From patchwork Wed Sep 18 10:50:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3842 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6794:b0:5b9:581e:f939 with SMTP id c20csp661134mao; Wed, 18 Sep 2024 03:50:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWgTdWiiZtQbJCDFxnIygVzTRim1wZc10I+z4pbEX3jSZW3tsgZUOqUeYrcRiEEtvFraszCbPynqVs=@openvpn.net X-Google-Smtp-Source: AGHT+IGOnXQWNqFa82rvD8pketqGfPSMm6nZVe2f+cSi4if1j2G5WhoLieiRooTDx/GGaSVHusfe X-Received: by 2002:a05:6830:6d89:b0:709:3b06:d578 with SMTP id 46e09a7af769-71116c68ba9mr10394817a34.26.1726656636947; Wed, 18 Sep 2024 03:50:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1726656636; cv=none; d=google.com; s=arc-20240605; b=VoKEFfyHasMhGvRtyeAmF5rYhEhF4NzvFf9dJg/aJ8jnQwujZGp61FwIfYJgNKKlD1 VWHvhyMp32ErqT0YtFjhLl4FO3KU6PrZYD7/REyMtQiesr+mpoEZlwQCZSpx6gRWgTVT gTpBQhV8vaOlB+NNrXNluRB1IF3ATVIMMHQcUqkgJ0vDYtlnxjRNGxoHyhR2NJPvTe1H aUn/ZnuHU8Oy9zpHaEeUy56fne/Grl5qTjwTM78BFWlIYUH+x8a8r7h34FatdqdcXKgZ lOO8z5Jnbam8w6ry8qt3IGiZEr8zQqlZR0hFMb+4OJvWDk+femgoREkJDL5XKFHWTOCY O4cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=xaBkYrlWzKOc/HJa2aTDl6LGSlhG7DXok8EYhzsyKz8=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=ZYaRAPtWtowD0T4Ej9LoYyqyYQopZ5n52YGiOMha4M0u/BcVFWw4PlQdiGJ1smrcpj RRw0STUsD90MIsH6RpyrmNvs+/q5ZO3T8uxRPJ0M2gw+4ioJzJv/PGgmYUneYR6VGpau uCKWxVt/e0fxCRDAQ2L8sq8FZx7j3Wa+FyhXfpZoFPrbPwSq9+f786WeOoxoN6qrVVgm VBcfCdq3tdA5SO6GNzzNZHaVr+GSTg15HA9vNq0wKpPz/zHsAIskhM5a3jHRwa1+vtk4 k+4HVS4K3EVHlEc8zFusMdvMD3QNB2OZARlRlBnWn11OA9WcMqktiTaJuSiCPP7LOs+b koVA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FMTzXlt5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GzX1Djzo; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=WxbKOr2V; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-71239e9b419si4025199a34.105.2024.09.18.03.50.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Sep 2024 03:50:36 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FMTzXlt5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GzX1Djzo; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=WxbKOr2V; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sqsGT-00048S-LC; Wed, 18 Sep 2024 10:50:29 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sqsGS-00048E-9m for openvpn-devel@lists.sourceforge.net; Wed, 18 Sep 2024 10:50:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tehIZdF5d1b+SWhk/UykDTeDIK1GAPUyJ6EO3bJE4pA=; b=FMTzXlt57YpsbXHbmPzCNKLDfy MCxTghGqjaCesD4l6bykF5+xl5RYZn5eZBdwPemijDKh72fJrSHoqiupA+Py3gpI+HSpqFKdlTwWn K6U5nKJ3G1ilXDMqHPwk1ds7M5vjBT5j2kGiyjKtGn0FyKK6uSd/k30mGe8g/TYVbCK8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=tehIZdF5d1b+SWhk/UykDTeDIK1GAPUyJ6EO3bJE4pA=; b=G zX1DjzomDil7oMcyd1ucVwj4MRossV9UEhDnx5+fPJ6iQnp2blzPa0Oq/q9CteqA2O9NeaMpTc/yf omLIDQ3Ev4Vh6GJ++07z7Es9kWeTWwNnyxrueVmkUHJakJuCgc0lwFMCfgazIxPCE2p8IhN/eaLTu dzsHM3+DT5Lt6yJk=; Received: from mail-wm1-f42.google.com ([209.85.128.42]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1sqsGR-0006xH-26 for openvpn-devel@lists.sourceforge.net; Wed, 18 Sep 2024 10:50:28 +0000 Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-42cb6f3a5bcso70977775e9.2 for ; Wed, 18 Sep 2024 03:50:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1726656620; x=1727261420; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=tehIZdF5d1b+SWhk/UykDTeDIK1GAPUyJ6EO3bJE4pA=; b=WxbKOr2VeBrGmU+brZ6hl1zhqqdfulltPCr4RVyb7mVIQufACstmLR5CPZ3Y6aExu0 oohmaEXumgz0RBHAhi5Qw2v+5jaVHd5cmIzccGMsoKsTYoS3WbE0vzLz/v3rSzk10mmo zJDpR6njUbgrm89m3u8v9yk2kDSi+EDt/jAUXYIwgNOnQI9d2d7gPOX1zyJnFnISlBhL mBwFmZGeo4yYXIg35h6wLPHPJzIQk5O029d6gwhinIMkCA6kK4sUugRyGRY3v0Kjs6S9 zXeMkaFGUQf3chYqUKXBaseZe2kzLeGtm+qvjYc2MCHC1Ot3YyNlUThdgwSGRhr0cmO/ d79Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726656620; x=1727261420; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tehIZdF5d1b+SWhk/UykDTeDIK1GAPUyJ6EO3bJE4pA=; b=nB0+792sPP0V4se6Tn9wOyFAUfc9B/vNbr/7BqfKl/9HW0by9WB3G5ptKhsjs7IPe1 4HzaxMttO2my1vWATw/wcQ+08CJVr4J+sR+piT52C6Lx9+abzps8tIMTbh62kvw123CW 6Byi2VnyyCFCFjJFmNC6R7ZmcB1NriutNQ2nFuFhYOYMCufOj2WvOAQksa7TLFAvyMWu jSedgV9zv5Zpymg0xjz9Lg3MQwhZkjd4Fo8H/T/Prv+4MDKVsek9gUaXdye9sdlSgcqB pq1ok3cUY6V/fJ3X3UPkoFTrtCEh491IGd3fH0gEdFeD08Hsi7iqyqcmkvtodkzb03LI y7Xw== X-Gm-Message-State: AOJu0YwDzLTKgqXrLB+7lbpFJb+ArWCl1FlFQs+ezHEKQHl0BxPAJmoR mY8JHL1pLuIqd6RYUJQ1vd8+GZuNMz8E2+RyN9MDnbtnJ3yrq9kVsr6j7XGUGm5CmFxdNSNZ4I/ J X-Received: by 2002:a05:600c:4e51:b0:42a:a6b8:f09f with SMTP id 5b1f17b1804b1-42d964d62bbmr193423425e9.23.1726656620162; Wed, 18 Sep 2024 03:50:20 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42e705192e8sm13626715e9.37.2024.09.18.03.50.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Sep 2024 03:50:19 -0700 (PDT) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 18 Sep 2024 10:50:19 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I6fe225db807626a79a160132ee05897554695597 X-Gerrit-Change-Number: 752 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 0f180daedf10e49f06d2cecc58930f65a2e22c61 References: Message-ID: <35d04bb835d08fe2cb539c0cc8cd7cb3a9426413-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.2 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-1.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.42 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.42 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1sqsGR-0006xH-26 Subject: [Openvpn-devel] [M] Change in openvpn[master]: tests: Allow to test for arbitrary ciphers and digests X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1810530709398268247?= X-GMAIL-MSGID: =?utf-8?q?1810530709398268247?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/752?usp=email to review the following change. Change subject: tests: Allow to test for arbitrary ciphers and digests ...................................................................... tests: Allow to test for arbitrary ciphers and digests Add program crypto_support that is more generic than ntlm_support. First intended usage is to test for availability of BF-CBC in t_client.sh. Change-Id: I6fe225db807626a79a160132ee05897554695597 Signed-off-by: Frank Lichtenheld --- M tests/Makefile.am A tests/crypto_support.c 2 files changed, 73 insertions(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/52/752/1 diff --git a/tests/Makefile.am b/tests/Makefile.am index f26b3b8..7b9f38a 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -20,7 +20,7 @@ if !WIN32 test_scripts = t_client.sh t_lpback.sh t_cltsrv.sh t_server_null.sh -check_PROGRAMS = ntlm_support +check_PROGRAMS = ntlm_support crypto_support if HAVE_SITNL test_scripts += t_net.sh endif @@ -57,3 +57,15 @@ $(top_srcdir)/src/openvpn/otime.c \ $(top_srcdir)/src/openvpn/packet_id.c \ $(top_srcdir)/src/openvpn/platform.c + +crypto_support_CFLAGS = -I$(top_srcdir)/src/openvpn -I$(top_srcdir)/src/compat -I$(top_srcdir)/tests/unit_tests/openvpn -DNO_CMOCKA @TEST_CFLAGS@ +crypto_support_LDFLAGS = @TEST_LDFLAGS@ -L$(top_srcdir)/src/openvpn $(OPTIONAL_CRYPTO_LIBS) +crypto_support_SOURCES = crypto_support.c \ + unit_tests/openvpn/mock_msg.c unit_tests/openvpn/mock_msg.h \ + $(top_srcdir)/src/openvpn/buffer.c \ + $(top_srcdir)/src/openvpn/crypto.c \ + $(top_srcdir)/src/openvpn/crypto_openssl.c \ + $(top_srcdir)/src/openvpn/crypto_mbedtls.c \ + $(top_srcdir)/src/openvpn/otime.c \ + $(top_srcdir)/src/openvpn/packet_id.c \ + $(top_srcdir)/src/openvpn/platform.c diff --git a/tests/crypto_support.c b/tests/crypto_support.c new file mode 100644 index 0000000..fc4cbd1 --- /dev/null +++ b/tests/crypto_support.c @@ -0,0 +1,60 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2023-2024 OpenVPN Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "syshead.h" + +#include "crypto.h" +#include "error.h" + +#include + +int +main(int argc, char *argv[]) +{ +#if defined(ENABLE_CRYPTO_OPENSSL) + crypto_load_provider("legacy"); + crypto_load_provider("default"); +#endif + if (argc <= 2) + { + msg(M_FATAL, "Usage: ./crypto_support (cipher|digest) "); + } + if (strcmp(argv[1], "digest") == 0) + { + if (!md_valid(argv[2])) + { + msg(M_FATAL, "digest %s not supported", argv[2]); + } + } + else if (strcmp(argv[1], "cipher") == 0) + { + if (!cipher_valid(argv[2])) + { + msg(M_FATAL, "cipher %s not supported", argv[2]); + } + } +}