From patchwork Tue Jan 16 21:41:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3570 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:a213:b0:100:d2e5:60d with SMTP id bs19csp4459149dyb; Tue, 16 Jan 2024 13:42:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IGUX5OSeVT74XwYHD7F9JOXp5/npfiux5LbqdHC5c8wsiZCbwrGXybq8J2kb2VtFqhf4a5Z X-Received: by 2002:a17:903:41ce:b0:1d3:f790:e0c6 with SMTP id u14-20020a17090341ce00b001d3f790e0c6mr16634573ple.2.1705441347535; Tue, 16 Jan 2024 13:42:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705441347; cv=none; d=google.com; s=arc-20160816; b=H38xfatEdEKTOd7+4+dxFjw+9LjHhIYjVWBsmNbC8YYSBWvqu6i9KQuQ4Z4xfQLHS0 LErBpQ4KbP6BVnpjY+VHoiNQ8Oy192rq107+nNO3RKZfmDKg3n2/LQVjDw9bUuk46m5H 40SCoohONuZr+D99lXKNbZZxl8I+MeNwtF5V9jed512Ju/EWnxmzaSHfypmztEBSWnM0 M/R5Q9xO4z/TmosUVLpzXiIXJSsyscFT9bTw+1kSM7XfdLzB1M6ysi6+kGu/HXbZuRIP +kEbd+ahIWuL/zzGaBadbHk4BWdrAME9k5rcs9QBJzmFmm1SwbdOB84K+HP3TsmvyH21 M73g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=owalpTQenpn2l8auZ98M85F3cOQdRi9QK+3ArPageHI=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=EE7T43AQs/vcN7Zw4AzXY2BLASBlqmflmIJkjl6IXAxfGPNznfytBsZ5wXIddsKW2e wLx4N1JZYn3+e1NttX34wmIfur0SowsX2Z7fmKyHhNKrYN9bS7HuxU6uS1x+C16BgRzA IXqpyOIt352heN/WATOIlwHU2HvP7kpGKgRe8VDaAaroGYUzc69DsMMwHXa5c8UQ+F+4 yu/FredPCFu2/5lfuQ/jVK3rYTq94gTGpmd97VYqIixPZkfXPXoarGowSMXBCbB7jt/l 5qVI94HpeHpG4GXbVKp5Orv0jxHUjEbff6RLC3kFXFgi6Dqh2I0ETgAv9Lr+w8aDzrIS 0LTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=KwUActiQ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=LALBA3sY; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d1-20020a170902aa8100b001d54e3e3bfdsi11444372plr.404.2024.01.16.13.42.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Jan 2024 13:42:27 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=KwUActiQ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=LALBA3sY; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rPrC9-0001Me-SJ; Tue, 16 Jan 2024 21:42:05 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rPrC9-0001MS-5B for openvpn-devel@lists.sourceforge.net; Tue, 16 Jan 2024 21:42:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2TRrflz+4ank+ngL2nL4h4yyqylr2FU/sIf9H3B+G5k=; b=KwUActiQFLxdxI0aagJpBCos8R yo2tDcAFLvfXJdRYcqOGWrHfalXYpn74SH9jotuqyiUjE9UMqmIH2N6LEgNtTTyNlzb4+fjs3J/Dy /ryWIWqsuqE8w0UT+/mLx0txzI9G3kkFxb4/SOglEGdz1yUnr0qIKFJKHxiHrI4deciU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=2TRrflz+4ank+ngL2nL4h4yyqylr2FU/sIf9H3B+G5k=; b=LALBA3sY2JUsqy+lP9p4A7eobN b9YJOPoewRl/FlS4vwO43e3vbPSMejmcXKODMWM/QBrfogQ/R1h2AOqazeQ2o5xQ4DSKOhwiJUs4H 3amK7Rew/Qi7QGtpLgrQVsLzdbiOmCb3VBWVphz7JRBhj9u0CMj7nWcP+Ym0EXi/svfU=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rPrC2-0008T0-Tx for openvpn-devel@lists.sourceforge.net; Tue, 16 Jan 2024 21:42:03 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 40GLfrB4027326 for ; Tue, 16 Jan 2024 22:41:53 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 40GLfrtf027325 for openvpn-devel@lists.sourceforge.net; Tue, 16 Jan 2024 22:41:53 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 16 Jan 2024 22:41:52 +0100 Message-ID: <20240116214152.27316-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe This introduces a number of mock function to be able to compile ssl_verify_*.c and ssl_mbedtls.c/ssl_openssl.c into a unit and adds quite a number of files to that unit. But it allows similar unit tes [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rPrC2-0008T0-Tx Subject: [Openvpn-devel] [PATCH v9] Add test_ssl unit test and test export of PEM to file X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1786718388204053047?= X-GMAIL-MSGID: =?utf-8?q?1788284866083224244?= From: Arne Schwabe This introduces a number of mock function to be able to compile ssl_verify_*.c and ssl_mbedtls.c/ssl_openssl.c into a unit and adds quite a number of files to that unit. But it allows similar unit tests (in term of dependencies) to be added in the future. Change-Id: Ie248d35d063bb6878f3dd42840c77ba0d6fa3381 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/471 This mail reflects revision 9 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 51100c3..cc98813 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -85,7 +85,7 @@ fail-fast: false matrix: arch: [x86, x64] - test: [argv, auth_token, buffer, cryptoapi, crypto, misc, ncp, packet_id, pkt, provider, tls_crypt] + test: [argv, auth_token, buffer, cryptoapi, crypto, misc, ncp, packet_id, pkt, provider, ssl, tls_crypt] runs-on: windows-latest name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" diff --git a/CMakeLists.txt b/CMakeLists.txt index 6f370c3..6a1895a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -595,6 +595,7 @@ "test_packet_id" "test_pkt" "test_provider" + "test_ssl" ) if (WIN32) @@ -699,6 +700,32 @@ src/openvpn/mss.c ) + target_sources(test_ssl PRIVATE + tests/unit_tests/openvpn/mock_management.c + tests/unit_tests/openvpn/mock_ssl_dependencies.c + tests/unit_tests/openvpn/mock_win32_execve.c + src/openvpn/argv.c + src/openvpn/base64.c + src/openvpn/crypto.c + src/openvpn/crypto_mbedtls.c + src/openvpn/crypto_openssl.c + src/openvpn/cryptoapi.c + src/openvpn/env_set.c + src/openvpn/mss.c + src/openvpn/mtu.c + src/openvpn/options_util.c + src/openvpn/otime.c + src/openvpn/packet_id.c + src/openvpn/run_command.c + src/openvpn/ssl_mbedtls.c + src/openvpn/ssl_openssl.c + src/openvpn/ssl_util.c + src/openvpn/ssl_verify_mbedtls.c + src/openvpn/ssl_verify_openssl.c + src/openvpn/xkey_helper.c + src/openvpn/xkey_provider.c + ) + target_sources(test_misc PRIVATE tests/unit_tests/openvpn/mock_get_random.c src/openvpn/options_util.c diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index cecf4dc..f81a10f 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -9,7 +9,8 @@ endif test_binaries += crypto_testdriver packet_id_testdriver auth_token_testdriver ncp_testdriver misc_testdriver \ - pkt_testdriver + pkt_testdriver ssl_testdriver + if HAVE_LD_WRAP_SUPPORT if !WIN32 test_binaries += tls_crypt_testdriver @@ -69,6 +70,40 @@ $(top_srcdir)/src/openvpn/win32-util.c \ $(top_srcdir)/src/openvpn/mss.c +ssl_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(top_srcdir)/include -I$(top_srcdir)/src/compat -I$(top_srcdir)/src/openvpn +ssl_testdriver_LDFLAGS = @TEST_LDFLAGS@ $(OPTIONAL_CRYPTO_LIBS) +ssl_testdriver_SOURCES = test_ssl.c mock_msg.c mock_msg.h \ + mock_management.c mock_ssl_dependencies.c mock_win32_execve.c \ + $(top_srcdir)/src/openvpn/argv.c \ + $(top_srcdir)/src/openvpn/base64.c \ + $(top_srcdir)/src/openvpn/buffer.c \ + $(top_srcdir)/src/compat/compat-strsep.c \ + $(top_srcdir)/src/openvpn/crypto.c \ + $(top_srcdir)/src/openvpn/cryptoapi.c \ + $(top_srcdir)/src/openvpn/crypto_mbedtls.c \ + $(top_srcdir)/src/openvpn/crypto_openssl.c \ + $(top_srcdir)/src/openvpn/env_set.c \ + $(top_srcdir)/src/openvpn/mss.c \ + $(top_srcdir)/src/openvpn/mtu.c \ + $(top_srcdir)/src/openvpn/otime.c \ + $(top_srcdir)/src/openvpn/options_util.c \ + $(top_srcdir)/src/openvpn/packet_id.c \ + $(top_srcdir)/src/openvpn/platform.c \ + $(top_srcdir)/src/openvpn/run_command.c \ + $(top_srcdir)/src/openvpn/ssl_openssl.c \ + $(top_srcdir)/src/openvpn/ssl_mbedtls.c \ + $(top_srcdir)/src/openvpn/ssl_util.c \ + $(top_srcdir)/src/openvpn/ssl_verify_mbedtls.c \ + $(top_srcdir)/src/openvpn/ssl_verify_openssl.c \ + $(top_srcdir)/src/openvpn/xkey_helper.c \ + $(top_srcdir)/src/openvpn/xkey_provider.c \ + $(top_srcdir)/src/openvpn/win32-util.c + +if WIN32 +ssl_testdriver_LDADD = -lcrypt32 -lncrypt -lfwpuclnt -liphlpapi -lws2_32 +endif + packet_id_testdriver_CFLAGS = @TEST_CFLAGS@ \ -I$(top_srcdir)/include -I$(top_srcdir)/src/compat -I$(top_srcdir)/src/openvpn packet_id_testdriver_LDFLAGS = @TEST_LDFLAGS@ diff --git a/tests/unit_tests/openvpn/mock_management.c b/tests/unit_tests/openvpn/mock_management.c new file mode 100644 index 0000000..8936c3a --- /dev/null +++ b/tests/unit_tests/openvpn/mock_management.c @@ -0,0 +1,51 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2023 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* Minimal set of mocked management function/globals to get unit tests to + * compile */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "syshead.h" + +#include "manage.h" + +#ifdef ENABLE_MANAGEMENT + +struct management *management; /* GLOBAL */ + +void +management_auth_failure(struct management *man, const char *type, const char *reason) +{ + ASSERT(false); +} + +char * +management_query_pk_sig(struct management *man, const char *b64_data, + const char *algorithm) +{ + return NULL; +} +#endif diff --git a/tests/unit_tests/openvpn/mock_ssl_dependencies.c b/tests/unit_tests/openvpn/mock_ssl_dependencies.c new file mode 100644 index 0000000..9231d65 --- /dev/null +++ b/tests/unit_tests/openvpn/mock_ssl_dependencies.c @@ -0,0 +1,67 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2023 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* Minimal set of mocked function/globals to get unit tests to + * compile that use the ssl_* files */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "syshead.h" + +#include +#include + + +#include "ssl.h" +#include "ssl_verify.h" + +int +parse_line(const char *line, char **p, const int n, const char *file, + const int line_num, int msglevel, struct gc_arena *gc) +{ + /* Dummy function to get the linker happy, should never be called */ + assert_true(false); + return 0; +} + + +int +pem_password_callback(char *buf, int size, int rwflag, void *u) +{ + return 0; +} + +void +cert_hash_remember(struct tls_session *session, const int cert_depth, + const struct buffer *cert_hash) +{ + assert_false(true); +} + +result_t +verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_depth) +{ + return FAILURE; +} diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c new file mode 100644 index 0000000..fd2049f --- /dev/null +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -0,0 +1,140 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2023 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "syshead.h" + +#include +#include +#include +#include +#include +#include + +#include "crypto.h" +#include "options.h" +#include "ssl_backend.h" +#include "options_util.h" + +#include "mock_msg.h" +#include "mss.h" +#include "ssl_verify_backend.h" +#include "win32.h" + +/* Mock function to be allowed to include win32.c which is required for + * getting the temp directory */ +#ifdef _WIN32 +struct signal_info siginfo_static; /* GLOBAL */ + +const char * +strerror_win32(DWORD errnum, struct gc_arena *gc) +{ + ASSERT(false); +} + +void +throw_signal(const int signum) +{ + ASSERT(false); +} +#endif + + +const char *unittest_cert = "-----BEGIN CERTIFICATE-----\n" + "MIIBuTCCAUCgAwIBAgIUTLtjSBzx53qZRvZ6Ur7D9kgoOHkwCgYIKoZIzj0EAwIw\n" + "EzERMA8GA1UEAwwIdW5pdHRlc3QwIBcNMjMxMTIxMDk1NDQ3WhgPMjA3ODA4MjQw\n" + "OTU0NDdaMBMxETAPBgNVBAMMCHVuaXR0ZXN0MHYwEAYHKoZIzj0CAQYFK4EEACID\n" + "YgAEHYB2hn2xx3f4lClXDtdi36P19pMZA+kI1Dkv/Vn10vBZ/j9oa+P99T8duz/e\n" + "QlPeHpesNJO4fX8iEDj6+vMeWejOT7jAQ4MmG5EZjpcBKxCfwFooEvzu8bVujUcu\n" + "wTQEo1MwUTAdBgNVHQ4EFgQUPcgBEVXjF5vYfDsInoE3dF6UfQswHwYDVR0jBBgw\n" + "FoAUPcgBEVXjF5vYfDsInoE3dF6UfQswDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO\n" + "PQQDAgNnADBkAjBLPAGrQAyinigqiu0RomoV8TVaknVLFSq6H6A8jgvzfsFCUK1O\n" + "dvNZhFPM6idKB+oCME2JLOBANCSV8o7aJzq7SYHKwPyb1J4JFlwKe/0Jpv7oh9b1\n" + "IJbuaM9Z/VSKbrIXGg==\n" + "-----END CERTIFICATE-----\n"; + +static const char * +get_tmp_dir() +{ + const char *ret; +#ifdef _WIN32 + ret = win_get_tempdir(); +#else + ret = "/tmp"; +#endif + assert_non_null(ret); + return ret; +} + +static void +crypto_pem_encode_certificate(void **state) +{ + struct gc_arena gc = gc_new(); + + struct tls_root_ctx ctx = { 0 }; + tls_ctx_client_new(&ctx); + tls_ctx_load_cert_file(&ctx, unittest_cert, true); + + openvpn_x509_cert_t *cert = NULL; + + /* we do not have methods to fetch certificates from ssl contexts, use + * internal TLS library methods for the unit test */ +#ifdef ENABLE_CRYPTO_OPENSSL + cert = SSL_CTX_get0_certificate(ctx.ctx); +#elif defined(ENABLE_CRYPTO_MBEDTLS) + cert = ctx.crt_chain; +#endif + + const char *tmpfile = platform_create_temp_file(get_tmp_dir(), "ut_pem", &gc); + backend_x509_write_pem(cert, tmpfile); + + struct buffer exported_pem = buffer_read_from_file(tmpfile, &gc); + assert_string_equal(BSTR(&exported_pem), unittest_cert); + + tls_ctx_free(&ctx); + unlink(tmpfile); + gc_free(&gc); +} + +int +main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(crypto_pem_encode_certificate) + }; + +#if defined(ENABLE_CRYPTO_OPENSSL) + OpenSSL_add_all_algorithms(); +#endif + + int ret = cmocka_run_group_tests_name("crypto tests", tests, NULL, NULL); + +#if defined(ENABLE_CRYPTO_OPENSSL) + EVP_cleanup(); +#endif + + return ret; +}