Add libctx/provider support to cmp_msg_test

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)

5 files changed, 90 insertions, 32 deletions

diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index 78eea31c9c..b9309a6983 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -13,6 +13,7 @@
 
 DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
 
+static const char *newkey_f;
 static const char *server_cert_f;
 static const char *pkcs10_f;
 
@@ -31,6 +32,19 @@ typedef struct test_fixture {
     OSSL_CMP_PKISI *si;
 } CMP_MSG_TEST_FIXTURE;
 
+static OPENSSL_CTX *libctx = NULL;
+static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
+
+/* TODO(3.0) Clean this up - See issue #12680 */
+static X509 *X509_dup_with_libctx(const X509 *cert)
+{
+    X509 *dup = X509_dup(cert);
+
+    if (dup != NULL)
+        x509_set0_libctx(dup, libctx, NULL);
+    return dup;
+}
+
 static unsigned char ref[CMP_TEST_REFVALUE_LENGTH];
 
 static void tear_down(CMP_MSG_TEST_FIXTURE *fixture)
@@ -51,7 +65,7 @@ static CMP_MSG_TEST_FIXTURE *set_up(const char *const test_case_name)
         return NULL;
     fixture->test_case_name = test_case_name;
 
-    if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL))
+    if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL))
             || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1))
             || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx,
                                                            ref, sizeof(ref)))) {
@@ -146,7 +160,7 @@ static int test_cmp_create_ir_protection_set(void)
     fixture->bodytype = OSSL_CMP_PKIBODY_IR;
     fixture->err_code = -1;
     fixture->expected = 1;
-    if (!TEST_int_eq(1, RAND_bytes(secret, sizeof(secret)))
+    if (!TEST_int_eq(1, RAND_bytes_ex(libctx, secret, sizeof(secret)))
             || !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
             || !TEST_true(set1_newPkey(ctx, newkey))
             || !TEST_true(OSSL_CMP_CTX_set1_secretValue(ctx, secret,
@@ -283,7 +297,7 @@ static int test_cmp_create_certconf(void)
     fixture->fail_info = 0;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup(cert)))) {
+                                             X509_dup_with_libctx(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -297,7 +311,7 @@ static int test_cmp_create_certconf_badAlg(void)
     fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup(cert)))) {
+                                             X509_dup_with_libctx(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -311,7 +325,7 @@ static int test_cmp_create_certconf_fail_info_max(void)
     fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup(cert)))) {
+                                             X509_dup_with_libctx(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -392,7 +406,7 @@ static int execute_certrep_create(CMP_MSG_TEST_FIXTURE *fixture)
     cresp->certifiedKeyPair->certOrEncCert->type =
         OSSL_CMP_CERTORENCCERT_CERTIFICATE;
     if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate =
-         X509_dup(cert)) == NULL
+         X509_dup_with_libctx(cert)) == NULL
             || !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp))
         goto err;
     cresp = NULL;
@@ -538,8 +552,12 @@ void cleanup_tests(void)
 {
     EVP_PKEY_free(newkey);
     X509_free(cert);
+    OPENSSL_CTX_free(libctx);
 }
 
+#define USAGE "new.key server.crt pkcs10.der module_name [module_conf_file]\n"
+OPT_TEST_DECLARE_USAGE(USAGE)
+
 int setup_tests(void)
 {
     if (!test_skip_common_options()) {
@@ -547,15 +565,19 @@ int setup_tests(void)
         return 0;
     }
 
-    if (!TEST_ptr(server_cert_f = test_get_argument(0))
-            || !TEST_ptr(pkcs10_f = test_get_argument(1))) {
-        TEST_error("usage: cmp_msg_test server.crt pkcs10.der\n");
+    if (!TEST_ptr(newkey_f = test_get_argument(0))
+            || !TEST_ptr(server_cert_f = test_get_argument(1))
+            || !TEST_ptr(pkcs10_f = test_get_argument(2))) {
+        TEST_error("usage: cmp_msg_test %s", USAGE);
         return 0;
     }
 
-    if (!TEST_ptr(newkey = gen_rsa())
-            || !TEST_ptr(cert = load_pem_cert(server_cert_f, NULL))
-            || !TEST_int_eq(1, RAND_bytes(ref, sizeof(ref)))) {
+    if (!test_get_libctx(&libctx, &default_null_provider, &provider, 3, USAGE))
+        return 0;
+
+    if (!TEST_ptr(newkey = load_pem_key(newkey_f))
+            || !TEST_ptr(cert = load_pem_cert(server_cert_f, libctx))
+            || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
         cleanup_tests();
         return 0;
     }
diff --git a/test/cmp_testlib.c b/test/cmp_testlib.c
index 1956704bed..ffa43cd81c 100644
--- a/test/cmp_testlib.c
+++ b/test/cmp_testlib.c
@@ -63,19 +63,6 @@ X509_REQ *load_csr(const char *file)
     return csr;
 }
 
-EVP_PKEY *gen_rsa(void)
-{
-    EVP_PKEY_CTX *ctx = NULL;
-    EVP_PKEY *pkey = NULL;
-
-    (void)(TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))
-               && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
-               && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048), 0)
-               && TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0));
-    EVP_PKEY_CTX_free(ctx);
-    return pkey;
-}
-
 /*
  * Checks whether the syntax of msg conforms to ASN.1
  */
diff --git a/test/cmp_testlib.h b/test/cmp_testlib.h
index 7828ceab1f..e24074cdd7 100644
--- a/test/cmp_testlib.h
+++ b/test/cmp_testlib.h
@@ -28,7 +28,6 @@ X509 *load_pem_cert(const char *file, OPENSSL_CTX *libctx);
 X509_REQ *load_csr(const char *file);
 OSSL_CMP_MSG *load_pkimsg(const char *file);
 int valid_asn1_encoding(const OSSL_CMP_MSG *msg);
-EVP_PKEY *gen_rsa(void);
 int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2);
 int STACK_OF_X509_push1(STACK_OF(X509) *sk, X509 *cert);
 int print_to_bio_out(const char *func, const char *file, int line,
diff --git a/test/recipes/65-test_cmp_msg.t b/test/recipes/65-test_cmp_msg.t
index e1b08ccfa2..0347c1a2a9 100644
--- a/test/recipes/65-test_cmp_msg.t
+++ b/test/recipes/65-test_cmp_msg.t
@@ -9,16 +9,38 @@
 # https://www.openssl.org/source/license.html
 
 use strict;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file srctop_dir bldtop_file bldtop_dir/;
 use OpenSSL::Test::Utils;
 
-setup("test_cmp_msg");
+BEGIN {
+    setup("test_cmp_msg");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan skip_all => "This test is not supported in a no-cmp build"
     if disabled("cmp");
 
-plan tests => 1;
+plan tests => 2 + ($no_fips ? 0 : 2); #fips install + fips test
+
+my @basic_cmd = ("cmp_msg_test",
+                 data_file("new.key"),
+                 data_file("server.crt"),
+                 data_file("pkcs10.der"));
+
+ok(run(test([@basic_cmd, "none"])));
+
+ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")])));
+
+unless ($no_fips) {
+    ok(run(app(['openssl', 'fipsinstall',
+                '-out', bldtop_file('providers', 'fipsmodule.cnf'),
+                '-module', bldtop_file('providers', platform->dso('fips'))])),
+       "fipsinstall");
 
-ok(run(test(["cmp_msg_test",
-             data_file("server.crt"),
-             data_file("pkcs10.der")])));
+    ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+}
diff --git a/test/recipes/65-test_cmp_msg_data/new.key b/test/recipes/65-test_cmp_msg_data/new.key
new file mode 100644
index 0000000000..990b20d642
--- /dev/null
+++ b/test/recipes/65-test_cmp_msg_data/new.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIHp0kAPnBtK1B
+/gcTQSGV20NKE1VD+OEO7qzYprfQV0/iaXX5zY/Ls4NRKNIJ6BdoEg5cID5HTNoE
+Andl6pfHdSsT0+JdodEZlyg+1fiYr0g4eEh3HA9Rrpx5I4mfhwdj6nRwUun/ludQ
+SungipsvVsx3i/x8XEnRkMYlqF8uK6udhTJqVo0Icr6Erb5Fp5GA+Wxd+JT+/CGG
+MWF2GLFs+byX5L7bE3JJXUkADOtS8QN01nSIG+5VxLaaWFIpOG3ll6D7QLruRhir
+Ez0JVkLBxX9pJQibCN4Ww0wmyX+cXIRpy7q9fPSuO8vA/NMB5VhnLn3YbC9qRY62
+IN1qntYlAgMBAAECggEAJgHieHcS+F43VcRIVbjWBx8orYX0eL9pByv/efpYCOK8
+UlUTSglnmRmUBDMLiUQiReq//XFGQsZu1boeMSYYA5LWRqLEaGIWU5To2N5Mo7sO
+rWLy6GRU6H+QSlWcisbbeXeK+9ZTiO6BKjfAKZxJkvkaRk44+umQP5QOfhJ3WU4t
+0wkwYOfm8uOEg48yZTgjUVzhIORHAq5RHH/5goLrNwO2bIqOHOqzSrXGQJJ+oDaL
+JykccyVAElUGd5JaSpm5z0a43C4A5q770ppiByGxJv1L3ID1hkik1ZpWfMtwPH1Y
+FIAINqlhVoeAEwOCpL9axZ5OCGQrgWLNV4LfJyG4NQKBgQDyHGDyp+ZpMJRxCtDt
+8QWtthuoOfwmXOR81ZJGD3GA8rEGcG1zH4F+B4Z76/Kwb/uabH9FPURS+kcDpsuM
+9Avx88JTg6YFhtpQQCcmhY7awgc+B4ve95ziz6DOMhCD8Yb36UjM7B1jY+zVLIYt
+yQhZOKQEzPFqfPMrzEDsabT+GwKBgQDTmY35/l13zYi21xmCL+309KzjbZEyX0NF
+SE2JjIdwcWvKSMPFlWv7l1ssIg1fF0Hu7mEbLB74eUU0fe4D0LPeoEX3ihjYej4N
+M/EdKv7+WhCr11lnWwWTM+aeeFAmwdD95Gdvv0hTnG/GqxiOt19HhGhMHJueAKDL
+Tmci9hPAvwKBgQCkjbM62fEZp4IMvtw4DKveYDq2AQsnC9XkHsh3Q8HScaDuDnXl
+XBGIFhdKnJhrYQEx+PIbnkOU3jRr/+6zE6AWx6VZW834TaqOBrxVS0tH1b5UY46m
+ccc4xQO3gYGGHB+u2ei4Fvb2eZEbZlKgRdWdxoh8FssypFAmgYHS7Rmt5wKBgEYu
+symM1aGL2WGTnJFSpmFN2h4g1DzZ3e0X2yfZJX8FD5RraAub0NIE1Kehr7+vbh36
+kNi7XJZbWrnbXtuDGHWpwSsmcbEzcmtcpAdhoGvqoYbtiWi/huzZFQ/Qpf0E4fWk
+ES6+ShX5WBWT4DRN29tTrmg4QOE6IhrsqUauScTvAoGAKxEzsSHPgZm5rGOfVPcI
+cFeSJFCsaPfVk97T9aNievhMMChKBV8vT3Unlk0RObcsMweo6OMmfnRxrHhgfVz8
+elpLOlzEHfELlR8HELvxCeWWzuPgNCAPcG3BmjRnm8g5xmmkfQuRKlkQTcGbHotI
+wIPT+bHg3fjx7CemHl+rZeo=
+-----END PRIVATE KEY-----