summaryrefslogtreecommitdiff
path: root/test/cmp_vfy_test.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/cmp_vfy_test.c')
-rw-r--r--test/cmp_vfy_test.c158
1 files changed, 77 insertions, 81 deletions
diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c
index b82ae142c24d..4e54d82819c4 100644
--- a/test/cmp_vfy_test.c
+++ b/test/cmp_vfy_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -60,9 +60,9 @@ static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name)
ts = X509_STORE_new();
fixture->test_case_name = test_case_name;
if (ts == NULL
- || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
- || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts)
- || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) {
+ || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
+ || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts)
+ || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) {
tear_down(fixture);
X509_STORE_free(ts);
return NULL;
@@ -76,7 +76,7 @@ static X509 *srvcert = NULL;
static X509 *clcert = NULL;
/* chain */
static X509 *endentity1 = NULL, *endentity2 = NULL,
- *intermediate = NULL, *root = NULL;
+ *intermediate = NULL, *root = NULL;
/* INSTA chain */
static X509 *insta_cert = NULL, *instaca_cert = NULL;
@@ -108,8 +108,8 @@ static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
return 0;
}
return TEST_int_eq(fixture->expected,
- ossl_cmp_verify_popo(fixture->cmp_ctx, fixture->msg,
- fixture->additional_arg));
+ ossl_cmp_verify_popo(fixture->cmp_ctx, fixture->msg,
+ fixture->additional_arg));
}
static int test_verify_popo(void)
@@ -133,16 +133,16 @@ static int test_verify_popo_bad(void)
static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture)
{
return TEST_int_eq(fixture->expected,
- ossl_cmp_msg_check_update(fixture->cmp_ctx, fixture->msg,
- NULL, 0));
+ ossl_cmp_msg_check_update(fixture->cmp_ctx, fixture->msg,
+ NULL, 0));
}
static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture)
{
X509_STORE *ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
int res = TEST_int_eq(fixture->expected,
- OSSL_CMP_validate_cert_path(fixture->cmp_ctx,
- ts, fixture->cert));
+ OSSL_CMP_validate_cert_path(fixture->cmp_ctx,
+ ts, fixture->cert));
OSSL_CMP_CTX_print_errors(fixture->cmp_ctx);
return res;
@@ -154,9 +154,9 @@ static int test_validate_msg_mac_alg_protection(int miss, int wrong)
fixture->expected = !miss && !wrong;
if (!TEST_true(miss ? OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, NULL)
- : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
- wrong ? 4 : sizeof(sec_1)))
- || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
+ : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
+ wrong ? 4 : sizeof(sec_1)))
+ || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
tear_down(fixture);
fixture = NULL;
}
@@ -191,8 +191,8 @@ static int test_validate_msg_mac_alg_protection_bad(void)
fixture->expected = 0;
if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad,
- sizeof(sec_bad)))
- || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
+ sizeof(sec_bad)))
+ || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
tear_down(fixture);
fixture = NULL;
}
@@ -209,7 +209,7 @@ static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert)
static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert)
{
return X509_add_cert(OSSL_CMP_CTX_get0_untrusted(ctx), cert,
- X509_ADD_FLAG_UP_REF);
+ X509_ADD_FLAG_UP_REF);
}
static int test_validate_msg_signature_partial_chain(int expired)
@@ -221,8 +221,8 @@ static int test_validate_msg_signature_partial_chain(int expired)
ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
fixture->expected = !expired;
if (ts == NULL
- || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
- || !add_trusted(fixture->cmp_ctx, srvcert)) {
+ || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
+ || !add_trusted(fixture->cmp_ctx, srvcert)) {
tear_down(fixture);
fixture = NULL;
} else {
@@ -254,9 +254,9 @@ static int test_validate_msg_signature_srvcert(int bad_sig, int miss, int wrong)
fixture->expected = !bad_sig && !wrong && !miss;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
|| !TEST_true(miss ? OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
- sec_1, sizeof(sec_1))
- : OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx,
- wrong? clcert : srvcert))
+ sec_1, sizeof(sec_1))
+ : OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx,
+ wrong ? clcert : srvcert))
|| (bad_sig && !flip_bit(fixture->msg->protection))) {
tear_down(fixture);
fixture = NULL;
@@ -292,8 +292,8 @@ static int test_validate_msg_signature_sender_cert_untrusted(void)
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 1;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
- || !add_trusted(fixture->cmp_ctx, instaca_cert)
- || !add_untrusted(fixture->cmp_ctx, insta_cert)) {
+ || !add_trusted(fixture->cmp_ctx, instaca_cert)
+ || !add_untrusted(fixture->cmp_ctx, insta_cert)) {
tear_down(fixture);
fixture = NULL;
}
@@ -306,8 +306,8 @@ static int test_validate_msg_signature_sender_cert_trusted(void)
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 1;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
- || !add_trusted(fixture->cmp_ctx, instaca_cert)
- || !add_trusted(fixture->cmp_ctx, insta_cert)) {
+ || !add_trusted(fixture->cmp_ctx, instaca_cert)
+ || !add_trusted(fixture->cmp_ctx, insta_cert)) {
tear_down(fixture);
fixture = NULL;
}
@@ -320,7 +320,7 @@ static int test_validate_msg_signature_sender_cert_extracert(void)
SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
fixture->expected = 1;
if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx))
- || !add_trusted(fixture->cmp_ctx, instaca_cert)) {
+ || !add_trusted(fixture->cmp_ctx, instaca_cert)) {
tear_down(fixture);
fixture = NULL;
}
@@ -328,7 +328,6 @@ static int test_validate_msg_signature_sender_cert_extracert(void)
return result;
}
-
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
static int test_validate_msg_signature_sender_cert_absent(void)
{
@@ -391,8 +390,8 @@ static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired)
X509_VERIFY_PARAM_set_time(vpm, test_time_after_expiration);
}
if (!add_trusted((*fixture)->cmp_ctx, wrong == NULL ? root : wrong)
- || !add_untrusted((*fixture)->cmp_ctx, endentity1)
- || !add_untrusted((*fixture)->cmp_ctx, intermediate)) {
+ || !add_untrusted((*fixture)->cmp_ctx, endentity1)
+ || !add_untrusted((*fixture)->cmp_ctx, intermediate)) {
tear_down((*fixture));
(*fixture) = NULL;
}
@@ -428,33 +427,32 @@ static int execute_msg_check_test(CMP_VFY_TEST_FIXTURE *fixture)
const ASN1_OCTET_STRING *tid = OSSL_CMP_HDR_get0_transactionID(hdr);
if (!TEST_int_eq(fixture->expected,
- ossl_cmp_msg_check_update(fixture->cmp_ctx,
- fixture->msg,
- fixture->allow_unprotected_cb,
- fixture->additional_arg)))
+ ossl_cmp_msg_check_update(fixture->cmp_ctx,
+ fixture->msg,
+ fixture->allow_unprotected_cb,
+ fixture->additional_arg)))
return 0;
- if (fixture->expected == 0) /* error expected aready during above check */
+ if (fixture->expected == 0) /* error expected already during above check */
return 1;
- return
- TEST_int_eq(0,
- ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr),
- fixture->cmp_ctx->recipNonce))
+ return TEST_int_eq(0,
+ ASN1_OCTET_STRING_cmp(ossl_cmp_hdr_get0_senderNonce(hdr),
+ fixture->cmp_ctx->recipNonce))
&& TEST_int_eq(0,
- ASN1_OCTET_STRING_cmp(tid,
- fixture->cmp_ctx->transactionID));
+ ASN1_OCTET_STRING_cmp(tid,
+ fixture->cmp_ctx->transactionID));
}
static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
- int invalid_protection, int allow)
+ int invalid_protection, int allow)
{
return allow;
}
static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected,
- ossl_cmp_allow_unprotected_cb_t cb, int arg,
- const unsigned char *trid_data,
- const unsigned char *nonce_data)
+ ossl_cmp_allow_unprotected_cb_t cb, int arg,
+ const unsigned char *trid_data,
+ const unsigned char *nonce_data)
{
OSSL_CMP_CTX *ctx = (*fixture)->cmp_ctx;
int nonce_len = OSSL_CMP_SENDERNONCE_LENGTH;
@@ -466,14 +464,14 @@ static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected,
if ((*fixture)->msg == NULL
|| (nonce_data != NULL
&& !ossl_cmp_asn1_octet_string_set1_bytes(&ctx->senderNonce,
- nonce_data, nonce_len))) {
+ nonce_data, nonce_len))) {
tear_down((*fixture));
(*fixture) = NULL;
} else if (trid_data != NULL) {
ASN1_OCTET_STRING *trid = ASN1_OCTET_STRING_new();
if (trid == NULL
|| !ASN1_OCTET_STRING_set(trid, trid_data,
- OSSL_CMP_TRANSACTIONID_LENGTH)
+ OSSL_CMP_TRANSACTIONID_LENGTH)
|| !OSSL_CMP_CTX_set1_transactionID(ctx, trid)) {
tear_down((*fixture));
(*fixture) = NULL;
@@ -574,15 +572,14 @@ void cleanup_tests(void)
return;
}
-
-#define USAGE "server.crt client.crt " \
- "EndEntity1.crt EndEntity2.crt " \
- "Root_CA.crt Intermediate_CA.crt " \
- "CMP_IR_protected.der CMP_IR_unprotected.der " \
- "IP_waitingStatus_PBM.der IR_rmprotection.der " \
- "insta.cert.pem insta_ca.cert.pem " \
- "IR_protected_0_extraCerts.der " \
- "IR_protected_2_extraCerts.der module_name [module_conf_file]\n"
+#define USAGE "server.crt client.crt " \
+ "EndEntity1.crt EndEntity2.crt " \
+ "Root_CA.crt Intermediate_CA.crt " \
+ "CMP_IR_protected.der CMP_IR_unprotected.der " \
+ "IP_waitingStatus_PBM.der IR_rmprotection.der " \
+ "insta.cert.pem insta_ca.cert.pem " \
+ "IR_protected_0_extraCerts.der " \
+ "IR_protected_2_extraCerts.der module_name [module_conf_file]\n"
OPT_TEST_DECLARE_USAGE(USAGE)
int setup_tests(void)
@@ -590,11 +587,11 @@ int setup_tests(void)
/* Set test time stamps */
struct tm ts = { 0 };
- ts.tm_year = 2018 - 1900; /* 2018 */
- ts.tm_mon = 1; /* February */
- ts.tm_mday = 18; /* 18th */
+ ts.tm_year = 2018 - 1900; /* 2018 */
+ ts.tm_mon = 1; /* February */
+ ts.tm_mday = 18; /* 18th */
test_time_valid = mktime(&ts); /* February 18th 2018 */
- ts.tm_year += 10; /* February 18th 2028 */
+ ts.tm_year += 10; /* February 18th 2028 */
test_time_after_expiration = mktime(&ts);
if (!test_skip_common_options()) {
@@ -604,19 +601,19 @@ int setup_tests(void)
RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH);
if (!TEST_ptr(server_f = test_get_argument(0))
- || !TEST_ptr(client_f = test_get_argument(1))
- || !TEST_ptr(endentity1_f = test_get_argument(2))
- || !TEST_ptr(endentity2_f = test_get_argument(3))
- || !TEST_ptr(root_f = test_get_argument(4))
- || !TEST_ptr(intermediate_f = test_get_argument(5))
- || !TEST_ptr(ir_protected_f = test_get_argument(6))
- || !TEST_ptr(ir_unprotected_f = test_get_argument(7))
- || !TEST_ptr(ip_waiting_f = test_get_argument(8))
- || !TEST_ptr(ir_rmprotection_f = test_get_argument(9))
- || !TEST_ptr(instacert_f = test_get_argument(10))
- || !TEST_ptr(instaca_f = test_get_argument(11))
- || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12))
- || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) {
+ || !TEST_ptr(client_f = test_get_argument(1))
+ || !TEST_ptr(endentity1_f = test_get_argument(2))
+ || !TEST_ptr(endentity2_f = test_get_argument(3))
+ || !TEST_ptr(root_f = test_get_argument(4))
+ || !TEST_ptr(intermediate_f = test_get_argument(5))
+ || !TEST_ptr(ir_protected_f = test_get_argument(6))
+ || !TEST_ptr(ir_unprotected_f = test_get_argument(7))
+ || !TEST_ptr(ip_waiting_f = test_get_argument(8))
+ || !TEST_ptr(ir_rmprotection_f = test_get_argument(9))
+ || !TEST_ptr(instacert_f = test_get_argument(10))
+ || !TEST_ptr(instaca_f = test_get_argument(11))
+ || !TEST_ptr(ir_protected_0_extracerts = test_get_argument(12))
+ || !TEST_ptr(ir_protected_2_extracerts = test_get_argument(13))) {
TEST_error("usage: cmp_vfy_test %s", USAGE);
return 0;
}
@@ -626,23 +623,23 @@ int setup_tests(void)
/* Load certificates for cert chain */
if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
- || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
- || !TEST_ptr(root = load_cert_pem(root_f, NULL))
- || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
+ || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))
+ || !TEST_ptr(root = load_cert_pem(root_f, NULL))
+ || !TEST_ptr(intermediate = load_cert_pem(intermediate_f, libctx)))
goto err;
if (!TEST_ptr(insta_cert = load_cert_pem(instacert_f, libctx))
- || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx)))
+ || !TEST_ptr(instaca_cert = load_cert_pem(instaca_f, libctx)))
goto err;
/* Load certificates for message validation */
if (!TEST_ptr(srvcert = load_cert_pem(server_f, libctx))
- || !TEST_ptr(clcert = load_cert_pem(client_f, libctx)))
+ || !TEST_ptr(clcert = load_cert_pem(client_f, libctx)))
goto err;
if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
goto err;
if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
- || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx)))
+ || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx)))
goto err;
/* Message validation tests */
@@ -699,8 +696,7 @@ int setup_tests(void)
return 1;
- err:
+err:
cleanup_tests();
return 0;
-
}
generated by cgit v1.3 (git 2.53.0) at 2026-04-18 17:54:17 +0000