OpenVPN
test_pkcs11.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2023 Selva Nair <selva.nair@gmail.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by the
12  * Free Software Foundation, either version 2 of the License,
13  * or (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
25 #ifdef HAVE_CONFIG_H
26 #include "config.h"
27 #endif
28 
29 #include "syshead.h"
30 #include "manage.h"
31 #include "base64.h"
32 #include "run_command.h"
33 #include "xkey_common.h"
34 #include "cert_data.h"
35 #include "pkcs11.h"
36 #include "ssl.h"
37 
38 #include <setjmp.h>
39 #include <cmocka.h>
40 
41 #define token_name "Test Token"
42 #define PIN "12345"
43 #define HASHSIZE 20
44 
45 struct management *management; /* global */
46 
47 /* replacement for crypto_print_openssl_errors() */
48 void
49 crypto_print_openssl_errors(const unsigned int flags)
50 {
51  unsigned long e;
52  while ((e = ERR_get_error()))
53  {
54  msg(flags, "OpenSSL error %lu: %s\n", e, ERR_error_string(e, NULL));
55  }
56 }
57 
58 /* stubs for some unused functions instead of pulling in too many dependencies */
59 int
60 parse_line(const char *line, char **p, const int n, const char *file,
61  const int line_num, int msglevel, struct gc_arena *gc)
62 {
63  assert_true(0);
64  return 0;
65 }
66 char *
68 {
69  return "N/A";
70 }
71 void
73 {
74  assert_true(0);
75 }
76 bool
78 {
79  assert_true(0);
80  return false;
81 }
82 void
83 query_user_add(char *prompt, size_t prompt_len, char *resp, size_t resp_len, bool echo)
84 {
85  (void) prompt;
86  (void) prompt_len;
87  (void) resp;
88  (void) resp_len;
89  (void) echo;
90  assert_true(0);
91 }
92 void
93 purge_user_pass(struct user_pass *up, const bool force)
94 {
95  (void) force;
96  secure_memzero(up, sizeof(*up));
97 }
98 
99 char *
100 management_query_pk_sig(struct management *man, const char *b64_data,
101  const char *algorithm)
102 {
103  (void) man;
104  (void) b64_data;
105  (void) algorithm;
106  return NULL;
107 }
108 
109 int
110 digest_sign_verify(EVP_PKEY *privkey, EVP_PKEY *pubkey);
111 
112 /* Test certificate database: data for cert1, cert2 .. key1, key2 etc.
113  * are defined in cert_data.h
114  */
115 static struct test_cert
116 {
117  const char *const cert; /* certificate as PEM */
118  const char *const key; /* key as unencrypted PEM */
119  const char *const cname; /* common-name */
120  const char *const issuer; /* issuer common-name */
121  const char *const friendly_name; /* identifies certs loaded to the store -- keep unique */
122  uint8_t hash[HASHSIZE]; /* SHA1 fingerprint: computed and filled in later */
123  char *p11_id; /* PKCS#11 id -- filled in later */
124 } certs[5];
125 
127 static char softhsm2_tokens_path[] = "softhsm2_tokens_XXXXXX";
128 static char softhsm2_conf_path[] = "softhsm2_conf_XXXXXX";
130 static const char *pkcs11_id_current;
131 struct env_set *es;
132 
133 /* Fill-in certs[] array */
134 void
136 {
137  struct test_cert certs_local[] = {
138  {cert1, key1, cname1, "OVPN TEST CA1", "OVPN Test Cert 1", {0}, NULL},
139  {cert2, key2, cname2, "OVPN TEST CA2", "OVPN Test Cert 2", {0}, NULL},
140  {cert3, key3, cname3, "OVPN TEST CA1", "OVPN Test Cert 3", {0}, NULL},
141  {cert4, key4, cname4, "OVPN TEST CA2", "OVPN Test Cert 4", {0}, NULL},
142  {0}
143  };
144  assert(sizeof(certs_local) == sizeof(certs));
145  memcpy(certs, certs_local, sizeof(certs_local));
146 }
147 
148 /* Intercept get_user_pass for PIN and other prompts */
149 bool
150 get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix,
151  const unsigned int flags, const char *unused)
152 {
153  (void) unused;
154  bool ret = true;
155  if (!strcmp(prefix, "pkcs11-id-request") && flags&GET_USER_PASS_NEED_STR)
156  {
157  assert_true(pkcs11_id_management);
158  strncpynt(up->password, pkcs11_id_current, sizeof(up->password));
159  }
160  else if (flags & GET_USER_PASS_PASSWORD_ONLY)
161  {
162  openvpn_snprintf(up->password, sizeof(up->password), "%s", PIN);
163  }
164  else
165  {
166  msg(M_NONFATAL, "ERROR: get_user_pass called with unknown request <%s> ignored\n", prefix);
167  ret = false;
168  }
169 
170  return ret;
171 }
172 
173 /* Compute sha1 hash of a X509 certificate */
174 static void
175 sha1_fingerprint(X509 *x509, uint8_t *hash, int capacity)
176 {
177  assert_true(capacity >= EVP_MD_size(EVP_sha1()));
178  assert_int_equal(X509_digest(x509, EVP_sha1(), hash, NULL), 1);
179 }
180 
181 #if defined(HAVE_XKEY_PROVIDER)
183 OSSL_PROVIDER *prov[2];
184 #endif
185 
186 static int
187 init(void **state)
188 {
189  (void) state;
190 
191  umask(0077); /* ensure all files and directories we create get user only access */
192  char config[256];
193 
194  init_cert_data();
195  if (!mkdtemp(softhsm2_tokens_path))
196  {
197  fail_msg("make tmpdir using template <%s> failed (error = %d)", softhsm2_tokens_path, errno);
198  }
199 
200  int fd = mkstemp(softhsm2_conf_path);
201  if (fd < 0)
202  {
203  fail_msg("make tmpfile using template <%s> failed (error = %d)", softhsm2_conf_path, errno);
204  }
205  openvpn_snprintf(config, sizeof(config), "directories.tokendir=%s/",
207  assert_int_equal(write(fd, config, strlen(config)), strlen(config));
208  close(fd);
209 
210  /* environment */
211  setenv("SOFTHSM2_CONF", softhsm2_conf_path, 1);
212  es = env_set_create(NULL);
213  setenv_str(es, "SOFTHSM2_CONF", softhsm2_conf_path);
214  setenv_str(es, "GNUTLS_PIN", PIN);
215 
216  /* init the token using the temporary location as storage */
217  struct argv a = argv_new();
218  argv_printf(&a, "%s --init-token --free --label \"%s\" --so-pin %s --pin %s",
219  SOFTHSM2_UTIL_PATH, token_name, PIN, PIN);
220  assert_true(openvpn_execve_check(&a, es, 0, "Failed to initialize token"));
221 
222  /* Import certificates and keys in our test database into the token */
223  char cert[] = "cert_XXXXXX";
224  char key[] = "key_XXXXXX";
225  int cert_fd = mkstemp(cert);
226  int key_fd = mkstemp(key);
227  if (cert_fd < 0 || key_fd < 0)
228  {
229  fail_msg("make tmpfile for certificate or key data failed (error = %d)", errno);
230  }
231 
232  for (struct test_cert *c = certs; c->cert; c++)
233  {
234  /* fill-in the hash of the cert */
235  BIO *buf = BIO_new_mem_buf(c->cert, -1);
236  X509 *x509 = NULL;
237  if (buf)
238  {
239  x509 = PEM_read_bio_X509(buf, NULL, NULL, NULL);
240  BIO_free(buf);
241  }
242  assert_non_null(x509);
243  sha1_fingerprint(x509, c->hash, HASHSIZE);
244  X509_free(x509);
245 
246  /* we load all cert/key pairs even if expired as
247  * signing should still work */
248  assert_int_equal(write(cert_fd, c->cert, strlen(c->cert)), strlen(c->cert));
249  assert_int_equal(write(key_fd, c->key, strlen(c->key)), strlen(c->key));
250 
251  argv_free(&a);
252  a = argv_new();
253  /* Use numcerts+1 as a unique id of the object -- same id for matching cert and key */
254  argv_printf(&a, "%s --provider %s --load-certificate %s --label \"%s\" --id %08x --login --write",
255  P11TOOL_PATH, SOFTHSM2_MODULE_PATH, cert, c->friendly_name, num_certs+1);
256  assert_true(openvpn_execve_check(&a, es, 0, "Failed to upload certificate into token"));
257 
258  argv_free(&a);
259  a = argv_new();
260  argv_printf(&a, "%s --provider %s --load-privkey %s --label \"%s\" --id %08x --login --write",
261  P11TOOL_PATH, SOFTHSM2_MODULE_PATH, key, c->friendly_name, num_certs+1);
262  assert_true(openvpn_execve_check(&a, es, 0, "Failed to upload key into token"));
263 
264  assert_int_equal(ftruncate(cert_fd, 0), 0);
265  assert_int_equal(ftruncate(key_fd, 0), 0);
266  num_certs++;
267  }
268 
269  argv_free(&a);
270  close(cert_fd);
271  close(key_fd);
272  unlink(cert);
273  unlink(key);
274  return 0;
275 }
276 
277 static int
278 cleanup(void **state)
279 {
280  (void) state;
281  struct argv a = argv_new();
282 
283  argv_printf(&a, "%s --delete-token --token \"%s\"", SOFTHSM2_UTIL_PATH, token_name);
284  assert_true(openvpn_execve_check(&a, es, 0, "Failed to delete token"));
285  argv_free(&a);
286 
287  rmdir(softhsm2_tokens_path); /* this must be empty after delete token */
288  unlink(softhsm2_conf_path);
289  for (struct test_cert *c = certs; c->cert; c++)
290  {
291  free(c->p11_id);
292  c->p11_id = NULL;
293  }
295  return 0;
296 }
297 
298 static int
299 setup_pkcs11(void **state)
300 {
301 #if defined(HAVE_XKEY_PROVIDER)
302  /* Initialize providers in a way matching what OpenVPN core does */
303  tls_libctx = OSSL_LIB_CTX_new();
304  prov[0] = OSSL_PROVIDER_load(tls_libctx, "default");
305  OSSL_PROVIDER_add_builtin(tls_libctx, "ovpn.xkey", xkey_provider_init);
306  prov[1] = OSSL_PROVIDER_load(tls_libctx, "ovpn.xkey");
307  assert_non_null(prov[1]);
308 
309  /* set default propq as we do in ssl_openssl.c */
310  EVP_set_default_properties(tls_libctx, "?provider!=ovpn.xkey");
311 #endif
312  pkcs11_initialize(true, 0); /* protected auth enabled, pin-cache = 0 */
313  pkcs11_addProvider(SOFTHSM2_MODULE_PATH, false, 0, false);
314  return 0;
315 }
316 
317 static int
318 teardown_pkcs11(void **state)
319 {
320  pkcs11_terminate();
321 #if defined(HAVE_XKEY_PROVIDER)
322  for (size_t i = 0; i < SIZE(prov); i++)
323  {
324  if (prov[i])
325  {
326  OSSL_PROVIDER_unload(prov[i]);
327  prov[i] = NULL;
328  }
329  }
330  OSSL_LIB_CTX_free(tls_libctx);
331 #endif
332  return 0;
333 }
334 
335 static struct test_cert *
336 lookup_cert_byhash(uint8_t *sha1)
337 {
338  struct test_cert *c = certs;
339  while (c->cert && memcmp(c->hash, sha1, HASHSIZE))
340  {
341  c++;
342  }
343  return c->cert ? c : NULL;
344 }
345 
346 /* Enumerate usable items in the token and collect their pkcs11-ids */
347 static void
348 test_pkcs11_ids(void **state)
349 {
350  char *p11_id = NULL;
351  char *base64 = NULL;
352 
353  int n = pkcs11_management_id_count();
354  assert_int_equal(n, num_certs);
355 
356  for (int i = 0; i < n; i++)
357  {
358  X509 *x509 = NULL;
359  uint8_t sha1[HASHSIZE];
360 
361  /* We use the management interface functions as a quick way
362  * to enumerate objects available for private key operations */
363  if (!pkcs11_management_id_get(i, &p11_id, &base64))
364  {
365  fail_msg("Failed to get pkcs11-id for index (%d) from pkcs11-helper", i);
366  }
367  /* decode the base64 data and convert to X509 and get its sha1 fingerprint */
368  unsigned char *der = malloc(strlen(base64));
369  assert_non_null(der);
370  int derlen = openvpn_base64_decode(base64, der, strlen(base64));
371  free(base64);
372  assert_true(derlen > 0);
373 
374  const unsigned char *ppin = der; /* alias needed as d2i_X509 alters the pointer */
375  assert_non_null(d2i_X509(&x509, &ppin, derlen));
376  sha1_fingerprint(x509, sha1, HASHSIZE);
377  X509_free(x509);
378  free(der);
379 
380  /* Save the pkcs11-id of this ceritificate in our database */
381  struct test_cert *c = lookup_cert_byhash(sha1);
382  assert_non_null(c);
383  c->p11_id = p11_id; /* p11_id is freed in cleanup */
384  assert_memory_equal(c->hash, sha1, HASHSIZE);
385  }
386  /* check whether all certs in our db were found by pkcs11-helper*/
387  for (struct test_cert *c = certs; c->cert; c++)
388  {
389  if (!c->p11_id)
390  {
391  fail_msg("Certificate <%s> not enumerated by pkcs11-helper", c->friendly_name);
392  }
393  }
394 }
395 
396 /* For each available pkcs11-id, load it into an SSL_CTX
397  * and test signing with it.
398  */
399 static void
401 {
402  (void) state;
403  struct tls_root_ctx tls_ctx = {};
404  uint8_t sha1[HASHSIZE];
405  for (struct test_cert *c = certs; c->cert; c++)
406  {
407 #ifdef HAVE_XKEY_PROVIDER
408  tls_ctx.ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
409 #else
410  tls_ctx.ctx = SSL_CTX_new(SSLv23_client_method());
411 #endif
413  {
414  /* The management callback will return pkcs11_id_current as the
415  * selection. Set it here as the current certificate's p11_id
416  */
417  pkcs11_id_current = c->p11_id;
418  tls_ctx_use_pkcs11(&tls_ctx, 1, NULL);
419  }
420  else
421  {
422  /* directly use c->p11_id */
423  tls_ctx_use_pkcs11(&tls_ctx, 0, c->p11_id);
424  }
425 
426  /* check that the cert set in SSL_CTX is what we intended */
427  X509 *x509 = SSL_CTX_get0_certificate(tls_ctx.ctx);
428  assert_non_null(x509);
429  sha1_fingerprint(x509, sha1, HASHSIZE);
430  assert_memory_equal(sha1, c->hash, HASHSIZE);
431 
432  /* Test signing with the private key in SSL_CTX */
433  EVP_PKEY *pubkey = X509_get0_pubkey(x509);
434  EVP_PKEY *privkey = SSL_CTX_get0_privatekey(tls_ctx.ctx);
435  assert_non_null(pubkey);
436  assert_non_null(privkey);
437 #ifdef HAVE_XKEY_PROVIDER
438  /* this will exercise signing via pkcs11 backend */
439  assert_int_equal(digest_sign_verify(privkey, pubkey), 1);
440 #else
441  if (!SSL_CTX_check_private_key(tls_ctx.ctx))
442  {
443  fail_msg("Certificate and private key in ssl_ctx do not match for <%s>", c->friendly_name);
444  return;
445  }
446 #endif
447  SSL_CTX_free(tls_ctx.ctx);
448  }
449 }
450 
451 /* same test as test_tls_ctx_use_pkcs11, with id selected via management i/f */
452 static void
454 {
455  pkcs11_id_management = true;
457 }
458 
459 int
460 main(void)
461 {
462  const struct CMUnitTest tests[] = {
463  cmocka_unit_test_setup_teardown(test_pkcs11_ids, setup_pkcs11,
465  cmocka_unit_test_setup_teardown(test_tls_ctx_use_pkcs11, setup_pkcs11,
467  cmocka_unit_test_setup_teardown(test_tls_ctx_use_pkcs11__management, setup_pkcs11,
469  };
470  int ret = cmocka_run_group_tests_name("pkcs11_tests", tests, init, cleanup);
471 
472  return ret;
473 }
query_user_clear
void query_user_clear(void)
Wipes all data put into all of the query_user structs.
Definition: test_pkcs11.c:72
cert_data.h
cert2
static const char *const cert2
Definition: cert_data.h:65
openvpn_base64_decode
int openvpn_base64_decode(const char *str, void *data, int size)
Definition: base64.c:158
setup_pkcs11
static int setup_pkcs11(void **state)
Definition: test_pkcs11.c:299
cert1
static const char *const cert1
Definition: cert_data.h:39
x509_get_subject
char * x509_get_subject(openvpn_x509_cert_t *cert, struct gc_arena *gc)
Definition: test_pkcs11.c:67
pkcs11_id_current
static const char * pkcs11_id_current
Definition: test_pkcs11.c:130
run_command.h
HASHSIZE
#define HASHSIZE
Definition: test_pkcs11.c:43
key2
#define key2
Definition: cert_data.h:82
env_set_destroy
void env_set_destroy(struct env_set *es)
Definition: env_set.c:166
argv
Definition: argv.h:35
M_NONFATAL
#define M_NONFATAL
Definition: error.h:96
manage.h
es
struct env_set * es
Definition: test_pkcs11.c:131
hash
Definition: list.h:58
cname4
#define cname4
Definition: cert_data.h:164
key1
static const char *const key1
Definition: cert_data.h:56
argv_free
void argv_free(struct argv *a)
Frees all memory allocations allocated by the struct argv related functions.
Definition: argv.c:102
parse_line
int parse_line(const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: test_pkcs11.c:60
xkey_common.h
test_cert::friendly_name
const char *const friendly_name
Definition: test_pkcs11.c:121
softhsm2_tokens_path
static char softhsm2_tokens_path[]
Definition: test_pkcs11.c:127
test_cert::p11_id
char * p11_id
Definition: test_pkcs11.c:123
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
sha1_fingerprint
static void sha1_fingerprint(X509 *x509, uint8_t *hash, int capacity)
Definition: test_pkcs11.c:175
openvpn_execve_check
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition: run_command.c:193
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:414
certs
static struct test_cert certs[5]
write
@ write
Definition: interactive.c:210
SSL_CTX_new_ex
#define SSL_CTX_new_ex(libctx, propq, method)
Reduce SSL_CTX_new_ex() to SSL_CTX_new() for OpenSSL < 3.
Definition: openssl_compat.h:770
test_cert::cert
const char *const cert
Definition: test_pkcs11.c:117
teardown_pkcs11
static int teardown_pkcs11(void **state)
Definition: test_pkcs11.c:318
management
struct management * management
Definition: test_pkcs11.c:45
X509_get0_pubkey
static EVP_PKEY * X509_get0_pubkey(const X509 *x)
Get the public key from a X509 certificate.
Definition: openssl_compat.h:204
test_cert
Definition: test_pkcs11.c:115
crypto_print_openssl_errors
void crypto_print_openssl_errors(const unsigned int flags)
Retrieve any occurred OpenSSL errors and print those errors.
Definition: test_pkcs11.c:49
cname2
static const char *const cname2
Definition: cert_data.h:84
base64.h
cname3
static const char *const cname3
Definition: cert_data.h:138
test_cert::hash
uint8_t hash[HASHSIZE]
Definition: test_pkcs11.c:122
key3
static const char *const key3
Definition: cert_data.h:108
query_user_add
void query_user_add(char *prompt, size_t prompt_len, char *resp, size_t resp_len, bool echo)
Adds an item to ask the user for.
Definition: test_pkcs11.c:83
SIZE
#define SIZE(x)
Definition: basic.h:30
ssl.h
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition: env_set.c:156
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition: test_pkcs11.c:100
test_pkcs11_ids
static void test_pkcs11_ids(void **state)
Definition: test_pkcs11.c:348
syshead.h
pkcs11.h
cname1
static const char *const cname1
Definition: cert_data.h:63
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:283
PIN
#define PIN
Definition: test_pkcs11.c:42
init
static int init(void **state)
Definition: test_pkcs11.c:187
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:361
env_set
Definition: env_set.h:42
openvpn_x509_cert_t
X509 openvpn_x509_cert_t
Definition: openvpn-plugin.h:40
key4
#define key4
Definition: cert_data.h:162
argv_new
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
Definition: argv.c:88
token_name
#define token_name
Definition: test_pkcs11.c:41
get_user_pass_cr
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *unused)
Definition: test_pkcs11.c:150
argv_printf
bool argv_printf(struct argv *argres, const char *format,...)
printf() variant which populates a struct argv.
Definition: argv.c:440
digest_sign_verify
int digest_sign_verify(EVP_PKEY *privkey, EVP_PKEY *pubkey)
tls_root_ctx
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:104
main
int main(void)
Definition: test_pkcs11.c:460
openvpn_snprintf
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:294
management
Definition: manage.h:335
test_tls_ctx_use_pkcs11
static void test_tls_ctx_use_pkcs11(void **state)
Definition: test_pkcs11.c:400
GET_USER_PASS_PASSWORD_ONLY
#define GET_USER_PASS_PASSWORD_ONLY
Definition: misc.h:111
OSSL_PROVIDER
void OSSL_PROVIDER
Definition: openssl_compat.h:775
config.h
lookup_cert_byhash
static struct test_cert * lookup_cert_byhash(uint8_t *sha1)
Definition: test_pkcs11.c:336
tls_root_ctx::ctx
SSL_CTX * ctx
Definition: ssl_openssl.h:40
test_cert::cname
const char *const cname
Definition: test_pkcs11.c:119
tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition: ssl_openssl.c:71
softhsm2_conf_path
static char softhsm2_conf_path[]
Definition: test_pkcs11.c:128
user_pass::password
char password[USER_PASS_LEN]
Definition: misc.h:72
query_user_exec_builtin
bool query_user_exec_builtin(void)
Executes a configured setup, using the built-in method for querying the user.
Definition: test_pkcs11.c:77
test_cert::key
const char *const key
Definition: test_pkcs11.c:118
purge_user_pass
void purge_user_pass(struct user_pass *up, const bool force)
Definition: test_pkcs11.c:93
test_cert::issuer
const char *const issuer
Definition: test_pkcs11.c:120
init_cert_data
void init_cert_data()
Definition: test_pkcs11.c:135
user_pass
Definition: misc.h:56
GET_USER_PASS_NEED_STR
#define GET_USER_PASS_NEED_STR
Definition: misc.h:114
msg
#define msg(flags,...)
Definition: error.h:150
pkcs11_id_management
static bool pkcs11_id_management
Definition: test_pkcs11.c:126
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition: openssl_compat.h:774
test_tls_ctx_use_pkcs11__management
static void test_tls_ctx_use_pkcs11__management(void **state)
Definition: test_pkcs11.c:453
num_certs
int num_certs
Definition: test_pkcs11.c:129
cert4
static const char *const cert4
Definition: cert_data.h:140
cert3
static const char *const cert3
Definition: cert_data.h:86
cleanup
static int cleanup(void **state)
Definition: test_pkcs11.c:278