-             data_file("insta.cert.pem"),
-             data_file("insta_ca.cert.pem"),
-             data_file("IR_protected_0_extraCerts.der"),
-             data_file("IR_protected_2_extraCerts.der")])));
+plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+
+my @basic_cmd = ("cmp_vfy_test",
+                 data_file("server.crt"),     data_file("client.crt"),
+                 data_file("EndEntity1.crt"), data_file("EndEntity2.crt"),
+                 data_file("Root_CA.crt"),    data_file("Intermediate_CA.crt"),
+                 data_file("IR_protected.der"),
+                 data_file("IR_unprotected.der"),
+                 data_file("IP_waitingStatus_PBM.der"),
+                 data_file("IR_rmprotection.der"),
+                 data_file("insta.cert.pem"),
+                 data_file("insta_ca.cert.pem"),
+                 data_file("IR_protected_0_extraCerts.der"),
+                 data_file("IR_protected_2_extraCerts.der"));
+
+ok(run(test([@basic_cmd, "none"])));
+
+ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
+
+unless ($no_fips) {
+    ok(run(app(['openssl', 'fipsinstall',
+                '-out', bldtop_file('providers', 'fipsmodule.cnf'),
+                '-module', bldtop_file('providers', platform->dso('fips'))])),
+       "fipsinstall");
+
+    ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+}
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-08-18 17:04:54 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-08-21 09:04:13 +0200
commit	bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160 (patch)
tree	082e1a54e3a3762740d0502869f629c40e863851 /test
parent	b0248cbc3e2fa20e9c4d97845808537f9bd4206a (diff)
download	openssl-bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160.zip openssl-bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160.tar.gz openssl-bdd6784fdd0f6e8ffc7b9a3c19fcc6a029385160.tar.bz2