diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-28 21:33:09 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-04-20 10:47:24 +0200 |
commit | 1c0eede9827b0962f1d752fa4ab5d436fa039da4 (patch) | |
tree | 87f7f312c5ca6351cb0aac262d7a02c976e5f8eb /test | |
parent | a78c7c0bfe56d67022ca18cfabefc73926dde0ae (diff) |
Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14128)
Diffstat (limited to 'test')
-rw-r--r-- | test/cmp_ctx_test.c | 1 | ||||
-rw-r--r-- | test/cmp_protect_test.c | 39 | ||||
-rw-r--r-- | test/verify_extra_test.c | 3 |
3 files changed, 35 insertions, 8 deletions
diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index 96b0f1b511..2ca2c26dd5 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -874,6 +874,5 @@ int setup_tests(void) ADD_TEST(test_CTX_set1_get0_transactionID); ADD_TEST(test_CTX_set1_get0_senderNonce); ADD_TEST(test_CTX_set1_get0_recipNonce); - /* ossl_cmp_build_cert_chain() is tested in cmp_protect.c */ return 1; } diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 543ff10dca..5fafb69475 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -27,6 +27,7 @@ typedef struct test_fixture { X509 *cert; STACK_OF(X509) *certs; STACK_OF(X509) *chain; + int with_ss; int callback_arg; int expected; } CMP_PROTECT_TEST_FIXTURE; @@ -333,8 +334,8 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) OSSL_CMP_CTX *ctx = fixture->cmp_ctx; X509_STORE *store; STACK_OF(X509) *chain = - ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL, - fixture->certs, fixture->cert); + X509_build_chain(fixture->cert, fixture->certs, NULL, + fixture->with_ss, ctx->libctx, ctx->propq); if (TEST_ptr(chain)) { /* Check whether chain built is equal to the expected one */ @@ -348,8 +349,8 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture) && TEST_true(X509_STORE_add_cert(store, root))) { X509_VERIFY_PARAM_set_flags(X509_STORE_get0_param(store), X509_V_FLAG_NO_CHECK_TIME); - chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, - store, fixture->certs, fixture->cert); + chain = X509_build_chain(fixture->cert, fixture->certs, store, + fixture->with_ss, ctx->libctx, ctx->propq); ret = TEST_int_eq(fixture->expected, chain != NULL); if (ret && chain != NULL) { /* Check whether chain built is equal to the expected one */ @@ -365,6 +366,7 @@ static int test_cmp_build_cert_chain(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->expected = 1; + fixture->with_ss = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !TEST_ptr(fixture->chain = sk_X509_new_null()) @@ -376,7 +378,13 @@ static int test_cmp_build_cert_chain(void) tear_down(fixture); fixture = NULL; } - EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); + if (fixture != NULL) { + result = execute_cmp_build_cert_chain_test(fixture); + fixture->with_ss = 1; + if (result && TEST_true(sk_X509_push(fixture->chain, root))) + result = execute_cmp_build_cert_chain_test(fixture); + } + tear_down(fixture); return result; } @@ -384,6 +392,7 @@ static int test_cmp_build_cert_chain_missing_intermediate(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->expected = 0; + fixture->with_ss = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !TEST_ptr(fixture->chain = sk_X509_new_null()) @@ -401,6 +410,7 @@ static int test_cmp_build_cert_chain_no_root(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->expected = 1; + fixture->with_ss = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !TEST_ptr(fixture->chain = sk_X509_new_null()) @@ -415,10 +425,28 @@ static int test_cmp_build_cert_chain_no_root(void) return result; } +static int test_cmp_build_cert_chain_only_root(void) +{ + SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); + fixture->expected = 1; + fixture->with_ss = 0; /* still chain must include the only cert (root) */ + fixture->cert = root; + if (!TEST_ptr(fixture->certs = sk_X509_new_null()) + || !TEST_ptr(fixture->chain = sk_X509_new_null()) + || !TEST_true(sk_X509_push(fixture->certs, root)) + || !TEST_true(sk_X509_push(fixture->chain, root))) { + tear_down(fixture); + fixture = NULL; + } + EXECUTE_TEST(execute_cmp_build_cert_chain_test, tear_down); + return result; +} + static int test_cmp_build_cert_chain_no_certs(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->expected = 0; + fixture->with_ss = 0; fixture->cert = endentity2; if (!TEST_ptr(fixture->certs = sk_X509_new_null()) || !TEST_ptr(fixture->chain = sk_X509_new_null()) @@ -576,6 +604,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_EC ADD_TEST(test_cmp_build_cert_chain); + ADD_TEST(test_cmp_build_cert_chain_only_root); ADD_TEST(test_cmp_build_cert_chain_no_root); ADD_TEST(test_cmp_build_cert_chain_missing_intermediate); ADD_TEST(test_cmp_build_cert_chain_no_certs); diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 758a1a4971..6ab779671f 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -177,12 +177,11 @@ static int test_req_distinguishing_id(void) static int test_self_signed(const char *filename, int use_trusted, int expected) { - X509 *cert; + X509 *cert = load_cert_from_file(filename); /* may result in NULL */ STACK_OF(X509) *trusted = sk_X509_new_null(); X509_STORE_CTX *ctx = X509_STORE_CTX_new(); int ret; - cert = load_cert_from_file(filename); /* may result in NULL */ ret = TEST_int_eq(X509_self_signed(cert, 1), expected); if (cert != NULL) { |